fido2.ctap2.credman

Classes

CredentialManagement

Implementation of a draft specification of the Credential Management API.

Module Contents

class fido2.ctap2.credman.CredentialManagement(ctap, pin_uv_protocol, pin_uv_token)[source]

Implementation of a draft specification of the Credential Management API. WARNING: This specification is not final and this class is likely to change.

Parameters:
class CMD[source]

Bases: enum.IntEnum

Enum where members are also (and must be) ints

GET_CREDS_METADATA = 1
ENUMERATE_RPS_BEGIN = 2
ENUMERATE_RPS_NEXT = 3
ENUMERATE_CREDS_BEGIN = 4
ENUMERATE_CREDS_NEXT = 5
DELETE_CREDENTIAL = 6
UPDATE_USER_INFO = 7
class PARAM[source]

Bases: enum.IntEnum

Enum where members are also (and must be) ints

RP_ID_HASH = 1
CREDENTIAL_ID = 2
USER = 3
class RESULT[source]

Bases: enum.IntEnum

Enum where members are also (and must be) ints

EXISTING_CRED_COUNT = 1
MAX_REMAINING_COUNT = 2
RP = 3
RP_ID_HASH = 4
TOTAL_RPS = 5
USER = 6
CREDENTIAL_ID = 7
PUBLIC_KEY = 8
TOTAL_CREDENTIALS = 9
CRED_PROTECT = 10
LARGE_BLOB_KEY = 11
static is_supported(info)[source]
Parameters:

info (fido2.ctap2.base.Info)

Return type:

bool

static is_update_supported(info)[source]
Parameters:

info (fido2.ctap2.base.Info)

Return type:

bool

static is_readonly_supported(info)[source]
Parameters:

info (fido2.ctap2.base.Info)

Return type:

bool

ctap
pin_uv
get_metadata()[source]

Get credentials metadata.

This returns the existing resident credentials count, and the max possible number of remaining resident credentials (the actual number of remaining credentials may depend on algorithm choice, etc).

Returns:

A dict containing EXISTING_CRED_COUNT, and MAX_REMAINING_COUNT.

Return type:

Mapping[int, Any]

enumerate_rps_begin()[source]

Start enumeration of RP entities of resident credentials.

This will begin enumeration of stored RP entities, returning the first entity, as well as a count of the total number of entities stored.

Returns:

A dict containing RP, RP_ID_HASH, and TOTAL_RPS.

Return type:

Mapping[int, Any]

enumerate_rps_next()[source]

Get the next RP entity stored.

This continues enumeration of stored RP entities, returning the next entity.

Returns:

A dict containing RP, and RP_ID_HASH.

Return type:

Mapping[int, Any]

enumerate_rps()[source]

Convenience method to enumerate all RPs.

See enumerate_rps_begin and enumerate_rps_next for details.

Return type:

Sequence[Mapping[int, Any]]

enumerate_creds_begin(rp_id_hash)[source]

Start enumeration of resident credentials.

This will begin enumeration of resident credentials for a given RP, returning the first credential, as well as a count of the total number of resident credentials stored for the given RP.

Parameters:

rp_id_hash (bytes) – SHA256 hash of the RP ID.

Returns:

A dict containing USER, CREDENTIAL_ID, PUBLIC_KEY, and TOTAL_CREDENTIALS.

Return type:

Mapping[int, Any]

enumerate_creds_next()[source]

Get the next resident credential stored.

This continues enumeration of resident credentials, returning the next credential.

Returns:

A dict containing USER, CREDENTIAL_ID, and PUBLIC_KEY.

Return type:

Mapping[int, Any]

enumerate_creds(*args, **kwargs)[source]

Convenience method to enumerate all resident credentials for an RP.

See enumerate_creds_begin and enumerate_creds_next for details.

Return type:

Sequence[Mapping[int, Any]]

delete_cred(cred_id)[source]

Delete a resident credential.

Parameters:

cred_id (fido2.webauthn.PublicKeyCredentialDescriptor) – The PublicKeyCredentialDescriptor of the credential to delete.

Return type:

None

update_user_info(cred_id, user_info)[source]

Update the user entity of a resident key.

Parameters:
Return type:

None