Bug 1914199 [wpt PR 47714] - webauthn: Add a WPT for the clientDataJS…

…ON serialization., a=testonly Automatic update from web-platform-tests webauthn: Add a WPT for the clientDataJSON serialization. WebAuthn specifies[1] that this JSON must be serialized in a precise order. WPTs should test that. [1] https://www.w3.org/TR/webauthn-2/#clientdatajson-serialization Change-Id: I8038909c2e55b1de699de6d450e2d9efdc72258f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5794170 Commit-Queue: Adam Langley <agl@chromium.org> Auto-Submit: Adam Langley <agl@chromium.org> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Cr-Commit-Position: refs/heads/main@{#1345069} -- wpt-commits: ccc89019aa2d541d1edf774b023dd48b5487c66e wpt-pr: 47714
i3roly · Aug 23, 2024 · de45b24 · de45b24
1 parent 7b40f64
commit de45b24
Showing 1 changed file with 47 additions and 0 deletions.
diff --git a/testing/web-platform/tests/webauthn/createcredential-clientdata.https.html b/testing/web-platform/tests/webauthn/createcredential-clientdata.https.html
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>WebAuthn navigator.credentials.create() clientData test</title>
+<link rel="help" href="https://w3c.github.io/webauthn/#iface-credential">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="helpers.js"></script>
+<body></body>
+<script>
+standardSetup(function() {
+    "use strict";
+
+    const options = {
+        rp: {name: "Acme"},
+        user: {id: new Uint8Array(1), name: "name", displayName: ""},
+        pubKeyCredParams: [{type: "public-key", alg: -7}],
+        attestation: "none",
+        challenge: new Uint8Array([0xff]),
+    };
+
+    promise_test(async t => {
+        const cred = await navigator.credentials.create({publicKey: options});
+        // WebAuthn specifies a precise, JSON-compatible serialization for the
+        // clientDataJSON. See
+        // https://www.w3.org/TR/webauthn-2/#clientdatajson-serialization
+        const expectedPrefix =
+            `{"type":"webauthn.create","challenge":"_w","origin":"`;
+        const clientData = new TextDecoder().decode(cred.response.clientDataJSON);
+        assert_true(clientData.startsWith(expectedPrefix),
+                    "The clientData (" + clientData +
+                    ") should have the prefix: " + expectedPrefix);
+
+
+        // Skip over the origin value by finding the closing quote.
+        const originEnd = clientData.indexOf('"', expectedPrefix.length);
+        assert_not_equals(originEnd, -1, "Should find the closing quote for origin");
+
+        const expectedRemainder = `","crossOrigin":false`;
+        assert_true(clientData.substring(originEnd).startsWith(expectedRemainder),
+                    "The clientData (" + clientData +
+                    ") should have the following after the origin: " +
+                    expectedRemainder);
+    }, "navigator.credentials.create() has valid clientData");
+});
+</script>