diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/signed-exchange/resources | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
67 files changed, 937 insertions, 0 deletions
diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext new file mode 100644 index 0000000000..8cdc25a9a7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext @@ -0,0 +1,7 @@ +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = DNS:127.0.0.1 + +# CanSignHttpExchanges extension +# https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req +1.3.6.1.4.1.11129.2.1.22 = ASN1:NULL diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key new file mode 100644 index 0000000000..53f80c86fa --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIENXRP9iROaUuhisQ+3Rb9hS14J8ny36TRPBDfuWNLfWoAoGCCqGSM49 +AwEHoUQDQgAELBO41fB7hYZ9BqY4V0xMPUJZIH20ZW5fLHw26gHs20Hv+4GKgnHR +3Simlna0fLxxDD/WRmADUZiA6e1blThkJA== +-----END EC PRIVATE KEY----- diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem new file mode 100644 index 0000000000..2da2a807d2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmDCCAT+gAwIBAgIJANaBpqCSy2GLMAoGCCqGSM49BAMCMDAxEjAQBgNVBAMM +CTEyNy4wLjAuMTENMAsGA1UECgwEVGVzdDELMAkGA1UEBhMCVVMwHhcNMTgxMDE1 +MDczNDAzWhcNMjgxMDEyMDczNDAzWjAwMRIwEAYDVQQDDAkxMjcuMC4wLjExDTAL +BgNVBAoMBFRlc3QxCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAELBO41fB7hYZ9BqY4V0xMPUJZIH20ZW5fLHw26gHs20Hv+4GKgnHR3Simlna0 +fLxxDD/WRmADUZiA6e1blThkJKNCMEAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw +FAYDVR0RBA0wC4IJMTI3LjAuMC4xMBAGCisGAQQB1nkCARYEAgUAMAoGCCqGSM49 +BAMCA0cAMEQCIBz3vP5lPS2h8noHlnQ8VupcIJoIbmIfWUExW/tsSj1uAiBxve6H +aoDl5q91E6FisA8UhCUt0KSy2bL37IJwo6LwOg== +-----END CERTIFICATE----- diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor Binary files differnew file mode 100644 index 0000000000..9dedd96b5b --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers new file mode 100644 index 0000000000..d581d5987e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers @@ -0,0 +1 @@ +Content-Type: application/cert-chain+cbor diff --git a/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py b/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py new file mode 100644 index 0000000000..f5e898d2dc --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py @@ -0,0 +1,13 @@ +import os + +from wptserve.utils import isomorphic_decode + +def main(request, response): + CertChainMimeType = b"application/cert-chain+cbor" + + if request.headers.get(b"Accept") != CertChainMimeType: + return 400, [], u"Bad Request" + + path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"127.0.0.1.sxg.pem.cbor") + body = open(path, u"rb").read() + return 200, [(b"Content-Type", CertChainMimeType)], body diff --git a/testing/web-platform/tests/signed-exchange/resources/failure.html b/testing/web-platform/tests/signed-exchange/resources/failure.html new file mode 100644 index 0000000000..1071f082b7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/failure.html @@ -0,0 +1,7 @@ +<!DOCTYPE html> +<title>Content of invalid signed exchange</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage("FAIL if this content is loaded"); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh b/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh new file mode 100755 index 0000000000..01330e46d8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# Creates a self-signed certificate to use for signing exchanges. +# TODO: Integrate into tools/wptserve/wptserve/sslutils/openssl.py + +set -e + +openssl ecparam -out 127.0.0.1.sxg.key -name prime256v1 -genkey + +openssl req -new -sha256 \ + -key 127.0.0.1.sxg.key \ + -out 127.0.0.1.sxg.csr \ + -subj '/CN=127.0.0.1/O=Test/C=US' + +openssl x509 -req -days 3650 \ + -in 127.0.0.1.sxg.csr \ + -extfile 127.0.0.1.sxg.ext \ + -signkey 127.0.0.1.sxg.key \ + -out 127.0.0.1.sxg.pem diff --git a/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh new file mode 100755 index 0000000000..bf25356d07 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh @@ -0,0 +1,584 @@ +#!/bin/sh +sxg_version=1b3 +certfile=127.0.0.1.sxg.pem +keyfile=127.0.0.1.sxg.key +inner_url_origin=https://127.0.0.1:8444 +# TODO: Stop hard-coding "web-platform.test" when generating Signed Exchanges on +# the fly. +wpt_test_origin=https://web-platform.test:8444 +wpt_test_remote_origin=https://www1.web-platform.test:8444 +wpt_test_alt_origin=https://not-web-platform.test:8444 +cert_url_origin=$wpt_test_origin +sxg_content_type='content-type: application/signed-exchange;v=b3' +variants_header=variants-04 +variant_key_header=variant-key-04 + +set -e + +for cmd in gen-signedexchange gen-certurl dump-signedexchange; do + if ! command -v $cmd > /dev/null 2>&1; then + echo "$cmd is not installed. Please run:" + echo " go get -u github.com/WICG/webpackage/go/signedexchange/cmd/..." + echo ' export PATH=$PATH:$(go env GOPATH)/bin' + exit 1 + fi +done + +tmpdir=$(mktemp -d) + +echo -n OCSP >$tmpdir/ocsp +gen-certurl -pem $certfile -ocsp $tmpdir/ocsp > $certfile.cbor + +option="-w 0" +if [ "$(uname -s)" = "Darwin" ]; then + option="" +fi + +cert_base64=$(base64 ${option} ${certfile}.cbor) +data_cert_url="data:application/cert-chain+cbor;base64,$cert_base64" + + +# A valid Signed Exchange. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-location.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange. The origin of certUrl is the "alt" origin where NEL +# policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-location-cert-on-alt-origin.sxg \ + -miRecordSize 100 + +# A signed exchange of unsupported version. +gen-signedexchange \ + -version 1b2 \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg-version1b2.