Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:SeleniumHQ Selenium WebAuthn Credential

From Leeroopedia
Revision as of 11:52, 16 February 2026 by Admin (talk | contribs) (Auto-imported from implementations/SeleniumHQ_Selenium_WebAuthn_Credential.md)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Sources
Domains WebDriver, WebAuthn, VirtualAuthenticator
Last Updated 2026-02-12 00:00 GMT

Overview

The Credential class represents a WebAuthn credential stored in a virtual authenticator, supporting both resident (stateful) and non-resident (stateless) credential types.

Description

Credential is an immutable value object that encapsulates a W3C WebAuthn credential's properties including its identifier, relying party ID, PKCS8-encoded private key, user handle, and sign count. It provides factory methods for creating resident and non-resident credentials, as well as serialization to and from Map representations using Base64 URL encoding. This class is used in conjunction with VirtualAuthenticator to simulate WebAuthn authenticator behavior during testing.

Usage

Use Credential when testing WebAuthn authentication flows with Selenium's Virtual Authenticator API. Create non-resident credentials for stateless U2F-style authentication or resident credentials for discoverable/passkey-style authentication. Credentials are injected into a VirtualAuthenticator instance via addCredential().

Code Reference

Source Location

Signature

public class Credential {
    public static Credential createNonResidentCredential(
        byte[] id, String rpId, PKCS8EncodedKeySpec privateKey, int signCount);
    public static Credential createResidentCredential(
        byte[] id, String rpId, PKCS8EncodedKeySpec privateKey, byte[] userHandle, int signCount);
    public static Credential fromMap(Map<String, Object> map);

    public byte[] getId();
    public boolean isResidentCredential();
    public @Nullable String getRpId();
    public PKCS8EncodedKeySpec getPrivateKey();
    public byte @Nullable [] getUserHandle();
    public int getSignCount();
    public Map<String, @Nullable Object> toMap();
}

Import

import org.openqa.selenium.virtualauthenticator.Credential;

I/O Contract

Factory Methods

Method Parameters Returns Description
createNonResidentCredential byte[] id, String rpId, PKCS8EncodedKeySpec privateKey, int signCount Credential Creates a stateless credential (no user handle, not resident)
createResidentCredential byte[] id, String rpId, PKCS8EncodedKeySpec privateKey, byte[] userHandle, int signCount Credential Creates a stateful discoverable credential with a user handle
fromMap Map<String, Object> Credential Deserializes a credential from a map with Base64 URL-encoded values

Getter Methods

Method Return Type Description
getId() byte[] Returns a copy of the credential identifier
isResidentCredential() boolean Whether the credential is resident (discoverable)
getRpId() @Nullable String The relying party identifier
getPrivateKey() PKCS8EncodedKeySpec The PKCS8-encoded private key
getUserHandle() byte @Nullable [] Copy of the user handle, or null for non-resident credentials
getSignCount() int The signature counter value

Serialization (toMap)

Map Key Type Description
credentialId String Base64 URL-encoded credential ID
isResidentCredential boolean Whether credential is resident
rpId String Relying party ID
privateKey String Base64 URL-encoded PKCS8 private key
signCount int Signature counter
userHandle String Base64 URL-encoded user handle (only present for resident credentials)

Usage Examples

// Generate a PKCS8 private key
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
keyGen.initialize(new ECGenParameterSpec("secp256r1"));
KeyPair keyPair = keyGen.generateKeyPair();
PKCS8EncodedKeySpec privateKey = new PKCS8EncodedKeySpec(keyPair.getPrivate().getEncoded());

// Create a non-resident credential
byte[] credentialId = {1, 2, 3, 4};
Credential nonResident = Credential.createNonResidentCredential(
    credentialId, "example.com", privateKey, /* signCount */ 0);

// Create a resident credential
byte[] userHandle = {5, 6, 7, 8};
Credential resident = Credential.createResidentCredential(
    credentialId, "example.com", privateKey, userHandle, /* signCount */ 0);

// Inject into a virtual authenticator
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions();
VirtualAuthenticator authenticator = ((HasVirtualAuthenticator) driver)
    .addVirtualAuthenticator(options);
authenticator.addCredential(resident);

// Serialize to map
Map<String, Object> map = resident.toMap();

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:SeleniumHQ_Selenium_WebAuthn_Credential&oldid=4522"