| <!DOCTYPE html> |
| <title>Web Authentication API: PublicKeyCredential's [[create]] failure cases with a mock local authenticator.</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="./resources/util.js"></script> |
| <script> |
| // Default mock configuration. Tests need to override if they need different configuration. |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "no", acceptAttestation: false } }); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -35 }, { type: "public-key", alg: -257 }], // ES384, RS256 |
| } |
| }; |
| return promiseRejects(t, "NotSupportedError", navigator.credentials.create(options), "The platform attached authenticator doesn't support any provided PublicKeyCredentialParameters."); |
| }, "PublicKeyCredential's [[create]] with unsupported public key credential parameters in a mock local authenticator."); |
| |
| promise_test(async t => { |
| const privateKeyBase64 = await generatePrivateKeyBase64(); |
| const credentialID = await calculateCredentialID(privateKeyBase64); |
| const credentialIDBase64 = base64encode(credentialID); |
| |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| excludeCredentials: [{ type: "public-key", id: credentialID }] |
| } |
| }; |
| if (window.testRunner) |
| testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, testUserEntityBundleBase64); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => { |
| if (window.testRunner) |
| testRunner.cleanUpKeychain(testRpId, credentialIDBase64); |
| }); |
| }, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator."); |
| |
| promise_test(async t => { |
| const privateKeyBase64 = await generatePrivateKeyBase64(); |
| const credentialID = await calculateCredentialID(privateKeyBase64); |
| const credentialIDBase64 = base64encode(credentialID); |
| |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| excludeCredentials: [ |
| { type: "public-key", id: credentialID, transports: ["usb"] }, |
| { type: "public-key", id: credentialID, transports: ["nfc"] }, |
| { type: "public-key", id: credentialID, transports: ["ble"] }, |
| { type: "public-key", id: credentialID, transports: ["internal"] } |
| ] |
| } |
| }; |
| if (window.testRunner) |
| testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, testUserEntityBundleBase64); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator.").then(() => { |
| if (window.testRunner) |
| testRunner.cleanUpKeychain(testRpId, credentialIDBase64); |
| }); |
| }, "PublicKeyCredential's [[create]] with matched exclude credentials in a mock local authenticator. 2nd"); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] |
| } |
| }; |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Couldn't verify user."); |
| }, "PublicKeyCredential's [[create]] without user consent in a mock local authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] |
| } |
| }; |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "yes", acceptAttestation: false } }); |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't create private key."); |
| }, "PublicKeyCredential's [[create]] without private keys in a mock local authenticator."); |
| |
| promise_test(async t => { |
| const privateKeyBase64 = await generatePrivateKeyBase64(); |
| const credentialID = await calculateCredentialID(privateKeyBase64); |
| const credentialIDBase64 = base64encode(credentialID); |
| |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| attestation: "direct" |
| } |
| }; |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "yes", acceptAttestation: false, privateKeyBase64: privateKeyBase64 } }); |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't attest: The operation couldn't complete.").then(() => { |
| if (window.testRunner) |
| testRunner.cleanUpKeychain(testRpId, credentialIDBase64); |
| }); |
| }, "PublicKeyCredential's [[create]] without attestation in a mock local authenticator."); |
| |
| promise_test(async t => { |
| const privateKeyBase64 = await generatePrivateKeyBase64(); |
| const credentialID = await calculateCredentialID(privateKeyBase64); |
| const credentialIDBase64 = base64encode(credentialID); |
| |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: testUserhandleBase64, |
| id: Base64URL.parse(testUserhandleBase64), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] |
| } |
| }; |
| if (window.internals) { |
| internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "yes", acceptAttestation: false } }); |
| testRunner.addTestKeyToKeychain(privateKeyBase64, testRpId, testUserEntityBundleBase64); |
| } |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Couldn't create private key.").then(() => { |
| if (window.testRunner) |
| assert_true(testRunner.keyExistsInKeychain(testRpId, credentialIDBase64)); |
| testRunner.cleanUpKeychain(testRpId, credentialIDBase64); |
| }); |
| }, "PublicKeyCredential's [[create]] not deleting old credential in a mock local authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| timeout: 10, |
| authenticatorSelection: { authenticatorAttachment: "cross-platform" } |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "no", acceptAttestation: false } }); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out."); |
| }, "PublicKeyCredential's [[create]] with timeout in a mock local authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ local: { userVerification: "cancel", acceptAttestation: false } }); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "This request has been cancelled by the user."); |
| }, "PublicKeyCredential's [[create]] with user cancel in a mock local authenticator."); |
| |
| </script> |