Bug 1382893 - Add a WebAuthn test to confirm RP ID is not port-sensitive
This patch adds a test to perform a Web Authentication operation from a server
on port 8443 using a port-less RP ID. The operation should succeed.
This patch doesn't currently work on OSX because no server spins up on 8443.
There is a manual test available at https://webauthn.bin.coffee:8443/
MozReview-Commit-ID: Ceyy6BpwWSF
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@@ -290,8 +290,11 @@ https://tls1.example.com:443 priv
https://mochitest.youtube.com:443
# Hosts for stylo blocklist tests
http://stylo-blocklist.com:80 privileged
http://test.stylo-blocklist.com:80 privileged
# Host for U2F localhost tests
https://localhost:443
+
+# Host for Web Authentication alternate-port tests
+https://webauthn.example.com:8443
--- a/dom/webauthn/tests/browser/browser.ini
+++ b/dom/webauthn/tests/browser/browser.ini
@@ -3,9 +3,10 @@ support-files =
tab_webauthn_result.html
tab_webauthn_success.html
../cbor/*
../pkijs/*
../u2futil.js
skip-if = !e10s
[browser_abort_visibility.js]
+[browser_alternate_ports.js]
[browser_webauthn_telemetry.js]
new file mode 100644
--- /dev/null
+++ b/dom/webauthn/tests/browser/browser_alternate_ports.js
@@ -0,0 +1,71 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const TEST_URL_8443 = "https://webauthn.example.com:8443/browser/dom/webauthn/tests/browser/tab_webauthn_result.html";
+
+async function assertStatus(tab, expected) {
+ let actual = await ContentTask.spawn(tab.linkedBrowser, null, async function () {
+ return content.document.getElementById("status").value;
+ });
+ is(actual, expected, "webauthn request " + expected);
+}
+
+async function waitForStatus(tab, expected) {
+ await ContentTask.spawn(tab.linkedBrowser, [expected], async function (expected) {
+ return ContentTaskUtils.waitForCondition(() => {
+ return content.document.getElementById("status").value == expected;
+ });
+ });
+
+ await assertStatus(tab, expected);
+}
+
+function startMakeCredentialRequest(tab) {
+ return ContentTask.spawn(tab.linkedBrowser, null, async function () {
+ const cose_alg_ECDSA_w_SHA256 = -7;
+
+ let publicKey = {
+ rp: {id: "example.com", name: "none", icon: "none"},
+ user: {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"},
+ challenge: content.crypto.getRandomValues(new Uint8Array(16)),
+ timeout: 5000, // the minimum timeout is actually 15 seconds
+ pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],
+ };
+
+ let status = content.document.getElementById("status");
+
+ content.navigator.credentials.create({publicKey}).then(() => {
+ status.value = "completed";
+ }).catch(() => {
+ status.value = "aborted";
+ });
+
+ status.value = "pending";
+ });
+}
+
+// Test that MakeCredential() and GetAssertion() requests
+// on alternate ports still function with the same RP ID
+add_task(async function test_alternate_port() {
+ Services.prefs.setBoolPref("security.webauth.webauthn", true);
+ Services.prefs.setBoolPref("security.webauth.webauthn_enable_softtoken", true);
+ Services.prefs.setBoolPref("security.webauth.webauthn_enable_usbtoken", false);
+
+ // Create a new tab for the MakeCredential() request.
+ let tab_8443 = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_URL_8443);
+
+ // Run the Make Credential request.
+ await startMakeCredentialRequest(tab_8443);
+ await assertStatus(tab_8443, "completed");
+
+ // Close tabs.
+ await BrowserTestUtils.removeTab(tab_8443);
+
+ // Cleanup.
+ Services.prefs.clearUserPref("security.webauth.webauthn");
+ Services.prefs.clearUserPref("security.webauth.webauthn_enable_softtoken");
+ Services.prefs.clearUserPref("security.webauth.webauthn_enable_usbtoken");
+});