1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
<!DOCTYPE html>
<meta charset="utf-8">
<title>WebAuthn navigator.credentials.create() clientData test</title>
<link rel="help" href="https://w3c.github.io/webauthn/#iface-credential">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src="helpers.js"></script>
<body></body>
<script>
standardSetup(function() {
"use strict";
const options = {
rp: {name: "Acme"},
user: {id: new Uint8Array(1), name: "name", displayName: ""},
pubKeyCredParams: [{type: "public-key", alg: -7}],
attestation: "none",
challenge: new Uint8Array([0xff]),
};
promise_test(async t => {
const cred = await navigator.credentials.create({publicKey: options});
// WebAuthn specifies a precise, JSON-compatible serialization for the
// clientDataJSON. See
// https://www.w3.org/TR/webauthn-2/#clientdatajson-serialization
const expectedPrefix =
`{"type":"webauthn.create","challenge":"_w","origin":"`;
const clientData = new TextDecoder().decode(cred.response.clientDataJSON);
assert_true(clientData.startsWith(expectedPrefix),
"The clientData (" + clientData +
") should have the prefix: " + expectedPrefix);
// Skip over the origin value by finding the closing quote.
const originEnd = clientData.indexOf('"', expectedPrefix.length);
assert_not_equals(originEnd, -1, "Should find the closing quote for origin");
const expectedRemainder = `","crossOrigin":false`;
assert_true(clientData.substring(originEnd).startsWith(expectedRemainder),
"The clientData (" + clientData +
") should have the following after the origin: " +
expectedRemainder);
}, "navigator.credentials.create() has valid clientData");
});
</script>
|
