41 lines
1.7 KiB
JavaScript
41 lines
1.7 KiB
JavaScript
// META: script=helper.js
|
|
|
|
// The following tests validate the behavior of the `@query` derived component.
|
|
// They'll all be rooted in the following response, generated using the steps at
|
|
// https://wicg.github.io/signature-based-sri/#examples, relying on the test
|
|
// key from https://www.rfc-editor.org/rfc/rfc9421.html#name-example-ed25519-test-key:
|
|
//
|
|
// ```
|
|
// NOTE: '\' line wrapping per RFC 8792
|
|
//
|
|
// HTTP/1.1 200 OK
|
|
// Date: Tue, 20 Apr 2021 02:07:56 GMT
|
|
// Content-Type: application/json
|
|
// Unencoded-Digest: sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:
|
|
// Content-Length: 18
|
|
// Signature-Input: signature=("unencoded-digest";sf "@query";req); \
|
|
// keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="; \
|
|
// tag="sri"
|
|
// Signature: signature=[SEE NOTE BELOW]
|
|
//
|
|
// {"hello": "world"}
|
|
// ```
|
|
//
|
|
// Unlike other tests in this directory, we cannot pass the signature into the resource,
|
|
// as it would then be reflected via the signature base's inclusion of the query string.
|
|
// Instead, `query-response.py` contains a hard-coded set of signatures for the test
|
|
// cases below.
|
|
|
|
|
|
let test_cases = [
|
|
"", "test", "test=a", "test=%2F", "test=ü"
|
|
];
|
|
|
|
for (let query of test_cases) {
|
|
generate_query_test(query, {}, EXPECT_LOADED,
|
|
`Query = "${query}": no integrity check: loads.`);
|
|
generate_query_test(query, {integrity:`ed25519-${kValidKeys['rfc']}`}, EXPECT_LOADED,
|
|
`Query = "${query}": matching integrity check: loads.`);
|
|
generate_query_test(query, {integrity:`ed25519-${kInvalidKey}`}, EXPECT_BLOCKED,
|
|
`Query = "${query}": mismatched integrity check: blocked.`);
|
|
}
|