Reland "webauthn: move create credential tests for residentKey/credProps to WPT"

This is a reland of ee2f8113 Changes: - renamed virtualAuthenticatorTest to virtualAuthenticatorPromiseTest - made virtualAuthenticatorPromise test return |testCb()| which fixes the race that caused the original change to be reverted. Original change's description: > webauthn: move create credential tests for residentKey/credProps to WPT > > Bug: 1117630 > Change-Id: I2fa4d73b7a4cfe5e7f19fd835cb32e1bb4926d2f > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2508878 > Reviewed-by: Nina Satragno <nsatragno@chromium.org> > Commit-Queue: Martin Kreichgauer <martinkr@google.com> > Cr-Commit-Position: refs/heads/master@{#825930} Bug: 1117630 Cq-Include-Trybots: luci.chromium.try:linux-wpt-identity-fyi-rel Change-Id: I08cb469ab937a704c23da30b7120374d31ecbff5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2548299 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Cr-Commit-Position: refs/heads/master@{#829793}

Reland "webauthn: move create credential tests for residentKey/credProps to WPT"
This is a reland of ee2f8113 Changes: - renamed virtualAuthenticatorTest to virtualAuthenticatorPromiseTest - made virtualAuthenticatorPromise test return |testCb()| which fixes the race that caused the original change to be reverted. Original change's description: > webauthn: move create credential tests for residentKey/credProps to WPT > > Bug: 1117630 > Change-Id: I2fa4d73b7a4cfe5e7f19fd835cb32e1bb4926d2f > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2508878 > Reviewed-by: Nina Satragno <nsatragno@chromium.org> > Commit-Queue: Martin Kreichgauer <martinkr@google.com> > Cr-Commit-Position: refs/heads/master@{#825930} Bug: 1117630 Cq-Include-Trybots: luci.chromium.try:linux-wpt-identity-fyi-rel Change-Id: I08cb469ab937a704c23da30b7120374d31ecbff5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2548299 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Cr-Commit-Position: refs/heads/master@{#829793}
3cb8033c · Martin Kreichgauer · Commit Bot · c0e7ecb7 · 3cb8033c · 3cb8033c
Commit 3cb8033c authored Nov 20, 2020 by Martin Kreichgauer Committed by Commit Bot Nov 20, 2020
2 changed files
--- a/third_party/blink/web_tests/http/tests/credentialmanager/credentialscontainer-create-with-resident-keys.html
+++ b/third_party/blink/web_tests/http/tests/credentialmanager/credentialscontainer-create-with-resident-keys.html
 <!DOCTYPE html>
-<title>Credential Manager: End-to-end tests for create(), exercising creation of resident keys on virtual authenticators.</title>
+<html>
-<script src="../resources/testharness.js"></script>
+<head>
-<script src="../resources/testharnessreport.js"></script>
+<meta charset="utf-8">
-<body>
+<title>navigator.credentials.create() test with residentKey and credProps</title>
-<script type="module">
+<meta name="timeout" content="long">
-import {authenticatorSetup, deepCopy, MAKE_CREDENTIAL_OPTIONS} from './resources/test-inputs.js';
+<script src="/resources/testharness.js"></script>
-import {TestAuthenticatorManager} from './resources/virtual-navigator-credentials.js';
+<script src="/resources/testharnessreport.js"></script>
-import {ClientToAuthenticatorProtocol, Ctap2Version} from '/gen/third_party/blink/public/mojom/webauthn/virtual_authenticator.mojom.m.js';
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
-if (document.location.host != "subdomain.example.test:8443") {
+<script src=helpers.js></script>
-  document.location = "https://subdomain.example.test:8443/credentialmanager/credentialscontainer-create-with-resident-keys.html";
+<script>
-  promise_test(_ => new Promise(_ => {}), "Stall tests on the wrong host.");
-}
+"use strict";
 const credPropsTests = [
  {
    name: "U2F",
    authenticatorArgs: {
-      protocol: ClientToAuthenticatorProtocol.U2F,
+      protocol: "ctap1/u2f",
    },
    expected: {
      discouraged: {
@@ -38,9 +37,10 @@ const credPropsTests = [
  {
    name: "CTAP 2.0 without resident key support",
    authenticatorArgs: {
-      protocol: ClientToAuthenticatorProtocol.CTAP2,
+      protocol: "ctap2",
-      ctap2Version: Ctap2Version.CTAP2_0,
      hasResidentKey: false,
+      hasUserVerification: true,
+      isUserVerified: true,
    },
    expected: {
      discouraged: {
@@ -61,14 +61,16 @@ const credPropsTests = [
  {
    name: "CTAP 2.0 with resident key support",
    authenticatorArgs: {
-      protocol: ClientToAuthenticatorProtocol.CTAP2,
+      protocol: "ctap2",
-      ctap2Version: Ctap2Version.CTAP2_0,
      hasResidentKey: true,
+      hasUserVerification: true,
+      isUserVerified: true,
    },
    expected: {
      discouraged: {
        success: true,
-        // CTAP2.0 authenticators may treat all credentials as discoverable, thus Chrome omits 'rk' in this case.
