summaryrefslogtreecommitdiffstats
path: root/dom/webauthn/tests/test_webauthn_sameoriginwithancestors.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/webauthn/tests/test_webauthn_sameoriginwithancestors.html')
-rw-r--r--dom/webauthn/tests/test_webauthn_sameoriginwithancestors.html107
1 files changed, 107 insertions, 0 deletions
diff --git a/dom/webauthn/tests/test_webauthn_sameoriginwithancestors.html b/dom/webauthn/tests/test_webauthn_sameoriginwithancestors.html
new file mode 100644
index 0000000000..7bb0ede1ec
--- /dev/null
+++ b/dom/webauthn/tests/test_webauthn_sameoriginwithancestors.html
@@ -0,0 +1,107 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+ <title>Test for MakeCredential for W3C Web Authentication (sameOriginWithAncestors = false)</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="u2futil.js"></script>
+ <script type="text/javascript" src="pkijs/common.js"></script>
+ <script type="text/javascript" src="pkijs/asn1.js"></script>
+ <script type="text/javascript" src="pkijs/x509_schema.js"></script>
+ <script type="text/javascript" src="pkijs/x509_simpl.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+ <h1>Test Same Origin Policy for W3C Web Authentication (sameOriginWithAncestors = false)</h1>
+ <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1694639">Mozilla Bug 1694639</a>
+
+ <script class="testbody" type="text/javascript">
+ "use strict";
+
+ // Execute the full-scope test
+ SimpleTest.waitForExplicitFinish();
+
+ var gTrackedCredential = {};
+
+ function arrivingHereIsGood(aResult) {
+ ok(true, "Good result! Received a: " + aResult);
+ }
+
+ function arrivingHereIsBad(aResult) {
+ ok(false, "Bad result! Received a: " + aResult);
+ }
+
+ function expectNotAllowedError(aResult) {
+ ok(aResult == "NotAllowedError", "Expecting a NotAllowedError, got " + aResult);
+ }
+
+ function keepThisPublicKeyCredential(aIdentifier) {
+ return function(aPublicKeyCredential) {
+ gTrackedCredential[aIdentifier] = {
+ type: "public-key",
+ id: new Uint8Array(aPublicKeyCredential.rawId),
+ transports: [ "usb" ],
+ }
+ return Promise.resolve(aPublicKeyCredential);
+ }
+ }
+
+ add_task(async function runTests() {
+ let iframe = document.createElement("iframe");
+ iframe.src = "https://example.org";
+ document.body.appendChild(iframe);
+ await new Promise(resolve => iframe.addEventListener("load", resolve, {once: true}));
+
+ is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
+ isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
+ isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
+ isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");
+
+ let credm = navigator.credentials;
+
+ let chall = new Uint8Array(16);
+ window.crypto.getRandomValues(chall);
+
+ let user = {id: new Uint8Array(16), name: "none", icon: "none", displayName: "none"};
+ let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
+
+ let rp = {id: document.domain, name: "none"};
+ let makeCredentialOptions = {
+ rp, user, challenge: chall, pubKeyCredParams: [param]
+ };
+ await credm.create({publicKey: makeCredentialOptions})
+ .then(keepThisPublicKeyCredential("basic"))
+ .catch(arrivingHereIsBad);
+
+ var testFuncs = [
+ function (args) {
+ // Test create when sameOriginWithAncestors = false
+ let credentialOptions = {
+ rp: args.rp, user: args.user, challenge: args.challenge, pubKeyCredParams: [args.param]
+ };
+ return this.content.window.navigator.credentials.create({publicKey: credentialOptions})
+ .catch(e => Promise.reject(e.name));
+ },
+ function (args) {
+ // Test get when sameOriginWithAncestors = false
+ let publicKeyCredentialRequestOptions = {
+ challenge: args.challenge,
+ rpId: args.rp.id,
+ allowCredentials: [args.trackedCredential.basic]
+ };
+ return this.content.window.navigator.credentials.get({publicKey: publicKeyCredentialRequestOptions})
+ .catch(e => Promise.reject(e.name));
+ },
+ ];
+
+ let args = { user, param, rp, challenge: chall, trackedCredential: gTrackedCredential }
+ for(let func of testFuncs) {
+ await SpecialPowers.spawn(iframe, [args], func)
+ .then(arrivingHereIsBad)
+ .catch(expectNotAllowedError);
+ }
+ });
+ </script>
+
+</body>
+</html>