Skip to content

Commit 23b366e

Browse files
marius-semarius-se
committed
add comments to tests
1 parent 628c583 commit 23b366e

File tree

1 file changed

+122
-8
lines changed

1 file changed

+122
-8
lines changed

Tests/WebAuthnTests/WebAuthnManagerTests.swift

Lines changed: 122 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414

1515
@testable import WebAuthn
1616
import XCTest
17+
import SwiftCBOR
1718

1819
// swiftlint:disable line_length
1920

@@ -86,14 +87,30 @@ final class WebAuthnManagerTests: XCTestCase {
8687
}
8788

8889
func testFinishRegistrationFailsIfAuthDataIsInvalid() async throws {
89-
let hexAttestationObjectWithInvalidAuthData: URLEncodedBase64 = "A363666D74667061636B65646761747453746D74A263616C67266373696758473045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C68617574684461746101"
90+
// {
91+
// "fmt": "packed",
92+
// "attStmt": {
93+
// "alg": -7,
94+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
95+
// },
96+
// "authData": 1
97+
// }
98+
let hexAttestationObjectWithInvalidAuthData: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YQE"
9099
try await assertThrowsError(
91100
await finishRegistration(attestationObject: hexAttestationObjectWithInvalidAuthData),
92101
expect: WebAuthnError.invalidAuthData
93102
)
94103
}
95104

96105
func testFinishRegistrationFailsIfFmtIsInvalid() async throws {
106+
// {
107+
// "fmt": 1,
108+
// "attStmt": {
109+
// "alg": -7,
110+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
111+
// },
112+
// "authData": h'49960DE5880E8C687434170F6476605B8FE4AEB9A28632C7995CF3BA831D97634500000000ADCE000235BCC60A648B0B25F1F0550300203A3EE56DCABABEC0EF2F4B7F0EE28E11317C2CF7FF972830440D63FCBAA7E26BA50102032620012158209AFFC8BA186D85A071FEDA41C77BA5C8D48FEDE8F1B89A7D6407DBC5A28D04AF2258203C8D8AAAA450DBA28AB85689D321FB9E8B8206BCC7BBCA9138D5BE08F6BD5433'
113+
// }
97114
let hexAttestationObjectWithInvalidFmt: URLEncodedBase64 = "o2NmbXQBZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVikSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFAAAAAK3OAAI1vMYKZIsLJfHwVQMAIDo-5W3Kur7A7y9Lfw7ijhExfCz3_5coMEQNY_y6p-JrpQECAyYgASFYIJr_yLoYbYWgcf7aQcd7pcjUj-3o8biafWQH28WijQSvIlggPI2KqqRQ26KKuFaJ0yH7nouCBrzHu8qRONW-CPa9VDM"
98115
try await assertThrowsError(
99116
await finishRegistration(attestationObject: hexAttestationObjectWithInvalidFmt),
@@ -102,6 +119,10 @@ final class WebAuthnManagerTests: XCTestCase {
102119
}
103120

104121
func testFinishRegistrationFailsIfAttStmtIsMissing() async throws {
122+
// {
123+
// "fmt": "packed",
124+
// "authData": h'49960DE5880E8C687434170F6476605B8FE4AEB9A28632C7995CF3BA831D97634500000000ADCE000235BCC60A648B0B25F1F0550300203A3EE56DCABABEC0EF2F4B7F0EE28E11317C2CF7FF972830440D63FCBAA7E26BA50102032620012158209AFFC8BA186D85A071FEDA41C77BA5C8D48FEDE8F1B89A7D6407DBC5A28D04AF2258203C8D8AAAA450DBA28AB85689D321FB9E8B8206BCC7BBCA9138D5BE08F6BD5433'
125+
// }
105126
let hexAttestationObjectWithMissingAttStmt: URLEncodedBase64 = "omNmbXRmcGFja2VkaGF1dGhEYXRhWKRJlg3liA6MaHQ0Fw9kdmBbj-SuuaKGMseZXPO6gx2XY0UAAAAArc4AAjW8xgpkiwsl8fBVAwAgOj7lbcq6vsDvL0t_DuKOETF8LPf_lygwRA1j_Lqn4mulAQIDJiABIVggmv_IuhhthaBx_tpBx3ulyNSP7ejxuJp9ZAfbxaKNBK8iWCA8jYqqpFDbooq4VonTIfuei4IGvMe7ypE41b4I9r1UMw"
106127
try await assertThrowsError(
107128
await finishRegistration(attestationObject: hexAttestationObjectWithMissingAttStmt),
@@ -110,6 +131,14 @@ final class WebAuthnManagerTests: XCTestCase {
110131
}
111132

