| <!DOCTYPE html> |
| <title>Web Authentication API: PublicKeyCredential's [[get]] success cases with a mock u2f authenticator.</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="./resources/util.js"></script> |
| <script> |
| const defaultAppIDHash = "c2671b6eb9233197d5f2b1288a55ba4f0860f96f7199bba32fe6da7c3f0f31e5"; |
| |
| function checkResult(credential, isAppID = false, appIDHash = defaultAppIDHash) |
| { |
| // Check respond |
| assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testU2fCredentialIdBase64)); |
| assert_equals(credential.type, 'public-key'); |
| assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testU2fCredentialIdBase64)); |
| assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443"}'); |
| assert_equals(credential.response.userHandle, null); |
| if (!isAppID) |
| assert_not_exists(credential.getClientExtensionResults(), "appid"); |
| else |
| assert_true(credential.getClientExtensionResults().appid); |
| |
| // Check authData |
| const authData = decodeAuthData(new Uint8Array(credential.response.authenticatorData)); |
| if (!isAppID) |
| assert_equals(bytesToHexString(authData.rpIdHash), "49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763"); |
| else |
| assert_equals(bytesToHexString(authData.rpIdHash), appIDHash); |
| assert_equals(authData.flags, 1); |
| assert_equals(authData.counter, 59); |
| } |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100 |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential); |
| }); |
| }, "PublicKeyCredential's [[get]] with minimum options in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64) }, { type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100 |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fApduWrongDataOnlyResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential); |
| }); |
| }, "PublicKeyCredential's [[get]] with more allow credentials in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 500 |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fApduConditionsNotSatisfiedOnlyResponseBase64, testU2fApduConditionsNotSatisfiedOnlyResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential); |
| }); |
| }, "PublicKeyCredential's [[get]] with test of user presence in a mock hid authenticator."); |
| |
| // With AppID extension |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential); |
| }); |
| }, "PublicKeyCredential's [[get]] with empty extensions in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { appid: "https://localhost:666/appid" } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential); |
| }); |
| }, "PublicKeyCredential's [[get]] with same site AppID but not used in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { appid: "" } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fApduWrongDataOnlyResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential, true); |
| }); |
| }, "PublicKeyCredential's [[get]] with empty AppID in a mock hid authenticator."); |
| |
| // FIXME: Sub domains need to be tested as well. However, localhost has no sub domains. |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { appid: "https://localhost:666/appid" } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fApduWrongDataOnlyResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential, true, "7eabc5cc3251bdc59115ef87b5f7ee74cb03747e39ba8341748565cc129c0719"); |
| }); |
| }, "PublicKeyCredential's [[get]] with an AppID in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64) }, { type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { appid: "" } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fApduWrongDataOnlyResponseBase64, testU2fApduWrongDataOnlyResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential); |
| }); |
| }, "PublicKeyCredential's [[get]] with multiple credentials and AppID is not used in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testCredentialIdBase64) }, { type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { appid: "" } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", isU2f: true, payloadBase64: [testU2fApduWrongDataOnlyResponseBase64, testU2fApduWrongDataOnlyResponseBase64, testU2fApduWrongDataOnlyResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential, true); |
| }); |
| }, "PublicKeyCredential's [[get]] with multiple credentials and AppID is used in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { appid: "https://localhost:666/appid" } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", canDowngrade: true, payloadBase64: [testCtapErrInvalidCredentialResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential); |
| }); |
| }, "PublicKeyCredential's [[get]] with downgraded authenticator in a mock hid authenticator."); |
| |
| promise_test(t => { |
| const options = { |
| publicKey: { |
| challenge: Base64URL.parse("MTIzNDU2"), |
| allowCredentials: [{ type: "public-key", id: Base64URL.parse(testU2fCredentialIdBase64) }], |
| timeout: 100, |
| extensions: { appid: "https://localhost:666/appid" } |
| } |
| }; |
| |
| if (window.testRunner) |
| testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "success", canDowngrade: true, payloadBase64: [testCtapErrInvalidCredentialResponseBase64, testU2fApduWrongDataOnlyResponseBase64, testU2fSignResponse] } }); |
| return navigator.credentials.get(options).then(credential => { |
| return checkResult(credential, true, "7eabc5cc3251bdc59115ef87b5f7ee74cb03747e39ba8341748565cc129c0719"); |
| }); |
| }, "PublicKeyCredential's [[get]] with downgraded authenticator in a mock hid authenticator. (AppID)"); |
| |
| </script> |