Automation: AddCredential

w3c · Jun 17, 2019 · 958cba9 · 958cba9
1 parent efc5abb
commit 958cba9
Showing 1 changed file with 53 additions and 2 deletions.
diff --git a/index.bs b/index.bs
@@ -5263,11 +5263,62 @@ The <a>extension command</a> is defined as follows:
 The <a>remote end steps</a> are:
 
  1. If |authenticatorId| does not match any <a>Virtual Authenticator</a> stored in the <a>Virtual Authenticator
-     Database</a>, return is not a JSON <a>Object</a>, return a <a>WebDriver error</a> with <a>WebDriver error code</a>
-     <a>invalid argument</a>.
+     Database</a>, return a <a>WebDriver error</a> with <a>WebDriver error code</a> <a>invalid argument</a>.
  1. Remove the <a>Virtual Authenticator</a> identified by |authenticatorId| from the <a>Virtual Authenticator Database</a>
  1. Return <a>success</a>.
 
+## <dfn>Add Credential</dfn> ## {#sctn-automation-add-credential}
+
+The <a>Add Credential</a> <a>extension command</a> injects a <a>Credential Key Pair</a> and associated <a>Authenticator Data</a>
+into an existing <a>Virtual Authenticator</a>. The <a>extension command</a> is defined as follows:
+
+    <xmp class="idl">
+    dictionary CredentialParams {
+        required USVString credentialId;
+        required USVString rpIdHash;
+        required USVString privateKey;
+        unsigned long signCount = 0;
+    };
+    </xmp>
+
+<figure id="table-addCredential" class="table">
+    <table class="data">
+        <thead>
+            <tr>
+                <th>HTTP Method</th>
+                <th>URI Template</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <td>POST</td>
+                <td>`/session/{session id}/webauthn/authenticator/:authenticatorId/credential`</td>
+            </tr>
+        </tbody>
+    </table>
+</figure>
+
+The <a>remote end steps</a> are:
+
+ 1. If |parameters| is not a JSON <a>Object</a>, return a <a>WebDriver error</a> with <a>WebDriver error code</a>
+     <a>invalid argument</a>.
+ 1. Let |credentialId| be the result of <a>trying</a> to decode <a>Base64url Encoding</a> on the |parameter|'s
+     {{CredentialParams/credentialId}} property.
+ 1. If |credentialId| is failure, return a <a>WebDriver error</a> with <a>WebDriver error code</a> <a>invalid argument</a>.
+ 1. Let |rpIdHash| be the result of <a>trying</a> to decode <a>Base64url Encoding</a> on the |parameter|'s
+     {{CredentialParams/rpIdHash}} property.
+ 1. If |rpIdHash| is failure, return a <a>WebDriver error</a> with <a>WebDriver error code</a> <a>invalid argument</a>.
+ 1. If |rpIdHash| is not a valid <a>rpIdHash</a>, return a <a>WebDriver error</a> with <a>WebDriver error code</a>
+    <a>invalid argument</a>.
+ 1. Let |privateKey| be the result of <a>trying</a> to decode <a>Base64url Encoding</a> on the |parameter|'s
+     {{CredentialParams/privateKey}} property.
+ 1. If |privateKey| is failure, return a <a>WebDriver error</a> with <a>WebDriver error code</a> <a>invalid argument</a>.
+ 1. If |privateKey| is not a valid PKCS #8 encoded private key [[RFC5958]], return a <a>WebDriver error</a> with
+     <a>WebDriver error code</a> <a>invalid argument</a>.
+ 1. Create a <a>Credential Key Pair</a> from |privateKey| and an <a>Authenticator Data</a> structure from |rpIdHash| and
+    |signCount|, and store them in the database of the <a>Virtual Authenticator</a> identified by |authenticatorId|.
+ 1. Return <a>success</a>.
+
 # IANA Considerations # {#sctn-IANA}
 
 ## WebAuthn Attestation Statement Format Identifier Registrations ## {#sctn-att-fmt-reg}