| <!DOCTYPE html> |
| <title>Web Authentication API: PublicKeyCredential's [[create]] failure cases with a mock local authenticator.</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="./resources/util.js"></script> |
| <script> |
| (async function() { |
| const userhandleBase64 = generateUserhandleBase64(); |
| const privateKeyBase64 = await generatePrivateKeyBase64(); |
| const credentialID = await calculateCredentialID(privateKeyBase64); |
| // Default mock configuration. Tests need to override if they need different configuration. |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } }); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -35 }, { type: "public-key", alg: -257 }], // ES384, RS256 |
| } |
| }; |
| return promiseRejects(t, "NotSupportedError", navigator.credentials.create(options), "The platform attached authenticator doesn't support any provided PublicKeyCredentialParameters."); |
| }, "PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(userhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| excludeCredentials: [{ type: "public-key", id: credentialID }] |
| } |
| }; |
| if (window.testRunner) |
| testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, userhandleBase64); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => { |
| if (window.testRunner) |
| testRunner.cleanUpKeychain(testRpId, userhandleBase64); |
| }); |
| }, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(userhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| excludeCredentials: [ |
| { type: "public-key", id: credentialID, transports: ["usb"] }, |
| { type: "public-key", id: credentialID, transports: ["nfc"] }, |
| { type: "public-key", id: credentialID, transports: ["ble"] }, |
| { type: "public-key", id: credentialID, transports: ["internal"] } |
| ] |
| } |
| }; |
| if (window.testRunner) |
| testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, userhandleBase64); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => { |
| if (window.testRunner) |
| testRunner.cleanUpKeychain(testRpId, userhandleBase64); |
| }); |
| }, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. 2nd"); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] |
| } |
| }; |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Couldn't get user consent."); |
| }, "PublicKeyCredential's [[create]] without user consent in a mock local authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] |
| } |
| }; |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } }); |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error."); |
| }, "PublicKeyCredential's [[create]] without attestation in a mock local authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: userhandleBase64, |
| id: Base64URL.parse(userhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] |
| } |
| }; |
| if (window.internals) { |
| internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } }); |
| testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, userhandleBase64); |
| } |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.").then(() => { |
| if (window.testRunner) |
| assert_false(testRunner.keyExistsInKeychain(testRpId, userhandleBase64)); |
| }); |
| }, "PublicKeyCredential's [[create]] deleting old credential in a mock local authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| timeout: 10, |
| authenticatorSelection: { authenticatorAttachment: "cross-platform" } |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } }); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out."); |
| }, "PublicKeyCredential's [[create]] with timeout in a mock local authenticator."); |
| })(); |
| </script> |