summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/signed-exchange/resources
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext7
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key8
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem11
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cborbin0 -> 440 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers1
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/check-cert-request.py13
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/failure.html7
-rwxr-xr-xtesting/web-platform/tests/signed-exchange/resources/generate-test-certs.sh19
-rwxr-xr-xtesting/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh584
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/inner-url.html10
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor1
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers1
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py18
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py20
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html23
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/register-sw.html23
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/service-worker.js5
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-location.html10
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html10
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html5
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html29
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html29
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js4
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js1
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html2
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-util.js89
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxgbin0 -> 1005 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers2
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers2
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxgbin0 -> 990 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxgbin0 -> 942 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxgbin0 -> 1014 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxgbin0 -> 1004 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxgbin0 -> 1965 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxgbin0 -> 999 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxgbin0 -> 1579 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxgbin0 -> 996 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxgbin0 -> 992 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxgbin0 -> 1540 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxgbin0 -> 1035 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxgbin0 -> 994 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxgbin0 -> 997 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxgbin0 -> 993 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxgbin0 -> 995 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxgbin0 -> 991 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg1
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxgbin0 -> 991 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxgbin0 -> 985 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxgbin0 -> 923 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxgbin0 -> 995 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxgbin0 -> 991 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxgbin0 -> 999 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxgbin0 -> 1075 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxgbin0 -> 1014 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxgbin0 -> 832 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxgbin0 -> 991 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxgbin0 -> 981 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxgbin0 -> 996 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers1
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxgbin0 -> 952 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxgbin0 -> 996 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers1
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxgbin0 -> 990 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxgbin0 -> 995 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxgbin0 -> 991 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxgbin0 -> 1040 bytes
-rw-r--r--testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxgbin0 -> 1045 bytes
67 files changed, 937 insertions, 0 deletions
diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext
new file mode 100644
index 0000000000..8cdc25a9a7
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext
@@ -0,0 +1,7 @@
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = DNS:127.0.0.1
+
+# CanSignHttpExchanges extension
+# https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req
+1.3.6.1.4.1.11129.2.1.22 = ASN1:NULL
diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key
new file mode 100644
