blob: aa2f7899587cee6929a51474cc71224bd8d72ab9 [file] [log] [blame]
<!DOCTYPE html>
<title>Web Authentication API: PublicKeyCredential's [[create]] failure cases with a mock local authenticator.</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./resources/util.js"></script>
<script>
// Default mock configuration. Tests need to override if they need different configuration.
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "no", acceptAttestation: false } });
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -35 }, { type: "public-key", alg: -257 }], // ES384, RS256
}
};
return promiseRejects(t, "NotSupportedError", navigator.credentials.create(options), "The platform attached authenticator doesn't support any provided PublicKeyCredentialParameters.");
}, "PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator.");
promise_test(async t => {
const privateKeyBase64 = await generatePrivateKeyBase64();
const credentialID = await calculateCredentialID(privateKeyBase64);
const credentialIDBase64 = base64encode(credentialID);
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
excludeCredentials: [{ type: "public-key", id: credentialID }]
}
};
if (window.testRunner)
testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, testUserEntityBundleBase64);
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
if (window.testRunner)
testRunner.cleanUpKeychain(testRpId, credentialIDBase64);
});
}, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator.");
promise_test(async t => {
const privateKeyBase64 = await generatePrivateKeyBase64();
const credentialID = await calculateCredentialID(privateKeyBase64);
const credentialIDBase64 = base64encode(credentialID);
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
excludeCredentials: [
{ type: "public-key", id: credentialID, transports: ["usb"] },
{ type: "public-key", id: credentialID, transports: ["nfc"] },
{ type: "public-key", id: credentialID, transports: ["ble"] },
{ type: "public-key", id: credentialID, transports: ["internal"] }
]
}
};
if (window.testRunner)
testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, testUserEntityBundleBase64);
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => {
if (window.testRunner)
testRunner.cleanUpKeychain(testRpId, credentialIDBase64);
});
}, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. 2nd");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Couldn't verify user.");
}, "PublicKeyCredential's [[create]] without user consent in a mock local authenticator.");
promise_test(t => {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "yes", acceptAttestation: false } });
return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't create private key.");
}, "PublicKeyCredential's [[create]] without private keys in a mock local authenticator.");
promise_test(async t => {
const privateKeyBase64 = await generatePrivateKeyBase64();
const credentialID = await calculateCredentialID(privateKeyBase64);
const credentialIDBase64 = base64encode(credentialID);
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
attestation: "direct"
}
};
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "yes", acceptAttestation: false, privateKeyBase64: privateKeyBase64 } });
return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't attest: The operation couldn't complete.").then(() => {
if (window.testRunner)
testRunner.cleanUpKeychain(testRpId, credentialIDBase64);
});
}, "PublicKeyCredential's [[create]] without attestation in a mock local authenticator.");
promise_test(async t => {
const privateKeyBase64 = await generatePrivateKeyBase64();
const credentialID = await calculateCredentialID(privateKeyBase64);
const credentialIDBase64 = base64encode(credentialID);
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: testUserhandleBase64,
id: Base64URL.parse(testUserhandleBase64),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }]
}
};
if (window.internals) {
internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "yes", acceptAttestation: false } });
testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, testUserEntityBundleBase64);
}
return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't create private key.").then(() => {
if (window.testRunner)
assert_true(testRunner.keyExistsInKeychain(testRpId, credentialIDBase64));
testRunner.cleanUpKeychain(testRpId, credentialIDBase64);
});
}, "PublicKeyCredential's [[create]] not deleting old credential in a mock local authenticator.");
promise_test(function(t) {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: asciiToUint8Array("123456"),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
timeout: 10,
authenticatorSelection: { authenticatorAttachment: "cross-platform" }
}
};
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "no", acceptAttestation: false } });
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
}, "PublicKeyCredential's [[create]] with timeout in a mock local authenticator.");
promise_test(function(t) {
const options = {
publicKey: {
rp: {
name: "example.com"
},
user: {
name: "John Appleseed",
id: asciiToUint8Array("123456"),
displayName: "John",
},
challenge: asciiToUint8Array("123456"),
pubKeyCredParams: [{ type: "public-key", alg: -7 }],
}
};
if (window.internals)
internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "cancel", acceptAttestation: false } });
return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "This request has been cancelled by the user.");
}, "PublicKeyCredential's [[create]] with user cancel in a mock local authenticator.");
</script>