112133
func testFinishRegistrationFailsIfAuthDataIsTooShort() async throws {
134+
// {
135+
// "fmt": "packed",
136+
// "attStmt": {
137+
// "alg": -7,
138+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
139+
// },
140+
// "authData": h'49960D'
141+
// }
113142
let hexAttestationObjectInvalidAuthData: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YUNJlg0"
114143
try await assertThrowsError(
115144
await finishRegistration(attestationObject: hexAttestationObjectInvalidAuthData),
@@ -118,6 +147,14 @@ final class WebAuthnManagerTests: XCTestCase {
118147
}
119148

120149
func testFinishRegistrationFailsIfAttestedCredentialDataFlagIsSetButThereIsNotCredentialData() async throws {
150+
// {
151+
// "fmt": "packed",
152+
// "attStmt": {
153+
// "alg": -7,
154+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
155+
// },
156+
// "authData": h'5647686C5647686C5647686C5647686C5647686C5647686C686C5647686C686C4000000000'
157+
// }
121158
let hexAttestationObjectMissingCredentialData: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVglVkdobFZHaGxWR2hsVkdobFZHaGxWR2hsaGxWR2hsaGxAAAAAAA"
122159
try await assertThrowsError(
123160
await finishRegistration(attestationObject: hexAttestationObjectMissingCredentialData),
@@ -126,6 +163,14 @@ final class WebAuthnManagerTests: XCTestCase {
126163
}
127164

128165
func testFinishRegistrationFailsIfAttestedCredentialDataFlagIsNotSetButThereIsCredentialData() async throws {
166+
// {
167+
// "fmt": "packed",
168+
// "attStmt": {
169+
// "alg": -7,
170+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
171+
// },
172+
// "authData": h'5647686C5647686C5647686C5647686C5647686C5647686C686C5647686C686C000000000000'
173+
// }
129174
let hexAttestationObjectWithCredentialData: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVgmVkdobFZHaGxWR2hsVkdobFZHaGxWR2hsaGxWR2hsaGwAAAAAAAA"
130175
try await assertThrowsError(
131176
await finishRegistration(attestationObject: hexAttestationObjectWithCredentialData),
@@ -134,6 +179,14 @@ final class WebAuthnManagerTests: XCTestCase {
134179
}
135180

136181
func testFinishRegistrationFailsIfExtensionDataFlagIsSetButThereIsNoExtensionData() async throws {
182+
// {
183+
// "fmt": "packed",
184+
// "attStmt": {
185+
// "alg": -7,
186+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
187+
// },
188+
// "authData": h'5647686C5647686C5647686C5647686C5647686C5647686C686C5647686C686C8000000000'
189+
// }
137190
let hexAttestationObjectMissingExtensionData: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVglVkdobFZHaGxWR2hsVkdobFZHaGxWR2hsaGxWR2hsaGyAAAAAAA"
138191
try await assertThrowsError(
139192
await finishRegistration(attestationObject: hexAttestationObjectMissingExtensionData),
@@ -142,6 +195,14 @@ final class WebAuthnManagerTests: XCTestCase {
142195
}
143196