index 0000000000..53f80c86fa
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIENXRP9iROaUuhisQ+3Rb9hS14J8ny36TRPBDfuWNLfWoAoGCCqGSM49
+AwEHoUQDQgAELBO41fB7hYZ9BqY4V0xMPUJZIH20ZW5fLHw26gHs20Hv+4GKgnHR
+3Simlna0fLxxDD/WRmADUZiA6e1blThkJA==
+-----END EC PRIVATE KEY-----
diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem
new file mode 100644
index 0000000000..2da2a807d2
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmDCCAT+gAwIBAgIJANaBpqCSy2GLMAoGCCqGSM49BAMCMDAxEjAQBgNVBAMM
+CTEyNy4wLjAuMTENMAsGA1UECgwEVGVzdDELMAkGA1UEBhMCVVMwHhcNMTgxMDE1
+MDczNDAzWhcNMjgxMDEyMDczNDAzWjAwMRIwEAYDVQQDDAkxMjcuMC4wLjExDTAL
+BgNVBAoMBFRlc3QxCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAELBO41fB7hYZ9BqY4V0xMPUJZIH20ZW5fLHw26gHs20Hv+4GKgnHR3Simlna0
+fLxxDD/WRmADUZiA6e1blThkJKNCMEAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw
+FAYDVR0RBA0wC4IJMTI3LjAuMC4xMBAGCisGAQQB1nkCARYEAgUAMAoGCCqGSM49
+BAMCA0cAMEQCIBz3vP5lPS2h8noHlnQ8VupcIJoIbmIfWUExW/tsSj1uAiBxve6H
+aoDl5q91E6FisA8UhCUt0KSy2bL37IJwo6LwOg==
+-----END CERTIFICATE-----
diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor
new file mode 100644
index 0000000000..9dedd96b5b
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers
new file mode 100644
index 0000000000..d581d5987e
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers
@@ -0,0 +1 @@
+Content-Type: application/cert-chain+cbor
diff --git a/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py b/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py
new file mode 100644
index 0000000000..f5e898d2dc
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py
@@ -0,0 +1,13 @@
+import os
+
+from wptserve.utils import isomorphic_decode
+
+def main(request, response):
+ CertChainMimeType = b"application/cert-chain+cbor"
+
+ if request.headers.get(b"Accept") != CertChainMimeType:
+ return 400, [], u"Bad Request"
+
+ path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"127.0.0.1.sxg.pem.cbor")
+ body = open(path, u"rb").read()
+ return 200, [(b"Content-Type", CertChainMimeType)], body
diff --git a/testing/web-platform/tests/signed-exchange/resources/failure.html b/testing/web-platform/tests/signed-exchange/resources/failure.html
new file mode 100644
index 0000000000..1071f082b7
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/failure.html
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<title>Content of invalid signed exchange</title>
+<script>
+window.addEventListener('message', (event) => {
+ event.data.port.postMessage("FAIL if this content is loaded");
+}, false);
+</script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh b/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh
new file mode 100755
index 0000000000..01330e46d8
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# Creates a self-signed certificate to use for signing exchanges.
+# TODO: Integrate into tools/wptserve/wptserve/sslutils/openssl.py
+
+set -e
+
+openssl ecparam -out 127.0.0.1.sxg.key -name prime256v1 -genkey
+
+openssl req -new -sha256 \
+ -key 127.0.0.1.sxg.key \
+ -out 127.0.0.1.sxg.csr \
+ -subj '/CN=127.0.0.1/O=Test/C=US'
+
+openssl x509 -req -days 3650 \
+ -in 127.0.0.1.sxg.csr \
+ -extfile 127.0.0.1.sxg.ext \
+ -signkey 127.0.0.1.sxg.key \
+ -out 127.0.0.1.sxg.pem
diff --git a/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
new file mode 100755
index 0000000000..bf25356d07
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
@@ -0,0 +1,584 @@
+#!/bin/sh
+sxg_version=1b3
+certfile=127.0.0.1.sxg.pem
+keyfile=127.0.0.1.sxg.key
+inner_url_origin=https://127.0.0.1:8444
+# TODO: Stop hard-coding "web-platform.test" when generating Signed Exchanges on
+# the fly.
+wpt_test_origin=https://web-platform.test:8444
+wpt_test_remote_origin=https://www1.web-platform.test:8444
+wpt_test_alt_origin=https://not-web-platform.test:8444
+cert_url_origin=$wpt_test_origin
+sxg_content_type='content-type: application/signed-exchange;v=b3'
+variants_header=variants-04
+variant_key_header=variant-key-04
+
+set -e
+
+for cmd in gen-signedexchange gen-certurl dump-signedexchange; do
+ if ! command -v $cmd > /dev/null 2>&1; then
+ echo "$cmd is not installed. Please run:"
+ echo " go get -u github.com/WICG/webpackage/go/signedexchange/cmd/..."
+ echo ' export PATH=$PATH:$(go env GOPATH)/bin'
+ exit 1
+ fi
+done
+
+tmpdir=$(mktemp -d)
+
+echo -n OCSP >$tmpdir/ocsp
+gen-certurl -pem $certfile -ocsp $tmpdir/ocsp > $certfile.cbor
+
+option="-w 0"
+if [ "$(uname -s)" = "Darwin" ]; then
+ option=""
+fi
+
+cert_base64=$(base64 ${option} ${certfile}.cbor)
+data_cert_url="data:application/cert-chain+cbor;base64,$cert_base64"
+
+
+# A valid Signed Exchange.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-location.sxg \
+ -miRecordSize 100
+
+# A valid Signed Exchange. The origin of certUrl is the "alt" origin where NEL
+# policy is installed in reporting tests.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-location-cert-on-alt-origin.sxg \
+ -miRecordSize 100
+
+# A signed exchange of unsupported version.