+        // CTAP2.0 authenticators may treat all credentials as discoverable,
+        // thus Chrome omits 'rk' in this case.
        hasRk: false,
      },
      preferred: {
@@ -86,9 +88,10 @@ const credPropsTests = [
  {
    name: "CTAP 2.1 without resident key support",
    authenticatorArgs: {
-      protocol: ClientToAuthenticatorProtocol.CTAP2,
+      protocol: "ctap2_1",
-      ctap2Version: Ctap2Version.CTAP2_1,
      hasResidentKey: false,
+      hasUserVerification: true,
+      isUserVerified: true,
    },
    expected: {
      discouraged: {
@@ -109,9 +112,10 @@ const credPropsTests = [
  {
    name: "CTAP 2.1 with resident key support",
    authenticatorArgs: {
-      protocol: ClientToAuthenticatorProtocol.CTAP2,
+      protocol: "ctap2_1",
-      ctap2Version: Ctap2Version.CTAP2_1,
      hasResidentKey: true,
+      hasUserVerification: true,
+      isUserVerified: true,
    },
    expected: {
      discouraged: {
@@ -133,34 +137,42 @@ const credPropsTests = [
  },
 ];
-const manager = new TestAuthenticatorManager;
 for (const fixture of credPropsTests) {
-  authenticatorSetup(manager, fixture.name, () => {
+  for (const rkRequirement of ["discouraged", "preferred", "required"]) {
-    for (const rkRequirement of ["discouraged", "preferred", "required"]) {
+    virtualAuthenticatorPromiseTest(async t => {
-      promise_test(async t => {
+      const promise = createCredential({
-        var customMakeCredOptions = deepCopy(MAKE_CREDENTIAL_OPTIONS);
+        options: {
-        customMakeCredOptions.extensions = {credProps: true};
+          publicKey: {
+            authenticatorSelection: {
+              residentKey: rkRequirement,
+            },
+            extensions: {
+              credProps: true,
+            },
+          },
+        },
+      });
-        customMakeCredOptions.authenticatorSelection.residentKey = rkRequirement;
+      assert_true(rkRequirement in fixture.expected);
-        const promise = navigator.credentials.create({publicKey: customMakeCredOptions});
+      const expected = fixture.expected[rkRequirement];
+      assert_true('success' in expected);
+      if (!expected.success) {
+        return promise_rejects_dom(t, "NotAllowedError", promise);
+      }
-        assert_true(rkRequirement in fixture.expected);
+      const cred = await promise;
-        const expected = fixture.expected[rkRequirement];
+      assert_true('credProps' in cred.getClientExtensionResults());
-        assert_true('success' in expected);
+      const credProps = cred.getClientExtensionResults().credProps;
-        if (!expected.success) {
+      assert_equals('rk' in credProps, expected.hasRk, "hasRk");
-            return promise_rejects_dom(t, "NotAllowedError", promise);
+      if (expected.hasRk) {
-        }
+        assert_equals(credProps.rk, expected.rk, "rk");
+      }
-        const cred = await promise;
+    }, fixture.authenticatorArgs, fixture.name
-        assert_true('credProps' in cred.getClientExtensionResults());
+        + ": navigator.credentials.create() with credProps extension, rk="
-        const credProps = cred.getClientExtensionResults().credProps;
+        + rkRequirement);
-        assert_equals('rk' in credProps, expected.hasRk, "hasRk");
+  }
-        if (expected.hasRk) {
-          assert_equals(credProps.rk, expected.rk, "rk");
