getcredential-prf.https.html

Enable keyboard shortcuts

This test has a WPT meta file that expects 9 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /webauthn/getcredential-prf.https.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset="utf-8">

<title>navigator.credentials.get() prf extension tests with authenticator support</title>

<meta name="timeout" content="long">

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="/resources/testdriver.js"></script>

<script src="/resources/testdriver-vendor.js"></script>

<script src=helpers.js></script>

<body></body>

<script>

standardSetup(async function(authenticator) {

  "use strict";

  const b64 = buf => btoa(String.fromCharCode.apply(null, new Uint8Array(buf)));

  const b64url = buf => b64(buf).

    replace(/\+/g, '-').

    replace(/\//g, '_').

    replace(/=+$/, '');

  const credential = createCredential({

    options: {

      publicKey: {

        extensions: {

          prf: {},

},

},

},

});

  const assert = (id, prfExt) =>

    navigator.credentials.get({publicKey: {

      challenge: new Uint8Array(),

      allowCredentials: [{

        id: id,

        type: "public-key",

}],

      extensions: {

        prf: prfExt,

},

    }});

  promise_test(async t => {

    const id = (await credential).rawId;

    const assertion = await assert(id, {

          eval: {

            first: new Uint8Array([1,2,3,4]).buffer,

},

});

    const results = assertion.getClientExtensionResults().prf.results;

    assert_equals(results.first.byteLength, 32)

    assert_not_own_property(results, 'second');

  }, "navigator.credentials.get() with single evaluation point");

  promise_test(async t => {

    const id = (await credential).rawId;

    const assertion = await assert(id, {

          eval: {

            first: new Uint8Array([1,2,3,4]).buffer,

            second: new Uint8Array([1,2,3,4]).buffer,

},

});

    const results = assertion.getClientExtensionResults().prf.results;

    assert_equals(results.first.byteLength, 32)

    assert_equals(results.second.byteLength, 32)

    assert_equals(b64(results.first), b64(results.second));

  }, "navigator.credentials.get() with two equal evaluation points");

  promise_test(async t => {

    const id = (await credential).rawId;

    const assertion = await assert(id, {

          eval: {

            first: new Uint8Array([1,2,3,4]).buffer,

            second: new Uint8Array([1,2,3,5]).buffer,

},

});

    const results = assertion.getClientExtensionResults().prf.results;

    assert_equals(results.first.byteLength, 32)

    assert_equals(results.second.byteLength, 32)

    assert_not_equals(b64(results.first), b64(results.second));

  }, "navigator.credentials.get() with two distinct evaluation points");

  promise_test(async t => {

    const id = (await credential).rawId;

    const byCred = {};

    byCred[b64url(id)] = {

      first: new Uint8Array([1,2,3,4]).buffer,

};

    const assertion = await assert(id, {

          evalByCredential: byCred,

});

    const results = assertion.getClientExtensionResults().prf.results;

    assert_equals(results.first.byteLength, 32)

    assert_not_own_property(results, 'second');

  }, "navigator.credentials.get() using credential ID with one evaluation point");

  promise_test(async t => {

    const id = (await credential).rawId;

    const byCred = {};

    byCred[b64url(id)] = {

      first: new Uint8Array([1,2,3,4]).buffer,

      second: new Uint8Array([1,2,3,4]).buffer,

};

    const assertion = await assert(id, {

          evalByCredential: byCred,

});

    const results = assertion.getClientExtensionResults().prf.results;

    assert_equals(results.first.byteLength, 32)

    assert_equals(results.second.byteLength, 32)

    assert_equals(b64(results.first), b64(results.second));

  }, "navigator.credentials.get() using credential ID with two evaluation points");

  promise_test(async t => {

    const id = (await credential).rawId;

    const byCred = {};

    byCred["Zm9v"] = {

      first: new Uint8Array([1,2,3,4]).buffer,

};

    return promise_rejects_dom(t, "SyntaxError", assert(id, {

          evalByCredential: byCred,

    }));

  }, "navigator.credentials.get() with credential ID not in allowedCredentials");

  promise_test(async t => {

    const id = (await credential).rawId;

    const byCred = {};

    byCred["Zm9v"] = {

      first: new Uint8Array([1,2,3,4]),

};

    return promise_rejects_dom(t, "SyntaxError", assert(id, {

          evalByCredential: byCred,

    }));

  }, "navigator.credentials.get() with Uint8Array credential ID not in allowedCredentials");

  promise_test(async t => {

    const id = (await credential).rawId;

    const byCred = {};

    byCred["Zm9v="] = {

      first: new Uint8Array([1,2,3,4]).buffer,

};

    return promise_rejects_dom(

      t, "SyntaxError", assert(id, {evalByCredential: byCred }));

  }, "navigator.credentials.get() using invalid base64url credential ID");

  promise_test(async t => {

    const id = (await credential).rawId;

    const byCred = {};

    byCred["Zm9v"] = {

      first: new Uint8Array([1,2,3,4]).buffer,

};

    const promise = navigator.credentials.get({publicKey: {

      challenge: new Uint8Array(),

      extensions: {

        prf: {evalByCredential: byCred },

},

    }});

    return promise_rejects_dom(t, "NotSupportedError", promise);

  }, "navigator.credentials.get() with an empty allow list but also using evalByCredential");

}, {

  protocol: "ctap2_1",

  extensions: ["prf"],

  hasUserVerification: true,

  isUserVerified: true,

});

</script>