credential-exchange-format 0.3.0

Credential Exchange Format (CXF) rust types
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

//! # Login Credentials

use serde::{Deserialize, Serialize};

use super::{EditableFieldBoolean, EditableFieldWifiNetworkSecurityType};
use crate::{
    b64url::B32, B64Url, EditableField, EditableFieldConcealedString, EditableFieldDate,
    EditableFieldString,
};

/// A [ApiKeyCredential] contains information to interact with an Application's Programming
/// Interface (API).
#[derive(Clone, Debug, Default, Serialize, Deserialize)]
#[serde(rename_all = "camelCase", bound(deserialize = "E: Deserialize<'de>"))]
pub struct ApiKeyCredential<E = ()> {
    /// This member denotes the key to communicate with the API.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub key: Option<EditableField<EditableFieldConcealedString, E>>,
    /// This member denotes the username associated with the key.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub username: Option<EditableField<EditableFieldString, E>>,
    /// This member denotes the type of the API key, such as bearer token or JSON Web Token. It is
    /// flexible to allow any type and not restrict it to a set list of types.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub key_type: Option<EditableField<EditableFieldString, E>>,
    /// This member denotes the url the API key is used with and SHOULD conform to the
    /// [URL Standard](https://url.spec.whatwg.org/).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub url: Option<EditableField<EditableFieldString, E>>,
    /// This member denotes the date the API key is valid from.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub valid_from: Option<EditableField<EditableFieldDate, E>>,
    /// This member denotes the date on which the API key expires.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub expiry_date: Option<EditableField<EditableFieldDate, E>>,
}

/// A [BasicAuthCredential] contains a username/password login credential.
/// Can either represent a [Basic access authentication](https://www.rfc-editor.org/rfc/rfc7617)
/// or a form on a web page.
///
/// A [BasicAuthCredential] SHOULD have an accompanying [super::CredentialScope] in the credentials
/// array. This indicates in which websites or applications these fields SHOULD be presented.
#[derive(Clone, Debug, Default, Serialize, Deserialize)]
#[serde(rename_all = "camelCase", bound(deserialize = "E: Deserialize<'de>"))]
pub struct BasicAuthCredential<E = ()> {
    /// The username associated with the credential.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub username: Option<EditableField<EditableFieldString, E>>,
    /// The password associated with the credential.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub password: Option<EditableField<EditableFieldConcealedString, E>>,
}

/// A [GeneratedPasswordCredential] type represents a credential consisting of a machine-generated
/// password.
///
/// Note: A [GeneratedPasswordCredential] is used when a password is generated independently of
/// creating a new [BasicAuthCredential]. Some providers may offer a dedicated password generator
/// feature. In such cases, the provider may create [GeneratedPasswordCredential] instances as
/// deemed appropriate for the use of this feature.
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct GeneratedPasswordCredential {
    /// The machine-generated password.
    pub password: String,
}

/// An [SshKeyCredential] represents an SSH (Secure Shell) key pair.
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "camelCase", bound(deserialize = "E: Deserialize<'de>"))]
pub struct SshKeyCredential<E = ()> {
    /// The type of SSH key algorithm used. Common values include "ssh-rsa", "ssh-ed25519", or
    /// "ecdsa-sha2-nistp256". This MUST be a string value representing a valid SSH public key
    /// algorithm as defined in IANA SSH Protocol Parameters.
    pub key_type: String,
    /// The private part of the SSH key pair. This MUST be a PKCS#8 ASN.1 DER formatted byte string
    /// which is then Base64url encoded.
    pub private_key: B64Url,
    /// This member contains a user-defined string to identify or describe the key.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub key_comment: Option<String>,
    /// This member indicates when the key was created.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub creation_date: Option<EditableField<EditableFieldDate, E>>,
    /// This member indicates when the key will expire, if applicable.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub expiry_date: Option<EditableField<EditableFieldDate, E>>,
    /// This member indicates where the key was originally generated. E.g.,
    /// `https://github.com/settings/ssh/new` for GitHub.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub key_generation_source: Option<EditableField<EditableFieldString, E>>,
}

/// Note: Enrollment in TOTP credentials historically has been quite non-standardized but typically
/// authenticator and RP implementations have more or less aligned with the early Google
/// Authenticator implementation spelled out at <https://github.com/google/google-authenticator/wiki/Key-Uri-Format>.
/// This specification was designed with that in mind.
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct TotpCredential {
    /// The [shared secret](https://www.rfc-editor.org/rfc/rfc4226#section-5) used to generate the
    /// OTPs. This MUST be a [Base32 string](https://www.rfc-editor.org/rfc/rfc4648#section-6)
    pub secret: B32,
    /// The time step used to refresh the OTP in seconds. The default SHOULD be 30 seconds,
    /// although the [relying party](https://www.w3.org/TR/webauthn-3/#relying-party) MAY customize
    /// this to a different value.
    pub period: u8,
    /// The number of digits to generate and display to the user each period. The default SHOULD be
    /// 6, although the [relying party](https://www.w3.org/TR/webauthn-3/#relying-party) MAY
    /// customize this to a different value.
    pub digits: u8,
    /// This member contains the username of the account this [TotpCredential] is used for.
    ///
    /// Note: While this member is optional, it is strongly recommended to be included if
    /// available.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub username: Option<String>,
    /// The algorithm used to generate the OTP hashes. This value SHOULD be a member of
    /// [OTPHashAlgorithm] but importers MUST ignore [TotpCredential] entries with unknown
    /// algorithm values.
    pub algorithm: OTPHashAlgorithm,
    /// This member contains the relying party that issued the credential and should be user
    /// consumable.
    ///
    /// Note: While this member is optional, it is strongly recommended to be included if
    /// available.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub issuer: Option<String>,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
#[non_exhaustive]
pub enum OTPHashAlgorithm {
    /// This algorithm denotes that [SHA1](https://www.rfc-editor.org/rfc/rfc3174) MUST be used to
    /// generate the OTP hash.
    Sha1,
    /// This algorithm denotes that [SHA256](https://www.rfc-editor.org/rfc/rfc6234) MUST be used
    /// to generate the OTP hash.
    Sha256,
    /// This algorithm denotes that [SHA512](https://www.rfc-editor.org/rfc/rfc6234) MUST be used
    /// to generate the OTP hash.
    Sha512,
    #[serde(untagged)]
    Unknown(String),
}

/// Wi-Fi Passphrase
#[derive(Clone, Debug, Default, Serialize, Deserialize)]
#[serde(rename_all = "camelCase", bound(deserialize = "E: Deserialize<'de>"))]
pub struct WifiCredential<E = ()> {
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub ssid: Option<EditableField<EditableFieldString, E>>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub network_security_type: Option<EditableField<EditableFieldWifiNetworkSecurityType, E>>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub passphrase: Option<EditableField<EditableFieldConcealedString, E>>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub hidden: Option<EditableField<EditableFieldBoolean, E>>,
}