tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_webauthn_ctap2_omitted_credential_id.html (2382B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <head>
      4  <title>Tests for omitted credential ID in a CTAP 2.0 authenticator response</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <script type="text/javascript" src="u2futil.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 <body>
     10 
     11  <h1>Tests for omitted credential ID in a CTAP 2.0 authenticator response</h1>
     12  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1864504">Mozilla Bug 1864504</a>
     13 
     14  <script class="testbody" type="text/javascript">
     15    "use strict";
     16 
     17    add_task(async () => {
     18      // CTAP 2.0 allows GetAssertion responses to omit a credential
     19      // ID if the allowlist has length one. This can cause problems in
     20      // MakeCredential as well because GetAssertion is used for pre-flighting.
     21      await addVirtualAuthenticator("ctap2");
     22    });
     23 
     24    let validCred = null;
     25 
     26    add_task(test_setup_valid_credential);
     27    add_task(test_create_with_one_excluded_credential);
     28    add_task(test_get_with_one_allowed_credential);
     29 
     30    async function test_setup_valid_credential() {
     31      let publicKey = {
     32        rp: {id: document.domain, name: "none"},
     33        user: {id: new Uint8Array(), name: "none", displayName: "none"},
     34        challenge: crypto.getRandomValues(new Uint8Array(16)),
     35        pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],
     36      };
     37 
     38      let res = await navigator.credentials.create({publicKey});
     39      validCred = {type: "public-key", id: res.rawId};
     40    }
     41 
     42    async function test_create_with_one_excluded_credential() {
     43      let publicKey = {
     44        rp: {id: document.domain, name: "none"},
     45        user: {id: new Uint8Array(), name: "none", displayName: "none"},
     46        challenge: crypto.getRandomValues(new Uint8Array(16)),
     47        excludeList: [validCred],
     48        pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],
     49      };
     50 
     51      await navigator.credentials.create({publicKey});
     52      ok(true, "create should not throw");
     53    }
     54 
     55    async function test_get_with_one_allowed_credential() {
     56      let publicKey = {
     57        challenge: crypto.getRandomValues(new Uint8Array(16)),
     58        allowCredentials: [validCred]
     59      };
     60 
     61      await navigator.credentials.get({publicKey});
     62      ok(true, "get should not throw");
     63    }
     64 
     65  </script>
     66 
     67 </body>
     68 </html>