1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
<!DOCTYPE html>
<title>Digital Identity Credential tests.</title>
<link rel="help" href="https://wicg.github.io/digital-identities/">
<script src="/common/get-host-info.sub.js"></script>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<body>
<script type="module">
import { buildValidNavigatorIdentityRequest } from './support/digital-identity-helper.js';
// This regex removes the filename from the path so that we just get
// the directory.
const host = get_host_info();
const basePath = window.location.pathname.replace(/\/[^\/]*$/, '/');
const remoteBaseURL = host.HTTPS_REMOTE_ORIGIN + basePath;
// Builds valid digital identity request for navigator.credentials.get() API.
function buildValidNavigatorCredentialsRequest() {
return {
identity: {
providers: [{
holder: {
selector: {
format: ['mdoc'],
doctype: 'org.iso.18013.5.1.mDL',
fields: [
'org.iso.18013.5.1.family_name',
'org.iso.18013.5.1.portrait',
]
},
params: {
nonce: '1234',
readerPublicKey: 'test_reader_public_key',
extraParamAsNeededByDigitalCredentials: true,
},
},
}],
},
};
}
async function createIframeAndWaitForMessage(test, iframeUrl) {
const messageWatcher = new EventWatcher(test, window, "message");
var iframe = document.createElement("iframe");
iframe.src = iframeUrl;
document.body.appendChild(iframe);
const message = await messageWatcher.wait_for("message");
return message.data;
}
// Requires browser to have mode where OS-presented digital-identity-prompt is
// bypassed in favour of returning "fake_test_token" directly.
promise_test(async t => {
const {token} = await navigator.credentials.get(buildValidNavigatorCredentialsRequest());
assert_equals("fake_test_token", token);
}, "navigator.credentials.get() API works in toplevel frame.");
promise_test(async t => {
let request = buildValidNavigatorCredentialsRequest();
request.identity.providers = undefined;
await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
}, "navigator.credentials.get() API fails if IdentityCredentialRequestOptions::providers is not specified.");
promise_test(async t => {
let request = buildValidNavigatorCredentialsRequest();
request.identity.providers = [];
await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
}, "navigator.credentials.get() API fails if there are no providers.");
promise_test(async t => {
let request = buildValidNavigatorCredentialsRequest();
let providerCopy = structuredClone(request.identity.providers[0]);
request.identity.providers.push(providerCopy);
await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
}, "navigator.credentials.get() API fails if there is more than one provider.");
promise_test(async t => {
let request = buildValidNavigatorCredentialsRequest();
request.identity.providers[0].holder = undefined;
await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
}, "navigator.credentials.get() API fails if IdentityProviderConfig::holder is not specified.");
promise_test(async t => {
let request = buildValidNavigatorIdentityRequest();
let credential = await navigator.identity.get(request);
assert_equals("urn:openid.net:oid4vp", credential.protocol);
assert_equals("fake_test_token", credential.data);
}, "navigator.identity.get() API works in toplevel frame.");
promise_test(async t => {
let request = buildValidNavigatorIdentityRequest();
request.digital.providers = undefined;
await promise_rejects_js(t, TypeError, navigator.identity.get(request));
}, "navigator.identity.get() API fails if DigitalCredentialRequestOptions::providers is not specified.");
promise_test(async t => {
let request = buildValidNavigatorIdentityRequest();
request.digital.providers = [];
await promise_rejects_js(t, TypeError, navigator.identity.get(request));
}, "navigator.identity.get() API fails if there are no providers.");
promise_test(async t => {
let request = buildValidNavigatorIdentityRequest();
let providerCopy = structuredClone(request.digital.providers[0]);
request.digital.providers.push(providerCopy);
await promise_rejects_js(t, TypeError, navigator.identity.get(request));
}, "navigator.identity.get() API fails if there is more than one provider.");
promise_test(async t=> {
let abortController = new AbortController();
let request = buildValidNavigatorIdentityRequest();
request.signal = abortController.signal;
let requestPromise = navigator.identity.get(request);
abortController.abort();
await promise_rejects_dom(t, "AbortError", requestPromise);
}, "navigator.identity.get() promise is rejected when the page aborts the request.");
promise_test(async t=> {
const message = await createIframeAndWaitForMessage(
t, basePath + "support/digital-identity-iframe.html");
assert_equals(message.result, "Pass");
assert_equals(message.data, "fake_test_token");
}, "navigator.identity.get() succeeds in same-origin iframe");
promise_test(async t=> {
const message = await createIframeAndWaitForMessage(
t, remoteBaseURL + "support/digital-identity-iframe.html");
assert_equals(message.result, "Fail");
assert_equals(message.errorType, "NotAllowedError");
}, "navigator.identity.get() fails in cross-origin iframe");
</script>
|
