getcredential-prf.https.html (5456B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>navigator.credentials.get() prf extension tests with authenticator support</title> 4 <meta name="timeout" content="long"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/resources/testdriver.js"></script> 8 <script src="/resources/testdriver-vendor.js"></script> 9 <script src=helpers.js></script> 10 <body></body> 11 <script> 12 standardSetup(async function(authenticator) { 13 "use strict"; 14 15 const b64 = buf => btoa(String.fromCharCode.apply(null, new Uint8Array(buf))); 16 const b64url = buf => b64(buf). 17 replace(/\+/g, '-'). 18 replace(/\//g, '_'). 19 replace(/=+$/, ''); 20 21 const credential = createCredential({ 22 options: { 23 publicKey: { 24 extensions: { 25 prf: {}, 26 }, 27 }, 28 }, 29 }); 30 31 const assert = (id, prfExt) => 32 navigator.credentials.get({publicKey: { 33 challenge: new Uint8Array(), 34 allowCredentials: [{ 35 id: id, 36 type: "public-key", 37 }], 38 extensions: { 39 prf: prfExt, 40 }, 41 }}); 42 43 promise_test(async t => { 44 const id = (await credential).rawId; 45 const assertion = await assert(id, { 46 eval: { 47 first: new Uint8Array([1,2,3,4]).buffer, 48 }, 49 }); 50 const results = assertion.getClientExtensionResults().prf.results; 51 assert_equals(results.first.byteLength, 32) 52 assert_not_own_property(results, 'second'); 53 }, "navigator.credentials.get() with single evaluation point"); 54 55 promise_test(async t => { 56 const id = (await credential).rawId; 57 const assertion = await assert(id, { 58 eval: { 59 first: new Uint8Array([1,2,3,4]).buffer, 60 second: new Uint8Array([1,2,3,4]).buffer, 61 }, 62 }); 63 const results = assertion.getClientExtensionResults().prf.results; 64 assert_equals(results.first.byteLength, 32) 65 assert_equals(results.second.byteLength, 32) 66 assert_equals(b64(results.first), b64(results.second)); 67 }, "navigator.credentials.get() with two equal evaluation points"); 68 69 promise_test(async t => { 70 const id = (await credential).rawId; 71 const assertion = await assert(id, { 72 eval: { 73 first: new Uint8Array([1,2,3,4]).buffer, 74 second: new Uint8Array([1,2,3,5]).buffer, 75 }, 76 }); 77 const results = assertion.getClientExtensionResults().prf.results; 78 assert_equals(results.first.byteLength, 32) 79 assert_equals(results.second.byteLength, 32) 80 assert_not_equals(b64(results.first), b64(results.second)); 81 }, "navigator.credentials.get() with two distinct evaluation points"); 82 83 promise_test(async t => { 84 const id = (await credential).rawId; 85 const byCred = {}; 86 byCred[b64url(id)] = { 87 first: new Uint8Array([1,2,3,4]).buffer, 88 }; 89 const assertion = await assert(id, { 90 evalByCredential: byCred, 91 }); 92 const results = assertion.getClientExtensionResults().prf.results; 93 assert_equals(results.first.byteLength, 32) 94 assert_not_own_property(results, 'second'); 95 }, "navigator.credentials.get() using credential ID with one evaluation point"); 96 97 promise_test(async t => { 98 const id = (await credential).rawId; 99 const byCred = {}; 100 byCred[b64url(id)] = { 101 first: new Uint8Array([1,2,3,4]).buffer, 102 second: new Uint8Array([1,2,3,4]).buffer, 103 }; 104 const assertion = await assert(id, { 105 evalByCredential: byCred, 106 }); 107 const results = assertion.getClientExtensionResults().prf.results; 108 assert_equals(results.first.byteLength, 32) 109 assert_equals(results.second.byteLength, 32) 110 assert_equals(b64(results.first), b64(results.second)); 111 }, "navigator.credentials.get() using credential ID with two evaluation points"); 112 113 promise_test(async t => { 114 const id = (await credential).rawId; 115 const byCred = {}; 116 byCred["Zm9v"] = { 117 first: new Uint8Array([1,2,3,4]).buffer, 118 }; 119 return promise_rejects_dom(t, "SyntaxError", assert(id, { 120 evalByCredential: byCred, 121 })); 122 }, "navigator.credentials.get() with credential ID not in allowedCredentials"); 123 124 promise_test(async t => { 125 const id = (await credential).rawId; 126 const byCred = {}; 127 byCred["Zm9v"] = { 128 first: new Uint8Array([1,2,3,4]), 129 }; 130 return promise_rejects_dom(t, "SyntaxError", assert(id, { 131 evalByCredential: byCred, 132 })); 133 }, "navigator.credentials.get() with Uint8Array credential ID not in allowedCredentials"); 134 135 promise_test(async t => { 136 const id = (await credential).rawId; 137 const byCred = {}; 138 byCred["Zm9v="] = { 139 first: new Uint8Array([1,2,3,4]).buffer, 140 }; 141 return promise_rejects_dom( 142 t, "SyntaxError", assert(id, {evalByCredential: byCred })); 143 }, "navigator.credentials.get() using invalid base64url credential ID"); 144 145 promise_test(async t => { 146 const id = (await credential).rawId; 147 const byCred = {}; 148 byCred["Zm9v"] = { 149 first: new Uint8Array([1,2,3,4]).buffer, 150 }; 151 const promise = navigator.credentials.get({publicKey: { 152 challenge: new Uint8Array(), 153 extensions: { 154 prf: {evalByCredential: byCred }, 155 }, 156 }}); 157 return promise_rejects_dom(t, "NotSupportedError", promise); 158 }, "navigator.credentials.get() with an empty allow list but also using evalByCredential"); 159 }, { 160 protocol: "ctap2_1", 161 extensions: ["prf"], 162 hasUserVerification: true, 163 isUserVerified: true, 164 }); 165 </script>