diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/webauthn/webauthn-testdriver-basic.https.html | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/webauthn/webauthn-testdriver-basic.https.html')
-rw-r--r-- | testing/web-platform/tests/webauthn/webauthn-testdriver-basic.https.html | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/testing/web-platform/tests/webauthn/webauthn-testdriver-basic.https.html b/testing/web-platform/tests/webauthn/webauthn-testdriver-basic.https.html new file mode 100644 index 0000000000..4b8b08d975 --- /dev/null +++ b/testing/web-platform/tests/webauthn/webauthn-testdriver-basic.https.html @@ -0,0 +1,123 @@ +<!DOCTYPE html> +<title>Successful WebAuthn tests</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> +<script src="resources/common-inputs.js"></script> +<script src="resources/utils.js"></script> + +<script> +"use strict"; + +let authenticator; + +promise_test(async t => { + authenticator = await window.test_driver.add_virtual_authenticator({ + protocol: "ctap1/u2f", + transport: "usb", + }); +}, "Set up the test environment"); + +let credential; +let publicKey; + +promise_test(async t => { + credential = await navigator.credentials.create({ + publicKey: MAKE_CREDENTIAL_OPTIONS, + }); + + // Perform the validations the Relying Party should do against the credential. + // https://w3c.github.io/webauthn/#sctn-registering-a-new-credential + let jsonText = + new TextDecoder("utf-8").decode(credential.response.clientDataJSON); + let clientData = JSON.parse(jsonText); + assert_equals(clientData.type, "webauthn.create"); + assert_equals(clientData.challenge, base64urlEncode(CHALLENGE)); + assert_equals(clientData.origin, window.location.origin); + + let attestationObject = + new Cbor(credential.response.attestationObject).getCBOR(); + + let rpIdHash = new Uint8Array(await crypto.subtle.digest( + { name: "SHA-256" }, new TextEncoder("utf-8").encode(PUBLIC_KEY_RP.id))); + + let authenticatorData = parseAuthenticatorData(attestationObject.authData); + + assert_array_equals(authenticatorData.rpIdHash, rpIdHash) + assert_true(authenticatorData.flags.up); + assert_false(authenticatorData.flags.uv); + + publicKey = authenticatorData.attestedCredentialData.credentialPublicKey; + assert_equals(publicKey.alg, PUBLIC_KEY_PARAMETERS[0].alg); + assert_equals(publicKey.type, 2 /* EC2 */); + + assert_equals(authenticatorData.extensions, null); + assert_object_equals(credential.getClientExtensionResults(), {}); +}, "Create a credential"); + +promise_test(async t => { + let assertion = await navigator.credentials.get({ + publicKey: { + challenge: new TextEncoder("utf-8").encode(CHALLENGE), + rpId: PUBLIC_KEY_RP.id, + allowCredentials: [{ + type: "public-key", + id: credential.rawId, + transports: ["usb"], + }], + userVerification: "discouraged", + }, + }); + + // Perform the validations the Relying Party should do against the assertion. + // https://w3c.github.io/webauthn/#sctn-verifying-assertion + assert_object_equals(credential.rawId, assertion.rawId); + let jsonText = + new TextDecoder("utf-8").decode(assertion.response.clientDataJSON); + let clientData = JSON.parse(jsonText); + assert_equals(clientData.type, "webauthn.get"); + assert_equals(clientData.challenge, base64urlEncode(CHALLENGE)); + assert_equals(clientData.type, "webauthn.get"); + assert_equals(clientData.origin, window.location.origin); + + let binaryAuthenticatorData = + new Uint8Array(assertion.response.authenticatorData); + + let authenticatorData = parseAuthenticatorData(binaryAuthenticatorData); + + let rpIdHash = new Uint8Array(await crypto.subtle.digest( + { name: "SHA-256" }, new TextEncoder("utf-8").encode(PUBLIC_KEY_RP.id))); + + assert_array_equals(authenticatorData.rpIdHash, rpIdHash) + assert_true(authenticatorData.flags.up); + assert_false(authenticatorData.flags.uv); + + assert_equals(authenticatorData.extensions, null); + assert_object_equals(credential.getClientExtensionResults(), {}); + assert_equals(authenticatorData.attestedCredentialData, null); + + let jwkPublicKey = coseObjectToJWK(publicKey); + let key = await crypto.subtle.importKey( + "jwk", jwkPublicKey, {name: "ECDSA", namedCurve: "P-256"}, + /*extractable=*/false, ["verify"]); + + let signature = + convertDERSignatureToSubtle(new Uint8Array(assertion.response.signature)); + + let clientDataJsonHash = new Uint8Array(await crypto.subtle.digest( + "SHA-256", assertion.response.clientDataJSON)); + let signedData = + new Uint8Array(binaryAuthenticatorData.length + clientDataJsonHash.length); + signedData.set(binaryAuthenticatorData); + signedData.set(clientDataJsonHash, binaryAuthenticatorData.length); + + assert_true(await crypto.subtle.verify( + { name: "ECDSA", hash: "SHA-256" }, key, signature, signedData)); +}, "Get an assertion"); + +promise_test(async t => { + await window.test_driver.remove_virtual_authenticator(authenticator); +}, "Clean up the test environment"); + +</script> |