diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
| commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
| tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/signed-exchange | |
| parent | Initial commit. (diff) | |
| download | thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip | |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/signed-exchange')
129 files changed, 3794 insertions, 0 deletions
diff --git a/testing/web-platform/tests/signed-exchange/META.yml b/testing/web-platform/tests/signed-exchange/META.yml new file mode 100644 index 0000000000..f56fbab13e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/META.yml @@ -0,0 +1,5 @@ +spec: https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html +suggested_reviewers: + - irori + - jyasskin + - nyaxt diff --git a/testing/web-platform/tests/signed-exchange/README.md b/testing/web-platform/tests/signed-exchange/README.md new file mode 100644 index 0000000000..0987e90ad0 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/README.md @@ -0,0 +1,23 @@ +This directory contains tests for the +[b3 implementation snapshot](https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl-03) of the +[Signed HTTP Exchanges](https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html). + +`resources` directory contains pregenerated signed exchanges and +certificate files. To run the tests in this directory, +`resources/127.0.0.1.sxg.pem` must be added as a trusted certificate +in your OS/browser, or your browser must be configured to ignore +errors for that certificate. + +Also, these pregenerated signed exchanges and cert files are likely to +be expired, since they have short lifetime (maximum 7 days). If your +browser does not have an option to ignore certificate errors, +regenerate these files by running `generate-test-sxgs.sh` in the +`resource` directory before running the tests. + +`generate-test-sxgs.sh` requires command-line tools in the +[webpackage repository](https://github.com/WICG/webpackage). +To install them, run: +``` +go get -u github.com/WICG/webpackage/go/signedexchange/cmd/... +export PATH=$PATH:$(go env GOPATH)/bin +``` diff --git a/testing/web-platform/tests/signed-exchange/check-cert-request.tentative.html b/testing/web-platform/tests/signed-exchange/check-cert-request.tentative.html new file mode 100644 index 0000000000..b1418e9290 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/check-cert-request.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Verify that certificate request has correct parameters.</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/check-cert-request.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); +}, 'Verify that certificate request has correct parameters.'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/fallback-to-another-sxg.tentative.html b/testing/web-platform/tests/signed-exchange/fallback-to-another-sxg.tentative.html new file mode 100644 index 0000000000..8ccba86bd7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/fallback-to-another-sxg.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Fallback redirect to another SignedHTTPExchange</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); +}, 'Fallback redirect to another SignedHTTPExchange'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/nested-sxg.tentative.html b/testing/web-platform/tests/signed-exchange/nested-sxg.tentative.html new file mode 100644 index 0000000000..f1167f919a --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/nested-sxg.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Nested SignedHTTPExchange</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/nested-sxg.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html?fallback-from-nested-sxg'); + assert_true(message.is_fallback); +}, 'Nested SignedHTTPExchange'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html new file mode 100644 index 0000000000..ce20c4726e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html @@ -0,0 +1,64 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for' + + ' navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html new file mode 100644 index 0000000000..15a7176e74 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html @@ -0,0 +1,76 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_fetch_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg?navigation'; + const cert_url = + alt_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_fetch_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "http.error", + status_code: 404, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_fetch_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html new file mode 100644 index 0000000000..e6cdad035e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg?navigation'; + const cert_url = + test_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html new file mode 100644 index 0000000000..a0cc607bf5 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html @@ -0,0 +1,76 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_parse_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg?navigation'; + const cert_url = + alt_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_parse_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..d3ad4204f2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', 'location'); + assert_true(message.is_fallback, 'is_fallback'); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.cert_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html new file mode 100644 index 0000000000..04fd0e785c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html @@ -0,0 +1,60 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg?navigation'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.cert_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html new file mode 100644 index 0000000000..a92735f714 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html @@ -0,0 +1,69 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed for navigation (zero success fraction)</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithZeroSuccessFractionPolicyInIframe(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: cert_url + } + }, + metadata: { + content_type: "application/reports+json", + }, + } + ), 'SXG error reporting must be downgraded when the cert URL is different ' + + 'from the reporting origin'); + assert_false(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ), 'Succeeded normal NEL report should not be sent when success fraction ' + + 'is zero.'); +}, 'SXG error report must be downgraded when the cert URL is different from ' + + 'the reporting origin. And succeeded normal NEL report should not be sent ' + + ' when success fraction is zero.