| <!DOCTYPE html><!-- webkit-test-runner [ WebAuthenticationModernEnabled=true allowTestOnlyIPC=true ] --> |
| <title>Web Authentication API: PublicKeyCredential's [[create]] failure cases with a mock hid authenticator.</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="./resources/util.js"></script> |
| <script> |
| // Default mock configuration. Tests need to override it if they need different configuration. |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload" } }); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| timeout: 10, |
| authenticatorSelection: { authenticatorAttachment: "platform" } |
| } |
| }; |
| |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "This request has been cancelled by the user."); |
| }, "PublicKeyCredential's [[create]] with timeout in a mock hid authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testDummyMessagePayloadBase64] } }); |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 255"); |
| }, "PublicKeyCredential's [[create]] with malicious payload in a mock hid authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| authenticatorSelection: { requireResidentKey: true } |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "unsupported-options" } }); |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 43"); |
| }, "PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| authenticatorSelection: { residentKey: "required" } |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "unsupported-options" } }); |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 43"); |
| }, "PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 2"); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| timeout: 10, |
| authenticatorSelection: { authenticatorAttachment: "platform", requireResidentKey: true, userVerification: "required" } |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "unsupported-options", supportClientPin: true } }); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "This request has been cancelled by the user."); |
| }, "PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| authenticatorSelection: { authenticatorAttachment: "cross-platform", requireResidentKey: true, userVerification: "required" } |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "unsupported-options", supportClientPin: true } }); |
| return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 43"); |
| }, "PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 2"); |
| |
| promise_test(function(t) { |
| const excludedCredential = Base64URL.parse("dGVzdGNyZWRlbnRpYWwx"); // "testcredential1" |
| |
| const config = { |
| hid: { |
| stage: "request", |
| subStage: "msg", |
| error: "malicious-payload", |
| payloadBase64: [testCtapErrCredentialExcludedOnlyResponseBase64], |
| validateExpectedCommands: true, |
| expectedCommandsBase64: [ |
| "AaUBWCAa2kobC+fJlf+RMJIo/kN+6IXwkpjr76haP2Ha5BcxtQKiYmlkaWxvY2FsaG9zdGRuYW1la2V4YW1wbGUuY29tA6NiaWRGMTIzNDU2ZG5hbWVuSm9obiBBcHBsZXNlZWRrZGlzcGxheU5hbWVkSm9obgSBomNhbGcmZHR5cGVqcHVibGljLWtleQWBomJpZE90ZXN0Y3JlZGVudGlhbDFkdHlwZWpwdWJsaWMta2V5" |
| ] |
| } |
| }; |
| |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| excludeCredentials: [{ type: "public-key", id: excludedCredential }] |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration(config); |
| return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator."); |
| }, "PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator."); |
| |
| promise_test(function(t) { |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| authenticatorSelection: { residentKey: "required" }, |
| timeout: 10 // We wait for another authenticator upon full. |
| } |
| }; |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testCreateMessageFullKeyStoreBase64] } }); |
| return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out."); |
| }, "PublicKeyCredential's [[create]] with full key store."); |
| |
| promise_test(function(t) { |
| const config = { hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testCtapErrCredentialExcludedOnlyResponseBase64] } }; |
| |
| const options = { |
| publicKey: { |
| rp: { |
| name: "example.com" |
| }, |
| user: { |
| name: "John Appleseed", |
| id: asciiToUint8Array("123456"), |
| displayName: "John", |
| }, |
| challenge: asciiToUint8Array("123456"), |
| pubKeyCredParams: [{ type: "public-key", alg: -7 }], |
| excludeCredentials: [], |
| } |
| }; |
| const numCredentials = 5; |
| |
| for (let i = 0; i < numCredentials; i++) { |
| if (i == 0) |
| config.hid.payloadBase64.unshift(testAssertionMessageBase64); // Passes assertion, therefore excluded credential present |
| else |
| config.hid.payloadBase64.unshift("Lg=="); // no match |
| options.publicKey.excludeCredentials.push({ type: "public-key", id: generateID(i) }); |
| } |
| |
| if (window.internals) |
| internals.setMockWebAuthenticationConfiguration(config); |
| return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator."); |
| }, "PublicKeyCredential's [[create]] with InvalidStateError due to excluded credentials in a mock hid authenticator using batching."); |
| |
| </script> |