+gen-signedexchange \
+ -version 1b2 \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg-version1b2.sxg \
+ -miRecordSize 100
+
+# A valid Signed Exchange for testing referrer which logical origin is the wpt
+# test origin.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $wpt_test_origin/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-referrer-same-origin.sxg \
+ -miRecordSize 100
+
+# A valid Signed Exchange for testing referrer which logical origin is the wpt
+# test remote origin.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $wpt_test_remote_origin/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-referrer-remote-origin.sxg \
+ -miRecordSize 100
+
+# A invalid Signed Exchange for testing referrer which logical origin is the wpt
+# test origin. Response has Cache-Control: no-store header.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -responseHeader "Cache-Control: no-store" \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $wpt_test_origin/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/invalid-sxg-referrer-same-origin.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# A invalid Signed Exchange for testing referrer which logical origin is the wpt
+# test remote origin. Response has Cache-Control: no-store header.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -responseHeader "Cache-Control: no-store" \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $wpt_test_remote_origin/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/invalid-sxg-referrer-remote-origin.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# For check-cert-request.tentative.html
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/check-cert-request.py \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/check-cert-request.sxg \
+ -miRecordSize 100
+
+# validityUrl is different origin from request URL.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content failure.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl https://example.com/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-invalid-validity-url.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# certUrl is 404 and the origin of certUrl is different from the "alt" origin
+# where NEL policy is installed in reporting tests.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-cert-not-found.sxg \
+ -miRecordSize 100
+
+# certUrl is 404 and the origin of certUrl is the "alt" origin where NEL policy
+# is installed in reporting tests.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $wpt_test_alt_origin/signed-exchange/resources/not_found_certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-cert-not-found-on-alt-origin.sxg \
+ -miRecordSize 100
+
+# certUrl is 404 and fallback URL is another signed exchange.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/sxg/sxg-location.sxg \
+ -status 200 \
+ -content failure.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/not_found_$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/fallback-to-another-sxg.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# certUrl is an invalid cert and the origin of certUrl is different from the
+# "alt" origin where NEL policy is installed in reporting tests.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/invalid-cert-format.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-invalid-cert-format.sxg \
+ -miRecordSize 100
+
+# certUrl is an invalid cert and the origin of certUrl is the "alt" origin where
+# NEL policy is installed in reporting tests.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $wpt_test_alt_origin/signed-exchange/resources/invalid-cert-format.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-invalid-cert-format-on-alt-origin.sxg \
+ -miRecordSize 100
+
+# Nested signed exchange.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri "$inner_url_origin/signed-exchange/resources/inner-url.html?fallback-from-nested-sxg" \
+ -status 200 \
+ -content sxg/sxg-location.sxg \
+ -responseHeader "$sxg_content_type" \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/nested-sxg.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# Fallback URL has non-ASCII UTF-8 characters.
+gen-signedexchange \
+ -version $sxg_version \
+ -ignoreErrors \
+ -uri "$inner_url_origin/signed-exchange/resources/🌐📦.html" \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-utf8-inner-url.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# Fallback URL has invalid UTF-8 sequence.
+gen-signedexchange \
+ -version $sxg_version \
+ -ignoreErrors \
+ -uri "$inner_url_origin/signed-exchange/resources/$(echo -e '\xce\xce\xa9').html" \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-invalid-utf8-inner-url.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# Fallback URL has UTF-8 BOM.
+gen-signedexchange \
+ -version $sxg_version \
+ -ignoreErrors \
+ -uri "$(echo -e '\xef\xbb\xbf')$inner_url_origin/signed-exchange/resources/inner-url.html" \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-inner-url-bom.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# Response has Cache-Control: no-store header.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -responseHeader "Cache-Control: no-store" \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-noncacheable.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# Response has a strict-transport-security header.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -responseHeader "Strict-Transport-Security: max-age=31536000" \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-hsts.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# Signed Exchange with payload integrity error.