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html new file mode 100644 index 0000000000..3e00d9dbe3 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html @@ -0,0 +1,61 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.invalid_integrity_header for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.invalid_integrity_header", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.invalid_integrity_header for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html new file mode 100644 index 0000000000..b6d7ba3b1a --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html @@ -0,0 +1,68 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.mi_error for navigation</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + try { + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + if (message.is_fallback) { + assert_unreached('Fallback redirect should not have happened'); + } else { + assert_unreached('SXG should not have loaded'); + } + } catch (e) { + assert_equals(e, 'timeout'); + } + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.mi_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ])); +}, 'SXG reporting test of sxg.mi_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html new file mode 100644 index 0000000000..b6cadbca50 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html @@ -0,0 +1,59 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for navigation with no-referrer</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url, 'no-referrer'); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: '', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: '', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of ok for navigation with no-referrer.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html new file mode 100644 index 0000000000..351ad92782 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html @@ -0,0 +1,59 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for navigation with origin referrer</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url, 'origin'); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: document.location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: document.location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of ok for navigation with origin referrer.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html new file mode 100644 index 0000000000..0afa626d09 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html @@ -0,0 +1,59 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG success report must be sent for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html new file mode 100644 index 0000000000..95cd140cea --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.parse_error for navigation</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-format.sxg?navigation'; + try { + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + if (message.is_fallback) { + assert_unreached('Fallback redirect should not have happened'); + } else { + assert_unreached('SXG should not have loaded'); + } + } catch (e) { + assert_equals(e, 'timeout'); + } + + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + cert_url: [] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.parse_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..2679ae5a6c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.signature_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.signature_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html new file mode 100644 index 0000000000..f3e0b8f0e6 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html @@ -0,0 +1,60 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.signature_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg?navigation'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.signature_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.signature_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html new file mode 100644 index 0000000000..82b5d8f11e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?prefetch'; + const cert_url = + test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.cert_fetch_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html new file mode 100644 index 0000000000..32e3cad1b0 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html @@ -0,0 +1,73 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_fetch_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg?prefetch'; + const cert_url = + alt_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_fetch_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "http.error", + status_code: 404, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_fetch_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html new file mode 100644 index 0000000000..bbad6032e2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg?prefetch'; + const cert_url = + test_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for' + + ' prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html new file mode 100644 index 0000000000..a6ea9e4eed --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html @@ -0,0 +1,73 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_parse_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg?prefetch'; + const cert_url = + alt_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_parse_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..b25bf491da --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.cert_verification_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html new file mode 100644 index 0000000000..f31a4c49d4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg?prefetch'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.cert_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_verification_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html new file mode 100644 index 0000000000..faa02bc0eb --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html @@ -0,0 +1,67 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed for prefetch (zero success fraction)</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithZeroSuccessFractionPolicy(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?prefetch'; + const cert_url = + test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + addPrefetch(sxg_url); + assert_true(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ), 'SXG error reporting must be downgraded when the cert URL is different ' + + 'from the reporting origin'); + assert_false(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ), 'Succeeded normal NEL report should not be sent when success fraction ' + + 'is zero.'); +}, 'SXG error report must be downgraded when the cert URL is different from ' + + 'the reporting origin. And succeeded normal NEL report should not be sent ' + + ' when success fraction is zero.