Rename User to PublicKeyCredentialUserEntity

Author: jschanck

examples/ctap2.rs

@@ -7,8 +7,9 @@ use authenticator::{
     crypto::COSEAlgorithm,
     ctap2::server::{
         AuthenticationExtensionsClientInputs, CredentialProtectionPolicy,
-        PublicKeyCredentialDescriptor, PublicKeyCredentialParameters, RelyingParty,
-        ResidentKeyRequirement, Transport, User, UserVerificationRequirement,
+        PublicKeyCredentialDescriptor, PublicKeyCredentialParameters,
+        PublicKeyCredentialUserEntity, RelyingParty, ResidentKeyRequirement, Transport,
+        UserVerificationRequirement,
     },
     statecallback::StateCallback,
     Pin, StatusPinUv, StatusUpdate,
@@ -139,7 +140,7 @@ fn main() {
         }
     });
 
-    let user = User {
+    let user = PublicKeyCredentialUserEntity {
         id: "user_id".as_bytes().to_vec(),
         name: Some("A. User".to_string()),
         display_name: None,

examples/ctap2_discoverable_creds.rs

@@ -7,8 +7,8 @@ use authenticator::{
     crypto::COSEAlgorithm,
     ctap2::server::{
         AuthenticationExtensionsClientInputs, PublicKeyCredentialDescriptor,
-        PublicKeyCredentialParameters, RelyingParty, ResidentKeyRequirement, Transport, User,
-        UserVerificationRequirement,
+        PublicKeyCredentialParameters, PublicKeyCredentialUserEntity, RelyingParty,
+        ResidentKeyRequirement, Transport, UserVerificationRequirement,
     },
     statecallback::StateCallback,
     Pin, StatusPinUv, StatusUpdate,
@@ -105,7 +105,7 @@ fn register_user(manager: &mut AuthenticatorService, username: &str, timeout_ms:
         }
     });
 
-    let user = User {
+    let user = PublicKeyCredentialUserEntity {
         id: username.as_bytes().to_vec(),
         name: Some(username.to_string()),
         display_name: None,

examples/test_exclude_list.rs

@@ -7,8 +7,9 @@ use authenticator::{
     crypto::COSEAlgorithm,
     ctap2::commands::StatusCode,
     ctap2::server::{
-        PublicKeyCredentialDescriptor, PublicKeyCredentialParameters, RelyingParty,
-        ResidentKeyRequirement, Transport, User, UserVerificationRequirement,
+        PublicKeyCredentialDescriptor, PublicKeyCredentialParameters,
+        PublicKeyCredentialUserEntity, RelyingParty, ResidentKeyRequirement, Transport,
+        UserVerificationRequirement,
     },
     errors::{AuthenticatorError, CommandError, HIDError, UnsupportedOption},
     statecallback::StateCallback,
@@ -134,7 +135,7 @@ fn main() {
         }
     });
 
-    let user = User {
+    let user = PublicKeyCredentialUserEntity {
         id: "user_id".as_bytes().to_vec(),
         name: Some("A. User".to_string()),
         display_name: None,