+echo 'garbage' | cat sxg/sxg-location.sxg - >sxg/sxg-merkle-integrity-error.sxg
+
+# An invalid signed exchange which integrity header is invalid.
+cat sxg/sxg-location.sxg |
+ sed 's/digest\/mi-sha256-03/digest\/mi-sha256-xx/' \
+ > sxg/sxg-invalid-integrity-header.sxg
+
+# An invalid signed exchange which cert-sha256 is invalid.
+dummy_sha256=`echo "dummy" | openssl dgst -binary -sha256 | base64`
+cat sxg/sxg-location.sxg |
+ sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \
+ > sxg/sxg-invalid-cert-sha256.sxg
+cat sxg/sxg-location-cert-on-alt-origin.sxg |
+ sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \
+ > sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg
+
+# An invalid signed exchange which validity period is too long.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 300h \
+ -o sxg/sxg-validity-period-too-long.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# An invalid signed exchange which validity period is too long. The origin of
+# certUrl is the "alt" origin where NEL policy is installed in reporting tests.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 300h \
+ -o sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg \
+ -miRecordSize 100 \
+ -ignoreErrors true
+
+# Signed Exchange with variants / variant-key that match any request.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -responseHeader "${variants_header}: accept-language;en" \
+ -responseHeader "${variant_key_header}: en" \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-variants-match.sxg \
+ -miRecordSize 100
+
+# Signed Exchange with variants / variant-key that never match any request.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -responseHeader "${variants_header}: accept-language;en" \
+ -responseHeader "${variant_key_header}: unknown" \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-variants-mismatch.sxg \
+ -miRecordSize 100
+
+# A valid Signed Exchange that reports navigation timing.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-navigation-timing.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-navigation-timing.sxg \
+ -miRecordSize 100
+
+# A valid Signed Exchange for testing service worker registration.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $wpt_test_origin/signed-exchange/resources/register-sw-from-sxg.html \
+ -status 200 \
+ -content register-sw.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $wpt_test_origin/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/register-sw-from-sxg.sxg \
+ -miRecordSize 100
+
+# An invalid Signed Exchange for testing service worker registration after
+# fallback.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $wpt_test_origin/signed-exchange/resources/register-sw-after-fallback.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \
+ -validityUrl $wpt_test_origin/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/register-sw-after-fallback.sxg \
+ -miRecordSize 100
+
+# A valid Signed Exchange using data URL for cert-url.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-location.html \
+ -certificate $certfile \
+ -certUrl $data_cert_url \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2018-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-data-cert-url.sxg \
+ -miRecordSize 100
+
+# Generate the signed exchange file of sxg-subresource-script-inner.js.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-script.js \
+ -status 200 \
+ -responseHeader "Content-Type: application/javascript" \
+ -content sxg-subresource-script-inner.js \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2030-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-subresource-script.sxg \
+ -miRecordSize 100
+
+# Get the header integrity hash value of sxg-subresource-script.sxg.
+header_integrity=$(dump-signedexchange -i sxg/sxg-subresource-script.sxg | \
+ grep -o "header integrity: sha256-.*" | \
+ grep -o "sha256-.*$")
+
+# Generate the signed exchange file of signed exchange subresource test.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \
+ -status 200 \
+ -content sxg-subresource-sxg-inner.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2030-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-subresource.sxg \
+ -miRecordSize 100 \
+ -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"$header_integrity\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script"
+
+# Generate the signed exchange file of signed exchange subresource test with
+# header integrity mismatch.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \
+ -status 200 \
+ -content sxg-subresource-sxg-inner.html \
+ -certificate $certfile \
+ -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2030-04-01T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-subresource-header-integrity-mismatch.sxg \
+ -miRecordSize 100 \
+ -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"sha256-$dummy_sha256\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script"
+
+# A Signed Exchange for testing prefetch.
+# The id query value "XXX..." of prefetch-test-cert.py will be replaced with
+# UUID for stash token by prefetch-test-sxg.py.
