summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/.well-known
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/.well-known
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/.well-known/README.md9
-rw-r--r--testing/web-platform/tests/.well-known/attribution-reporting/debug/report-aggregate-attribution8
-rw-r--r--testing/web-platform/tests/.well-known/attribution-reporting/debug/report-event-attribution8
-rw-r--r--testing/web-platform/tests/.well-known/attribution-reporting/debug/verbose8
-rw-r--r--testing/web-platform/tests/.well-known/attribution-reporting/report-aggregate-attribution8
-rw-r--r--testing/web-platform/tests/.well-known/attribution-reporting/report-event-attribution8
-rw-r--r--testing/web-platform/tests/.well-known/idp-proxy/META.yml2
-rw-r--r--testing/web-platform/tests/.well-known/idp-proxy/README.md12
-rw-r--r--testing/web-platform/tests/.well-known/idp-proxy/mock-idp.js194
-rw-r--r--testing/web-platform/tests/.well-known/web-identity35
10 files changed, 292 insertions, 0 deletions
diff --git a/testing/web-platform/tests/.well-known/README.md b/testing/web-platform/tests/.well-known/README.md
new file mode 100644
index 0000000000..dde8aa232e
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/README.md
@@ -0,0 +1,9 @@
+Well-Known URI Testing
+======================
+
+This directory is used for testing resources that are loaded based on the
+well-known URI standard. [[RFC5785](https://tools.ietf.org/html/rfc5785)]
+
+For other kinds of resource files, they should either be placed at
+[/common](../common) or the respective subdirectories for the
+particular standard.
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-aggregate-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-aggregate-attribution
new file mode 100644
index 0000000000..9a5de3bdf5
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-aggregate-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return aggregatable debug reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+ return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-event-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-event-attribution
new file mode 100644
index 0000000000..605d7589e0
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/debug/report-event-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return event-level debug reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+ return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/debug/verbose b/testing/web-platform/tests/.well-known/attribution-reporting/debug/verbose
new file mode 100644
index 0000000000..7267cb10b7
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/debug/verbose
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return verbose debug reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+ return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/report-aggregate-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/report-aggregate-attribution
new file mode 100644
index 0000000000..ffe9358e69
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/report-aggregate-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return aggregatable attribution reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+ return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/attribution-reporting/report-event-attribution b/testing/web-platform/tests/.well-known/attribution-reporting/report-event-attribution
new file mode 100644
index 0000000000..8ac52645a7
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/attribution-reporting/report-event-attribution
@@ -0,0 +1,8 @@
+"""Endpoint to receive and return event-level attribution reports."""
+from importlib import import_module
+
+reports = import_module('attribution-reporting.resources.reports')
+
+
+def main(request, response):
+ return reports.handle_reports(request)
diff --git a/testing/web-platform/tests/.well-known/idp-proxy/META.yml b/testing/web-platform/tests/.well-known/idp-proxy/META.yml
new file mode 100644
index 0000000000..9901aed94e
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/idp-proxy/META.yml
@@ -0,0 +1,2 @@
+suggested_reviewers:
+ - nils-ohlmeier
diff --git a/testing/web-platform/tests/.well-known/idp-proxy/README.md b/testing/web-platform/tests/.well-known/idp-proxy/README.md
new file mode 100644
index 0000000000..dc5795cf81
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/idp-proxy/README.md
@@ -0,0 +1,12 @@
+Identity Provider Proxy
+=======================
+
+This directory is used for hosting the mock identity provider proxy script
+for testing the identity provider feature in WebRTC.
+[[ietf-rtcweb-security-arch](https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-12#section-5.6.5)]
+[[webrtc-pc](https://w3c.github.io/webrtc-pc/#sec.identity-proxy)]
+
+The script for identity provider proxy must be hosted at /.well-known/idp-proxy
+instead of the usual [/webrtc](../../webrtc) directory as it follows the
+well-known URI standard that derives the script URI from a given domain name.
+[[RFC5785](https://tools.ietf.org/html/rfc5785)]
diff --git a/testing/web-platform/tests/.well-known/idp-proxy/mock-idp.js b/testing/web-platform/tests/.well-known/idp-proxy/mock-idp.js
new file mode 100644
index 0000000000..e73ca22bb2
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/idp-proxy/mock-idp.js
@@ -0,0 +1,194 @@
+'use strict';
+
+// Code is based on the following editor draft:
+// https://w3c.github.io/webrtc-pc/archives/20170605/webrtc.html
+
+/*
+ mock-idp.js is a naive IdP that provides absolutely no
+ security for authentication. It can generate identity
+ assertion for whatever identity that is requested.
+
+ mock-idp.js validates identity assertion by simply decoding
+ the JSON and return whatever that is inside, with no integrity
+ protection and thus can be spoofed by anyone.
+
+ While being not practical at all, mock-idp.js allows us
+ to test various aspects of the identity API and allow tests
+ to manipulate the IdP at will.
+ */
+
+// We pass around test options as query string to instruct
+// the test IdP proxy script on what actions to perform.
+// This hack is based on the fact that query string is allowed
+// when specifying the IdP protocol.
+function parseQueryString(urlStr) {
+ const url = new URL(urlStr);
+ const result = {};
+ for(const [key, value] of url.searchParams) {
+ result[key] = value;
+ }
+ return result;
+}
+
+/*
+ 9.2.1. Interface Exposed by Identity Providers
+ callback GenerateAssertionCallback =
+ Promise<RTCIdentityAssertionResult> (
+ DOMString contents,
+ DOMString origin,
+ RTCIdentityProviderOptions options);
+
+ dictionary RTCIdentityProviderOptions {
+ DOMString protocol = "default";
+ DOMString usernameHint;
+ DOMString peerIdentity;
+ };
+
+ dictionary RTCIdentityAssertionResult {
+ required RTCIdentityProviderDetails idp;
+ required DOMString assertion;
+ };
+
+ dictionary RTCIdentityProviderDetails {
+ required DOMString domain;
+ DOMString protocol = "default";
+ };
+ */
+
+const query = parseQueryString(location);
+
+// Generate a naive identity assertion. The result assertion
+// is a JSON string that report the various parameters
+// received by this function.
