blob: 39c7ec7fac54df717db37aa084957d740c272e57 [file] [log] [blame]
<!DOCTYPE html>
<title>Web Authentication API: PublicKeyCredential's [[create]] failure cases with a mock local authenticator.</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./resources/util.js"></script>
<script>
(async function() {
const userhandleBase64 = generateUserhandleBase64();
const privateKeyBase64 = await generatePrivateKeyBase64();
const credentialID = await calculateCredentialID(privateKeyBase64);
// Default mock configuration. Tests need to override if they need different configuration.
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } });
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -35 }, { type: "public-key", alg: -257 }], // ES384, RS256
}
};
return promiseRejects(t, "NotSupportedError", navigator.credentials.create(options), "The platform attached authenticator doesn't support any provided PublicKeyCredentialParameters.");
}, "PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(userhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
excludeCredentials: [{ type: "public-key", id: credentialID }]
}
};
if (window.testRunner)
testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, userhandleBase64);
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
if (window.testRunner)
testRunner.cleanUpKeychain(testRpId, userhandleBase64);
});
}, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(userhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
excludeCredentials: [
{ type: "public-key", id: credentialID, transports: ["usb"] },
{ type: "public-key", id: credentialID, transports: ["nfc"] },
{ type: "public-key", id: credentialID, transports: ["ble"] },
{ type: "public-key", id: credentialID, transports: ["internal"] }
]
}
};
if (window.testRunner)
testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, userhandleBase64);
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
if (window.testRunner)
testRunner.cleanUpKeychain(testRpId, userhandleBase64);
});
}, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. 2nd");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Couldn't get user consent.");
}, "PublicKeyCredential's [[create]] without user consent in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.");
}, "PublicKeyCredential's [[create]] without attestation in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: userhandleBase64,
id: Base64URL.parse(userhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
if (window.internals) {
internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, userhandleBase64);
}
return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error.").then(() => {
if (window.testRunner)
assert_false(testRunner.keyExistsInKeychain(testRpId, userhandleBase64));
});
}, "PublicKeyCredential's [[create]] deleting old credential in a mock local authenticator.");
promise_test(function(t) {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: asciiToUint8Array("123456"),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
timeout: 10,
authenticatorSelection: { authenticatorAttachment: "cross-platform" }
}
};
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { acceptAuthentication: false, acceptAttestation: false } });
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
}, "PublicKeyCredential's [[create]] with timeout in a mock local authenticator.");
})();
</script>