-        }
-      }, fixture.name + ": navigator.credentials.create() with credProps extension, rk=" + rkRequirement);
-    }
-  }, fixture.authenticatorArgs);
 }
 </script>
+</head>
+<body></body>
+</html>
--- a/third_party/blink/web_tests/external/wpt/webauthn/helpers.js
+++ b/third_party/blink/web_tests/external/wpt/webauthn/helpers.js
@@ -550,31 +550,57 @@ function validateAuthenticatorAssertionResponse(assert) {
    // TODO: parseAuthenticatorData() and make sure flags are correct
 }
+function defaultAuthenticatorArgs() {
+  return {
+    protocol: 'ctap1/u2f',
+    transport: 'usb',
+    hasResidentKey: false,
+    hasUserVerification: false,
+    isUserVerified: false,
+  };
+}
 function standardSetup(cb, options = {}) {
-    // Setup an automated testing environment if available.
+  // Setup an automated testing environment if available.
-    let authenticatorArgs = {
+  let authenticatorArgs = Object.assign(defaultAuthenticatorArgs(), options);
-        protocol: "ctap1/u2f",
+  window.test_driver.add_virtual_authenticator(authenticatorArgs)
-        transport: "usb",
+      .then(authenticator => {
-        hasResidentKey: false,
-        hasUserVerification: false,
-        isUserVerified: false,
-    };
-    extendObject(authenticatorArgs, options);
-    window.test_driver.add_virtual_authenticator(authenticatorArgs).then(authenticator => {
        cb();
        // XXX add a subtest to clean up the virtual authenticator since
        // testharness does not support waiting for promises on cleanup.
-        promise_test(() => window.test_driver.remove_virtual_authenticator(authenticator),
+        promise_test(
-                     "Clean up the test environment");
+            () =>
-    }).catch(error => {
+                window.test_driver.remove_virtual_authenticator(authenticator),
-        if (error !== "error: Action add_virtual_authenticator not implemented") {
+            'Clean up the test environment');
-            throw error;
+      })
+      .catch(error => {
+        if (error !==
+            'error: Action add_virtual_authenticator not implemented') {
+          throw error;
        }
        // The protocol is not available. Continue manually.
        cb();
-    });
+      });
 }
-/* JSHINT */
+// virtualAuthenticatorPromiseTest runs |testCb| in a promise_test with a
-/* globals promise_rejects_dom, promise_rejects_js, assert_class_string, assert_equals, assert_idl_attribute, assert_readonly, promise_test */
+// virtual authenticator set up before and destroyed after the test, if the
-/* exported standardSetup, CreateCredentialsTest, GetCredentialsTest */
+// virtual testing API is available. In manual tests, setup and teardown is
+// skipped.
+function virtualAuthenticatorPromiseTest(
+    testCb, options = {}, name = 'Virtual Authenticator Test') {
+  let authenticatorArgs = Object.assign(defaultAuthenticatorArgs(), options);
+  promise_test(async t => {
+    try {
+      let authenticator =
+          await window.test_driver.add_virtual_authenticator(authenticatorArgs);
+      t.add_cleanup(
+          () => window.test_driver.remove_virtual_authenticator(authenticator));
+    } catch (error) {
+      if (error !== 'error: Action add_virtual_authenticator not implemented') {
+        throw error;
+      }
+    }
+    return testCb(t);
+  }, name);
+}