DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (b6d82b1a6b02)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
<!DOCTYPE html>
<meta charset=utf-8>
<head>
  <title>Test for W3C Web Authentication with no token</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="u2futil.js"></script>
  <script type="text/javascript" src="pkijs/common.js"></script>
  <script type="text/javascript" src="pkijs/asn1.js"></script>
  <script type="text/javascript" src="pkijs/x509_schema.js"></script>
  <script type="text/javascript" src="pkijs/x509_simpl.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>

<h1>Test for W3C Web Authentication with no token</h1>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1309284">Mozilla Bug 1309284</a>

<script class="testbody" type="text/javascript">
"use strict";

// Execute the full-scope test
SimpleTest.waitForExplicitFinish();

// Turn off all tokens. This should result in "not allowed" failures
SpecialPowers.pushPrefEnv({"set": [["security.webauth.webauthn", true],
                                   ["security.webauth.webauthn_enable_softtoken", false],
                                   ["security.webauth.webauthn_enable_android_fido2", false],
                                   ["security.webauth.webauthn_enable_usbtoken", false]]},
function() {
  is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
  isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
  isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
  isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");

  let credm = navigator.credentials;

  let credentialChallenge = new Uint8Array(16);
  window.crypto.getRandomValues(credentialChallenge);
  let assertionChallenge = new Uint8Array(16);
  window.crypto.getRandomValues(assertionChallenge);
  let credentialId = new Uint8Array(128);
  window.crypto.getRandomValues(credentialId);

  testMakeCredential();

  function testMakeCredential() {
    let rp = {id: document.domain, name: "none", icon: "none"};
    let user = {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"};
    let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
    let makeCredentialOptions = {
      rp: rp, user: user, challenge: credentialChallenge, pubKeyCredParams: [param]
    };
    credm.create({publicKey: makeCredentialOptions})
    .then(function(aResult) {
      ok(false, "Should have failed.");
      testAssertion();
    })
    .catch(function(aReason) {
      ok(aReason.toString().startsWith("NotAllowedError"), aReason);
      testAssertion();
    });
  }

  function testAssertion() {
    let newCredential = {
      type: "public-key",
      id: credentialId,
      transports: ["usb"],
    }
    let publicKeyCredentialRequestOptions = {
      challenge: assertionChallenge,
      timeout: 5000, // the minimum timeout is actually 15 seconds
      rpId: document.domain,
      allowCredentials: [newCredential]
    };
    credm.get({publicKey: publicKeyCredentialRequestOptions})
    .then(function(aResult) {
      ok(false, "Should have failed.");
      SimpleTest.finish();
    })
    .catch(function(aReason) {
      ok(aReason.toString().startsWith("NotAllowedError"), aReason);
      SimpleTest.finish();
    })
  }
});

</script>

</body>
</html>