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange for testing referrer which logical origin is the wpt +# test origin. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-referrer-same-origin.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange for testing referrer which logical origin is the wpt +# test remote origin. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_remote_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-referrer-remote-origin.sxg \ + -miRecordSize 100 + +# A invalid Signed Exchange for testing referrer which logical origin is the wpt +# test origin. Response has Cache-Control: no-store header. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Cache-Control: no-store" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/invalid-sxg-referrer-same-origin.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# A invalid Signed Exchange for testing referrer which logical origin is the wpt +# test remote origin. Response has Cache-Control: no-store header. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Cache-Control: no-store" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_remote_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/invalid-sxg-referrer-remote-origin.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# For check-cert-request.tentative.html +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/check-cert-request.py \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/check-cert-request.sxg \ + -miRecordSize 100 + +# validityUrl is different origin from request URL. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content failure.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl https://example.com/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-validity-url.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# certUrl is 404 and the origin of certUrl is different from the "alt" origin +# where NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-cert-not-found.sxg \ + -miRecordSize 100 + +# certUrl is 404 and the origin of certUrl is the "alt" origin where NEL policy +# is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/not_found_certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-cert-not-found-on-alt-origin.sxg \ + -miRecordSize 100 + +# certUrl is 404 and fallback URL is another signed exchange. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg/sxg-location.sxg \ + -status 200 \ + -content failure.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/not_found_$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/fallback-to-another-sxg.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# certUrl is an invalid cert and the origin of certUrl is different from the +# "alt" origin where NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/invalid-cert-format.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-cert-format.sxg \ + -miRecordSize 100 + +# certUrl is an invalid cert and the origin of certUrl is the "alt" origin where +# NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/invalid-cert-format.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-cert-format-on-alt-origin.sxg \ + -miRecordSize 100 + +# Nested signed exchange. +gen-signedexchange \ + -version $sxg_version \ + -uri "$inner_url_origin/signed-exchange/resources/inner-url.html?fallback-from-nested-sxg" \ + -status 200 \ + -content sxg/sxg-location.sxg \ + -responseHeader "$sxg_content_type" \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/nested-sxg.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Fallback URL has non-ASCII UTF-8 characters. +gen-signedexchange \ + -version $sxg_version \ + -ignoreErrors \ + -uri "$inner_url_origin/signed-exchange/resources/🌐📦.html" \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-utf8-inner-url.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Fallback URL has invalid UTF-8 sequence. +gen-signedexchange \ + -version $sxg_version \ + -ignoreErrors \ + -uri "$inner_url_origin/signed-exchange/resources/$(echo -e '\xce\xce\xa9').html" \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-utf8-inner-url.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Fallback URL has UTF-8 BOM. +gen-signedexchange \ + -version $sxg_version \ + -ignoreErrors \ + -uri "$(echo -e '\xef\xbb\xbf')$inner_url_origin/signed-exchange/resources/inner-url.html" \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-inner-url-bom.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Response has Cache-Control: no-store header. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Cache-Control: no-store" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-noncacheable.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Response has a strict-transport-security header. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Strict-Transport-Security: max-age=31536000" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-hsts.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Signed Exchange with payload integrity error. +echo 'garbage' | cat sxg/sxg-location.sxg - >sxg/sxg-merkle-integrity-error.sxg + +# An invalid signed exchange which integrity header is invalid. +cat sxg/sxg-location.sxg | + sed 's/digest\/mi-sha256-03/digest\/mi-sha256-xx/' \ + > sxg/sxg-invalid-integrity-header.sxg + +# An invalid signed exchange which cert-sha256 is invalid. +dummy_sha256=`echo "dummy" | openssl dgst -binary -sha256 | base64` +cat sxg/sxg-location.sxg | + sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \ + > sxg/sxg-invalid-cert-sha256.sxg +cat sxg/sxg-location-cert-on-alt-origin.sxg | + sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \ + > sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg + +# An invalid signed exchange which validity period is too long. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 300h \ + -o sxg/sxg-validity-period-too-long.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# An invalid signed exchange which validity period is too long. The origin of +# certUrl is the "alt" origin where NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 300h \ + -o sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Signed Exchange with variants / variant-key that match any request. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "${variants_header}: accept-language;en" \ + -responseHeader "${variant_key_header}: en" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-variants-match.sxg \ + -miRecordSize 100 + +# Signed Exchange with variants / variant-key that never match any request. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "${variants_header}: accept-language;en" \ + -responseHeader "${variant_key_header}: unknown" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-variants-mismatch.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange that reports navigation timing. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-navigation-timing.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-navigation-timing.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange for testing service worker registration. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/register-sw-from-sxg.html \ + -status 200 \ + -content register-sw.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/register-sw-from-sxg.sxg \ + -miRecordSize 100 + +# An invalid Signed Exchange for testing service worker registration after +# fallback. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/register-sw-after-fallback.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/register-sw-after-fallback.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange using data URL for cert-url. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $data_cert_url \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-data-cert-url.sxg \ + -miRecordSize 100 + +# Generate the signed exchange file of sxg-subresource-script-inner.js. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-script.js \ + -status 200 \ + -responseHeader "Content-Type: application/javascript" \ + -content sxg-subresource-script-inner.js \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2030-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-subresource-script.sxg \ + -miRecordSize 100 + +# Get the header integrity hash value of sxg-subresource-script.sxg. +header_integrity=$(dump-signedexchange -i sxg/sxg-subresource-script.sxg | \ + grep -o "header integrity: sha256-.*" | \ + grep -o "sha256-.*$") + +# Generate the signed exchange file of signed exchange subresource test. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \ + -status 200 \ + -content sxg-subresource-sxg-inner.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2030-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-subresource.sxg \ + -miRecordSize 100 \ + -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"$header_integrity\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script" + +# Generate the signed exchange file of signed exchange subresource test with +# header integrity mismatch. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \ + -status 200 \ + -content sxg-subresource-sxg-inner.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2030-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-subresource-header-integrity-mismatch.sxg \ + -miRecordSize 100 \ + -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"sha256-$dummy_sha256\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script" + +# A Signed Exchange for testing prefetch. +# The id query value "XXX..." of prefetch-test-cert.py will be replaced with +# UUID for stash token by prefetch-test-sxg.py. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-prefetch-test.html \ + -certificate $certfile \ + -certUrl $wpt_test_remote_origin/signed-exchange/resources/prefetch-test-cert.py?id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2020-01-29T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-prefetch-test.sxg \ + -miRecordSize 100 + +rm -fr $tmpdir diff --git a/testing/web-platform/tests/signed-exchange/resources/inner-url.html b/testing/web-platform/tests/signed-exchange/resources/inner-url.html new file mode 100644 index 0000000000..5b247bbfe9 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/inner-url.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<title>Content of fallback URL</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage({ + location: document.location.href, + referrer: document.referrer, + is_fallback: true}); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor new file mode 100644 index 0000000000..82f15ff924 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor @@ -0,0 +1 @@ +This is an invalid certificate file. diff --git a/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers new file mode 100644 index 0000000000..d581d5987e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers @@ -0,0 +1 @@ +Content-Type: application/cert-chain+cbor diff --git a/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py new file mode 100644 index 0000000000..e1dffebe18 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py @@ -0,0 +1,18 @@ +import os + +from wptserve.utils