mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-14 22:05:44 +00:00
78bed400fd
MozReview-Commit-ID: EUpleNqjFKQ
163 lines
5.4 KiB
HTML
163 lines
5.4 KiB
HTML
<!DOCTYPE html>
|
|
<meta charset=utf-8>
|
|
<head>
|
|
<title>Test for MakeCredential for W3C Web Authentication</title>
|
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<script type="text/javascript" src="u2futil.js"></script>
|
|
<script type="text/javascript" src="pkijs/common.js"></script>
|
|
<script type="text/javascript" src="pkijs/asn1.js"></script>
|
|
<script type="text/javascript" src="pkijs/x509_schema.js"></script>
|
|
<script type="text/javascript" src="pkijs/x509_simpl.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<h1>Test Same Origin Policy for W3C Web Authentication</h1>
|
|
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1309284">Mozilla Bug 1309284</a>
|
|
|
|
<script class="testbody" type="text/javascript">
|
|
"use strict";
|
|
|
|
// Execute the full-scope test
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
var gTrackedCredential = {};
|
|
|
|
function arrivingHereIsGood(aResult) {
|
|
ok(true, "Good result! Received a: " + aResult);
|
|
return Promise.resolve();
|
|
}
|
|
|
|
function arrivingHereIsBad(aResult) {
|
|
// TODO: Change to `ok` when Bug 1329764 lands
|
|
todo(false, "Bad result! Received a: " + aResult);
|
|
return Promise.resolve();
|
|
}
|
|
|
|
function expectSecurityError(aResult) {
|
|
// TODO: Change to `ok` when Bug 1329764 lands
|
|
todo(aResult.toString().startsWith("SecurityError"), "Expecting a SecurityError");
|
|
return Promise.resolve();
|
|
}
|
|
|
|
function keepThisScopedCredential(aScopedCredInfo) {
|
|
gTrackedCredential = {
|
|
type: aScopedCredInfo.credential.type,
|
|
id: Uint8Array.from(aScopedCredInfo.credential.id),
|
|
transports: [ "usb" ],
|
|
}
|
|
return Promise.resolve(aScopedCredInfo);
|
|
}
|
|
|
|
SpecialPowers.pushPrefEnv({"set": [["security.webauth.webauthn", true],
|
|
["security.webauth.webauthn_enable_softtoken", true],
|
|
["security.webauth.webauthn_enable_usbtoken", false]]},
|
|
function() {
|
|
isnot(navigator.authentication, undefined, "WebAuthn API endpoint must exist");
|
|
isnot(navigator.authentication.makeCredential, undefined,
|
|
"WebAuthn makeCredential API endpoint must exist");
|
|
isnot(navigator.authentication.getAssertion, undefined,
|
|
"WebAuthn getAssertion API endpoint must exist");
|
|
|
|
let authn = navigator.authentication;
|
|
|
|
let chall = new Uint8Array(16);
|
|
window.crypto.getRandomValues(chall);
|
|
|
|
let acct = {rpDisplayName: "none", displayName: "none", id: "none"};
|
|
let param = {type: "ScopedCred", algorithm: "p-256"};
|
|
|
|
Promise.all([
|
|
// Test basic good call
|
|
authn.makeCredential(acct, [param], chall, {rpId: document.origin})
|
|
.then(keepThisScopedCredential)
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad),
|
|
|
|
// Test rpId being unset
|
|
authn.makeCredential(acct, [param], chall, {})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad),
|
|
|
|
// Test this origin with optional fields
|
|
authn.makeCredential(acct, [param], chall,
|
|
{rpId: "user:pass@" + document.origin + ":8888"})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// Test blank rpId
|
|
authn.makeCredential(acct, [param], chall, {rpId: ""})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// Test subdomain of this origin
|
|
authn.makeCredential(acct, [param], chall,
|
|
{rpId: "subdomain." + document.origin})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// Test another origin
|
|
authn.makeCredential(acct, [param], chall, {rpId: "example.com"})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// est a different domain within the same TLD
|
|
authn.makeCredential(acct, [param], chall, {rpId: "alt.test"})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError)
|
|
|
|
])
|
|
.then(function(){
|
|
return Promise.all([
|
|
// Test basic good call
|
|
authn.getAssertion(chall, {allowList: [ gTrackedCredential ],
|
|
rpId: document.origin})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad),
|
|
|
|
// Test rpId being unset
|
|
authn.getAssertion(chall, {allowList: [ gTrackedCredential ]})
|
|
.then(arrivingHereIsGood)
|
|
.catch(arrivingHereIsBad),
|
|
|
|
// Test this origin with optional fields
|
|
authn.getAssertion(chall, {allowList: [ gTrackedCredential ],
|
|
rpId: "user:pass@" + document.origin + ":8888"})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// Test blank rpId
|
|
authn.getAssertion(chall, {allowList: [ gTrackedCredential ],
|
|
rpId: ""})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// Test subdomain of this origin
|
|
authn.getAssertion(chall, {allowList: [ gTrackedCredential ],
|
|
rpId: "subdomain." + document.origin})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// Test another origin
|
|
authn.getAssertion(chall, {allowList: [ gTrackedCredential ],
|
|
rpId: "example.com"})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError),
|
|
|
|
// Test a different domain within the same TLD
|
|
authn.getAssertion(chall, {allowList: [ gTrackedCredential ],
|
|
rpId: "alt.test"})
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError)
|
|
]);
|
|
})
|
|
.then(function(){
|
|
SimpleTest.finish();
|
|
});
|
|
});
|
|
|
|
</script>
|
|
|
|
</body>
|
|
</html>
|