Bug 1672821 [wpt PR 26241] - [webauthn] Move large blob tests to WPT, a=testonly

Automatic update from web-platform-tests
[webauthn] Move large blob tests to WPT (#26241)

Move the internal chromium large blob tests to web platform tests. The
tests are designed to be able to run without testdriver support (i.e
using a real authenticator) if support is not available.

Bug: 1114875
Change-Id: Ie87053bd97b8b25b80f8613c366778ea287b909c
Cq-Include-Trybots: luci.chromium.try​:linux-wpt-identity-fyi-rel
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2490278
Commit-Queue: Nina Satragno <nsatragno@chromium.org>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/master@{#820407}

Co-authored-by: Nina Satragno <nsatragno@chromium.org>
--

wpt-commits: 0c780caced8192d6a327acbcc8e074f309dcad45
wpt-pr: 26241

testing/web-platform/tests/webauthn/createcredential-extensions.https.html

@@ -23,28 +23,14 @@ standardSetup(function() {
     new CreateCredentialsTest("options.publicKey.extensions", "hi mom").runTest("Bad extensions: extensions is string", TypeError);
 
     // phony extensions
-    // TODO: not sure if this should pass or fail
-    // should be clarified as part of https://github.com/w3c/webauthn/pull/765
     var randomExtId = {};
     randomExtId[createRandomString(64)] = dummyExtension;
     new CreateCredentialsTest("options.publicKey.extensions", {foo: JSON.stringify(randomExtId)}).runTest("extensions is a nonsensical JSON string");
 
-    // Defined extensions.
-
     // appid
     new CreateCredentialsTest("options.publicKey.extensions", {appid: ""}).runTest("empty appid in create request", "NotSupportedError");
     new CreateCredentialsTest("options.publicKey.extensions", {appid: null}).runTest("null appid in create request", "NotSupportedError");
     new CreateCredentialsTest("options.publicKey.extensions", {appid: "anything"}).runTest("appid in create request", "NotSupportedError");
-
-    // TODO
-    // defined extensions:
-    // * txAuthSimple
-    // * txAuthGeneric
-    // * authnSel
-    // * exts
-    // * uvi
-    // * loc
-    // * uvm
 });
 
 /* JSHINT */

testing/web-platform/tests/webauthn/createcredential-large-blob-not-supported.https.html

@@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>navigator.credentials.create() largeBlob extension tests with no authenticator support</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+standardSetup(function() {
+  "use strict";
+
+  new CreateCredentialsTest("options.publicKey.extensions", {
+    largeBlob: {
+      write: new ArrayBuffer(),
+    },
+  }).runTest("navigator.credentials.create() with largeBlob.write set", "NotSupportedError");
+
+  new CreateCredentialsTest("options.publicKey.extensions", {
+    largeBlob: {
+      read: true,
+    },
+  }).runTest("navigator.credentials.create() with largeBlob.read set", "NotSupportedError");
+
+  promise_test(async t => {
+    const credential = await createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            requireResidentKey: true,
+          },
+          extensions: {
+            largeBlob: {
+              support: "preferred",
+            },
+          },
+        },
+      },
+    });
+    assert_own_property(credential.getClientExtensionResults(), "largeBlob");
+    assert_false(credential.getClientExtensionResults().largeBlob.supported);
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.create() with largeBlob.support set to preferred and not supported by authenticator");
+
+  promise_test(async t => {
+    const credential = await createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            requireResidentKey: true,
+          },
+          extensions: {
+            largeBlob: {},
+          },
+        },
+      },
+    });
+    assert_own_property(credential.getClientExtensionResults(), "largeBlob");
+    assert_false(credential.getClientExtensionResults().largeBlob.supported);
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.create() with largeBlob.support not set and not supported by authenticator");
+
+  new CreateCredentialsTest("options.publicKey.extensions", {
+    largeBlob: {
+      support: "required"
+    },
+  }).runTest("navigator.credentials.create() with largeBlob.support set to required and not supported by authenticator", "NotAllowedError");
+}, {
+  protocol: "ctap2",
+  hasResidentKey: true,
+  hasUserVerification: true,
+  isUserVerified: true,
+});
+</script>

testing/web-platform/tests/webauthn/createcredential-large-blob-supported.https.html

@@ -0,0 +1,82 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>navigator.credentials.create() largeBlob extension tests with authenticator support</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+standardSetup(function() {
+  "use strict";
+
+  promise_test(async t => {
+    const credential = await createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            requireResidentKey: true,
+          },
+          extensions: {
+            largeBlob: {
+              support: "preferred",
+            },
+          },
+        },
+      },
+    });
+    assert_own_property(credential.getClientExtensionResults(), "largeBlob");
+    assert_true(credential.getClientExtensionResults().largeBlob.supported);
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.create() with largeBlob.support set to preferred and supported by authenticator");
+
+  promise_test(async t => {
+    const credential = await createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            requireResidentKey: true,
+          },
+          extensions: {
+            largeBlob: {},
+          },
+        },
+      },
+    });
+    assert_own_property(credential.getClientExtensionResults(), "largeBlob");
+    assert_true(credential.getClientExtensionResults().largeBlob.supported);
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.create() with largeBlob.support not set and supported by authenticator");
+
+  promise_test(async t => {
+    const credential = await createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            requireResidentKey: true,
+          },
+          extensions: {
+            largeBlob: {
+              support: "required"
+            },
+          },
+        },
+      },
+    });
+    assert_own_property(credential.getClientExtensionResults(), "largeBlob");
+    assert_true(credential.getClientExtensionResults().largeBlob.supported);
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(credential.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.create() with largeBlob.support set to required and supported by authenticator");
+}, {
+  protocol: "ctap2",
+  hasResidentKey: true,
+  hasUserVerification: true,
+  isUserVerified: true,
+  extensions: ["largeBlob"],
+});
+</script>

testing/web-platform/tests/webauthn/getcredential-large-blob-not-supported.https.html