import isomorphic_decode + +def main(request, response): + stash_id = request.GET.first(b"id") + if request.server.stash.take(stash_id) is not None: + response.status = (404, b"Not Found") + response.headers.set(b"Content-Type", b"text/plain") + return u"not found" + request.server.stash.put(stash_id, True) + + path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"127.0.0.1.sxg.pem.cbor") + body = open(path, u"rb").read() + + response.headers.set(b"Content-Type", b"application/cert-chain+cbor") + response.headers.set(b"Cache-Control", b"public, max-age=600") + return body diff --git a/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py new file mode 100644 index 0000000000..84b9ebe408 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py @@ -0,0 +1,20 @@ +import os + +from wptserve.utils import isomorphic_decode + +def main(request, response): + stash_id = request.GET.first(b"id") + if request.server.stash.take(stash_id) is not None: + response.status = (404, u"Not Found") + response.headers.set(b"Content-Type", b"text/plain") + return u"not found" + request.server.stash.put(stash_id, True) + + path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"sxg", u"sxg-prefetch-test.sxg") + body = open(path, u"rb").read() + + response.headers.set(b"Content-Type", b"application/signed-exchange;v=b3") + response.headers.set(b"X-Content-Type-Options", b"nosniff") + response.headers.set(b"Cache-Control", b"public, max-age=600") + + return body.replace(b'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', stash_id) diff --git a/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html b/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html new file mode 100644 index 0000000000..2711fc241f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<script src="sxg-util.js"></script> +<script> +window.addEventListener('message', async (event) => { + try { + const scope = './scope/' + location.href; + await registerServiceWorkerAndWaitUntilActivated( + './service-worker.js', scope) + const iframe = await withIframe(scope, 'inner_iframe'); + event.data.port.postMessage({ + location: document.location.href, + is_fallback: true, + err: undefined, + iframe_body: iframe.contentWindow.document.body.innerHTML}); + } catch (err) { + event.data.port.postMessage({ + location: document.location.href, + is_fallback: true, + err: err.toString() + }); + } +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/register-sw.html b/testing/web-platform/tests/signed-exchange/resources/register-sw.html new file mode 100644 index 0000000000..8a3873bfde --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/register-sw.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<script src="sxg-util.js"></script> +<script> +window.addEventListener('message', async (event) => { + try { + const scope = './scope/' + location.href; + await registerServiceWorkerAndWaitUntilActivated( + './service-worker.js', scope) + const iframe = await withIframe(scope, 'inner_iframe'); + event.data.port.postMessage({ + location: document.location.href, + is_fallback: false, + err: undefined, + iframe_body: iframe.contentWindow.document.body.innerHTML}); + } catch (err) { + event.data.port.postMessage({ + location: document.location.href, + is_fallback: false, + err: err.toString() + }); + } +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/service-worker.js b/testing/web-platform/tests/signed-exchange/resources/service-worker.js new file mode 100644 index 0000000000..2647f45a3e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/service-worker.js @@ -0,0 +1,5 @@ +self.addEventListener('fetch', function(event) { + event.respondWith(new Response( + '<body>Generated by service worker</body>', + {headers:[['content-type', 'text/html']]})); +}); diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-location.html b/testing/web-platform/tests/signed-exchange/resources/sxg-location.html new file mode 100644 index 0000000000..b3ebd2bde7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-location.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<title>Content of SignedHTTPExchange</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage({ + location: document.location.href, + referrer: document.referrer, + is_fallback: false}); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html b/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html new file mode 100644 index 0000000000..ddbe350354 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<title>Navigation timing of SignedHTTPExchange</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage({ + location: document.location.href, + timing: JSON.stringify(performance.getEntriesByType('navigation')[0]), + is_fallback: false}); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html b/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html new file mode 100644 index 0000000000..5383a4a561 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html @@ -0,0 +1,5 @@ +<!DOCTYPE html> +<title>Prefetch test SXG</title> +<script> +window.opener.postMessage('loaded', '*'); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html new file mode 100644 index 0000000000..bd812857b4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<body> +<script> +(async () => { + const sxg_path = 'sxg/sxg-subresource.sxg'; + const scipt_sxg_path = 'sxg/sxg-subresource-script.sxg'; + const scipt_path = 'sxg-subresource-script.js'; + const wait_for_prefetch = new Promise((resolve) => { + new PerformanceObserver((list) => { + for (let e of list.getEntries()) { + if (e.name.endsWith(scipt_sxg_path)) { + resolve(); + } else