| <!DOCTYPE html> |
| <meta charset="utf-8"> |
| <title>WebAuthn credential.create() Passing Tests</title> |
| <meta name="timeout" content="long"> |
| <link rel="author" title="Adam Powers" href="mailto:adam@fidoalliance.org"> |
| <link rel="help" href="https://w3c.github.io/webauthn/#iface-credential"> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src=helpers.js></script> |
| <body></body> |
| <script> |
| standardSetup(function() { |
| "use strict"; |
| |
| // CreateCredentialTest passing tests |
| |
| // default arguments |
| new CreateCredentialsTest().runTest("passing credentials.create() with default arguments"); |
| |
| // rp |
| new CreateCredentialsTest({path: "options.publicKey.rp.id", value: window.location.host}).runTest("passing credentials.create() with rpId (host and port)"); |
| new CreateCredentialsTest({path: "options.publicKey.rp.id", value: window.location.hostname}).runTest("passing credentials.create() with rpId (hostname)"); |
| new CreateCredentialsTest({path: "options.publicKey.rp.icon", value: undefined}).runTest("passing credentials.create() without rp.icon"); |
| |
| // user |
| new CreateCredentialsTest("options.publicKey.user.id", new ArrayBuffer(1)).runTest("very short user id"); |
| new CreateCredentialsTest("options.publicKey.user.id", new ArrayBuffer(64)).runTest("max length user id"); |
| new CreateCredentialsTest("options.publicKey.user.id", new Uint8Array(64)).runTest("Uint8Array user id"); |
| new CreateCredentialsTest("options.publicKey.user.id", new Int8Array(64)).runTest("Int8Array user id"); |
| new CreateCredentialsTest("options.publicKey.user.id", new Int16Array(32)).runTest("Int16Array user id"); |
| new CreateCredentialsTest("options.publicKey.user.id", new Int32Array(16)).runTest("Int32Array user id"); |
| new CreateCredentialsTest("options.publicKey.user.id", new Float32Array(16)).runTest("Float32Array user id"); |
| var dvBuf1 = new ArrayBuffer(16); |
| new CreateCredentialsTest("options.publicKey.user.id", new DataView(dvBuf1)).runTest("DataView user id"); |
| new CreateCredentialsTest({path: "options.publicKey.user.icon", value: undefined}).runTest("passing credentials.create() without user.icon"); |
| |
| // good challenge values |
| // all these challenges are zero-filled buffers... think anyone will complain? |
| new CreateCredentialsTest("options.publicKey.challenge", new Int16Array(33)).runTest("Int16Array challenge"); |
| new CreateCredentialsTest("options.publicKey.challenge", new Int32Array(17)).runTest("Int32Array challenge"); |
| new CreateCredentialsTest("options.publicKey.challenge", new Float32Array(17)).runTest("Float32Array challenge"); |
| new CreateCredentialsTest("options.publicKey.challenge", new Float64Array(9)).runTest("Float64Array challenge"); |
| var dvBuf2 = new ArrayBuffer(65); |
| new CreateCredentialsTest("options.publicKey.challenge", new DataView(dvBuf2)).runTest("DataView challenge"); |
| new CreateCredentialsTest("options.publicKey.challenge", new ArrayBuffer(8192)).runTest("Absurdly large challenge"); |
| |
| // good pubKeyCredParams values |
| new CreateCredentialsTest("options.publicKey.pubKeyCredParams", []).runTest("Bad pubKeyCredParams: pubKeyCredParams is empty Array"); |
| const pkParamEC256 = { |
| type: "public-key", |
| alg: cose_alg_ECDSA_w_SHA256 |
| }; |
| const pkParamEC512 = { |
| type: "public-key", |
| alg: cose_alg_ECDSA_w_SHA512 |
| }; |
| // XXX: presumes all mock authenticators support EC256 |
| new CreateCredentialsTest("options.publicKey.pubKeyCredParams", [pkParamEC256]).runTest("EC256 pubKeyCredParams"); |
| new CreateCredentialsTest("options.publicKey.pubKeyCredParams", [pkParamEC512, pkParamEC256]) |
| .runTest("SelectEC256 pubKeyCredParams from a list"); |
