def test_add_and_remove_resident_credentials(driver, pages):
driver = create_rk_enabled_authenticator(driver)
pages.load("virtual-authenticator.html")
assert driver.virtual_authenticator_id is not None
credential = Credential.create_non_resident_credential(
bytearray({1, 2, 3, 4}),
"localhost",
b64decode(BASE64__ENCODED_PK),
0,
)
credential2 = Credential.create_resident_credential(
bytearray({1, 2, 3, 4, 5}),
"localhost",
bytearray({1}),
b64decode(BASE64__ENCODED_PK),
1,
)
driver.add_credential(credential)
assert len(driver.get_credentials()) == 1
driver.add_credential(credential2)
assert len(driver.get_credentials()) == 2
driver.remove_credential(credential.id)
assert len(driver.get_credentials()) == 1
driver.remove_virtual_authenticator()
def test_remove_all_credentials(driver):
options = VirtualAuthenticatorOptions()
options.has_resident_key = True
driver.add_virtual_authenticator(options)
assert driver.virtual_authenticator_id is not None
credential = Credential.create_non_resident_credential(
bytearray({1, 2, 3, 4}),
"localhost",
b64decode(BASE64__ENCODED_PK),
0,
)
credential2 = Credential.create_resident_credential(
bytearray({1, 2, 3, 4, 5}),
"localhost",
bytearray({1}),
b64decode(BASE64__ENCODED_PK),
1,
)
driver.add_credential(credential)
assert len(driver.get_credentials()) == 1
driver.add_credential(credential2)
assert len(driver.get_credentials()) == 2
driver.remove_all_credentials()
assert len(driver.get_credentials()) == 0
driver.remove_virtual_authenticator()
def add_credential(self, credential: Credential) -> None:
"""
Injects a credential into the authenticator.
"""
self.execute(Command.ADD_CREDENTIAL, {
**credential.to_dict(), 'authenticatorId':
self._authenticator_id
})
def get_credentials(self) -> List[Credential]:
"""
Returns the list of credentials owned by the authenticator.
"""
credential_data = self.execute(
Command.GET_CREDENTIALS,
{'authenticatorId': self._authenticator_id})
return [
Credential.from_dict(credential)
for credential in credential_data['value']
]
def test_rk_enabled_credential(data):
_id, rp_id, user_handle, privatekey, sign_count = data
credential = Credential.create_resident_credential(_id, rp_id, user_handle,
privatekey, sign_count)
assert credential.id == urlsafe_b64encode(bytearray({1, 2, 3, 4})).decode()
if credential.is_resident_credential is True:
assert True
assert credential.rp_id == "localhost"
assert credential.user_handle == urlsafe_b64encode(bytearray({1})).decode()
assert credential.private_key == urlsafe_b64encode(privatekey).decode()
assert credential.sign_count == 0
def test_rk_disabled_credentials(data):
_id, rp_id, user_handle, privatekey, sign_count = data
credential = Credential.create_non_resident_credential(
_id, rp_id, privatekey, sign_count)
assert credential.id == urlsafe_b64encode(bytearray({1, 2, 3, 4})).decode()
assert credential.private_key == urlsafe_b64encode(privatekey).decode()
assert credential.sign_count == 0
assert credential.rp_id == "localhost"
if credential.is_resident_credential is False:
assert True
else:
assert False
if credential.user_handle is None:
assert True
else:
assert False
def test_to_dict(data):
_id, rp_id, user_handle, privatekey, sign_count = data
credential = Credential.create_resident_credential(_id, rp_id, user_handle,
privatekey, sign_count)
credential_dict = credential.to_dict()
assert credential_dict["credentialId"] == urlsafe_b64encode(
bytearray({1, 2, 3, 4})).decode()
if credential_dict["isResidentCredential"] is True:
assert True
else:
assert False
assert credential_dict["rpId"] == "localhost"
assert credential_dict["userHandle"] == urlsafe_b64encode(bytearray(
{1})).decode()
assert credential_dict["privateKey"] == urlsafe_b64encode(
privatekey).decode()
assert credential_dict["signCount"] == 0
def test_add_and_remove_non_resident_credentials(driver, pages):
driver = create_rk_disabled_ctap2_authenticator(driver)
driver.get(pages.url("virtual-authenticator.html", localhost=True))
assert driver.virtual_authenticator_id is not None
credential = Credential.create_non_resident_credential(
bytearray({1, 2, 3, 4}),
"localhost",
b64decode(BASE64__ENCODED_PK),
0,
)
driver.add_credential(credential)
assert get_assertion_for(driver, [1, 2, 3, 4]).get('status', '') == 'OK'
driver.remove_virtual_authenticator()
assert driver.virtual_authenticator_id is None
def test_add_non_resident_credential_when_authenticator_uses_u2f_protocol(
driver, pages):
driver = create_rk_disabled_u2f_authenticator(driver)
driver.get(pages.url("virtual-authenticator.html", localhost=True))
base64_pk = '''
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8_zMDQDYAxlU-Q
hk1Dwkf0v18GZca1DMF3SaJ9HPdmShRANCAASNYX5lyVCOZLzFZzrIKmeZ2jwU
RmgsJYxGP__fWN_S-j5sN4tT15XEpN_7QZnt14YvI6uvAgO0uJEboFaZlOEB
'''
credential = Credential.create_non_resident_credential(
bytearray({1, 2, 3, 4}),
"localhost",
urlsafe_b64decode(base64_pk),
0,
)
driver.add_credential(credential)
assert get_assertion_for(driver, [1, 2, 3, 4]).get('status', '') == 'OK'
driver.remove_virtual_authenticator()
def test_add_resident_credential_not_supported_when_authenticator_uses_u2f_protocol(
driver, pages):
driver = create_rk_enabled_u2f_authenticator(driver)
driver.get(pages.url("virtual-authenticator.html", localhost=True))
base64_pk = '''
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8_zMDQDYAxlU-Q
hk1Dwkf0v18GZca1DMF3SaJ9HPdmShRANCAASNYX5lyVCOZLzFZzrIKmeZ2jwU
RmgsJYxGP__fWN_S-j5sN4tT15XEpN_7QZnt14YvI6uvAgO0uJEboFaZlOEB
'''
credential = Credential.create_resident_credential(
bytearray({1, 2, 3, 4}),
"localhost",
bytearray({1}),
urlsafe_b64decode(base64_pk),
0,
)
with pytest.raises(InvalidArgumentException):
driver.add_credential(credential)
driver.remove_virtual_authenticator()
def test_from_dict():
data = {
"credentialId": urlsafe_b64encode(bytearray({1, 2, 3, 4})).decode(),
"isResidentCredential": True,
"rpId": "localhost",
"userHandle": urlsafe_b64encode(bytearray({1})).decode(),
"privateKey": BASE64__ENCODED_PK,
"signCount": 0,
}
credential = Credential.from_dict(data)
key = urlsafe_b64decode(BASE64__ENCODED_PK)
assert credential.id == urlsafe_b64encode(bytearray({1, 2, 3, 4})).decode()
if credential.is_resident_credential is True:
assert True
else:
assert False
assert credential.rp_id == "localhost"
assert credential.user_handle == urlsafe_b64encode(bytearray({1})).decode()
assert credential.private_key == urlsafe_b64encode(key).decode()
assert credential.sign_count == 0