if (e.name.endsWith(scipt_path)) { + window.parent.postMessage( + scipt_path + ' should not be prefetched', '*'); + } + } + }).observe({ entryTypes: ['resource'] }); + }); + + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = sxg_path; + document.body.appendChild(link); + await wait_for_prefetch; + location.href = sxg_path; +})() +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html new file mode 100644 index 0000000000..f05fcc99f8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<body> +<script> +(async () => { + const sxg_path = 'sxg/sxg-subresource-header-integrity-mismatch.sxg'; + const scipt_sxg_path = 'sxg/sxg-subresource-script.sxg'; + const scipt_path = 'sxg-subresource-script.js'; + const wait_for_prefetch = new Promise((resolve) => { + new PerformanceObserver((list) => { + for (let e of list.getEntries()) { + if (e.name.endsWith(scipt_sxg_path)) { + resolve(); + } else if (e.name.endsWith(scipt_path)) { + window.parent.postMessage( + scipt_path + ' should not be prefetched', '*'); + } + } + }).observe({ entryTypes: ['resource'] }); + }); + + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = sxg_path; + document.body.appendChild(link); + await wait_for_prefetch; + location.href = sxg_path; +})() +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js new file mode 100644 index 0000000000..dcc7a356a0 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js @@ -0,0 +1,4 @@ +// Usually the alternate resource should have the same content as the original +// one (sxg-subresource-script.js), but for now we use differentiated content +// for easy testing. +window.parent.postMessage('from signed exchange', '*'); diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js new file mode 100644 index 0000000000..c730568fcf --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js @@ -0,0 +1 @@ +window.parent.postMessage('from server', '*'); diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html new file mode 100644 index 0000000000..9dfff56ad8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html @@ -0,0 +1,2 @@ +<!DOCTYPE html> +<script src="sxg-subresource-script.js"></script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-util.js b/testing/web-platform/tests/signed-exchange/resources/sxg-util.js new file mode 100644 index 0000000000..fa2d200fb2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-util.js @@ -0,0 +1,89 @@ +// Opens |url| in an iframe, establish a message channel with it, and waits for +// a message from the frame content. Returns a promise that resolves with the +// data of the message, or rejects on 15000ms timeout. +// If the iframe load is expected to fail, the test should have +// <meta name="timeout" content="long"> tag. +function openSXGInIframeAndWaitForMessage(test_object, url, referrerPolicy) { + return new Promise(async (resolve, reject) => { + // We can't catch the network error on iframe. So we use the timer. + test_object.step_timeout(() => reject('timeout'), 15000); + + const frame = await withIframe(url, 'sxg_iframe', referrerPolicy); + const channel = new MessageChannel(); + channel.port1.onmessage = (event) => resolve(event.data); + frame.contentWindow.postMessage( + {port: channel.port2}, '*', [channel.port2]); + }); +} + +function withIframe(url, name, referrerPolicy) { + return new Promise((resolve, reject) => { + const frame = document.createElement('iframe'); + frame.src = url; + frame.name = name; + if (referrerPolicy !== undefined) { + frame.referrerPolicy = referrerPolicy; + } + frame.onload = () => resolve(frame); + frame.onerror = () => reject('failed to load ' + url); + document.body.appendChild(frame); + }); +} + +function loadScript(url) { + return new Promise((resolve, reject) => { + const scriptTag = document.createElement('script'); + scriptTag.src = url; + scriptTag.onload = () => resolve(); + scriptTag.onerror = () => reject('failed to load ' + url); + document.head.appendChild(scriptTag); + }); +} + +function innerURLOrigin() { + return 'https://127.0.0.1:8444'; +} + +function runReferrerTests(test_cases) { + for (const i in test_cases) { + const test_case = test_cases[i]; + promise_test(async (t) => { + const sxgUrl = test_case.origin + '/signed-exchange/resources/sxg/' + + test_case.sxg; + const message = + await openSXGInIframeAndWaitForMessage( + t, sxgUrl, test_case.referrerPolicy); + assert_false(message.is_fallback); + assert_equals(message.referrer, test_case.expectedReferrer); + + const invalidSxgUrl = + test_case.origin + '/signed-exchange/resources/sxg/invalid-' + + test_case.sxg; + const fallbackMessage = + await openSXGInIframeAndWaitForMessage( + t, invalidSxgUrl, test_case.referrerPolicy); + assert_true(fallbackMessage.is_fallback); + assert_equals(fallbackMessage.referrer, test_case.expectedReferrer); + }, 'Referrer of SignedHTTPExchange test : ' + JSON.stringify(test_case)); + } +} + +function addPrefetch(url) { + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = url; + document.body.appendChild(link); +} + +async function registerServiceWorkerAndWaitUntilActivated(script, scope) { + const reg = await navigator.serviceWorker.register(script, {scope: scope}); + if (reg.active) + return; + const worker = reg.installing || reg.waiting; + await new Promise((resolve) => { + worker.addEventListener('statechange', (event) => { + if (event.target.state == 'activated') + resolve(); + }); + }); +} diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg Binary files differnew file mode 100644 index 0000000000..092eb9d38f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers new file mode 100644 index 