| // TODO: currently most browsers are mocking FIDO U2F, which is EC256 only |
| // new CreateCredentialsTest("options.publicKey.pubKeyCredParams", [pkParamEC512]).runTest("EC512 pubKeyCredParams"); |
| |
| // NOTE: excludeCredentials parameter -- see also: createcredential-excludecredentials.https.html |
| |
| // timeout |
| new CreateCredentialsTest({path: "options.publicKey.timeout", value: undefined}).runTest("passing credentials.create() with no timeout"); |
| |
| // valid authenticatorSelection values |
| var defaultAuthnrSel = { |
| authenticatorAttachment: "cross-platform", |
| requireResidentKey: false, |
| userVerification: "preferred" |
| }; |
| // attachment |
| var authnrSelAttachUndef = cloneObject(defaultAuthnrSel); |
| authnrSelAttachUndef.authenticatorAttachment = undefined; |
| // resident key |
| var authnrSelRkUndef = cloneObject(defaultAuthnrSel); |
| authnrSelRkUndef.requireResidentKey = undefined; |
| var authnrSelRkFalse = cloneObject(defaultAuthnrSel); |
| authnrSelRkFalse.requireResidentKey = false; |
| // user verification |
| var authnrSelUvUndef = cloneObject(defaultAuthnrSel); |
| authnrSelUvUndef.userVerification = undefined; |
| var authnrSelUvDiscouraged = cloneObject(defaultAuthnrSel); |
| authnrSelUvDiscouraged.userVerification = "discouraged"; |
| new CreateCredentialsTest({path: "options.publicKey.authenticatorSelection", value: undefined}).runTest("authenticatorSelection is undefined"); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", {}).runTest("authenticatorSelection is empty object"); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", cloneObject(defaultAuthnrSel)).runTest("authenticatorSelection default values"); |
| |
| // authnr selection attachment |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachUndef).runTest("authenticatorSelection attachment undefined"); |
| |
| // authnr selection resident key |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelRkUndef).runTest("authenticatorSelection residentKey undefined"); |
| // XXX: assumes authnr is behaving like most U2F authnrs; really depends on the authnr or mock configuration |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelRkFalse).runTest("authenticatorSelection residentKey false"); |
| |
| // authnr selection user verification |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvUndef).runTest("authenticatorSelection userVerification undefined"); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvDiscouraged).runTest("authenticatorSelection userVerification discouraged"); |
| |
| |
| // good attestation values |
| new CreateCredentialsTest("options.publicKey.attestation", "none").runTest("attestation parameter: attestation is \"none\""); |
| new CreateCredentialsTest("options.publicKey.attestation", "indirect").runTest("attestation parameter: attestation is \"indirect\""); |
| new CreateCredentialsTest("options.publicKey.attestation", "direct").runTest("attestation parameter: attestation is \"direct\""); |
| new CreateCredentialsTest({path: "options.publicKey.attestation", value: undefined}).runTest("attestation parameter: attestation is undefined"); |
| // TODO: test this with multiple mock authenticators to make sure that the right options are chosen when available? |
| |
| // good extension values |
| new CreateCredentialsTest({path: "options.publicKey.extensions", value: undefined}).runTest("extensions undefined"); |
| new CreateCredentialsTest("options.publicKey.extensions", {}).runTest("extensions are empty object"); |
| new CreateCredentialsTest("options.publicKey.extensions", {foo: "", bar: "", bat: ""}).runTest("extensions are dict of empty strings"); |
| }); |
| |
| /* JSHINT */ |
| /* globals standardSetup, CreateCredentialsTest, cose_alg_ECDSA_w_SHA256, cose_alg_ECDSA_w_SHA512, cloneObject */ |
| </script> |