зеркало из https://github.com/mozilla/gecko-dev.git
355 строки
14 KiB
HTML
355 строки
14 KiB
HTML
<!DOCTYPE html>
|
|
<meta charset=utf-8>
|
|
<head>
|
|
<title>Test for MakeCredential for W3C Web Authentication</title>
|
|
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<script type="text/javascript" src="u2futil.js"></script>
|
|
<script type="text/javascript" src="pkijs/common.js"></script>
|
|
<script type="text/javascript" src="pkijs/asn1.js"></script>
|
|
<script type="text/javascript" src="pkijs/x509_schema.js"></script>
|
|
<script type="text/javascript" src="pkijs/x509_simpl.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<h1>Test for MakeCredential for W3C Web Authentication</h1>
|
|
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1309284">Mozilla Bug 1309284</a>
|
|
|
|
<script class="testbody" type="text/javascript">
|
|
"use strict";
|
|
|
|
// Execute the full-scope test
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
function arrivingHereIsGood(aResult) {
|
|
ok(true, "Good result! Received a: " + aResult);
|
|
return Promise.resolve();
|
|
}
|
|
|
|
function arrivingHereIsBad(aResult) {
|
|
ok(false, "Bad result! Received a: " + aResult);
|
|
return Promise.resolve();
|
|
}
|
|
|
|
function expectNotAllowedError(aResult) {
|
|
ok(aResult.toString().startsWith("NotAllowedError"), "Expecting a NotAllowedError");
|
|
return Promise.resolve();
|
|
}
|
|
|
|
function expectTypeError(aResult) {
|
|
ok(aResult.toString().startsWith("TypeError"), "Expecting a TypeError");
|
|
return Promise.resolve();
|
|
}
|
|
|
|
function expectNotSupportedError(aResult) {
|
|
ok(aResult.toString().startsWith("NotSupportedError"), "Expecting a NotSupportedError");
|
|
return Promise.resolve();
|
|
}
|
|
|
|
SpecialPowers.pushPrefEnv({"set": [["security.webauth.webauthn", true],
|
|
["security.webauth.webauthn_enable_softtoken", true],
|
|
["security.webauth.webauthn_enable_android_fido2", false],
|
|
["security.webauth.webauthn_enable_usbtoken", false]]}, runTests);
|
|
function runTests() {
|
|
is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
|
|
isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
|
|
isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
|
|
isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");
|
|
|
|
let credm = navigator.credentials;
|
|
|
|
let gCredentialChallenge = new Uint8Array(16);
|
|
window.crypto.getRandomValues(gCredentialChallenge);
|
|
|
|
let rp = {id: document.domain, name: "none", icon: "none"};
|
|
let user = {id: new Uint8Array(64), name: "none", icon: "none", displayName: "none"};
|
|
let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
|
|
let unsupportedParam = {type: "public-key", alg: cose_alg_ECDSA_w_SHA512};
|
|
let badParam = {type: "SimplePassword", alg: "MaxLength=2"};
|
|
|
|
var testFuncs = [
|
|
// Test basic good call
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad);
|
|
},
|
|
|
|
// Test empty account
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test without rp.name
|
|
function() {
|
|
let rp1 = {id: document.domain, icon: "none"};
|
|
let makeCredentialOptions = {
|
|
rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test without user.id
|
|
function() {
|
|
let user1 = {name: "none", icon: "none", displayName: "none"};
|
|
let makeCredentialOptions = {
|
|
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test without user.name
|
|
function() {
|
|
let user1 = {id: new Uint8Array(64), icon: "none", displayName: "none"};
|
|
let makeCredentialOptions = {
|
|
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test without user.displayName
|
|
function() {
|
|
let user1 = {id: new Uint8Array(64), name: "none", icon: "none"};
|
|
let makeCredentialOptions = {
|
|
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with a user handle that exceeds the max length
|
|
function() {
|
|
let user1 = {id: new Uint8Array(65), name: "none", icon: "none", displayName: "none"};
|
|
let makeCredentialOptions = {
|
|
rp, user: user1, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test without any parameters; this is acceptable meaning the RP ID is
|
|
// happy to take any credential type
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: []
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad);
|
|
},
|
|
|
|
// Test without a parameter array at all
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with an unsupported parameter
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [unsupportedParam]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectNotSupportedError);
|
|
},
|
|
|
|
// Test with an unsupported parameter and a good one
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge,
|
|
pubKeyCredParams: [param, unsupportedParam]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad);
|
|
},
|
|
|
|
// Test with a bad parameter
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [badParam]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with an unsupported parameter, and a bad one
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge,
|
|
pubKeyCredParams: [unsupportedParam, badParam]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with an unsupported parameter, a bad one, and a good one. This
|
|
// should still fail, as anything with a badParam should fail.
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge,
|
|
pubKeyCredParams: [param, unsupportedParam, badParam]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test without a challenge
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with an invalid challenge
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: "begone, thou ill-fitting moist glove!",
|
|
pubKeyCredParams: [unsupportedParam]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with duplicate pubKeyCredParams
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, user, challenge: gCredentialChallenge,
|
|
pubKeyCredParams: [param, param, param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad);
|
|
},
|
|
|
|
// Test with an RP ID that is not a valid domain string
|
|
function() {
|
|
let rp1 = { id: document.domain + ":somejunk", name: "none", icon: "none" };
|
|
let makeCredentialOptions = {
|
|
rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(arrivingHereIsGood);
|
|
},
|
|
|
|
// Test with another RP ID that is not a valid domain string
|
|
function() {
|
|
let rp1 = { id: document.domain + ":8888", name: "none", icon: "none" };
|
|
let makeCredentialOptions = {
|
|
rp: rp1, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(arrivingHereIsGood);
|
|
},
|
|
|
|
// Test with missing rp
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with incorrect user ID type
|
|
function() {
|
|
let invalidType = user;
|
|
invalidType.id = "a string, which is not a buffer";
|
|
let makeCredentialOptions = {
|
|
user: invalidType, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test with missing user
|
|
function() {
|
|
let makeCredentialOptions = {
|
|
rp, challenge: gCredentialChallenge, pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
},
|
|
|
|
// Test a complete account
|
|
function() {
|
|
let completeRP = {id: document.domain, name: "Foxxy Name",
|
|
icon: "https://example.com/fox.svg"};
|
|
let completeUser = {id: string2buffer("foxes_are_the_best@example.com"),
|
|
name: "Fox F. Foxington",
|
|
icon: "https://example.com/fox.svg",
|
|
displayName: "Foxxy V"};
|
|
let makeCredentialOptions = {
|
|
rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
|
|
pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad);
|
|
},
|
|
|
|
// Test with too-large user ID buffer
|
|
function() {
|
|
let hugeUser = {id: new Uint8Array(65),
|
|
name: "Fox F. Foxington",
|
|
icon: "https://example.com/fox.svg",
|
|
displayName: "Foxxy V"};
|
|
let makeCredentialOptions = {
|
|
rp, user: hugeUser, challenge: gCredentialChallenge,
|
|
pubKeyCredParams: [param]
|
|
};
|
|
return credm.create({publicKey: makeCredentialOptions})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectTypeError);
|
|
}];
|
|
|
|
var i = 0;
|
|
var runNextTest = () => {
|
|
if (i == testFuncs.length) {
|
|
SimpleTest.finish();
|
|
return;
|
|
}
|
|
testFuncs[i]().then(() => { runNextTest(); });
|
|
i = i + 1;
|
|
};
|
|
runNextTest();
|
|
};
|
|
|
|
</script>
|
|
|
|
</body>
|
|
</html>
|