+// watermark - a special mark to make sure the result is returned
+// from this function
+// args - the function arguments received
+// env - some global variable values when this function is called
+// query - the parsed query string of the script URL
+function generateAssertion(contents, origin, options) {
+ const args = {
+ contents, origin, options
+ };
+
+ const env = {
+ origin,
+ location
+ };
+
+ const assertion = {
+ watermark: 'mock-idp.js.watermark',
+ args,
+ env,
+ query
+ };
+
+ const assertionStr = JSON.stringify(assertion);
+
+ const { generatorAction } = query;
+
+ if(generatorAction === 'throw-error') {
+ const err = new Error('Mock Internal IdP Error');
+ err.idpErrorInfo = query.errorInfo;
+ throw err;
+
+ } else if(generatorAction === 'require-login') {
+ const err = new RTCError('idp-need-login');
+ err.idpLoginUrl = `${origin}/login`;
+ err.idpErrorInfo = 'login required';
+ throw err;
+
+ } else if(generatorAction === 'return-custom-idp') {
+ const { domain, protocol } = query;
+
+ return {
+ idp: {
+ domain,
+ protocol
+ },
+ assertion: assertionStr
+ };
+
+ } else if(generatorAction === 'return-invalid-result') {
+ return 'invalid-result';
+
+ } else {
+ return {
+ idp: {
+ domain: location.host,
+ protocol: 'mock-idp.js'
+ },
+ assertion: assertionStr
+ };
+ }
+}
+
+/*
+ 9.2.1. Interface Exposed by Identity Providers
+ callback ValidateAssertionCallback =
+ Promise<RTCIdentityValidationResult> (
+ DOMString assertion,
+ DOMString origin);
+
+ dictionary RTCIdentityValidationResult {
+ required DOMString identity;
+ required DOMString contents;
+ };
+ */
+function validateAssertion(assertionStr, origin) {
+ const assertion = JSON.parse(assertionStr);
+
+ const { args, query } = assertion;
+ const { contents, options } = args;
+
+ const identity = options.usernameHint;
+
+ const {
+ validatorAction
+ } = query;
+
+ if(validatorAction === 'throw-error') {
+ const err = new Error('Mock Internal IdP Error');
+ err.idpErrorInfo = query.errorInfo;
+ throw err;
+
+ } else if(validatorAction === 'return-custom-contents') {
+ const { contents } = query;
+ return {
+ identity,
+ contents
+ };
+
+ } else {
+ return {
+ identity, contents
+ };
+ }
+}
+
+/*
+ 9.2. Registering an IdP Proxy
+ [Global,
+ Exposed=RTCIdentityProviderGlobalScope]
+ interface RTCIdentityProviderGlobalScope : WorkerGlobalScope {
+ readonly attribute RTCIdentityProviderRegistrar rtcIdentityProvider;
+ };
+
+ [Exposed=RTCIdentityProviderGlobalScope]
+ interface RTCIdentityProviderRegistrar {
+ void register(RTCIdentityProvider idp);
+ };
+
+ dictionary RTCIdentityProvider {
+ required GenerateAssertionCallback generateAssertion;
+ required ValidateAssertionCallback validateAssertion;
+ };
+ */
+
+// if rtcIdentityProvider is defined, and the caller do not ask
+// to not register through query string, register our assertion callbacks.
+if(rtcIdentityProvider && query.action !== 'do-not-register') {
+ rtcIdentityProvider.register({
+ generateAssertion,
+ validateAssertion
+ });
+}
diff --git a/testing/web-platform/tests/.well-known/web-identity b/testing/web-platform/tests/.well-known/web-identity
new file mode 100644
index 0000000000..cba0cb331e
--- /dev/null
+++ b/testing/web-platform/tests/.well-known/web-identity
@@ -0,0 +1,35 @@
+import importlib
+keys = importlib.import_module("credential-management.support.fedcm.keys")
+
+def main(request, response):
+ manifest_url = request.server.stash.take(keys.MANIFEST_URL_IN_MANIFEST_LIST_KEY)
+
+ if manifest_url is None or not len(manifest_url):
+ port = request.server.config.ports["https"][0]
+ hostname = request.url_parts.hostname
+ manifest_url = "https://{0}:{1}/credential-management/support/fedcm/manifest.py".format(
+ hostname, str(port))
+ else:
+ try:
+ manifest_url = manifest_url.decode()
+ except (UnicodeDecodeError, AttributeError):
+ pass
+
+ if len(request.cookies) > 0:
+ return (530, [], "Cookie should not be sent to manifest list endpoint")
+ if request.headers.get(b"Accept") != b"application/json":
+ return (531, [], "Wrong Accept")
+ if request.headers.get(b"Sec-Fetch-Dest") != b"webidentity":
+ return (532, [], "Wrong Sec-Fetch-Dest header")
+ if request.headers.get(b"Referer"):
+ return (533, [], "Should not have Referer")
+ if request.headers.get(b"Origin"):
+ return (534, [], "Should not have Origin")
+
+ return """
+{{
+ "provider_urls": [
+ "{0}"
+ ]
+}}
+""".format(manifest_url)