Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

15 files changed, 332 insertions, 0 deletions

diff --git a/testing/web-platform/tests/.well-known/README.md b/testing/web-platform/tests/.well-known/README.md
new file mode 100644
index 0000000000..dde8aa232e
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/README.md
@@ -0,0 +1,9 @@
+Well-Known URI Testing
+======================
+
+This directory is used for testing resources that are loaded based on the
+well-known URI standard. [[RFC5785](https://tools.ietf.org/html/rfc5785)]
+
+For other kinds of resource files, they should either be placed at
+[/common](../common) or the respective subdirectories for the
+particular standard.
diff --git a/testing/web-platform/tests/.well-known/aggregation-service/v1/public-keys b/testing/web-platform/tests/.well-known/aggregation-service/v1/public-keys
new file mode 100644
index 0000000000..4a9578fdf3
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/aggregation-service/v1/public-keys
@@ -0,0 +1,6 @@
+{
+  "keys": [{
+    "id": "example_id",
+    "key": "two07NuSOLRSgJSE4mz3kMrmZ/jqLVYKZ2SW/8LDS3Y="
+  }]
+}
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-aggregate-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-aggregate-attribution
new file mode 100644
index 0000000000..9a5de3bdf5
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-aggregate-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return aggregatable debug reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+  return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-event-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-event-attribution
new file mode 100644
index 0000000000..605d7589e0
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-event-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return event-level debug reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+  return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/debug/verbose b/testing/web-platform/tests/.well-known/attribution-reporting/debug/verbose
new file mode 100644
index 0000000000..7267cb10b7
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/debug/verbose
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return verbose debug reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+  return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/report-aggregate-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/report-aggregate-attribution
new file mode 100644
index 0000000000..ffe9358e69
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/report-aggregate-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return aggregatable attribution reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+  return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/report-event-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/report-event-attribution
new file mode 100644
index 0000000000..8ac52645a7
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/report-event-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return event-level attribution reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+  return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/idp-proxy/META.yml b/testing/web-platform/tests/.well-known/idp-proxy/META.yml
new file mode 100644
index 0000000000..9901aed94e
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/idp-proxy/META.yml
@@ -0,0 +1,2 @@
+suggested_reviewers:
+  - nils-ohlmeier
diff --git a/testing/web-platform/tests/.well-known/idp-proxy/README.md b/testing/web-platform/tests/.well-known/idp-proxy/README.md
new file mode 100644
index 0000000000..dc5795cf81
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/idp-proxy/README.md
@@ -0,0 +1,12 @@
+Identity Provider Proxy
+=======================
+
+This directory is used for hosting the mock identity provider proxy script
+for testing the identity provider feature in WebRTC.
+[[ietf-rtcweb-security-arch](https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-12#section-5.6.5)]
+[[webrtc-pc](https://w3c.github.io/webrtc-pc/#sec.identity-proxy)]
+
+The script for identity provider proxy must be hosted at /.well-known/idp-proxy
+instead of the usual [/webrtc](../../webrtc) directory as it follows the
+well-known URI standard that derives the script URI from a given domain name.
+[[RFC5785](https://tools.ietf.org/html/rfc5785)]
diff --git a/testing/web-platform/tests/.well-known/idp-proxy/mock-idp.js b/testing/web-platform/tests/.well-known/idp-proxy/mock-idp.js
new file mode 100644
index 0000000000..e73ca22bb2
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/idp-proxy/mock-idp.js
@@ -0,0 +1,194 @@
+'use strict';
+
+// Code is based on the following editor draft:
+//   https://w3c.github.io/webrtc-pc/archives/20170605/webrtc.html
+
+/*
+  mock-idp.js is a naive IdP that provides absolutely no
+  security for authentication. It can generate identity
+  assertion for whatever identity that is requested.
+
+  mock-idp.js validates identity assertion by simply decoding
+  the JSON and return whatever that is inside, with no integrity
+  protection and thus can be spoofed by anyone.
+
+  While being not practical at all, mock-idp.js allows us
+  to test various aspects of the identity API and allow tests
+  to manipulate the IdP at will.
+ */
+
+// We pass around test options as query string to instruct
+// the test IdP proxy script on what actions to perform.
+// This hack is based on the fact that query string is allowed
+// when specifying the IdP protocol.