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html new file mode 100644 index 0000000000..990b4a387e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html @@ -0,0 +1,58 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.invalid_integrity_header for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.invalid_integrity_header", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.invalid_integrity_header for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html new file mode 100644 index 0000000000..f265a92058 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html @@ -0,0 +1,58 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.mi_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.mi_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ])); +}, 'SXG reporting test of sxg.mi_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html new file mode 100644 index 0000000000..e3c6a0eeea --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html @@ -0,0 +1,56 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG success report must be sent for prefetching.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html new file mode 100644 index 0000000000..2e2b860e22 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html @@ -0,0 +1,54 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.parse_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-format.sxg?prefetch'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + cert_url: [] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.parse_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..fbeaeecff9 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.signature_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.signature_verification_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html new file mode 100644 index 0000000000..f3805ad693 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.signature_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg?prefetch'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.signature_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.signature_verification_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext new file mode 100644 index 0000000000..8cdc25a9a7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.ext @@ -0,0 +1,7 @@ +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = DNS:127.0.0.1 + +# CanSignHttpExchanges extension +# https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req +1.3.6.1.4.1.11129.2.1.22 = ASN1:NULL diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key new file mode 100644 index 0000000000..53f80c86fa --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIENXRP9iROaUuhisQ+3Rb9hS14J8ny36TRPBDfuWNLfWoAoGCCqGSM49 +AwEHoUQDQgAELBO41fB7hYZ9BqY4V0xMPUJZIH20ZW5fLHw26gHs20Hv+4GKgnHR +3Simlna0fLxxDD/WRmADUZiA6e1blThkJA== +-----END EC PRIVATE KEY----- diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem new file mode 100644 index 0000000000..2da2a807d2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmDCCAT+gAwIBAgIJANaBpqCSy2GLMAoGCCqGSM49BAMCMDAxEjAQBgNVBAMM +CTEyNy4wLjAuMTENMAsGA1UECgwEVGVzdDELMAkGA1UEBhMCVVMwHhcNMTgxMDE1 +MDczNDAzWhcNMjgxMDEyMDczNDAzWjAwMRIwEAYDVQQDDAkxMjcuMC4wLjExDTAL +BgNVBAoMBFRlc3QxCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAELBO41fB7hYZ9BqY4V0xMPUJZIH20ZW5fLHw26gHs20Hv+4GKgnHR3Simlna0 +fLxxDD/WRmADUZiA6e1blThkJKNCMEAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw +FAYDVR0RBA0wC4IJMTI3LjAuMC4xMBAGCisGAQQB1nkCARYEAgUAMAoGCCqGSM49 +BAMCA0cAMEQCIBz3vP5lPS2h8noHlnQ8VupcIJoIbmIfWUExW/tsSj1uAiBxve6H +aoDl5q91E6FisA8UhCUt0KSy2bL37IJwo6LwOg== +-----END CERTIFICATE----- diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor Binary files differnew file mode 100644 index 0000000000..9dedd96b5b --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor diff --git a/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers new file mode 100644 index 0000000000..d581d5987e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/127.0.0.1.sxg.pem.cbor.headers @@ -0,0 +1 @@ +Content-Type: application/cert-chain+cbor diff --git a/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py b/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py new file mode 100644 index 0000000000..f5e898d2dc --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/check-cert-request.py @@ -0,0 +1,13 @@ +import os + +from wptserve.utils import isomorphic_decode + +def main(request, response): + CertChainMimeType = b"application/cert-chain+cbor" + + if request.headers.get(b"Accept") != CertChainMimeType: + return 400, [], u"Bad Request" + + path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"127.0.0.1.sxg.pem.cbor") + body = open(path, u"rb").read() + return 200, [(b"Content-Type", CertChainMimeType)], body diff --git a/testing/web-platform/tests/signed-exchange/resources/failure.html b/testing/web-platform/tests/signed-exchange/resources/failure.html new file mode 100644 index 0000000000..1071f082b7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/failure.html @@ -0,0 +1,7 @@ +<!DOCTYPE html> +<title>Content of invalid signed exchange</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage("FAIL if this content is loaded"); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh b/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh new file mode 100755 index 0000000000..01330e46d8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-certs.