+gen-signedexchange \
+ -version $sxg_version \
+ -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+ -status 200 \
+ -content sxg-prefetch-test.html \
+ -certificate $certfile \
+ -certUrl $wpt_test_remote_origin/signed-exchange/resources/prefetch-test-cert.py?id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \
+ -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+ -privateKey $keyfile \
+ -date 2020-01-29T00:00:00Z \
+ -expire 168h \
+ -o sxg/sxg-prefetch-test.sxg \
+ -miRecordSize 100
+
+rm -fr $tmpdir
diff --git a/testing/web-platform/tests/signed-exchange/resources/inner-url.html b/testing/web-platform/tests/signed-exchange/resources/inner-url.html
new file mode 100644
index 0000000000..5b247bbfe9
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/inner-url.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<title>Content of fallback URL</title>
+<script>
+window.addEventListener('message', (event) => {
+ event.data.port.postMessage({
+ location: document.location.href,
+ referrer: document.referrer,
+ is_fallback: true});
+}, false);
+</script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor
new file mode 100644
index 0000000000..82f15ff924
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor
@@ -0,0 +1 @@
+This is an invalid certificate file.
diff --git a/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers
new file mode 100644
index 0000000000..d581d5987e
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers
@@ -0,0 +1 @@
+Content-Type: application/cert-chain+cbor
diff --git a/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py
new file mode 100644
index 0000000000..e1dffebe18
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py
@@ -0,0 +1,18 @@
+import os
+
+from wptserve.utils import isomorphic_decode
+
+def main(request, response):
+ stash_id = request.GET.first(b"id")
+ if request.server.stash.take(stash_id) is not None:
+ response.status = (404, b"Not Found")
+ response.headers.set(b"Content-Type", b"text/plain")
+ return u"not found"
+ request.server.stash.put(stash_id, True)
+
+ path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"127.0.0.1.sxg.pem.cbor")
+ body = open(path, u"rb").read()
+
+ response.headers.set(b"Content-Type", b"application/cert-chain+cbor")
+ response.headers.set(b"Cache-Control", b"public, max-age=600")
+ return body
diff --git a/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py
new file mode 100644
index 0000000000..84b9ebe408
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py
@@ -0,0 +1,20 @@
+import os
+
+from wptserve.utils import isomorphic_decode
+
+def main(request, response):
+ stash_id = request.GET.first(b"id")
+ if request.server.stash.take(stash_id) is not None:
+ response.status = (404, u"Not Found")
+ response.headers.set(b"Content-Type", b"text/plain")
+ return u"not found"
+ request.server.stash.put(stash_id, True)
+
+ path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"sxg", u"sxg-prefetch-test.sxg")
+ body = open(path, u"rb").read()
+
+ response.headers.set(b"Content-Type", b"application/signed-exchange;v=b3")
+ response.headers.set(b"X-Content-Type-Options", b"nosniff")
+ response.headers.set(b"Cache-Control", b"public, max-age=600")
+
+ return body.replace(b'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', stash_id)
diff --git a/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html b/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html
new file mode 100644
index 0000000000..2711fc241f
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<script src="sxg-util.js"></script>
+<script>
+window.addEventListener('message', async (event) => {
+ try {
+ const scope = './scope/' + location.href;
+ await registerServiceWorkerAndWaitUntilActivated(
+ './service-worker.js', scope)
+ const iframe = await withIframe(scope, 'inner_iframe');
+ event.data.port.postMessage({
+ location: document.location.href,
+ is_fallback: true,
+ err: undefined,
+ iframe_body: iframe.contentWindow.document.body.innerHTML});
+ } catch (err) {
+ event.data.port.postMessage({
+ location: document.location.href,
+ is_fallback: true,
+ err: err.toString()
+ });
+ }
+}, false);
+</script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/register-sw.html b/testing/web-platform/tests/signed-exchange/resources/register-sw.html
new file mode 100644
index 0000000000..8a3873bfde
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/register-sw.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<script src="sxg-util.js"></script>
+<script>
+window.addEventListener('message', async (event) => {
+ try {