src/authenticatorservice.rs

@@ -5,8 +5,8 @@
 use crate::ctap2::commands::client_pin::Pin;
 use crate::ctap2::server::{
     AuthenticationExtensionsClientInputs, PublicKeyCredentialDescriptor,
-    PublicKeyCredentialParameters, RelyingParty, ResidentKeyRequirement, User,
-    UserVerificationRequirement,
+    PublicKeyCredentialParameters, PublicKeyCredentialUserEntity, RelyingParty,
+    ResidentKeyRequirement, UserVerificationRequirement,
 };
 use crate::errors::*;
 use crate::manager::Manager;
@@ -18,7 +18,7 @@ pub struct RegisterArgs {
     pub client_data_hash: [u8; 32],
     pub relying_party: RelyingParty,
     pub origin: String,
-    pub user: User,
+    pub user: PublicKeyCredentialUserEntity,
     pub pub_cred_params: Vec<PublicKeyCredentialParameters>,
     pub exclude_list: Vec<PublicKeyCredentialDescriptor>,
     pub user_verification_req: UserVerificationRequirement,
@@ -318,7 +318,8 @@ mod tests {
     use super::{AuthenticatorService, AuthenticatorTransport, Pin, RegisterArgs, SignArgs};
     use crate::consts::PARAMETER_SIZE;
     use crate::ctap2::server::{
-        RelyingParty, ResidentKeyRequirement, User, UserVerificationRequirement,
+        PublicKeyCredentialUserEntity, RelyingParty, ResidentKeyRequirement,
+        UserVerificationRequirement,
     };
     use crate::errors::AuthenticatorError;
     use crate::statecallback::StateCallback;
@@ -439,7 +440,7 @@ mod tests {
                         name: None,
                     },
                     origin: "example.com".to_string(),
-                    user: User {
+                    user: PublicKeyCredentialUserEntity {
                         id: "user_id".as_bytes().to_vec(),
                         name: Some("A. User".to_string()),
                         display_name: None,
@@ -515,7 +516,7 @@ mod tests {
                         name: None,
                     },
                     origin: "example.com".to_string(),
-                    user: User {
+                    user: PublicKeyCredentialUserEntity {
                         id: "user_id".as_bytes().to_vec(),
                         name: Some("A. User".to_string()),
                         display_name: None,
@@ -610,7 +611,7 @@ mod tests {
                         name: None,
                     },
                     origin: "example.com".to_string(),
-                    user: User {
+                    user: PublicKeyCredentialUserEntity {
                         id: "user_id".as_bytes().to_vec(),
                         name: Some("A. User".to_string()),
                         display_name: None,

src/ctap2/commands/credential_management.rs

@@ -2,7 +2,8 @@ use super::{Command, CommandError, PinUvAuthCommand, RequestCtap2, StatusCode};
 use crate::{
     crypto::{COSEKey, PinUvAuthParam, PinUvAuthToken},
     ctap2::server::{
-        PublicKeyCredentialDescriptor, RelyingParty, RpIdHash, User, UserVerificationRequirement,
+        PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity, RelyingParty, RpIdHash,
+        UserVerificationRequirement,
     },
     errors::AuthenticatorError,
     transport::errors::HIDError,
@@ -21,7 +22,7 @@ use std::fmt;
 struct CredManagementParams {
     rp_id_hash: Option<RpIdHash>, // RP ID SHA-256 hash
     credential_id: Option<PublicKeyCredentialDescriptor>, // Credential Identifier
-    user: Option<User>,           // User Entity
+    user: Option<PublicKeyCredentialUserEntity>, // User Entity
 }
 
 impl CredManagementParams {
@@ -68,7 +69,7 @@ pub(crate) enum CredManagementCommand {
     EnumerateCredentialsBegin(RpIdHash),
     EnumerateCredentialsGetNextCredential,
     DeleteCredential(PublicKeyCredentialDescriptor),
-    UpdateUserInformation((PublicKeyCredentialDescriptor, User)),
+    UpdateUserInformation((PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity)),
 }
 
 impl CredManagementCommand {
@@ -157,7 +158,7 @@ pub struct CredentialManagementResponse {
     /// Total number of RPs present on the authenticator
     pub total_rps: Option<u64>,
     /// User Information
-    pub user: Option<User>,
+    pub user: Option<PublicKeyCredentialUserEntity>,
     /// Credential ID
     pub credential_id: Option<PublicKeyCredentialDescriptor>,
     /// Public key of the credential.
@@ -182,7 +183,7 @@ pub struct CredentialRpListEntry {
 #[derive(Debug, PartialEq, Eq, Serialize)]
 pub struct CredentialListEntry {
     /// User Information
-    pub user: User,
+    pub user: PublicKeyCredentialUserEntity,
     /// Credential ID
     pub credential_id: PublicKeyCredentialDescriptor,
     /// Public key of the credential.

src/ctap2/commands/get_assertion.rs

@@ -13,7 +13,7 @@ use crate::ctap2::commands::get_next_assertion::GetNextAssertion;
 use crate::ctap2::commands::make_credentials::UserVerification;
 use crate::ctap2::server::{
     AuthenticationExtensionsClientInputs, AuthenticationExtensionsClientOutputs,
-    PublicKeyCredentialDescriptor, RelyingPartyWrapper, RpIdHash, User,
+    PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity, RelyingPartyWrapper, RpIdHash,
     UserVerificationRequirement,
 };
 use crate::ctap2::utils::{read_be_u32, read_byte};
@@ -449,7 +449,7 @@ pub struct Assertion {
                                                              * mandatory in CTAP2.1 */
     pub auth_data: AuthenticatorData,
     pub signature: Vec<u8>,
-    pub user: Option<User>,
+    pub user: Option<PublicKeyCredentialUserEntity>,
 }
 
 impl From<GetAssertionResponse> for Assertion {
@@ -524,7 +524,7 @@ pub struct GetAssertionResponse {
     pub credentials: Option<PublicKeyCredentialDescriptor>,
     pub auth_data: AuthenticatorData,
     pub signature: Vec<u8>,
-    pub user: Option<User>,
+    pub user: Option<PublicKeyCredentialUserEntity>,
     pub number_of_credentials: Option<usize>,
 }
 
@@ -628,7 +628,8 @@ pub mod test {
         do_credential_list_filtering_ctap1, do_credential_list_filtering_ctap2,
     };
     use crate::ctap2::server::{
-        PublicKeyCredentialDescriptor, RelyingParty, RelyingPartyWrapper, RpIdHash, Transport, User,
+        PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity, RelyingParty,
+        RelyingPartyWrapper, RpIdHash, Transport,
     };
     use crate::transport::device_selector::Device;
     use crate::transport::hid::HIDDevice;
@@ -778,7 +779,7 @@ pub mod test {
                 0x47, 0xf1, 0x8d, 0xb4, 0x74, 0xc7, 0x47, 0x90, 0xea, 0xab, 0xb1, 0x44, 0x11, 0xe7,
                 0xa0,
             ],
-            user: Some(User {
+            user: Some(PublicKeyCredentialUserEntity {
                 id: vec![
                     0x30, 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02,
                     0x30, 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02,

src/ctap2/commands/make_credentials.rs

@@ -15,7 +15,8 @@ use crate::ctap2::client_data::ClientDataHash;
 use crate::ctap2::server::{
     AuthenticationExtensionsClientInputs, AuthenticationExtensionsClientOutputs,
     CredentialProtectionPolicy, PublicKeyCredentialDescriptor, PublicKeyCredentialParameters,
-    RelyingParty, RelyingPartyWrapper, RpIdHash, User, UserVerificationRequirement,
+    PublicKeyCredentialUserEntity, RelyingParty, RelyingPartyWrapper, RpIdHash,
+    UserVerificationRequirement,
 };
 use crate::ctap2::utils::{read_byte, serde_parse_err};
 use crate::errors::AuthenticatorError;
@@ -260,7 +261,7 @@ pub struct MakeCredentials {
     pub client_data_hash: ClientDataHash,
     pub rp: RelyingPartyWrapper,
     // Note(baloo): If none -> ctap1
-    pub user: Option<User>,
+    pub user: Option<PublicKeyCredentialUserEntity>,
     pub pub_cred_params: Vec<PublicKeyCredentialParameters>,
     pub exclude_list: Vec<PublicKeyCredentialDescriptor>,
 
@@ -281,7 +282,7 @@ impl MakeCredentials {
     pub fn new(
         client_data_hash: ClientDataHash,
         rp: RelyingPartyWrapper,
-        user: Option<User>,
+        user: Option<PublicKeyCredentialUserEntity>,
         pub_cred_params: Vec<PublicKeyCredentialParameters>,
         exclude_list: Vec<PublicKeyCredentialDescriptor>,
         options: MakeCredentialsOptions,
@@ -564,7 +565,7 @@ pub(crate) fn dummy_make_credentials_cmd() -> MakeCredentials {
             id: String::from("make.me.blink"),
             ..Default::default()
         }),
-        Some(User {
+        Some(PublicKeyCredentialUserEntity {
             id: vec![0],
             name: Some(String::from("make.me.blink")),
             ..Default::default()
@@ -597,7 +598,8 @@ pub mod test {
     use crate::ctap2::commands::{RequestCtap1, RequestCtap2};
     use crate::ctap2::server::RpIdHash;
     use crate::ctap2::server::{
-        PublicKeyCredentialParameters, RelyingParty, RelyingPartyWrapper, User,
+        PublicKeyCredentialParameters, PublicKeyCredentialUserEntity, RelyingParty,
+        RelyingPartyWrapper,
     };
     use crate::transport::device_selector::Device;
     use crate::transport::hid::HIDDevice;
@@ -620,7 +622,7 @@ pub mod test {
                 id: String::from("example.com"),
                 name: Some(String::from("Acme")),
             }),
-            Some(User {
+            Some(PublicKeyCredentialUserEntity {
                 id: base64::engine::general_purpose::URL_SAFE
                     .decode("MIIBkzCCATigAwIBAjCCAZMwggE4oAMCAQIwggGTMII=")
                     .unwrap(),
@@ -677,7 +679,7 @@ pub mod test {
                 id: String::from("example.com"),
                 name: Some(String::from("Acme")),
             }),
-            Some(User {
+            Some(PublicKeyCredentialUserEntity {
                 id: base64::engine::general_purpose::URL_SAFE
                     .decode("MIIBkzCCATigAwIBAjCCAZMwggE4oAMCAQIwggGTMII=")
                     .unwrap(),

src/ctap2/server.rs

@@ -40,12 +40,9 @@ impl RpIdHash {
     }
 }
 
+// NOTE: WebAuthn requires all fields and CTAP2 does not.
 #[derive(Debug, Serialize, Clone, Default, Deserialize, PartialEq, Eq)]
 pub struct RelyingParty {
-    // TODO(baloo): spec is wrong !!!!111
-    //              https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#commands
-    //              in the example "A PublicKeyCredentialRpEntity DOM object defined as follows:"
-    //              inconsistent with https://w3c.github.io/webauthn/#sctn-rp-credential-params
     pub id: String,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub name: Option<String>,
@@ -94,9 +91,9 @@ impl RelyingPartyWrapper {
     }
 }
 
-// TODO(baloo): should we rename this PublicKeyCredentialUserEntity ?
+// NOTE: WebAuthn requires all fields and CTAP2 does not.
 #[derive(Debug, Serialize, Clone, Eq, PartialEq, Deserialize, Default)]
-pub struct User {
+pub struct PublicKeyCredentialUserEntity {
     #[serde(with = "serde_bytes")]
     pub id: Vec<u8>,
     pub name: Option<String>,
@@ -406,13 +403,13 @@ pub struct AuthenticationExtensionsClientOutputs {
 #[cfg(test)]
 mod test {
     use super::{
-        COSEAlgorithm, PublicKeyCredentialDescriptor, PublicKeyCredentialParameters, RelyingParty,
-        Transport, User,
+        COSEAlgorithm, PublicKeyCredentialDescriptor, PublicKeyCredentialParameters,
+        PublicKeyCredentialUserEntity, RelyingParty, Transport,
     };
     use serde_cbor::from_slice;
 
-    fn create_user() -> User {
-        User {
+    fn create_user() -> PublicKeyCredentialUserEntity {
+        PublicKeyCredentialUserEntity {
             id: vec![
                 0x30, 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x30,
                 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x30, 0x82,
@@ -479,7 +476,7 @@ mod test {
             0x69, 0x74, 0x68, // ...
         ];
         let expected = create_user();
-        let actual: User = from_slice(&input).unwrap();
+        let actual: PublicKeyCredentialUserEntity = from_slice(&input).unwrap();
         assert_eq!(expected, actual);
     }
 
@@ -519,7 +516,7 @@ mod test {
 
     #[test]
     fn serialize_user_nodisplayname() {
-        let user = User {
+        let user = PublicKeyCredentialUserEntity {
             id: vec![
                 0x30, 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x30,
                 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x30, 0x82,

src/status_update.rs

@@ -7,7 +7,7 @@ use crate::{
             get_info::AuthenticatorInfo,
             PinUvAuthResult,
         },
-        server::{PublicKeyCredentialDescriptor, User},
+        server::{PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity},
     },
     BioEnrollmentResult, CredentialManagementResult,
 };
@@ -18,7 +18,7 @@ use std::sync::mpsc::Sender;
 pub enum CredManagementCmd {
     GetCredentials,
     DeleteCredential(PublicKeyCredentialDescriptor),
-    UpdateUserInformation(PublicKeyCredentialDescriptor, User),
+    UpdateUserInformation(PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity),
 }
 
 #[derive(Debug, Deserialize, DeriveSer)]