| <!DOCTYPE html> |
| <meta charset="utf-8"> |
| <title>navigator.credentials.get() prf extension tests with authenticator support</title> |
| <meta name="timeout" content="long"> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/resources/testdriver.js"></script> |
| <script src="/resources/testdriver-vendor.js"></script> |
| <script src=helpers.js></script> |
| <body></body> |
| <script> |
| standardSetup(async function(authenticator) { |
| "use strict"; |
| |
| const b64 = buf => btoa(String.fromCharCode.apply(null, new Uint8Array(buf))); |
| const b64url = buf => b64(buf). |
| replace(/\+/g, '-'). |
| replace(/\//g, '_'). |
| replace(/=+$/, ''); |
| |
| const credential = createCredential({ |
| options: { |
| publicKey: { |
| extensions: { |
| prf: {}, |
| }, |
| }, |
| }, |
| }); |
| |
| const assert = (id, prfExt) => |
| navigator.credentials.get({publicKey: { |
| challenge: new Uint8Array(), |
| allowCredentials: [{ |
| id: id, |
| type: "public-key", |
| }], |
| extensions: { |
| prf: prfExt, |
| }, |
| }}); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const assertion = await assert(id, { |
| eval: { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| }, |
| }); |
| const results = assertion.getClientExtensionResults().prf.results; |
| assert_equals(results.first.byteLength, 32) |
| assert_not_own_property(results, 'second'); |
| }, "navigator.credentials.get() with single evaluation point"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const assertion = await assert(id, { |
| eval: { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| second: new Uint8Array([1,2,3,4]).buffer, |
| }, |
| }); |
| const results = assertion.getClientExtensionResults().prf.results; |
| assert_equals(results.first.byteLength, 32) |
| assert_equals(results.second.byteLength, 32) |
| assert_equals(b64(results.first), b64(results.second)); |
| }, "navigator.credentials.get() with two equal evaluation points"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const assertion = await assert(id, { |
| eval: { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| second: new Uint8Array([1,2,3,5]).buffer, |
| }, |
| }); |
| const results = assertion.getClientExtensionResults().prf.results; |
| assert_equals(results.first.byteLength, 32) |
| assert_equals(results.second.byteLength, 32) |
| assert_not_equals(b64(results.first), b64(results.second)); |
| }, "navigator.credentials.get() with two distinct evaluation points"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const byCred = {}; |
| byCred[b64url(id)] = { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| }; |
| const assertion = await assert(id, { |
| evalByCredential: byCred, |
| }); |
| const results = assertion.getClientExtensionResults().prf.results; |
| assert_equals(results.first.byteLength, 32) |
| assert_not_own_property(results, 'second'); |
| }, "navigator.credentials.get() using credential ID with one evaluation point"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const byCred = {}; |
| byCred[b64url(id)] = { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| second: new Uint8Array([1,2,3,4]).buffer, |
| }; |
| const assertion = await assert(id, { |
| evalByCredential: byCred, |
| }); |
| const results = assertion.getClientExtensionResults().prf.results; |
| assert_equals(results.first.byteLength, 32) |
| assert_equals(results.second.byteLength, 32) |
| assert_equals(b64(results.first), b64(results.second)); |
| }, "navigator.credentials.get() using credential ID with two evaluation points"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const byCred = {}; |
| byCred["Zm9v"] = { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| }; |
| return promise_rejects_dom(t, "SyntaxError", assert(id, { |
| evalByCredential: byCred, |
| })); |
| }, "navigator.credentials.get() with credential ID not in allowedCredentials"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const byCred = {}; |
| byCred["Zm9v"] = { |
| first: new Uint8Array([1,2,3,4]), |
| }; |
| return promise_rejects_dom(t, "SyntaxError", assert(id, { |
| evalByCredential: byCred, |
| })); |
| }, "navigator.credentials.get() with Uint8Array credential ID not in allowedCredentials"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const byCred = {}; |
| byCred["Zm9v="] = { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| }; |
| return promise_rejects_dom( |
| t, "SyntaxError", assert(id, {evalByCredential: byCred })); |
| }, "navigator.credentials.get() using invalid base64url credential ID"); |
| |
| promise_test(async t => { |
| const id = (await credential).rawId; |
| const byCred = {}; |
| byCred["Zm9v"] = { |
| first: new Uint8Array([1,2,3,4]).buffer, |
| }; |
| const promise = navigator.credentials.get({publicKey: { |
| challenge: new Uint8Array(), |
| extensions: { |
| prf: {evalByCredential: byCred }, |
| }, |
| }}); |
| return promise_rejects_dom(t, "NotSupportedError", promise); |
| }, "navigator.credentials.get() with an empty allow list but also using evalByCredential"); |
| }, { |
| protocol: "ctap2_1", |
| extensions: ["prf"], |
| hasUserVerification: true, |
| isUserVerified: true, |
| }); |
| </script> |
