1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
<!DOCTYPE html>
<meta charset="utf-8">
<title>WebAuthn credential.create() Passing Tests</title>
<meta name="timeout" content="long">
<link rel="author" title="Adam Powers" href="mailto:adam@fidoalliance.org">
<link rel="help" href="https://w3c.github.io/webauthn/#iface-credential">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src=helpers.js></script>
<body></body>
<script>
standardSetup(function() {
"use strict";
// CreateCredentialTest passing tests
// default arguments
new CreateCredentialsTest().runTest("passing credentials.create() with default arguments");
// rp
new CreateCredentialsTest({path: "options.publicKey.rp.id", value: window.location.hostname}).runTest("passing credentials.create() with rpId (hostname)");
// user
new CreateCredentialsTest("options.publicKey.user.id", new ArrayBuffer(1)).runTest("very short user id");
new CreateCredentialsTest("options.publicKey.user.id", new ArrayBuffer(64)).runTest("max length user id");
new CreateCredentialsTest("options.publicKey.user.id", new Uint8Array(64)).runTest("Uint8Array user id");
new CreateCredentialsTest("options.publicKey.user.id", new Int8Array(64)).runTest("Int8Array user id");
new CreateCredentialsTest("options.publicKey.user.id", new Int16Array(32)).runTest("Int16Array user id");
new CreateCredentialsTest("options.publicKey.user.id", new Int32Array(16)).runTest("Int32Array user id");
new CreateCredentialsTest("options.publicKey.user.id", new Float32Array(16)).runTest("Float32Array user id");
var dvBuf1 = new ArrayBuffer(16);
new CreateCredentialsTest("options.publicKey.user.id", new DataView(dvBuf1)).runTest("DataView user id");
// good challenge values
// all these challenges are zero-filled buffers... think anyone will complain?
new CreateCredentialsTest("options.publicKey.challenge", new Int16Array(33)).runTest("Int16Array challenge");
new CreateCredentialsTest("options.publicKey.challenge", new Int32Array(17)).runTest("Int32Array challenge");
new CreateCredentialsTest("options.publicKey.challenge", new Float32Array(17)).runTest("Float32Array challenge");
new CreateCredentialsTest("options.publicKey.challenge", new Float64Array(9)).runTest("Float64Array challenge");
var dvBuf2 = new ArrayBuffer(65);
new CreateCredentialsTest("options.publicKey.challenge", new DataView(dvBuf2)).runTest("DataView challenge");
new CreateCredentialsTest("options.publicKey.challenge", new ArrayBuffer(8192)).runTest("Absurdly large challenge");
// good pubKeyCredParams values
// empty pubKeyCredParams should default to EC256 and RS256
new CreateCredentialsTest("options.publicKey.pubKeyCredParams", []).runTest("pubKeyCredParams is empty Array");
const pkParamEC256 = {
type: "public-key",
alg: cose_alg_ECDSA_w_SHA256
};
const pkParamEC512 = {
type: "public-key",
alg: cose_alg_ECDSA_w_SHA512
};
new CreateCredentialsTest("options.publicKey.pubKeyCredParams", [pkParamEC256]).runTest("EC256 pubKeyCredParams");
new CreateCredentialsTest("options.publicKey.pubKeyCredParams", [pkParamEC512, pkParamEC256])
.runTest("SelectEC256 pubKeyCredParams from a list");
// timeout
new CreateCredentialsTest({path: "options.publicKey.timeout", value: undefined}).runTest("passing credentials.create() with no timeout");
// valid authenticatorSelection values
var defaultAuthnrSel = {
authenticatorAttachment: "cross-platform",
requireResidentKey: false,
userVerification: "preferred"
};
// attachment
var authnrSelAttachUndef = cloneObject(defaultAuthnrSel);
authnrSelAttachUndef.authenticatorAttachment = undefined;
var authnrSelAttachEmptyStr = cloneObject(defaultAuthnrSel);
authnrSelAttachEmptyStr.authenticatorAttachment = "";
var authnrSelAttachEmptyObj = cloneObject(defaultAuthnrSel);
authnrSelAttachEmptyObj.authenticatorAttachment = {};
var authnrSelAttachNull = cloneObject(defaultAuthnrSel);
authnrSelAttachNull.authenticatorAttachment = null;
var authnrSelAttachUnknownValue = cloneObject(defaultAuthnrSel);
authnrSelAttachUnknownValue.authenticatorAttachment = "unknown-value";
// resident key
var authnrSelRkUndef = cloneObject(defaultAuthnrSel);
authnrSelRkUndef.requireResidentKey = undefined;
var authnrSelRkFalse = cloneObject(defaultAuthnrSel);
authnrSelRkFalse.requireResidentKey = false;
// user verification
var authnrSelUvUndef = cloneObject(defaultAuthnrSel);
authnrSelUvUndef.userVerification = undefined;
var authnrSelUvDiscouraged = cloneObject(defaultAuthnrSel);
authnrSelUvDiscouraged.userVerification = "discouraged";
