tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

authentication-accepted-bbk-created.https.html (4482B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <meta name="timeout" content="long">
      4 <title>Test for the 'secure-payment-confirmation' payment method authentication - accepted case with browser bound keys</title>
      5 <link rel="help" href="https://w3c.github.io/secure-payment-confirmation/#client-extension-processing-authentication">
      6 <script src="/resources/testharness.js"></script>
      7 <script src="/resources/testharnessreport.js"></script>
      8 <script src="/resources/testdriver.js"></script>
      9 <script src="/resources/testdriver-vendor.js"></script>
     10 <script src=../webauthn/resources/common-inputs.js></script>
     11 <script src=../webauthn/resources/utils.js></script>
     12 <script src="utils.sub.js"></script>
     13 <script src="utils-bbk.js"></script>
     14 <script>
     15 'use strict';
     16 
     17 async function testBrowserBoundKeyOnSecurePaymentConfirmationAuthentication(t, options) {
     18  options = Object.assign({
     19    // Override the browserBoundPubKeyCredParams on assertion. An empty list
     20    // should allow the user agent to default to [ES256, RS256].
     21    browserBoundPubKeyCredParams: [],
     22    // When browserBoundPubKeyCredParams nor pubKeyCredParams are specified,
     23    // then ES256 and RS256 signature algorithms are allowed which correspond
     24    // to EC2 and RSA keys.
     25    expectedKeyTypes: [cose_key_type_ec2, cose_key_type_rsa],
     26    // When set to true, the test allows a credential response where both the
     27    // browser bound public key and the browser bound signature are not included.
     28    allowNoBrowserBoundKey: false,
     29  }, options);
     30 
     31  await window.test_driver.add_virtual_authenticator(
     32    AUTHENTICATOR_OPTS)
     33    .then(authenticator => {
     34      t.add_cleanup(() => {
     35        return window.test_driver.remove_virtual_authenticator(authenticator);
     36      });
     37    });
     38 
     39  await window.test_driver.set_spc_transaction_mode("autoAccept")
     40    .then(_ => {
     41      t.add_cleanup(() => {
     42        return window.test_driver.set_spc_transaction_mode("none");
     43      });
     44    });
     45 
     46  const enrollmentBrowserBoundPubKeyCredParams = [{
     47    type: "public-key",
     48    alg: 0, // "Reserved": User agent should not create a key at credential enrollment.
     49  }];
     50  const credential = await createCredential(/*set_payment_extension=*/true, {
     51    browserBoundPubKeyCredParams: enrollmentBrowserBoundPubKeyCredParams,
     52  });
     53  assertNoBrowserBoundPublicKeyInCredential(credential,
     54    "Expected no browser bound key created during credential enrollment.");
     55 
     56  const challenge = 'server challenge';
     57  const payeeOrigin = 'https://merchant.com';
     58  const displayName = 'Troycard ***1234';
     59  const request = new PaymentRequest([{
     60    supportedMethods: 'secure-payment-confirmation',
     61    data: {
     62      credentialIds: [credential.rawId],
     63      challenge: Uint8Array.from(challenge, c => c.charCodeAt(0)),
     64      payeeOrigin,
     65      rpId: window.location.hostname,
     66      timeout: 60000,
     67      instrument: {
     68        displayName,
     69        icon: ICON_URL,
     70      },
     71      browserBoundPubKeyCredParams: options.browserBoundPubKeyCredParams,
     72    }
     73  }], PAYMENT_DETAILS);
     74 
     75  await test_driver.bless('user activation');
     76  const response = await request.show();
     77  await response.complete('success')
     78 
     79  const verificationResult = await verifyBrowserBoundKey(response.details, options.expectedKeyTypes);
     80  if (!options.allowNoBrowserBoundKey) {
     81    assert_true(verificationResult ==
     82       BrowserBoundKeyVerificationResult.BrowserBoundKeySignatureVerified,
     83      "The browser bound signature could not be verified.");
     84  }
     85 }
     86 
     87 promise_test(async t => {
     88  return testBrowserBoundKeyOnSecurePaymentConfirmationAuthentication(t, /*options=*/{
     89    browserBoundPubKeyCredParams: [], // Let the user agent provide a default.
     90    expectedKeyTypes: [cose_key_type_ec2, cose_key_type_rsa],
     91  });
     92 }, 'Creates a browser bound key on authentication.');
     93 
     94 promise_test(async t => {
     95  return testBrowserBoundKeyOnSecurePaymentConfirmationAuthentication(t, {
     96    browserBoundPubKeyCredParams: [{
     97      type: "public-key",
     98      alg: -7, // "ES256"
     99    }],
    100    expectedKeyTypes: [cose_key_type_ec2],
    101    allowNoBrowserBoundKey: true,
    102  });
    103 }, 'If ES256 is supported creates a browser bound key on authentication.');
    104 
    105 promise_test(async t => {
    106  return testBrowserBoundKeyOnSecurePaymentConfirmationAuthentication(t, {
    107    browserBoundPubKeyCredParams: [{
    108      type: "public-key",
    109      alg: -257, // "RS256"
    110    }],
    111    expectedKeyTypes: [cose_key_type_rsa],
    112    allowNoBrowserBoundKey: true,
    113  });
    114 }, 'If RS256 is supported creates a browser bound key on authentication.');
    115 </script>