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# Creates a self-signed certificate to use for signing exchanges. +# TODO: Integrate into tools/wptserve/wptserve/sslutils/openssl.py + +set -e + +openssl ecparam -out 127.0.0.1.sxg.key -name prime256v1 -genkey + +openssl req -new -sha256 \ + -key 127.0.0.1.sxg.key \ + -out 127.0.0.1.sxg.csr \ + -subj '/CN=127.0.0.1/O=Test/C=US' + +openssl x509 -req -days 3650 \ + -in 127.0.0.1.sxg.csr \ + -extfile 127.0.0.1.sxg.ext \ + -signkey 127.0.0.1.sxg.key \ + -out 127.0.0.1.sxg.pem diff --git a/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh new file mode 100755 index 0000000000..bf25356d07 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh @@ -0,0 +1,584 @@ +#!/bin/sh +sxg_version=1b3 +certfile=127.0.0.1.sxg.pem +keyfile=127.0.0.1.sxg.key +inner_url_origin=https://127.0.0.1:8444 +# TODO: Stop hard-coding "web-platform.test" when generating Signed Exchanges on +# the fly. +wpt_test_origin=https://web-platform.test:8444 +wpt_test_remote_origin=https://www1.web-platform.test:8444 +wpt_test_alt_origin=https://not-web-platform.test:8444 +cert_url_origin=$wpt_test_origin +sxg_content_type='content-type: application/signed-exchange;v=b3' +variants_header=variants-04 +variant_key_header=variant-key-04 + +set -e + +for cmd in gen-signedexchange gen-certurl dump-signedexchange; do + if ! command -v $cmd > /dev/null 2>&1; then + echo "$cmd is not installed. Please run:" + echo " go get -u github.com/WICG/webpackage/go/signedexchange/cmd/..." + echo ' export PATH=$PATH:$(go env GOPATH)/bin' + exit 1 + fi +done + +tmpdir=$(mktemp -d) + +echo -n OCSP >$tmpdir/ocsp +gen-certurl -pem $certfile -ocsp $tmpdir/ocsp > $certfile.cbor + +option="-w 0" +if [ "$(uname -s)" = "Darwin" ]; then + option="" +fi + +cert_base64=$(base64 ${option} ${certfile}.cbor) +data_cert_url="data:application/cert-chain+cbor;base64,$cert_base64" + + +# A valid Signed Exchange. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-location.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange. The origin of certUrl is the "alt" origin where NEL +# policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-location-cert-on-alt-origin.sxg \ + -miRecordSize 100 + +# A signed exchange of unsupported version. +gen-signedexchange \ + -version 1b2 \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg-version1b2.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange for testing referrer which logical origin is the wpt +# test origin. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-referrer-same-origin.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange for testing referrer which logical origin is the wpt +# test remote origin. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_remote_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-referrer-remote-origin.sxg \ + -miRecordSize 100 + +# A invalid Signed Exchange for testing referrer which logical origin is the wpt +# test origin. Response has Cache-Control: no-store header. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Cache-Control: no-store" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/invalid-sxg-referrer-same-origin.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# A invalid Signed Exchange for testing referrer which logical origin is the wpt +# test remote origin. Response has Cache-Control: no-store header. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Cache-Control: no-store" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_remote_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/invalid-sxg-referrer-remote-origin.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# For check-cert-request.tentative.html +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/check-cert-request.py \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/check-cert-request.sxg \ + -miRecordSize 100 + +# validityUrl is different origin from request URL. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content failure.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl https://example.com/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-validity-url.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# certUrl is 404 and the origin of certUrl is different from the "alt" origin +# where NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-cert-not-found.sxg \ + -miRecordSize 100 + +# certUrl is 404 and the origin of certUrl is the "alt" origin where NEL policy +# is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/not_found_certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-cert-not-found-on-alt-origin.sxg \ + -miRecordSize 100 + +# certUrl is 404 and fallback URL is another signed exchange. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg/sxg-location.sxg \ + -status 200 \ + -content failure.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/not_found_$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/fallback-to-another-sxg.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# certUrl is an invalid cert and the origin of certUrl is different from the +# "alt" origin where NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/invalid-cert-format.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-cert-format.sxg \ + -miRecordSize 100 + +# certUrl is an invalid cert and the origin of certUrl is the "alt" origin where +# NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/invalid-cert-format.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-cert-format-on-alt-origin.sxg \ + -miRecordSize 100 + +# Nested signed exchange. +gen-signedexchange \ + -version $sxg_version \ + -uri "$inner_url_origin/signed-exchange/resources/inner-url.html?fallback-from-nested-sxg" \ + -status 200 \ + -content sxg/sxg-location.sxg \ + -responseHeader "$sxg_content_type" \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/nested-sxg.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Fallback URL has non-ASCII UTF-8 characters. +gen-signedexchange \ + -version $sxg_version \ + -ignoreErrors \ + -uri "$inner_url_origin/signed-exchange/resources/🌐📦.html" \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-utf8-inner-url.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Fallback URL has invalid UTF-8 sequence. +gen-signedexchange \ + -version $sxg_version \ + -ignoreErrors \ + -uri "$inner_url_origin/signed-exchange/resources/$(echo -e '\xce\xce\xa9').html" \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-invalid-utf8-inner-url.