diff options
Diffstat (limited to 'dom/webauthn/tests/test_webauthn_ctap2_omitted_credential_id.html')
-rw-r--r-- | dom/webauthn/tests/test_webauthn_ctap2_omitted_credential_id.html | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/dom/webauthn/tests/test_webauthn_ctap2_omitted_credential_id.html b/dom/webauthn/tests/test_webauthn_ctap2_omitted_credential_id.html new file mode 100644 index 0000000000..a2c14eb91d --- /dev/null +++ b/dom/webauthn/tests/test_webauthn_ctap2_omitted_credential_id.html @@ -0,0 +1,68 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<head> + <title>Tests for omitted credential ID in a CTAP 2.0 authenticator response</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <script type="text/javascript" src="u2futil.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + + <h1>Tests for omitted credential ID in a CTAP 2.0 authenticator response</h1> + <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1864504">Mozilla Bug 1864504</a> + + <script class="testbody" type="text/javascript"> + "use strict"; + + add_task(async () => { + // CTAP 2.0 allows GetAssertion responses to omit a credential + // ID if the allowlist has length one. This can cause problems in + // MakeCredential as well because GetAssertion is used for pre-flighting. + await addVirtualAuthenticator("ctap2"); + }); + + let validCred = null; + + add_task(test_setup_valid_credential); + add_task(test_create_with_one_excluded_credential); + add_task(test_get_with_one_allowed_credential); + + async function test_setup_valid_credential() { + let publicKey = { + rp: {id: document.domain, name: "none"}, + user: {id: new Uint8Array(), name: "none", displayName: "none"}, + challenge: crypto.getRandomValues(new Uint8Array(16)), + pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}], + }; + + let res = await navigator.credentials.create({publicKey}); + validCred = {type: "public-key", id: res.rawId}; + } + + async function test_create_with_one_excluded_credential() { + let publicKey = { + rp: {id: document.domain, name: "none"}, + user: {id: new Uint8Array(), name: "none", displayName: "none"}, + challenge: crypto.getRandomValues(new Uint8Array(16)), + excludeList: [validCred], + pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}], + }; + + await navigator.credentials.create({publicKey}); + ok(true, "create should not throw"); + } + + async function test_get_with_one_allowed_credential() { + let publicKey = { + challenge: crypto.getRandomValues(new Uint8Array(16)), + allowCredentials: [validCred] + }; + + await navigator.credentials.get({publicKey}); + ok(true, "get should not throw"); + } + + </script> + +</body> +</html> |