0000000000..ca41178420 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers @@ -0,0 +1,2 @@ +Content-Type: application/signed-exchange;v=b2 +X-Content-Type-Options: nosniff diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers new file mode 100644 index 0000000000..83a3c128cf --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers @@ -0,0 +1,2 @@ +Content-Type: application/signed-exchange;v=b3 +X-Content-Type-Options: nosniff diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg Binary files differnew file mode 100644 index 0000000000..8129b5479c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg Binary files differnew file mode 100644 index 0000000000..b5dcb6b86d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg Binary files differnew file mode 100644 index 0000000000..db08ad072c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg Binary files differnew file mode 100644 index 0000000000..5057e9ddf4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg Binary files differnew file mode 100644 index 0000000000..6d8538882d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg Binary files differnew file mode 100644 index 0000000000..20ae275818 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg Binary files differnew file mode 100644 index 0000000000..792222029f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..2a7dbf6fa6 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg Binary files differnew file mode 100644 index 0000000000..072125400a --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg Binary files differnew file mode 100644 index 0000000000..b5972d545c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg Binary files differnew file mode 100644 index 0000000000..8f57c63dfa --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg Binary files differnew file mode 100644 index 0000000000..0093eb1d37 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..62acedd390 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg Binary files differnew file mode 100644 index 0000000000..30e4fcd912 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..066a3cc0a4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg Binary files differnew file mode 100644 index 0000000000..46d2bb1386 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg new file mode 100644 index 0000000000..3fbb151b5c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg @@ -0,0 +1 @@ +This is an invalid Signed Exchange. diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg Binary files differnew file mode 100644 index 0000000000..95d358245c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg Binary files differnew file mode 100644 index 0000000000..65357e14ac --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg Binary files differnew file mode 100644 index 0000000000..62e88d6386 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..a2ddc77951 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg Binary files differnew file mode 100644 index 0000000000..1678b751bc --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg Binary files differnew file mode 100644 index 0000000000..0c6dce01da --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg Binary files differnew file mode 100644 index 0000000000..56a90d5125 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg Binary files differnew file mode 100644 index 0000000000..88439982f6 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg Binary files differnew file mode 100644 index 0000000000..f452270c5b --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg Binary files differnew file mode 100644 index 0000000000..00aa755efc --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg Binary files differnew file mode 100644 index 0000000000..cc7793efa2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg Binary files differnew file mode 100644 index 0000000000..ace89dde64 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers new file mode 100644 index 0000000000..8f1b47ef06 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers @@ -0,0 +1 @@ +Link: <https://{{hosts[alt][]}}:{{ports[https][0]}}/signed-exchange/resources/sxg/sxg-subresource-script.sxg>;rel=alternate;type="application/signed-exchange;v=b3";anchor="https://127.0.0.1:8444/signed-exchange/resources/sxg-subresource-script.js"; diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg Binary files differnew file mode 100644 index 0000000000..fe1bd97645 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg Binary files differnew file mode 100644 index 0000000000..97823ee8f7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers new file mode 100644 index 0000000000..8bc3938df8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers @@ -0,0 +1 @@ +Link: <https://{{host}}:{{ports[https][0]}}/signed-exchange/resources/sxg/sxg-subresource-script.sxg>;rel=alternate;type="application/signed-exchange;v=b3";anchor="https://127.0.0.1:8444/signed-exchange/resources/sxg-subresource-script.js"; diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg Binary files differnew file mode 100644 index 0000000000..3edf285f1b --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..294f97b097 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg Binary files differnew file mode 100644 index 0000000000..e90d9bc66d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg Binary files differnew file mode 100644 index 0000000000..aed8bd175d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg Binary files differnew file mode 100644 index 0000000000..ae96b7213f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg |