Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

<!DOCTYPE html>
<meta charset=utf-8>
<head>
<title>Test for MakeCredential for W3C Web Authentication</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="u2futil.js"></script>
<script type="text/javascript" src="pkijs/common.js"></script>
<script type="text/javascript" src="pkijs/asn1.js"></script>
<script type="text/javascript" src="pkijs/x509_schema.js"></script>
<script type="text/javascript" src="pkijs/x509_simpl.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<h1>Test for MakeCredential for W3C Web Authentication</h1>
<script class="testbody" type="text/javascript">
"use strict";
add_task(async () => {
await addVirtualAuthenticator();
});
is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");
let credm;
let gCredentialChallenge;
let rp;
let user;
let param;
let unsupportedParam;
let unknownParam;
// Setup test env
add_task(() => {
gCredentialChallenge = new Uint8Array(16);
window.crypto.getRandomValues(gCredentialChallenge);
rp = {id: document.domain, name: "none"};
user = {id: new Uint8Array(64), name: "none", displayName: "none"};
param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
unsupportedParam = {type: "public-key", alg: cose_alg_ECDSA_w_SHA512};
unknownParam = {type: "SimplePassword", alg: "MaxLength=2"};
credm = navigator.credentials;
});
// Add tests
add_task(test_good_call);
add_task(test_empty_account);
add_task(test_without_rp_name);
add_task(test_without_user_id);
add_task(test_without_user_name);
add_task(test_without_user_displayname);
add_task(test_user_too_large);
add_task(test_empty_parameters);
add_task(test_without_parameters);
add_task(test_unsupported_parameter);
add_task(test_unsupported_but_one_param);
add_task(test_one_unknown_parameter);
add_task(test_one_unknown_one_unsupported_param);
add_task(test_one_of_each_parameters);
add_task(test_without_challenge);
add_task(test_invalid_challenge);
add_task(test_duplicate_pub_key);
add_task(test_invalid_rp_id);
add_task(test_invalid_rp_id_2);
add_task(test_missing_rp);
add_task(test_incorrect_user_id_type);
add_task(test_missing_user);
add_task(test_complete_account);
add_task(test_too_large_user_id);
add_task(test_excluding_unknown_transports);
add_task(test_unknown_attestation_type);
add_task(test_unknown_selection_criteria);
add_task(test_no_unexpected_extensions);
add_task(test_cred_props_with_rk_required);
add_task(test_cred_props_with_rk_discouraged);
function arrivingHereIsGood(aResult) {
ok(true, "Good result! Received a: " + aResult);
return Promise.resolve();
}
function arrivingHereIsBad(aResult) {
ok(false, "Bad result! Received a: " + aResult);
return Promise.resolve();
}
function expectNotAllowedError(aResult) {
ok(aResult.toString().startsWith("NotAllowedError"), "Expecting a NotAllowedError");
return Promise.resolve();
}
function expectTypeError(aResult) {
ok(aResult.toString().startsWith("TypeError"), "Expecting a TypeError");
return Promise.resolve();
}
function expectNotSupportedError(aResult) {
ok(aResult.toString().startsWith("NotSupportedError"), "Expecting a NotSupportedError");
return Promise.resolve();
}
// Test basic good call
async function test_good_call() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
// Test empty account
async function test_empty_account() {
let makeCredentialOptions = {
challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test without rp.name
async function test_without_rp_name() {
let rp1 = {id: document.domain};
let makeCredentialOptions = {
rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test without user.id
async function test_without_user_id() {
let user1 = {name: "none", displayName: "none"};
let makeCredentialOptions = {
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test without user.name
async function test_without_user_name() {
let user1 = {id: new Uint8Array(64), displayName: "none"};
let makeCredentialOptions = {
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test without user.displayName
async function test_without_user_displayname() {
let user1 = {id: new Uint8Array(64), name: "none"};
let makeCredentialOptions = {
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test with a user handle that exceeds the max length
async function test_user_too_large() {
let user1 = {id: new Uint8Array(65), name: "none", displayName: "none"};
let makeCredentialOptions = {
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test without any parameters; this is acceptable meaning the RP ID is
// happy to accept either ECDSA-SHA256 or RSA-SHA256
async function test_empty_parameters() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: []
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
// Test without a parameter array at all
async function test_without_parameters() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test with an unsupported parameter
// The result depends on the tokens that are available, so we
// expect a NotAllowedError so as not to leak this.
async function test_unsupported_parameter() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [unsupportedParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectNotAllowedError);
}
// Test with an unsupported parameter and a good one
async function test_unsupported_but_one_param() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge,
pubKeyCredParams: [param, unsupportedParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
// Test with one unknown (not "public-key") parameter.
async function test_one_unknown_parameter() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [unknownParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectNotSupportedError);
}
// Test with an unsupported parameter, and an unknown one
// The result depends on the tokens that are available, so we
// expect a NotAllowedError so as not to leak this.
async function test_one_unknown_one_unsupported_param() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge,
pubKeyCredParams: [unsupportedParam, unknownParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectNotAllowedError);
}
// Test with an unsupported parameter, an unknown one, and a good one. This
// should succeed, as the unsupported and unknown should be ignored.
async function test_one_of_each_parameters() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge,
pubKeyCredParams: [param, unsupportedParam, unknownParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
// Test without a challenge
async function test_without_challenge() {
let makeCredentialOptions = {
rp, user, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test with an invalid challenge
async function test_invalid_challenge() {
let makeCredentialOptions = {
rp, user, challenge: "begone, thou ill-fitting moist glove!",
pubKeyCredParams: [unsupportedParam]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test with duplicate pubKeyCredParams
async function test_duplicate_pub_key() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge,
pubKeyCredParams: [param, param, param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
// Test with an RP ID that is not a valid domain string
async function test_invalid_rp_id() {
let rp1 = { id: document.domain + ":somejunk", name: "none"};
let makeCredentialOptions = {
rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(arrivingHereIsGood);
}
// Test with another RP ID that is not a valid domain string
async function test_invalid_rp_id_2() {
let rp1 = { id: document.domain + ":8888", name: "none"};
let makeCredentialOptions = {
rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(arrivingHereIsGood);
}
// Test with missing rp
async function test_missing_rp() {
let makeCredentialOptions = {
user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test with incorrect user ID type
async function test_incorrect_user_id_type() {
let invalidType = {id: "a string, which is not a buffer", name: "none", displayName: "none"};
let makeCredentialOptions = {
user: invalidType, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test with missing user
async function test_missing_user() {
let makeCredentialOptions = {
rp, challenge: gCredentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test a complete account
async function test_complete_account() {
// the icon fields are deprecated, but including them should not cause an error
let completeRP = {id: document.domain, name: "Foxxy Name",
let completeUser = {id: string2buffer("foxes_are_the_best@example.com"),
name: "Fox F. Foxington",
displayName: "Foxxy V"};
let makeCredentialOptions = {
rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
// Test with too-large user ID buffer
async function test_too_large_user_id() {
let hugeUser = {id: new Uint8Array(65),
name: "Fox F. Foxington",
displayName: "Foxxy V"};
let makeCredentialOptions = {
rp, user: hugeUser, challenge: gCredentialChallenge,
pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsBad)
.catch(expectTypeError);
}
// Test with excluding unknown transports
async function test_excluding_unknown_transports() {
let completeRP = {id: document.domain, name: "Foxxy Name"};
let completeUser = {id: string2buffer("foxes_are_the_best@example.com"),
name: "Fox F. Foxington",
displayName: "Foxxy V"};
let excludedUnknownTransport = {type: "public-key",
id: string2buffer("123"),
transports: ["unknown", "usb"]};
let makeCredentialOptions = {
rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
pubKeyCredParams: [param], excludeCredentials: [excludedUnknownTransport]
};
return credm.create({publicKey: makeCredentialOptions})
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
async function test_unknown_attestation_type() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
attestation: "unknown"
};
return credm.create({publicKey: makeCredentialOptions })
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
async function test_unknown_selection_criteria() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
authenticatorSelection: {
userVerificationRequirement: "unknown UV requirement",
authenticatorAttachment: "unknown authenticator attachment type"
},
};
return credm.create({publicKey: makeCredentialOptions })
.then(arrivingHereIsGood)
.catch(arrivingHereIsBad);
}
async function test_no_unexpected_extensions() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
};
let cred = await credm.create({publicKey: makeCredentialOptions}).catch(arrivingHereIsBad);
let extensionResults = cred.getClientExtensionResults();
is(extensionResults.credProps, undefined, "no credProps output");
}
async function test_cred_props_with_rk_required() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
authenticatorSelection: {
authenticatorAttachment: "cross-platform",
residentKey: "required",
},
extensions: { credProps: true }
};
let cred = await credm.create({publicKey: makeCredentialOptions}).catch(arrivingHereIsBad);
let extensionResults = cred.getClientExtensionResults();
is(extensionResults.credProps?.rk, true, "rk is true");
}
async function test_cred_props_with_rk_discouraged() {
let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
authenticatorSelection: {
authenticatorAttachment: "cross-platform",
residentKey: "discouraged",
},
extensions: { credProps: true }
};
let cred = await credm.create({publicKey: makeCredentialOptions}).catch(arrivingHereIsBad);
let extensionResults = cred.getClientExtensionResults();
is(extensionResults.credProps?.rk, false, "rk is false");
}
</script>
</body>
</html>