Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 165 insertions, 0 deletions

diff --git a/testing/web-platform/tests/webauthn/getcredential-prf.https.html b/testing/web-platform/tests/webauthn/getcredential-prf.https.html
new file mode 100644
index 0000000000..40dfc5cad3
--- /dev/null
+++ b/testing/web-platform/tests/webauthn/getcredential-prf.https.html
@@ -0,0 +1,165 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>navigator.credentials.get() prf extension tests with authenticator support</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+standardSetup(async function(authenticator) {
+  "use strict";
+
+  const b64 = buf => btoa(String.fromCharCode.apply(null, new Uint8Array(buf)));
+  const b64url = buf => b64(buf).
+    replace(/\+/g, '-').
+    replace(/\//g, '_').
+    replace(/=+$/, '');
+
+  const credential = createCredential({
+    options: {
+      publicKey: {
+        extensions: {
+          prf: {},
+        },
+      },
+    },
+  });
+
+  const assert = (id, prfExt) =>
+    navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+      allowCredentials: [{
+        id: id,
+        type: "public-key",
+      }],
+      extensions: {
+        prf: prfExt,
+      },
+    }});
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const assertion = await assert(id, {
+          eval: {
+            first: new Uint8Array([1,2,3,4]).buffer,
+          },
+    });
+    const results = assertion.getClientExtensionResults().prf.results;
+    assert_equals(results.first.byteLength, 32)
+    assert_not_own_property(results, 'second');
+  }, "navigator.credentials.get() with single evaluation point");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const assertion = await assert(id, {
+          eval: {
+            first: new Uint8Array([1,2,3,4]).buffer,
+            second: new Uint8Array([1,2,3,4]).buffer,
+          },
+    });
+    const results = assertion.getClientExtensionResults().prf.results;
+    assert_equals(results.first.byteLength, 32)
+    assert_equals(results.second.byteLength, 32)
+    assert_equals(b64(results.first), b64(results.second));
+  }, "navigator.credentials.get() with two equal evaluation points");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const assertion = await assert(id, {
+          eval: {
+            first: new Uint8Array([1,2,3,4]).buffer,
+            second: new Uint8Array([1,2,3,5]).buffer,
+          },
+    });
+    const results = assertion.getClientExtensionResults().prf.results;
+    assert_equals(results.first.byteLength, 32)
+    assert_equals(results.second.byteLength, 32)
+    assert_not_equals(b64(results.first), b64(results.second));
+  }, "navigator.credentials.get() with two distinct evaluation points");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const byCred = {};
+    byCred[b64url(id)] = {
+      first: new Uint8Array([1,2,3,4]).buffer,
+    };
+    const assertion = await assert(id, {
+          evalByCredential: byCred,
+    });
+    const results = assertion.getClientExtensionResults().prf.results;
+    assert_equals(results.first.byteLength, 32)
+    assert_not_own_property(results, 'second');
+  }, "navigator.credentials.get() using credential ID with one evaluation point");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const byCred = {};
+    byCred[b64url(id)] = {
+      first: new Uint8Array([1,2,3,4]).buffer,
+      second: new Uint8Array([1,2,3,4]).buffer,
+    };
+    const assertion = await assert(id, {
+          evalByCredential: byCred,
+    });
+    const results = assertion.getClientExtensionResults().prf.results;
+    assert_equals(results.first.byteLength, 32)
+    assert_equals(results.second.byteLength, 32)
+    assert_equals(b64(results.first), b64(results.second));
+  }, "navigator.credentials.get() using credential ID with two evaluation points");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const byCred = {};
+    byCred["Zm9v"] = {
+      first: new Uint8Array([1,2,3,4]).buffer,
+    };
+    return promise_rejects_dom(t, "SyntaxError", assert(id, {
+          evalByCredential: byCred,
+    }));
+  }, "navigator.credentials.get() with credential ID not in allowedCredentials");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const byCred = {};
+    byCred["Zm9v"] = {
+      first: new Uint8Array([1,2,3,4]),
+    };
+    return promise_rejects_dom(t, "SyntaxError", assert(id, {
+          evalByCredential: byCred,
+    }));
+  }, "navigator.credentials.get() with Uint8Array credential ID not in allowedCredentials");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const byCred = {};
+    byCred["Zm9v="] = {
+      first: new Uint8Array([1,2,3,4]).buffer,
+    };
+    return promise_rejects_dom(
+      t, "SyntaxError", assert(id, {evalByCredential: byCred }));
+  }, "navigator.credentials.get() using invalid base64url credential ID");
+
+  promise_test(async t => {
+    const id = (await credential).rawId;
+    const byCred = {};
+    byCred["Zm9v"] = {
+      first: new Uint8Array([1,2,3,4]).buffer,
+    };
+    const promise = navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+      extensions: {
+        prf: {evalByCredential: byCred },
+      },
+    }});
+    return promise_rejects_dom(t, "NotSupportedError", promise);
+  }, "navigator.credentials.get() with an empty allow list but also using evalByCredential");
+}, {
+  protocol: "ctap2_1",
+  extensions: ["prf"],
+  hasUserVerification: true,
+  isUserVerified: true,
+});
+</script>