+ const scope = './scope/' + location.href;
+ await registerServiceWorkerAndWaitUntilActivated(
+ './service-worker.js', scope)
+ const iframe = await withIframe(scope, 'inner_iframe');
+ event.data.port.postMessage({
+ location: document.location.href,
+ is_fallback: false,
+ err: undefined,
+ iframe_body: iframe.contentWindow.document.body.innerHTML});
+ } catch (err) {
+ event.data.port.postMessage({
+ location: document.location.href,
+ is_fallback: false,
+ err: err.toString()
+ });
+ }
+}, false);
+</script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/service-worker.js b/testing/web-platform/tests/signed-exchange/resources/service-worker.js
new file mode 100644
index 0000000000..2647f45a3e
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/service-worker.js
@@ -0,0 +1,5 @@
+self.addEventListener('fetch', function(event) {
+ event.respondWith(new Response(
+ '<body>Generated by service worker</body>',
+ {headers:[['content-type', 'text/html']]}));
+});
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-location.html b/testing/web-platform/tests/signed-exchange/resources/sxg-location.html
new file mode 100644
index 0000000000..b3ebd2bde7
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-location.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<title>Content of SignedHTTPExchange</title>
+<script>
+window.addEventListener('message', (event) => {
+ event.data.port.postMessage({
+ location: document.location.href,
+ referrer: document.referrer,
+ is_fallback: false});
+}, false);
+</script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html b/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html
new file mode 100644
index 0000000000..ddbe350354
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<title>Navigation timing of SignedHTTPExchange</title>
+<script>
+window.addEventListener('message', (event) => {
+ event.data.port.postMessage({
+ location: document.location.href,
+ timing: JSON.stringify(performance.getEntriesByType('navigation')[0]),
+ is_fallback: false});
+}, false);
+</script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html b/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html
new file mode 100644
index 0000000000..5383a4a561
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html
@@ -0,0 +1,5 @@
+<!DOCTYPE html>
+<title>Prefetch test SXG</title>
+<script>
+window.opener.postMessage('loaded', '*');
+</script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html
new file mode 100644
index 0000000000..bd812857b4
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<body>
+<script>
+(async () => {
+ const sxg_path = 'sxg/sxg-subresource.sxg';
+ const scipt_sxg_path = 'sxg/sxg-subresource-script.sxg';
+ const scipt_path = 'sxg-subresource-script.js';
+ const wait_for_prefetch = new Promise((resolve) => {
+ new PerformanceObserver((list) => {
+ for (let e of list.getEntries()) {
+ if (e.name.endsWith(scipt_sxg_path)) {
+ resolve();
+ } else if (e.name.endsWith(scipt_path)) {
+ window.parent.postMessage(
+ scipt_path + ' should not be prefetched', '*');
+ }
+ }
+ }).observe({ entryTypes: ['resource'] });
+ });
+
+ const link = document.createElement('link');
+ link.rel = 'prefetch';
+ link.href = sxg_path;
+ document.body.appendChild(link);
+ await wait_for_prefetch;
+ location.href = sxg_path;
+})()
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html
new file mode 100644
index 0000000000..f05fcc99f8
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<body>
+<script>
+(async () => {
+ const sxg_path = 'sxg/sxg-subresource-header-integrity-mismatch.sxg';
+ const scipt_sxg_path = 'sxg/sxg-subresource-script.sxg';
+ const scipt_path = 'sxg-subresource-script.js';
+ const wait_for_prefetch = new Promise((resolve) => {
+ new PerformanceObserver((list) => {
+ for (let e of list.getEntries()) {
+ if (e.name.endsWith(scipt_sxg_path)) {
+ resolve();
+ } else if (e.name.endsWith(scipt_path)) {
+ window.parent.postMessage(
+ scipt_path + ' should not be prefetched', '*');
+ }
+ }
+ }).observe({ entryTypes: ['resource'] });
+ });
+
+ const link = document.createElement('link');
+ link.rel = 'prefetch';
+ link.href = sxg_path;
+ document.body.appendChild(link);
+ await wait_for_prefetch;
+ location.href = sxg_path;
+})()
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js
new file mode 100644
index 0000000000..dcc7a356a0
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js
@@ -0,0 +1,4 @@
+// Usually the alternate resource should have the same content as the original
+// one (sxg-subresource-script.js), but for now we use differentiated content
+// for easy testing.