+function parseQueryString(urlStr) {
+  const url = new URL(urlStr);
+  const result = {};
+  for(const [key, value] of url.searchParams) {
+    result[key] = value;
+  }
+  return result;
+}
+
+/*
+  9.2.1.  Interface Exposed by Identity Providers
+    callback GenerateAssertionCallback =
+      Promise<RTCIdentityAssertionResult> (
+        DOMString contents,
+        DOMString origin,
+        RTCIdentityProviderOptions options);
+
+    dictionary RTCIdentityProviderOptions {
+      DOMString protocol = "default";
+      DOMString usernameHint;
+      DOMString peerIdentity;
+    };
+
+    dictionary RTCIdentityAssertionResult {
+      required RTCIdentityProviderDetails idp;
+      required DOMString                  assertion;
+    };
+
+    dictionary RTCIdentityProviderDetails {
+      required DOMString domain;
+               DOMString protocol = "default";
+    };
+ */
+
+const query = parseQueryString(location);
+
+// Generate a naive identity assertion. The result assertion
+// is a JSON string that report the various parameters
+// received by this function.
+//   watermark - a special mark to make sure the result is returned
+//               from this function
+//   args - the function arguments received
+//   env - some global variable values when this function is called
+//   query - the parsed query string of the script URL
+function generateAssertion(contents, origin, options) {
+  const args = {
+    contents, origin, options
+  };
+
+  const env = {
+    origin,
+    location
+  };
+
+  const assertion = {
+    watermark: 'mock-idp.js.watermark',
+    args,
+    env,
+    query
+  };
+
+  const assertionStr = JSON.stringify(assertion);
+
+  const { generatorAction } = query;
+
+  if(generatorAction === 'throw-error') {
+    const err = new Error('Mock Internal IdP Error');
+    err.idpErrorInfo = query.errorInfo;
+    throw err;
+
+  } else if(generatorAction === 'require-login') {
+    const err = new RTCError('idp-need-login');
+    err.idpLoginUrl = `${origin}/login`;
+    err.idpErrorInfo = 'login required';
+    throw err;
+
+  } else if(generatorAction === 'return-custom-idp') {
+    const { domain, protocol } = query;
+
+    return {
+      idp: {
+        domain,
+        protocol
+      },
+      assertion: assertionStr
+    };
+
+  } else if(generatorAction === 'return-invalid-result') {
+    return 'invalid-result';
+
+  } else {
+    return {
+      idp: {
+        domain: location.host,
+        protocol: 'mock-idp.js'
+      },
+      assertion: assertionStr
+    };
+  }
+}
+
+/*
+  9.2.1.  Interface Exposed by Identity Providers
+    callback ValidateAssertionCallback =
+      Promise<RTCIdentityValidationResult> (
+        DOMString assertion,
+        DOMString origin);
+
+    dictionary RTCIdentityValidationResult {
+      required DOMString identity;
+      required DOMString contents;
+    };
+ */
+function validateAssertion(assertionStr, origin) {
+  const assertion = JSON.parse(assertionStr);
+
+  const { args, query } = assertion;
+  const { contents, options } = args;
+
+  const identity = options.usernameHint;
+
+  const {
+    validatorAction
+  } = query;
+
+  if(validatorAction === 'throw-error') {
+    const err = new Error('Mock Internal IdP Error');
+    err.idpErrorInfo = query.errorInfo;
+    throw err;
+
+  } else if(validatorAction === 'return-custom-contents') {
+    const { contents } = query;
+    return {
+      identity,
+      contents
+    };
+
+  } else {
+    return {
+      identity, contents
+    };
+  }
+}
+
+/*
+  9.2.  Registering an IdP Proxy
+    [Global,
+     Exposed=RTCIdentityProviderGlobalScope]
+    interface RTCIdentityProviderGlobalScope : WorkerGlobalScope {
+      readonly attribute RTCIdentityProviderRegistrar rtcIdentityProvider;
+    };
+
+    [Exposed=RTCIdentityProviderGlobalScope]
+    interface RTCIdentityProviderRegistrar {
+      void register(RTCIdentityProvider idp);
+    };
+
+    dictionary RTCIdentityProvider {
+      required GenerateAssertionCallback generateAssertion;
+      required ValidateAssertionCallback validateAssertion;
+    };
+ */
+
+// if rtcIdentityProvider is defined, and the caller do not ask
+// to not register through query string, register our assertion callbacks.
