summaryrefslogtreecommitdiffstats
path: root/dom/webauthn/tests/test_webauthn_no_token.html
blob: 0d89fd94ad975a08fa9f0a9815e7a46bd83dfab3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<!DOCTYPE html>
<meta charset=utf-8>
<head>
  <title>Test for W3C Web Authentication with no token</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="u2futil.js"></script>
  <script type="text/javascript" src="pkijs/common.js"></script>
  <script type="text/javascript" src="pkijs/asn1.js"></script>
  <script type="text/javascript" src="pkijs/x509_schema.js"></script>
  <script type="text/javascript" src="pkijs/x509_simpl.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>

<h1>Test for W3C Web Authentication with no token</h1>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1309284">Mozilla Bug 1309284</a>

<script class="testbody" type="text/javascript">
"use strict";

is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");

let credm;
let credentialChallenge;
let assertionChallenge;
let credentialId;

// Setup test env
add_task(() => {
  credentialChallenge = new Uint8Array(16);
  window.crypto.getRandomValues(credentialChallenge);
  assertionChallenge = new Uint8Array(16);
  window.crypto.getRandomValues(assertionChallenge);
  credentialId = new Uint8Array(128);
  window.crypto.getRandomValues(credentialId);
  credm = navigator.credentials;
  // Turn off all tokens. This should result in "not allowed" failures
  return SpecialPowers.pushPrefEnv({"set": [
    ["security.webauth.webauthn_enable_softtoken", false],
    ["security.webauth.webauthn_enable_usbtoken", false],
  ]});
});

add_task(async function test_no_token_make_credential() {
  let rp = {id: document.domain, name: "none", icon: "none"};
  let user = {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"};
  let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
  let makeCredentialOptions = {
    rp, user, challenge: credentialChallenge, pubKeyCredParams: [param]
  };
  return credm.create({publicKey: makeCredentialOptions})
  .then(function(aResult) {
    ok(false, "Should have failed.");
  })
  .catch(function(aReason) {
    ok(aReason.toString().startsWith("NotAllowedError"), aReason);
  });
});

add_task(async function test_no_token_get_assertion() {
  let newCredential = {
    type: "public-key",
    id: credentialId,
    transports: ["usb"],
  }
  let publicKeyCredentialRequestOptions = {
    challenge: assertionChallenge,
    timeout: 5000, // the minimum timeout is actually 15 seconds
    rpId: document.domain,
    allowCredentials: [newCredential]
  };
  return credm.get({publicKey: publicKeyCredentialRequestOptions})
  .then(function(aResult) {
    ok(false, "Should have failed.");
  })
  .catch(function(aReason) {
    ok(aReason.toString().startsWith("NotAllowedError"), aReason);
  })
});

</script>

</body>
</html>