+window.parent.postMessage('from signed exchange', '*');
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js
new file mode 100644
index 0000000000..c730568fcf
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js
@@ -0,0 +1 @@
+window.parent.postMessage('from server', '*');
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html
new file mode 100644
index 0000000000..9dfff56ad8
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<script src="sxg-subresource-script.js"></script>
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-util.js b/testing/web-platform/tests/signed-exchange/resources/sxg-util.js
new file mode 100644
index 0000000000..fa2d200fb2
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-util.js
@@ -0,0 +1,89 @@
+// Opens |url| in an iframe, establish a message channel with it, and waits for
+// a message from the frame content. Returns a promise that resolves with the
+// data of the message, or rejects on 15000ms timeout.
+// If the iframe load is expected to fail, the test should have
+// <meta name="timeout" content="long"> tag.
+function openSXGInIframeAndWaitForMessage(test_object, url, referrerPolicy) {
+ return new Promise(async (resolve, reject) => {
+ // We can't catch the network error on iframe. So we use the timer.
+ test_object.step_timeout(() => reject('timeout'), 15000);
+
+ const frame = await withIframe(url, 'sxg_iframe', referrerPolicy);
+ const channel = new MessageChannel();
+ channel.port1.onmessage = (event) => resolve(event.data);
+ frame.contentWindow.postMessage(
+ {port: channel.port2}, '*', [channel.port2]);
+ });
+}
+
+function withIframe(url, name, referrerPolicy) {
+ return new Promise((resolve, reject) => {
+ const frame = document.createElement('iframe');
+ frame.src = url;
+ frame.name = name;
+ if (referrerPolicy !== undefined) {
+ frame.referrerPolicy = referrerPolicy;
+ }
+ frame.onload = () => resolve(frame);
+ frame.onerror = () => reject('failed to load ' + url);
+ document.body.appendChild(frame);
+ });
+}
+
+function loadScript(url) {
+ return new Promise((resolve, reject) => {
+ const scriptTag = document.createElement('script');
+ scriptTag.src = url;
+ scriptTag.onload = () => resolve();
+ scriptTag.onerror = () => reject('failed to load ' + url);
+ document.head.appendChild(scriptTag);
+ });
+}
+
+function innerURLOrigin() {
+ return 'https://127.0.0.1:8444';
+}
+
+function runReferrerTests(test_cases) {
+ for (const i in test_cases) {
+ const test_case = test_cases[i];
+ promise_test(async (t) => {
+ const sxgUrl = test_case.origin + '/signed-exchange/resources/sxg/' +
+ test_case.sxg;
+ const message =
+ await openSXGInIframeAndWaitForMessage(
+ t, sxgUrl, test_case.referrerPolicy);
+ assert_false(message.is_fallback);
+ assert_equals(message.referrer, test_case.expectedReferrer);
+
+ const invalidSxgUrl =
+ test_case.origin + '/signed-exchange/resources/sxg/invalid-' +
+ test_case.sxg;
+ const fallbackMessage =
+ await openSXGInIframeAndWaitForMessage(
+ t, invalidSxgUrl, test_case.referrerPolicy);
+ assert_true(fallbackMessage.is_fallback);
+ assert_equals(fallbackMessage.referrer, test_case.expectedReferrer);
+ }, 'Referrer of SignedHTTPExchange test : ' + JSON.stringify(test_case));
+ }
+}
+
+function addPrefetch(url) {
+ const link = document.createElement('link');
+ link.rel = 'prefetch';
+ link.href = url;
+ document.body.appendChild(link);
+}
+
+async function registerServiceWorkerAndWaitUntilActivated(script, scope) {
+ const reg = await navigator.serviceWorker.register(script, {scope: scope});
+ if (reg.active)
+ return;
+ const worker = reg.installing || reg.waiting;
+ await new Promise((resolve) => {
+ worker.addEventListener('statechange', (event) => {
+ if (event.target.state == 'activated')
+ resolve();
+ });
+ });
+}
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg
new file mode 100644
index 0000000000..092eb9d38f
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers
new file mode 100644
index 0000000000..ca41178420
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers
@@ -0,0 +1,2 @@
+Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers
new file mode 100644
index 0000000000..83a3c128cf
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers
@@ -0,0 +1,2 @@
+Content-Type: application/signed-exchange;v=b3
+X-Content-Type-Options: nosniff
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg
new file mode 100644
index 0000000000..8129b5479c
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg
new file mode 100644
index 0000000000..b5dcb6b86d
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg
new file mode 100644
