testing/web-platform/tests/webrtc/RTCPeerConnection-generateCertificate.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

<!doctype html>
<meta charset="utf-8">
<title>Test RTCPeerConnection.generateCertificate</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
  'use strict';

  // Test is based on the following editor draft:
  // https://w3c.github.io/webrtc-pc/archives/20170515/webrtc.html

  /*
   *  4.10. Certificate Management
   *    partial interface RTCPeerConnection {
   *      static Promise<RTCCertificate> generateCertificate(
   *        AlgorithmIdentifier keygenAlgorithm);
   *    };
   *
   *  4.10.2. RTCCertificate Interface
   *    interface RTCCertificate {
   *      readonly attribute DOMTimeStamp expires;
   *      ...
   *    };
   *
   *  [WebCrypto]
   *  11. Algorithm Dictionary
   *    typedef (object or DOMString) AlgorithmIdentifier;
   */

  /*
   *  4.10. The following values must be supported by a user agent:
   *        { name: "RSASSA-PKCS1-v1_5", modulusLength: 2048,
   *          publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" },
   *        and { name: "ECDSA", namedCurve: "P-256" }.
   */
  promise_test(t =>
    RTCPeerConnection.generateCertificate({
      name: 'RSASSA-PKCS1-v1_5',
      modulusLength: 2048,
      publicExponent: new Uint8Array([1, 0, 1]),
      hash: 'SHA-256'
    }).then(cert => {
      assert_true(cert instanceof RTCCertificate,
        'Expect cert to be instance of RTCCertificate');

      assert_greater_than(cert.expires, Date.now(),
        'Expect generated certificate to expire reasonably long after current time');
    }),
    'generateCertificate() with compulsary RSASSA-PKCS1-v1_5 parameters should succeed');

  promise_test(t =>
    RTCPeerConnection.generateCertificate({
      name: 'ECDSA',
      namedCurve: 'P-256'
    }).then(cert => {
      assert_true(cert instanceof RTCCertificate,
        'Expect cert to be instance of RTCCertificate');

      assert_greater_than(cert.expires, Date.now(),
        'Expect generated certificate to expire reasonably long after current time');
    }),
    'generateCertificate() with compulsary ECDSA parameters should succeed');

  /*
   *  4.10. A user agent must reject a call to generateCertificate() with a
   *        DOMException of type NotSupportedError if the keygenAlgorithm
   *        parameter identifies an algorithm that the user agent cannot or
   *        will not use to generate a certificate for RTCPeerConnection.
   */
  promise_test(t =>
    promise_rejects_dom(t, 'NotSupportedError',
      RTCPeerConnection.generateCertificate('invalid-algo')),
    'generateCertificate() with invalid string algorithm should reject with NotSupportedError');

  promise_test(t =>
    promise_rejects_dom(t, 'NotSupportedError',
      RTCPeerConnection.generateCertificate({
        name: 'invalid-algo'
      })),
    'generateCertificate() with invalid algorithm dict should reject with NotSupportedError');

  /*
   *  4.10.1. Dictionary RTCCertificateExpiration
   *    dictionary RTCCertificateExpiration {
   *      [EnforceRange]
   *      DOMTimeStamp expires;
   *    };
   *
   *    If this parameter is present it indicates the maximum time that
   *    the RTCCertificate is valid for relative to the current time.
   *
   *    When generateCertificate is called with an object argument,
   *    the user agent attempts to convert the object into a
   *    RTCCertificateExpiration. If this is unsuccessful, immediately
   *    return a promise that is rejected with a newly created TypeError
   *    and abort processing.
   */

  promise_test(t => {
    const start = Date.now();
    return RTCPeerConnection.generateCertificate({
      name: 'ECDSA',
      namedCurve: 'P-256',
      expires: 2000
    }).then(cert => {
      assert_approx_equals(cert.expires, start+2000, 1000);
    })
  }, 'generateCertificate() with valid expires parameter should succeed');

  promise_test(t => {
    return RTCPeerConnection.generateCertificate({
      name: 'ECDSA',
      namedCurve: 'P-256',
      expires: 0
    }).then(cert => {
      assert_less_than_equal(cert.expires, Date.now());
    })
  }, 'generateCertificate() with 0 expires parameter should generate expired cert');

  promise_test(t => {
    return promise_rejects_js(t, TypeError,
      RTCPeerConnection.generateCertificate({
        name: 'ECDSA',
        namedCurve: 'P-256',
        expires: -1
      }))
  }, 'generateCertificate() with invalid range for expires should reject with TypeError');

  promise_test(t => {
    return promise_rejects_js(t, TypeError,
      RTCPeerConnection.generateCertificate({
        name: 'ECDSA',
        namedCurve: 'P-256',
        expires: 'invalid'
      }))
  }, 'generateCertificate() with invalid type for expires should reject with TypeError');

</script>