144197
func testFinishRegistrationFailsIfCredentialIdIsTooShort() async throws {
198+
// {
199+
// "fmt": "packed",
200+
// "attStmt": {
201+
// "alg": -7,
202+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
203+
// },
204+
// "authData": h'5647686C5647686C5647686C5647686C5647686C5647686C686C5647686C686C40000000005647686C5647686C5647686C5647686C00022A'
205+
// }
145206
let hexAttestationShortCredentialID: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVg4VkdobFZHaGxWR2hsVkdobFZHaGxWR2hsaGxWR2hsaGxAAAAAAFZHaGxWR2hsVkdobFZHaGwAAio"
146207
try await assertThrowsError(
147208
await finishRegistration(attestationObject: hexAttestationShortCredentialID),
@@ -150,15 +211,31 @@ final class WebAuthnManagerTests: XCTestCase {
150211
}
151212

152213
func testFinishRegistrationFailsIfCeremonyTypeDoesNotMatch() async throws {
153-
let clientDataJSONWrongCeremonyType: URLEncodedBase64 = "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiY21GdVpHOXRVM1J5YVc1blJuSnZiVk5sY25abGNnIiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0"
214+
let clientDataJSONWrongCeremonyType = String.base64URL(fromBase64: """
215+
{
216+
"type": "webauthn.get",
217+
"challenge": "cmFuZG9tU3RyaW5nRnJvbVNlcnZlcg",
218+
"origin": "http://localhost:8080",
219+
"crossOrigin": false,
220+
"other_keys_can_be_added_here": "do not compare clientDataJSON against a template. See https://goo.gl/yabPex"
221+
}
222+
""".toBase64())
154223
try await assertThrowsError(
155224
await finishRegistration(clientDataJSON: clientDataJSONWrongCeremonyType),
156225
expect: CollectedClientData.CollectedClientDataVerifyError.ceremonyTypeDoesNotMatch
157226
)
158227
}
159228

160229
func testFinishRegistrationFailsIfChallengeDoesNotMatch() async throws {
161-
let clientDataJSONWrongChallenge: URLEncodedBase64 = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiY21GdVpHOXRVM1J5YVc1blJuSnZiVk5sY25abGNnIiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0"
230+
let clientDataJSONWrongChallenge = String.base64URL(fromBase64: """
231+
{
232+
"type": "webauthn.create",
233+
"challenge": "cmFuZG9tU3RyaW5nRnJvbVNlcnZlcg",
234+
"origin": "http://localhost:8080",
235+
"crossOrigin": false,
236+
"other_keys_can_be_added_here": "do not compare clientDataJSON against a template. See https://goo.gl/yabPex"
237+
}
238+
""".toBase64())
162239
try await assertThrowsError(
163240
await finishRegistration(
164241
challenge: "definitelyAnotherChallenge",
@@ -169,9 +246,15 @@ final class WebAuthnManagerTests: XCTestCase {
169246
}
170247

171248
func testFinishRegistrationFailsIfOriginDoesNotMatch() async throws {
172-
// origin = http://johndoe.com
173-
let clientDataJSONWrongOrigin: URLEncodedBase64 = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiY21GdVpHOXRVM1J5YVc1blJuSnZiVk5sY25abGNnIiwib3JpZ2luIjoiaHR0cDovL2pvaG5kb2UuY29tIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0"
174-
249+
let clientDataJSONWrongOrigin: URLEncodedBase64 = String.base64URL(fromBase64: """
250+
{
251+
"type": "webauthn.create",
252+
"challenge": "cmFuZG9tU3RyaW5nRnJvbVNlcnZlcg",
253+
"origin": "http://johndoe.com",
254+
"crossOrigin": false,
255+
"other_keys_can_be_added_here": "do not compare clientDataJSON against a template. See https://goo.gl/yabPex"
256+
}
257+
""".toBase64())
175258
// `webAuthnManager` is configured with origin = https://example.com
176259
try await assertThrowsError(
177260
await finishRegistration(
@@ -190,6 +273,14 @@ final class WebAuthnManagerTests: XCTestCase {
190273
}
191274