index 0000000000..db08ad072c
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg
new file mode 100644
index 0000000000..5057e9ddf4
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg
new file mode 100644
index 0000000000..6d8538882d
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg
new file mode 100644
index 0000000000..20ae275818
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg
new file mode 100644
index 0000000000..792222029f
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg
new file mode 100644
index 0000000000..2a7dbf6fa6
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg
new file mode 100644
index 0000000000..072125400a
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg
new file mode 100644
index 0000000000..b5972d545c
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg
new file mode 100644
index 0000000000..8f57c63dfa
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg
new file mode 100644
index 0000000000..0093eb1d37
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg
new file mode 100644
index 0000000000..62acedd390
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg
new file mode 100644
index 0000000000..30e4fcd912
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg
new file mode 100644
index 0000000000..066a3cc0a4
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg
new file mode 100644
index 0000000000..46d2bb1386
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg
new file mode 100644
index 0000000000..3fbb151b5c
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg
@@ -0,0 +1 @@
+This is an invalid Signed Exchange.
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg
new file mode 100644
index 0000000000..95d358245c
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg
new file mode 100644
index 0000000000..65357e14ac
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg
new file mode 100644
index 0000000000..62e88d6386
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg
new file mode 100644
index 0000000000..a2ddc77951
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg
new file mode 100644
index 0000000000..1678b751bc
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg
new file mode 100644
index 0000000000..0c6dce01da
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg
new file mode 100644
index 0000000000..56a90d5125
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg
new file mode 100644
index 0000000000..88439982f6
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg
new file mode 100644
index 0000000000..f452270c5b
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg
new file mode 100644
index 0000000000..00aa755efc
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg
new file mode 100644
index 0000000000..cc7793efa2
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg
new file mode 100644
index 0000000000..ace89dde64
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers
new file mode 100644
index 0000000000..8f1b47ef06
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers
@@ -0,0 +1 @@
+Link: <https://{{hosts[alt][]}}:{{ports[https][0]}}/signed-exchange/resources/sxg/sxg-subresource-script.sxg>;rel=alternate;type="application/signed-exchange;v=b3";anchor="https://127.0.0.1:8444/signed-exchange/resources/sxg-subresource-script.js";
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg
new file mode 100644
index 0000000000..fe1bd97645
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg
new file mode 100644
index 0000000000..97823ee8f7
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers
new file mode 100644
index 0000000000..8bc3938df8
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers
@@ -0,0 +1 @@
+Link: <https://{{host}}:{{ports[https][0]}}/signed-exchange/resources/sxg/sxg-subresource-script.sxg>;rel=alternate;type="application/signed-exchange;v=b3";anchor="https://127.0.0.1:8444/signed-exchange/resources/sxg-subresource-script.js";
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg
new file mode 100644
index 0000000000..3edf285f1b
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg
new file mode 100644
index 0000000000..294f97b097
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg
new file mode 100644
index 0000000000..e90d9bc66d
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg
new file mode 100644
index 0000000000..aed8bd175d
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg
Binary files differ
diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg
new file mode 100644
index 0000000000..ae96b7213f
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg
Binary files differ