summaryrefslogtreecommitdiffstats
path: root/dom/webauthn/tests/test_webauthn_make_credential.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/webauthn/tests/test_webauthn_make_credential.html
parentInitial commit. (diff)
downloadfirefox-esr-upstream.tar.xz
firefox-esr-upstream.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/webauthn/tests/test_webauthn_make_credential.html')
-rw-r--r--dom/webauthn/tests/test_webauthn_make_credential.html413
1 files changed, 413 insertions, 0 deletions
diff --git a/dom/webauthn/tests/test_webauthn_make_credential.html b/dom/webauthn/tests/test_webauthn_make_credential.html
new file mode 100644
index 0000000000..b6819acaff
--- /dev/null
+++ b/dom/webauthn/tests/test_webauthn_make_credential.html
@@ -0,0 +1,413 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+ <title>Test for MakeCredential for W3C Web Authentication</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="u2futil.js"></script>
+ <script type="text/javascript" src="pkijs/common.js"></script>
+ <script type="text/javascript" src="pkijs/asn1.js"></script>
+ <script type="text/javascript" src="pkijs/x509_schema.js"></script>
+ <script type="text/javascript" src="pkijs/x509_simpl.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+ <h1>Test for MakeCredential for W3C Web Authentication</h1>
+ <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1309284">Mozilla Bug 1309284</a>
+
+ <script class="testbody" type="text/javascript">
+ "use strict";
+
+ is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
+ isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
+ isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
+ isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");
+
+ let credm;
+ let gCredentialChallenge;
+ let rp;
+ let user;
+ let param;
+ let unsupportedParam;
+ let unknownParam;
+
+ // Setup test env
+ add_task(() => {
+ gCredentialChallenge = new Uint8Array(16);
+ window.crypto.getRandomValues(gCredentialChallenge);
+
+ rp = {id: document.domain, name: "none", icon: "none"};
+ user = {id: new Uint8Array(64), name: "none", icon: "none", displayName: "none"};
+ param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
+ unsupportedParam = {type: "public-key", alg: cose_alg_ECDSA_w_SHA512};
+ unknownParam = {type: "SimplePassword", alg: "MaxLength=2"};
+ credm = navigator.credentials;
+ });
+ // Add tests
+ add_task(test_good_call);
+ add_task(test_empty_account);
+ add_task(test_without_rp_name);
+ add_task(test_without_user_id);
+ add_task(test_without_user_name);
+ add_task(test_without_user_displayname);
+ add_task(test_user_too_large);
+ add_task(test_empty_parameters);
+ add_task(test_without_parameters);
+ add_task(test_unsupported_parameter);
+ add_task(test_unsupported_but_one_param);
+ add_task(test_one_unknown_parameter);
+ add_task(test_one_unknown_one_unsupported_param);
+ add_task(test_one_of_each_parameters);
+ add_task(test_without_challenge);
+ add_task(test_invalid_challenge);
+ add_task(test_duplicate_pub_key);
+ add_task(test_invalid_rp_id);
+ add_task(test_invalid_rp_id_2);
+ add_task(test_missing_rp);
+ add_task(test_incorrect_user_id_type);
+ add_task(test_missing_user);
+ add_task(test_complete_account);
+ add_task(test_too_large_user_id);
+ add_task(test_excluding_unknown_transports);
+ add_task(test_unknown_attestation_type);
+ add_task(test_unknown_selection_criteria);
+
+ function arrivingHereIsGood(aResult) {
+ ok(true, "Good result! Received a: " + aResult);
+ return Promise.resolve();
+ }
+
+ function arrivingHereIsBad(aResult) {
+ ok(false, "Bad result! Received a: " + aResult);
+ return Promise.resolve();
+ }
+
+ function expectNotAllowedError(aResult) {
+ ok(aResult.toString().startsWith("NotAllowedError"), "Expecting a NotAllowedError");
+ return Promise.resolve();
+ }
+
+ function expectTypeError(aResult) {
+ ok(aResult.toString().startsWith("TypeError"), "Expecting a TypeError");
+ return Promise.resolve();
+ }
+
+ function expectNotSupportedError(aResult) {
+ ok(aResult.toString().startsWith("NotSupportedError"), "Expecting a NotSupportedError");
+ return Promise.resolve();
+ }
+
+ // Test basic good call
+ async function test_good_call() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ // Test empty account
+ async function test_empty_account() {
+ let makeCredentialOptions = {
+ challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test without rp.name
+ async function test_without_rp_name() {
+ let rp1 = {id: document.domain, icon: "none"};
+ let makeCredentialOptions = {
+ rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test without user.id
+ async function test_without_user_id() {
+ let user1 = {name: "none", icon: "none", displayName: "none"};
+ let makeCredentialOptions = {
+ rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test without user.name
+ async function test_without_user_name() {
+ let user1 = {id: new Uint8Array(64), icon: "none", displayName: "none"};
+ let makeCredentialOptions = {
+ rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test without user.displayName
+ async function test_without_user_displayname() {
+ let user1 = {id: new Uint8Array(64), name: "none", icon: "none"};
+ let makeCredentialOptions = {
+ rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test with a user handle that exceeds the max length
+ async function test_user_too_large() {
+ let user1 = {id: new Uint8Array(65), name: "none", icon: "none", displayName: "none"};
+ let makeCredentialOptions = {
+ rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test without any parameters; this is acceptable meaning the RP ID is
+ // happy to accept either ECDSA-SHA256 or RSA-SHA256
+ async function test_empty_parameters() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge, pubKeyCredParams: []
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ // Test without a parameter array at all
+ async function test_without_parameters() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test with an unsupported parameter
+ async function test_unsupported_parameter() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [unsupportedParam]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectNotSupportedError);
+ }
+
+ // Test with an unsupported parameter and a good one
+ async function test_unsupported_but_one_param() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge,
+ pubKeyCredParams: [param, unsupportedParam]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ // Test with one unknown parameter.