+if(rtcIdentityProvider && query.action !== 'do-not-register') {
+  rtcIdentityProvider.register({
+    generateAssertion,
+    validateAssertion
+  });
+}
diff --git a/testing/web-platform/tests/.well-known/private-aggregation/debug/report-protected-audience b/testing/web-platform/tests/.well-known/private-aggregation/debug/report-protected-audience
new file mode 100644
index 0000000000..7ffdb70773
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/private-aggregation/debug/report-protected-audience
@@ -0,0 +1,7 @@
+"""Endpoint to receive and return aggregatable reports."""
+from importlib import import_module
+
+reports = import_module('private-aggregation.resources.reports')
+
+def main(request, response):
+  return reports.handle_request(request)
diff --git a/testing/web-platform/tests/.well-known/private-aggregation/debug/report-shared-storage b/testing/web-platform/tests/.well-known/private-aggregation/debug/report-shared-storage
new file mode 100644
index 0000000000..7ffdb70773
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/private-aggregation/debug/report-shared-storage
@@ -0,0 +1,7 @@
+"""Endpoint to receive and return aggregatable reports."""
+from importlib import import_module
+
+reports = import_module('private-aggregation.resources.reports')
+
+def main(request, response):
+  return reports.handle_request(request)
diff --git a/testing/web-platform/tests/.well-known/private-aggregation/report-protected-audience b/testing/web-platform/tests/.well-known/private-aggregation/report-protected-audience
new file mode 100644
index 0000000000..7ffdb70773
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/private-aggregation/report-protected-audience
@@ -0,0 +1,7 @@
+"""Endpoint to receive and return aggregatable reports."""
+from importlib import import_module
+
+reports = import_module('private-aggregation.resources.reports')
+
+def main(request, response):
+  return reports.handle_request(request)
diff --git a/testing/web-platform/tests/.well-known/private-aggregation/report-shared-storage b/testing/web-platform/tests/.well-known/private-aggregation/report-shared-storage
new file mode 100644
index 0000000000..7ffdb70773
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/private-aggregation/report-shared-storage
@@ -0,0 +1,7 @@
+"""Endpoint to receive and return aggregatable reports."""
+from importlib import import_module
+
+reports = import_module('private-aggregation.resources.reports')
+
+def main(request, response):
+  return reports.handle_request(request)
diff --git a/testing/web-platform/tests/.well-known/web-identity b/testing/web-platform/tests/.well-known/web-identity
new file mode 100644
index 0000000000..6f1260dbc3
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/web-identity
@@ -0,0 +1,41 @@
+import importlib
+keys = importlib.import_module("credential-management.support.fedcm.keys")
+
+def main(request, response):
+  manifest_url = request.server.stash.take(keys.MANIFEST_URL_IN_MANIFEST_LIST_KEY)
+
+  if manifest_url is None or not len(manifest_url):
+    port = request.server.config.ports["https"][0]
+    hostname = request.url_parts.hostname
+    manifest_url = "https://{0}:{1}/credential-management/support/fedcm/manifest.py".format(
+        hostname, str(port))
+  else:
+    try:
+      manifest_url = manifest_url.decode()
+    except (UnicodeDecodeError, AttributeError):
+      pass
+
+  if len(request.cookies) > 0:
+    return (530, [], "Cookie should not be sent to manifest list endpoint")
+  if request.headers.get(b"Accept") != b"application/json":
+    return (531, [], "Wrong Accept")
+  if request.headers.get(b"Sec-Fetch-Dest") != b"webidentity":
+    return (532, [], "Wrong Sec-Fetch-Dest header")
+  if request.headers.get(b"Referer"):
+    return (533, [], "Should not have Referer")
+  if request.headers.get(b"Origin"):
+    return (534, [], "Should not have Origin")
+  if request.headers.get(b"Sec-Fetch-Mode") != b"no-cors":
+    return (535, [], "Wrong Sec-Fetch-Mode header")
+  if request.headers.get(b"Sec-Fetch-Site") != b"cross-site":
+    return (536, [], "Wrong Sec-Fetch-Site header")
+
+  response.headers.set(b"Content-Type", b"application/json")
+
+  return """
+{{
+  "provider_urls": [
+    "{0}"
+  ]
+}}
+""".format(manifest_url)