@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>navigator.credentials.get() largeBlob extension tests with no authenticator support</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+standardSetup(async function() {
+  "use strict";
+
+  const credential = createCredential();
+
+  promise_test(async t => {
+    return promise_rejects_dom(t, "NotSupportedError",
+      navigator.credentials.get({publicKey: {
+        challenge: new Uint8Array(),
+        allowCredentials: [{
+          id: (await credential).rawId,
+          type: "public-key",
+        }],
+        extensions: {
+          largeBlob: {
+            support: "preferred",
+          },
+        },
+      }}));
+  }, "navigator.credentials.get() with largeBlob.support set");
+
+  promise_test(async t => {
+    return promise_rejects_dom(t, "NotSupportedError",
+      navigator.credentials.get({publicKey: {
+        challenge: new Uint8Array(),
+        allowCredentials: [{
+          id: (await credential).rawId,
+          type: "public-key",
+        }],
+        extensions: {
+          largeBlob: {
+            read: true,
+            write: new ArrayBuffer(),
+          },
+        },
+      }}));
+  }, "navigator.credentials.get() with largeBlob.read and largeBlob.write set");
+
+  promise_test(async t => {
+    const assertion = await navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+      allowCredentials: [{
+        id: (await credential).rawId,
+        type: "public-key",
+      }],
+      extensions: {
+        largeBlob: {
+          read: true,
+        },
+      },
+    }});
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "supported");
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.get() with largeBlob.read set without authenticator support");
+
+  promise_test(async t => {
+    const assertion = await navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+      allowCredentials: [{
+        id: (await credential).rawId,
+        type: "public-key",
+      }],
+      extensions: {
+        largeBlob: {
+          write: new TextEncoder().encode("Don't call me Shirley"),
+        },
+      },
+    }});
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "supported");
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "blob");
+    assert_false(assertion.getClientExtensionResults().largeBlob.written);
+  }, "navigator.credentials.get() with largeBlob.write set without authenticator support");
+}, {
+  protocol: "ctap2",
+  hasResidentKey: true,
+  hasUserVerification: true,
+  isUserVerified: true,
+});
+</script>

testing/web-platform/tests/webauthn/getcredential-large-blob-supported.https.html

@@ -0,0 +1,90 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>navigator.credentials.get() largeBlob extension tests with authenticator support</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+standardSetup(async function(authenticator) {
+  "use strict";
+
+  const credential = createCredential({
+    options: {
+      publicKey: {
+        authenticatorSelection: {
+          requireResidentKey: true,
+        },
+        extensions: {
+          largeBlob: {
+            support: "required",
+          },
+        },
+      },
+    },
+  });
+
+  promise_test(async t => {
+    const assertion = await navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+      allowCredentials: [{
+        id: (await credential).rawId,
+        type: "public-key",
+      }],
+      extensions: {
+        largeBlob: {
+          read: true,
+        },
+      },
+    }});
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "supported");
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.get() with largeBlob.read set with no blob on authenticator");
+
+  promise_test(async t => {
+    const blob = new TextEncoder().encode("According to all known laws of aviation, "
+                                        + "there is no way a bee should be able to fly");
+    let assertion = await navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+      allowCredentials: [{
+        id: (await credential).rawId,
+        type: "public-key",
+      }],
+      extensions: {
+        largeBlob: {
+          write: blob,
+        },
+      },
+    }});
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "blob");
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "supported");
+    assert_true(assertion.getClientExtensionResults().largeBlob.written);
+
+    assertion = await navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+      allowCredentials: [{
+        id: (await credential).rawId,
+        type: "public-key",
+      }],
+      extensions: {
+        largeBlob: {
+          read: true,
+        },
+      },
+    }});
+    assert_array_equals(new Uint8Array(assertion.getClientExtensionResults().largeBlob.blob), blob);
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "supported");
+    assert_not_own_property(assertion.getClientExtensionResults().largeBlob, "written");
+  }, "navigator.credentials.get() read and write blob");
+}, {
+  protocol: "ctap2",
+  hasResidentKey: true,
+  hasUserVerification: true,
+  extensions: ["largeBlob"],
+  isUserVerified: true,
+});
+</script>

testing/web-platform/tests/webauthn/helpers.js

@@ -69,7 +69,7 @@ function createCredential(opts) {
     createArgs.options.publicKey.user.id = new Uint8Array(16);
 
     // change the defaults with any options that were passed in
-    extendObject (createArgs, opts);
+    extendObject(createArgs, opts);
 
     // create the credential, return the Promise
     return navigator.credentials.create(createArgs.options);
@@ -344,7 +344,8 @@ function cloneObject(o) {
 function extendObject(dst, src) {
     Object.keys(src).forEach(function(key) {
         if (isSimpleObject(src[key])) {
-            extendObject (dst[key], src[key]);
+            dst[key] ||= {};
+            extendObject(dst[key], src[key]);
         } else {
             dst[key] = src[key];
         }