[WebAuthN] Import a JS CBOR coder
[WebKit-https.git] / LayoutTests / http / wpt / webauthn / public-key-credential-get-success-local.https.html
1 <!DOCTYPE html>
2 <title>Web Authentication API: PublicKeyCredential's [[get]] failure cases.</title>
3 <script src="/resources/testharness.js"></script>
4 <script src="/resources/testharnessreport.js"></script>
5 <script src="./resources/util.js"></script>
6 <script>
7     // Default mock configuration. Tests need to override if they need different configuration.
8     if (window.testRunner)
9         testRunner.setWebAuthenticationMockConfiguration({ local: { acceptAuthentication: true, acceptAttestation: false } });
10
11     function checkResult(credential)
12     {
13         if (window.testRunner)
14             testRunner.cleanUpKeychain(testRpId);
15
16          // Check respond
17         assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testCredentialIdBase64));
18         assert_equals(credential.type, 'public-key');
19         assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testCredentialIdBase64));
20         assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}');
21         assert_equals(bytesToHexString(credential.response.userHandle), "00010203040506070809");
22
23         // Check authData
24         const authData = decodeAuthData(new Uint8Array(credential.response.authenticatorData));
25         assert_equals(bytesToHexString(authData.rpIdHash), "49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763");
26         assert_equals(authData.flags, 5);
27         assert_equals(authData.counter, 0);
28
29         // Check signature
30         return crypto.subtle.importKey("raw", Base64URL.parse(testES256PublicKeyBase64), { name: "ECDSA", namedCurve: "P-256" }, false, ['verify']).then( publicKey => {
31             return crypto.subtle.digest("sha-256", credential.response.clientDataJSON).then ( hash => {
32                 // credential.response.signature is in ASN.1 and WebCrypto expect signatures provides in r|s.
33                 return crypto.subtle.verify({name: "ECDSA", hash: "SHA-256"}, publicKey, extractRawSignature(credential.response.signature), concatenateBuffers(credential.response.authenticatorData, hash)).then( verified => {
34                     assert_true(verified);
35                     assert_throws("NotSupportedError", () => { credential.getClientExtensionResults() });
36                 });
37             });
38         });
39     }
40
41     promise_test(t => {
42         const options = {
43             publicKey: {
44                 challenge: Base64URL.parse("MTIzNDU2")
45             }
46         };
47
48         if (window.testRunner)
49             testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
50         return navigator.credentials.get(options).then(credential => {
51             return checkResult(credential);
52         });
53     }, "PublicKeyCredential's [[get]] with minimum options in a mock local authenticator.");
54
55     promise_test(t => {
56         const options = {
57             publicKey: {
58                 challenge: Base64URL.parse("MTIzNDU2"),
59                 allowCredentials: [
60                     { type: "public-key", id: Base64URL.parse(testUserhandleBase64), transports: ["internal"] },
61                     { type: "public-key", id: Base64URL.parse(testCredentialIdBase64), transports: ["internal"] }
62                 ]
63             }
64         };
65
66         if (window.testRunner)
67             testRunner.addTestKeyToKeychain(testES256PrivateKeyBase64, testRpId, testUserhandleBase64);
68         return navigator.credentials.get(options).then(credential => {
69             return checkResult(credential);
70         });
71     }, "PublicKeyCredential's [[get]] with matched allow credentials in a mock local authenticator.");
72 </script>