+ async function test_one_unknown_parameter() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [unknownParam]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectNotSupportedError);
+ }
+
+ // Test with an unsupported parameter, and an unknown one
+ async function test_one_unknown_one_unsupported_param() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge,
+ pubKeyCredParams: [unsupportedParam, unknownParam]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectNotSupportedError);
+ }
+
+ // Test with an unsupported parameter, an unknown one, and a good one. This
+ // should succeed, as the unsupported and unknown should be ignored.
+ async function test_one_of_each_parameters() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge,
+ pubKeyCredParams: [param, unsupportedParam, unknownParam]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ // Test without a challenge
+ async function test_without_challenge() {
+ let makeCredentialOptions = {
+ rp, user, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test with an invalid challenge
+ async function test_invalid_challenge() {
+ let makeCredentialOptions = {
+ rp, user, challenge: "begone, thou ill-fitting moist glove!",
+ pubKeyCredParams: [unsupportedParam]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test with duplicate pubKeyCredParams
+ async function test_duplicate_pub_key() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge,
+ pubKeyCredParams: [param, param, param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ // Test with an RP ID that is not a valid domain string
+ async function test_invalid_rp_id() {
+ let rp1 = { id: document.domain + ":somejunk", name: "none", icon: "none" };
+ let makeCredentialOptions = {
+ rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(arrivingHereIsGood);
+ }
+
+ // Test with another RP ID that is not a valid domain string
+ async function test_invalid_rp_id_2() {
+ let rp1 = { id: document.domain + ":8888", name: "none", icon: "none" };
+ let makeCredentialOptions = {
+ rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(arrivingHereIsGood);
+ }
+
+ // Test with missing rp
+ async function test_missing_rp() {
+ let makeCredentialOptions = {
+ user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test with incorrect user ID type
+ async function test_incorrect_user_id_type() {
+ let invalidType = {id: "a string, which is not a buffer", name: "none", icon: "none", displayName: "none"};
+ let makeCredentialOptions = {
+ user: invalidType, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test with missing user
+ async function test_missing_user() {
+ let makeCredentialOptions = {
+ rp, challenge: gCredentialChallenge, pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test a complete account
+ async function test_complete_account() {
+ let completeRP = {id: document.domain, name: "Foxxy Name",
+ icon: "https://example.com/fox.svg"};
+ let completeUser = {id: string2buffer("foxes_are_the_best@example.com"),
+ name: "Fox F. Foxington",
+ icon: "https://example.com/fox.svg",
+ displayName: "Foxxy V"};
+ let makeCredentialOptions = {
+ rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
+ pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ // Test with too-large user ID buffer
+ async function test_too_large_user_id() {
+ let hugeUser = {id: new Uint8Array(65),
+ name: "Fox F. Foxington",
+ icon: "https://example.com/fox.svg",
+ displayName: "Foxxy V"};
+ let makeCredentialOptions = {
+ rp, user: hugeUser, challenge: gCredentialChallenge,
+ pubKeyCredParams: [param]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsBad)
+ .catch(expectTypeError);
+ }
+
+ // Test with excluding unknown transports
+ async function test_excluding_unknown_transports() {
+ let completeRP = {id: document.domain, name: "Foxxy Name",
+ icon: "https://example.com/fox.svg"};
+ let completeUser = {id: string2buffer("foxes_are_the_best@example.com"),
+ name: "Fox F. Foxington",
+ icon: "https://example.com/fox.svg",
+ displayName: "Foxxy V"};
+ let excludedUnknownTransport = {type: "public-key",
+ id: string2buffer("123"),
+ transports: ["unknown", "usb"]};
+ let makeCredentialOptions = {
+ rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
+ pubKeyCredParams: [param], excludeCredentials: [excludedUnknownTransport]
+ };
+ return credm.create({publicKey: makeCredentialOptions})
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ async function test_unknown_attestation_type() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
+ attestation: "unknown"
+ };
+ return credm.create({publicKey: makeCredentialOptions })
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ async function test_unknown_selection_criteria() {
+ let makeCredentialOptions = {
+ rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
+ authenticatorSelection: {
+ userVerificationRequirement: "unknown UV requirement",
+ authenticatorAttachment: "unknown authenticator attachment type"
+ },
+ };
+ return credm.create({publicKey: makeCredentialOptions })
+ .then(arrivingHereIsGood)
+ .catch(arrivingHereIsBad);
+ }
+
+ </script>
+
+</body>
+</html>