summaryrefslogtreecommitdiffstats
path: root/dom/webauthn/tests/test_webauthn_authenticator_selection.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/webauthn/tests/test_webauthn_authenticator_selection.html')
-rw-r--r--dom/webauthn/tests/test_webauthn_authenticator_selection.html156
1 files changed, 156 insertions, 0 deletions
diff --git a/dom/webauthn/tests/test_webauthn_authenticator_selection.html b/dom/webauthn/tests/test_webauthn_authenticator_selection.html
new file mode 100644
index 0000000000..10ba6b643b
--- /dev/null
+++ b/dom/webauthn/tests/test_webauthn_authenticator_selection.html
@@ -0,0 +1,156 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+ <title>W3C Web Authentication - Authenticator Selection Criteria</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="u2futil.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+ <h1>W3C Web Authentication - Authenticator Selection Criteria</h1>
+ <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1406462">Mozilla Bug 1406462</a>
+ <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1406467">Mozilla Bug 1406467</a>
+
+ <script class="testbody" type="text/javascript">
+ "use strict";
+
+ function arrivingHereIsGood(aResult) {
+ ok(true, "Good result! Received a: " + aResult);
+ }
+
+ function arrivingHereIsBad(aResult) {
+ ok(false, "Bad result! Received a: " + aResult);
+ }
+
+ function expectNotAllowedError(aResult) {
+ ok(aResult.toString().startsWith("NotAllowedError"), "Expecting a NotAllowedError, got " + aResult);
+ }
+
+ // We store the credential of the first successful make credential
+ // operation so we can use it for get assertion tests later.
+ let gCredential;
+
+ add_task(() => {
+ // Enable the softtoken.
+ return SpecialPowers.pushPrefEnv({"set": [
+ ["security.webauth.webauthn", true],
+ ["security.webauth.webauthn_enable_softtoken", true],
+ ["security.webauth.webauthn_enable_usbtoken", false],
+ ["security.webauth.webauthn_enable_android_fido2", false],
+ ]});
+ });
+
+ // Start a new MakeCredential() request.
+ function requestMakeCredential(authenticatorSelection) {
+ let publicKey = {
+ rp: {id: document.domain, name: "none", icon: "none"},
+ user: {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"},
+ challenge: crypto.getRandomValues(new Uint8Array(16)),
+ timeout: 5000, // the minimum timeout is actually 15 seconds
+ pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],
+ authenticatorSelection,
+ };
+
+ return navigator.credentials.create({publicKey});
+ }
+
+ // Start a new GetAssertion() request.
+ function requestGetAssertion(userVerification) {
+ let newCredential = {
+ type: "public-key",
+ id: gCredential,
+ transports: ["usb"],
+ };
+
+ let publicKey = {
+ challenge: crypto.getRandomValues(new Uint8Array(16)),
+ timeout: 5000, // the minimum timeout is actually 15 seconds
+ rpId: document.domain,
+ allowCredentials: [newCredential]
+ };
+
+ if (userVerification) {
+ publicKey.userVerification = userVerification;
+ }
+
+ return navigator.credentials.get({publicKey});
+ }
+
+ // Test success cases for make credential.
+ add_task(async () => {
+ // No selection criteria.
+ await requestMakeCredential({})
+ // Save the credential so we can use it for sign success tests.
+ .then(res => gCredential = res.rawId)
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+
+ // Request a cross-platform authenticator.
+ await requestMakeCredential({authenticatorAttachment: "cross-platform"})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+
+ // Don't require a resident key.
+ await requestMakeCredential({requireResidentKey: false})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+
+ // Prefer user verification.
+ await requestMakeCredential({userVerification: "preferred"})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+
+ // Discourage user verification.
+ await requestMakeCredential({userVerification: "discouraged"})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ });
+
+ // Test success cases for get assertion.
+ add_task(async () => {
+ // No selection criteria.
+ await requestGetAssertion()
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+
+ // Prefer user verification.
+ await requestGetAssertion("preferred")
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+
+ // Discourage user verification.
+ await requestGetAssertion("discouraged")
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ });
+
+ // Test failure cases for make credential.
+ add_task(async () => {
+ // Request a platform authenticator.
+ await requestMakeCredential({authenticatorAttachment: "platform"})
+ .then(arrivingHereIsBad)
+ .catch(expectNotAllowedError);
+
+ // Require a resident key.
+ await requestMakeCredential({requireResidentKey: true})
+ .then(arrivingHereIsBad)
+ .catch(expectNotAllowedError);
+
+ // Require user verification.
+ await requestMakeCredential({userVerification: "required"})
+ .then(arrivingHereIsBad)
+ .catch(expectNotAllowedError);
+ });
+
+ // Test failure cases for get assertion.
+ add_task(async () => {
+ // Require user verification.
+ await requestGetAssertion("required")
+ .then(arrivingHereIsBad)
+ .catch(expectNotAllowedError);
+ });
+ </script>
+
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 13:43:06 +0000