Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 103 insertions, 0 deletions

diff --git a/dom/webauthn/tests/test_webauthn_attestation_conveyance.html b/dom/webauthn/tests/test_webauthn_attestation_conveyance.html
new file mode 100644
index 0000000000..061e2c2624
--- /dev/null
+++ b/dom/webauthn/tests/test_webauthn_attestation_conveyance.html
@@ -0,0 +1,103 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+  <title>W3C Web Authentication - Attestation Conveyance</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="u2futil.js"></script>
+  <script type="text/javascript" src="pkijs/common.js"></script>
+  <script type="text/javascript" src="pkijs/asn1.js"></script>
+  <script type="text/javascript" src="pkijs/x509_schema.js"></script>
+  <script type="text/javascript" src="pkijs/x509_simpl.js"></script>
+  <script type="text/javascript" src="cbor.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+  <h1>W3C Web Authentication - Attestation Conveyance</h1>
+  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1428916">Mozilla Bug 1428916</a>
+  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1416056">Mozilla Bug 1416056</a>
+
+  <script class="testbody" type="text/javascript">
+    "use strict";
+
+    add_task(async () => {
+      await SpecialPowers.pushPrefEnv({"set": [
+        ["security.webauth.webauthn_testing_allow_direct_attestation", true],
+      ]});
+      await addVirtualAuthenticator();
+    });
+
+    function verifyAnonymizedCertificate(aResult) {
+      return webAuthnDecodeCBORAttestation(aResult.response.attestationObject)
+      .then(({fmt, attStmt}) => {
+        is(fmt, "none", "Is a None Attestation");
+        is(typeof(attStmt), "object", "attStmt is a map");
+        is(Object.keys(attStmt).length, 0, "attStmt is empty");
+      });
+    }
+
+    async function verifyDirectCertificate(aResult) {
+      let clientDataHash = await crypto.subtle.digest("SHA-256", aResult.response.clientDataJSON)
+          .then(digest => new Uint8Array(digest));
+      let {fmt, attStmt, authData, authDataObj} = await webAuthnDecodeCBORAttestation(aResult.response.attestationObject);
+      is(fmt, "packed", "Is a Packed Attestation");
+      let signedData = new Uint8Array(authData.length + clientDataHash.length);
+      signedData.set(authData);
+      signedData.set(clientDataHash, authData.length);
+      let valid = await verifySignature(authDataObj.publicKeyHandle, signedData, new Uint8Array(attStmt.sig));
+      ok(valid, "Signature is valid.");
+    }
+
+    function arrivingHereIsBad(aResult) {
+      ok(false, "Bad result! Received a: " + aResult);
+    }
+
+    function expectTypeError(aResult) {
+      ok(aResult.toString().startsWith("TypeError"), "Expecting a TypeError, got " + aResult);
+    }
+
+    // Start a new MakeCredential() request.
+    function requestMakeCredential(attestation) {
+      let publicKey = {
+        rp: {id: document.domain, name: "none"},
+        user: {id: new Uint8Array(), name: "none", displayName: "none"},
+        challenge: crypto.getRandomValues(new Uint8Array(16)),
+        timeout: 5000, // the minimum timeout is actually 15 seconds
+        pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],
+        attestation,
+      };
+
+      return navigator.credentials.create({publicKey});
+    }
+
+    // Test success cases for make credential.
+    add_task(async function test_make_credential_success () {
+      // No selection criteria should be equal to none, which means anonymized
+      await requestMakeCredential()
+        .then(verifyAnonymizedCertificate)
+        .catch(arrivingHereIsBad);
+
+      // Request an unknown attestation type. This should be treated as "none".
+      await requestMakeCredential("unknown")
+        .then(verifyAnonymizedCertificate)
+        .catch(arrivingHereIsBad);
+
+      // Request no attestation.
+      await requestMakeCredential("none")
+        .then(verifyAnonymizedCertificate)
+        .catch(arrivingHereIsBad);
+
+      // Request indirect attestation, which is the same as direct.
+      await requestMakeCredential("indirect")
+        .then(verifyDirectCertificate)
+        .catch(arrivingHereIsBad);
+
+      // Request direct attestation, which will prompt for user intervention.
+      await requestMakeCredential("direct")
+        .then(verifyDirectCertificate)
+        .catch(arrivingHereIsBad);
+    });
+  </script>
+
+</body>
+</html>