tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_webauthn_sameoriginwithancestors.html (4149B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <head>
      4  <title>Test for MakeCredential for W3C Web Authentication (sameOriginWithAncestors = false)</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <script type="text/javascript" src="u2futil.js"></script>
      7  <script type="text/javascript" src="pkijs/common.js"></script>
      8  <script type="text/javascript" src="pkijs/asn1.js"></script>
      9  <script type="text/javascript" src="pkijs/x509_schema.js"></script>
     10  <script type="text/javascript" src="pkijs/x509_simpl.js"></script>
     11  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
     12 </head>
     13 <body>
     14 
     15  <h1>Test Same Origin Policy for W3C Web Authentication (sameOriginWithAncestors = false)</h1>
     16  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1694639">Mozilla Bug 1694639</a>
     17 
     18  <script class="testbody" type="text/javascript">
     19    "use strict";
     20 
     21    add_task(async () => {
     22      await addVirtualAuthenticator();
     23    });
     24 
     25    var gTrackedCredential = {};
     26 
     27    function arrivingHereIsGood(aResult) {
     28      ok(true, "Good result! Received a: " + aResult);
     29    }
     30 
     31    function arrivingHereIsBad(aResult) {
     32      ok(false, "Bad result! Received a: " + aResult);
     33    }
     34 
     35    function expectNotAllowedError(aResult) {
     36      ok(aResult == "NotAllowedError", "Expecting a NotAllowedError, got " + aResult);
     37    }
     38 
     39    function keepThisPublicKeyCredential(aIdentifier) {
     40      return function(aPublicKeyCredential) {
     41        gTrackedCredential[aIdentifier] = {
     42          type: "public-key",
     43          id: new Uint8Array(aPublicKeyCredential.rawId),
     44          transports: [ "usb" ],
     45        }
     46        return Promise.resolve(aPublicKeyCredential);
     47      }
     48    }
     49 
     50    add_task(async function runTests() {
     51      let iframe = document.createElement("iframe");
     52      iframe.src = "https://example.org";
     53      document.body.appendChild(iframe);
     54      await new Promise(resolve => iframe.addEventListener("load", resolve, {once: true}));
     55 
     56      is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
     57      isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
     58      isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
     59      isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");
     60 
     61      let credm = navigator.credentials;
     62 
     63      let chall = new Uint8Array(16);
     64      window.crypto.getRandomValues(chall);
     65 
     66      let user = {id: new Uint8Array(16), name: "none", displayName: "none"};
     67      let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
     68 
     69      let rp = {id: document.domain, name: "none"};
     70      let makeCredentialOptions = {
     71        rp, user, challenge: chall, pubKeyCredParams: [param]
     72      };
     73      await credm.create({publicKey: makeCredentialOptions})
     74        .then(keepThisPublicKeyCredential("basic"))
     75        .catch(arrivingHereIsBad);
     76 
     77      var testFuncs = [
     78        function (args) {
     79          // Test create when sameOriginWithAncestors = false
     80          let credentialOptions = {
     81            rp: args.rp, user: args.user, challenge: args.challenge, pubKeyCredParams: [args.param]
     82          };
     83          return this.content.window.navigator.credentials.create({publicKey: credentialOptions})
     84            .catch(e => Promise.reject(e.name));
     85        },
     86        function (args) {
     87          // Test get when sameOriginWithAncestors = false
     88          let publicKeyCredentialRequestOptions = {
     89            challenge: args.challenge,
     90            rpId: args.rp.id,
     91            allowCredentials: [args.trackedCredential.basic]
     92          };
     93          return this.content.window.navigator.credentials.get({publicKey: publicKeyCredentialRequestOptions})
     94            .catch(e => Promise.reject(e.name));
     95        },
     96      ];
     97 
     98      let args = { user, param, rp, challenge: chall, trackedCredential: gTrackedCredential }
     99      for(let func of testFuncs) {
    100        await SpecialPowers.spawn(iframe, [args], func)
    101          .then(arrivingHereIsBad)
    102          .catch(expectNotAllowedError);
    103      }
    104    });
    105  </script>
    106 
    107 </body>
    108 </html>