var authnrSelUvEmptyStr = cloneObject(defaultAuthnrSel);
authnrSelUvEmptyStr.userVerification = "";
var authnrSelUvEmptyObj = cloneObject(defaultAuthnrSel);
authnrSelUvEmptyObj.userVerification = {};
var authnrSelUvStr = cloneObject(defaultAuthnrSel);
authnrSelUvStr.userVerification = "requiredshirtshoestshirt";
var authnrSelUvNull = cloneObject(defaultAuthnrSel);
authnrSelUvNull.userVerification = null;
new CreateCredentialsTest({path: "options.publicKey.authenticatorSelection", value: undefined}).runTest("authenticatorSelection is undefined");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", {}).runTest("authenticatorSelection is empty object");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", cloneObject(defaultAuthnrSel)).runTest("authenticatorSelection default values");
// authnr selection attachment
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachUndef).runTest("authenticatorSelection attachment undefined");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachEmptyStr).runTest("authenticatorSelection attachment empty string");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachEmptyObj).runTest("authenticatorSelection attachment empty object");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachNull).runTest("authenticatorSelection attachment null");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachUnknownValue).runTest("authenticatorSelection attachment unknown value");
// authnr selection resident key
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelRkUndef).runTest("authenticatorSelection residentKey undefined");
// XXX: assumes authnr is behaving like most U2F authnrs; really depends on the authnr or mock configuration
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelRkFalse).runTest("authenticatorSelection residentKey false");
// authnr selection user verification
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvUndef).runTest("authenticatorSelection userVerification undefined");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvDiscouraged).runTest("authenticatorSelection userVerification discouraged");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvEmptyStr).runTest("authenticatorSelection userVerification empty string");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvEmptyObj).runTest("authenticatorSelection userVerification empty object");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvStr).runTest("authenticatorSelection userVerification unknown value");
new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvNull).runTest("authenticatorSelection userVerification null");
// good attestation values
new CreateCredentialsTest("options.publicKey.attestation", "none").runTest("attestation parameter: attestation is \"none\"");
new CreateCredentialsTest("options.publicKey.attestation", "indirect").runTest("attestation parameter: attestation is \"indirect\"");
new CreateCredentialsTest("options.publicKey.attestation", "direct").runTest("attestation parameter: attestation is \"direct\"");
new CreateCredentialsTest({path: "options.publicKey.attestation", value: undefined}).runTest("attestation parameter: attestation is undefined");
// attestation unknown values
new CreateCredentialsTest("options.publicKey.attestation", {}).runTest("attestation parameter: attestation is empty object");
new CreateCredentialsTest("options.publicKey.attestation", []).runTest("attestation parameter: attestation is empty array");
new CreateCredentialsTest("options.publicKey.attestation", null).runTest("attestation parameter: attestation is null");
new CreateCredentialsTest("options.publicKey.attestation", "noneofyourbusiness").runTest("attestation parameter: attestation is \"noneofyourbusiness\"");
new CreateCredentialsTest("options.publicKey.attestation", "").runTest("attestation parameter: attestation is empty string");
// TODO: test this with multiple mock authenticators to make sure that the right options are chosen when available?
// good extension values
new CreateCredentialsTest({path: "options.publicKey.extensions", value: undefined}).runTest("extensions undefined");
new CreateCredentialsTest("options.publicKey.extensions", {}).runTest("extensions are empty object");
new CreateCredentialsTest("options.publicKey.extensions", {foo: "", bar: "", bat: ""}).runTest("extensions are dict of empty strings");
});
/* JSHINT */
/* globals standardSetup, CreateCredentialsTest, cose_alg_ECDSA_w_SHA256, cose_alg_ECDSA_w_SHA512, cloneObject */
</script>
|
