diff options
Diffstat (limited to 'testing/web-platform/tests/webauthn/getcredential-prf.https.html')
| -rw-r--r-- | testing/web-platform/tests/webauthn/getcredential-prf.https.html | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/testing/web-platform/tests/webauthn/getcredential-prf.https.html b/testing/web-platform/tests/webauthn/getcredential-prf.https.html new file mode 100644 index 0000000000..40dfc5cad3 --- /dev/null +++ b/testing/web-platform/tests/webauthn/getcredential-prf.https.html @@ -0,0 +1,165 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<title>navigator.credentials.get() prf extension tests with authenticator support</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> +<script src=helpers.js></script> +<body></body> +<script> +standardSetup(async function(authenticator) { + "use strict"; + + const b64 = buf => btoa(String.fromCharCode.apply(null, new Uint8Array(buf))); + const b64url = buf => b64(buf). + replace(/\+/g, '-'). + replace(/\//g, '_'). + replace(/=+$/, ''); + + const credential = createCredential({ + options: { + publicKey: { + extensions: { + prf: {}, + }, + }, + }, + }); + + const assert = (id, prfExt) => + navigator.credentials.get({publicKey: { + challenge: new Uint8Array(), + allowCredentials: [{ + id: id, + type: "public-key", + }], + extensions: { + prf: prfExt, + }, + }}); + + promise_test(async t => { + const id = (await credential).rawId; + const assertion = await assert(id, { + eval: { + first: new Uint8Array([1,2,3,4]).buffer, + }, + }); + const results = assertion.getClientExtensionResults().prf.results; + assert_equals(results.first.byteLength, 32) + assert_not_own_property(results, 'second'); + }, "navigator.credentials.get() with single evaluation point"); + + promise_test(async t => { + const id = (await credential).rawId; + const assertion = await assert(id, { + eval: { + first: new Uint8Array([1,2,3,4]).buffer, + second: new Uint8Array([1,2,3,4]).buffer, + }, + }); + const results = assertion.getClientExtensionResults().prf.results; + assert_equals(results.first.byteLength, 32) + assert_equals(results.second.byteLength, 32) + assert_equals(b64(results.first), b64(results.second)); + }, "navigator.credentials.get() with two equal evaluation points"); + + promise_test(async t => { + const id = (await credential).rawId; + const assertion = await assert(id, { + eval: { + first: new Uint8Array([1,2,3,4]).buffer, + second: new Uint8Array([1,2,3,5]).buffer, + }, + }); + const results = assertion.getClientExtensionResults().prf.results; + assert_equals(results.first.byteLength, 32) + assert_equals(results.second.byteLength, 32) + assert_not_equals(b64(results.first), b64(results.second)); + }, "navigator.credentials.get() with two distinct evaluation points"); + + promise_test(async t => { + const id = (await credential).rawId; + const byCred = {}; + byCred[b64url(id)] = { + first: new Uint8Array([1,2,3,4]).buffer, + }; + const assertion = await assert(id, { + evalByCredential: byCred, + }); + const results = assertion.getClientExtensionResults().prf.results; + assert_equals(results.first.byteLength, 32) + assert_not_own_property(results, 'second'); + }, "navigator.credentials.get() using credential ID with one evaluation point"); + + promise_test(async t => { + const id = (await credential).rawId; + const byCred = {}; + byCred[b64url(id)] = { + first: new Uint8Array([1,2,3,4]).buffer, + second: new Uint8Array([1,2,3,4]).buffer, + }; + const assertion = await assert(id, { + evalByCredential: byCred, + }); + const results = assertion.getClientExtensionResults().prf.results; + assert_equals(results.first.byteLength, 32) + assert_equals(results.second.byteLength, 32) + assert_equals(b64(results.first), b64(results.second)); + }, "navigator.credentials.get() using credential ID with two evaluation points"); + + promise_test(async t => { + const id = (await credential).rawId; + const byCred = {}; + byCred["Zm9v"] = { + first: new Uint8Array([1,2,3,4]).buffer, + }; + return promise_rejects_dom(t, "SyntaxError", assert(id, { + evalByCredential: byCred, + })); + }, "navigator.credentials.get() with credential ID not in allowedCredentials"); + + promise_test(async t => { + const id = (await credential).rawId; + const byCred = {}; + byCred["Zm9v"] = { + first: new Uint8Array([1,2,3,4]), + }; + return promise_rejects_dom(t, "SyntaxError", assert(id, { + evalByCredential: byCred, + })); + }, "navigator.credentials.get() with Uint8Array credential ID not in allowedCredentials"); + + promise_test(async t => { + const id = (await credential).rawId; + const byCred = {}; + byCred["Zm9v="] = { + first: new Uint8Array([1,2,3,4]).buffer, + }; + return promise_rejects_dom( + t, "SyntaxError", assert(id, {evalByCredential: byCred })); + }, "navigator.credentials.get() using invalid base64url credential ID"); + + promise_test(async t => { + const id = (await credential).rawId; + const byCred = {}; + byCred["Zm9v"] = { + first: new Uint8Array([1,2,3,4]).buffer, + }; + const promise = navigator.credentials.get({publicKey: { + challenge: new Uint8Array(), + extensions: { + prf: {evalByCredential: byCred }, + }, + }}); + return promise_rejects_dom(t, "NotSupportedError", promise); + }, "navigator.credentials.get() with an empty allow list but also using evalByCredential"); +}, { + protocol: "ctap2_1", + extensions: ["prf"], + hasUserVerification: true, + isUserVerified: true, +}); +</script> |