192275
func testFinishRegistrationFailsIfRelyingPartyIDHashDoesNotMatch() async throws {
276+
// {
277+
// "fmt": "packed",
278+
// "attStmt": {
279+
// "alg": -7,
280+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
281+
// },
282+
// "authData": h'49960DE5880E8C687434170F6476605B8FE4AEB9A28632C7995CF3BA831D97634500000000ADCE000235BCC60A648B0B25F1F0550300013A'
283+
// }
193284
let hexAttestationObjectMismatchingRpId: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVg4SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFAAAAAK3OAAI1vMYKZIsLJfHwVQMAATo"
194285
try await assertThrowsError(
195286
await finishRegistration(attestationObject: hexAttestationObjectMismatchingRpId),
@@ -198,14 +289,30 @@ final class WebAuthnManagerTests: XCTestCase {
198289
}
199290

200291
func testFinishRegistrationFailsIfUserPresentFlagIsNotSet() async throws {
201-
let hexAttestationObjectMismatchingRpId: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVg4o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdAAAAAAK3OAAI1vMYKZIsLJfHwVQMAATo"
292+
// {
293+
// "fmt": "packed",
294+
// "attStmt": {
295+
// "alg": -7,
296+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
297+
// },
298+
// "authData": h'A379A6F6EEAFB9A55E378C118034E2751E682FAB9F2D30AB13D2125586CE19474000000000ADCE000235BCC60A648B0B25F1F0550300013A'
299+
// }
300+
let hexAttestationObjectUPFlagNotSet: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVg4o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdAAAAAAK3OAAI1vMYKZIsLJfHwVQMAATo"
202301
try await assertThrowsError(
203-
await finishRegistration(attestationObject: hexAttestationObjectMismatchingRpId),
302+
await finishRegistration(attestationObject: hexAttestationObjectUPFlagNotSet),
204303
expect: WebAuthnError.userPresentFlagNotSet
205304
)
206305
}
207306

208307
func testFinishRegistrationFailsIfUserVerificationFlagIsNotSetButRequired() async throws {
308+
// {
309+
// "fmt": "packed",
310+
// "attStmt": {
311+
// "alg": -7,
312+
// "sig": h'3045022035346DA48FD238E655CD4D6937FE1C5FEA2CA943E21CC396E3CAAAABDD435DF5022100BE30789A231B7639D23182A627C940C771E7AF34E31F3E26DE9DA6D01AF5E08C'
313+
// },
314+
// "authData": h'A379A6F6EEAFB9A55E378C118034E2751E682FAB9F2D30AB13D2125586CE19474100000000ADCE000235BCC60A648B0B25F1F0550300013A'
315+
// }
209316
let hexAttestationObjectUVFlagNotSet: URLEncodedBase64 = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVg4o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdBAAAAAK3OAAI1vMYKZIsLJfHwVQMAATo"
210317
try await assertThrowsError(
211318
await finishRegistration(
@@ -217,6 +324,13 @@ final class WebAuthnManagerTests: XCTestCase {
217324
}
218325

219326
func testFinishRegistrationFailsIfAttFmtIsNoneButAttStmtIsIncluded() async throws {
327+
// {
328+
// "fmt": "none",
329+
// "attStmt": {
330+
// "hello": "world"
331+
// },
332+
// "authData": h'A379A6F6EEAFB9A55E378C118034E2751E682FAB9F2D30AB13D2125586CE19474100000000A379A6F6EEAFB9A55E378C118034E27500010000'
333+
// }
220334
let hexAttestationObjectAttStmtNoneWithAttStmt: URLEncodedBase64 = "o2NmbXRkbm9uZWdhdHRTdG10oWVoZWxsb2V3b3JsZGhhdXRoRGF0YVg5o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdBAAAAAKN5pvbur7mlXjeMEYA04nUAAQAA"
221335
try await assertThrowsError(
222336
await finishRegistration(attestationObject: hexAttestationObjectAttStmtNoneWithAttStmt),

0 commit comments

Comments
 (0)