blob: 56fbc3eca491b4f4ad9ecc2491e3d1ac667d0fc1 [file] [log] [blame]
<!DOCTYPE html>
<title>Web Authentication API: PublicKeyCredential's [[create]] failure cases with a mock local authenticator.</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./resources/util.js"></script>
<script>
// Default mock configuration. Tests need to override if they need different configuration.
if (window.testRunner)
testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } });
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -35 }, { type: "public-key", alg: -257 }], // ES384, RS256
}
};
return promiseRejects(t, "NotSupportedError", navigator.credentials.create(options), "The platform attached authenticator doesn't support any provided PublicKeyCredentialParameters.");
}, "PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
excludeCredentials: [{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64) }]
}
};
if (window.testRunner)
testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
if (window.testRunner)
testRunner.cleanUpKeychain(testRpId);
});
}, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
excludeCredentials: [
{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["usb"] },
{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["nfc"] },
{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["ble"] },
{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["internal"] }
]
}
};
if (window.testRunner)
testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
if (window.testRunner)
testRunner.cleanUpKeychain(testRpId);
});
}, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. 2nd");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Couldn't get user consent.");
}, "PublicKeyCredential's [[create]] without user consent in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
if (window.testRunner)
testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.");
}, "PublicKeyCredential's [[create]] without attestation in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
if (window.testRunner) {
testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
}
return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.").then(() => {
if (window.testRunner)
assert_false(testRunner.keyExistsInKeychain(testRpId, testUserhandleBase64));
});
}, "PublicKeyCredential's [[create]] deleting old credential in a mock local authenticator.");
promise_test(function(t) {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: asciiToUint8Array("123456"),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
timeout: 10,
authenticatorSelection: { authenticatorAttachment: "cross-platform" }
}
};
if (window.testRunner)
testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } });
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
}, "PublicKeyCredential's [[create]] with timeout in a mock local authenticator.");
</script>