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Fallback URL has UTF-8 BOM. +gen-signedexchange \ + -version $sxg_version \ + -ignoreErrors \ + -uri "$(echo -e '\xef\xbb\xbf')$inner_url_origin/signed-exchange/resources/inner-url.html" \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-inner-url-bom.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Response has Cache-Control: no-store header. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Cache-Control: no-store" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-noncacheable.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Response has a strict-transport-security header. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "Strict-Transport-Security: max-age=31536000" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-hsts.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Signed Exchange with payload integrity error. +echo 'garbage' | cat sxg/sxg-location.sxg - >sxg/sxg-merkle-integrity-error.sxg + +# An invalid signed exchange which integrity header is invalid. +cat sxg/sxg-location.sxg | + sed 's/digest\/mi-sha256-03/digest\/mi-sha256-xx/' \ + > sxg/sxg-invalid-integrity-header.sxg + +# An invalid signed exchange which cert-sha256 is invalid. +dummy_sha256=`echo "dummy" | openssl dgst -binary -sha256 | base64` +cat sxg/sxg-location.sxg | + sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \ + > sxg/sxg-invalid-cert-sha256.sxg +cat sxg/sxg-location-cert-on-alt-origin.sxg | + sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \ + > sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg + +# An invalid signed exchange which validity period is too long. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 300h \ + -o sxg/sxg-validity-period-too-long.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# An invalid signed exchange which validity period is too long. The origin of +# certUrl is the "alt" origin where NEL policy is installed in reporting tests. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 300h \ + -o sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg \ + -miRecordSize 100 \ + -ignoreErrors true + +# Signed Exchange with variants / variant-key that match any request. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "${variants_header}: accept-language;en" \ + -responseHeader "${variant_key_header}: en" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-variants-match.sxg \ + -miRecordSize 100 + +# Signed Exchange with variants / variant-key that never match any request. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -responseHeader "${variants_header}: accept-language;en" \ + -responseHeader "${variant_key_header}: unknown" \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-variants-mismatch.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange that reports navigation timing. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-navigation-timing.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-navigation-timing.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange for testing service worker registration. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/register-sw-from-sxg.html \ + -status 200 \ + -content register-sw.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/register-sw-from-sxg.sxg \ + -miRecordSize 100 + +# An invalid Signed Exchange for testing service worker registration after +# fallback. +gen-signedexchange \ + -version $sxg_version \ + -uri $wpt_test_origin/signed-exchange/resources/register-sw-after-fallback.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \ + -validityUrl $wpt_test_origin/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/register-sw-after-fallback.sxg \ + -miRecordSize 100 + +# A valid Signed Exchange using data URL for cert-url. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-location.html \ + -certificate $certfile \ + -certUrl $data_cert_url \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2018-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-data-cert-url.sxg \ + -miRecordSize 100 + +# Generate the signed exchange file of sxg-subresource-script-inner.js. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-script.js \ + -status 200 \ + -responseHeader "Content-Type: application/javascript" \ + -content sxg-subresource-script-inner.js \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2030-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-subresource-script.sxg \ + -miRecordSize 100 + +# Get the header integrity hash value of sxg-subresource-script.sxg. +header_integrity=$(dump-signedexchange -i sxg/sxg-subresource-script.sxg | \ + grep -o "header integrity: sha256-.*" | \ + grep -o "sha256-.*$") + +# Generate the signed exchange file of signed exchange subresource test. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \ + -status 200 \ + -content sxg-subresource-sxg-inner.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2030-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-subresource.sxg \ + -miRecordSize 100 \ + -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"$header_integrity\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script" + +# Generate the signed exchange file of signed exchange subresource test with +# header integrity mismatch. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \ + -status 200 \ + -content sxg-subresource-sxg-inner.html \ + -certificate $certfile \ + -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2030-04-01T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-subresource-header-integrity-mismatch.sxg \ + -miRecordSize 100 \ + -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"sha256-$dummy_sha256\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script" + +# A Signed Exchange for testing prefetch. +# The id query value "XXX..." of prefetch-test-cert.py will be replaced with +# UUID for stash token by prefetch-test-sxg.py. +gen-signedexchange \ + -version $sxg_version \ + -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ + -status 200 \ + -content sxg-prefetch-test.html \ + -certificate $certfile \ + -certUrl $wpt_test_remote_origin/signed-exchange/resources/prefetch-test-cert.py?id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ + -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ + -privateKey $keyfile \ + -date 2020-01-29T00:00:00Z \ + -expire 168h \ + -o sxg/sxg-prefetch-test.sxg \ + -miRecordSize 100 + +rm -fr $tmpdir diff --git a/testing/web-platform/tests/signed-exchange/resources/inner-url.html b/testing/web-platform/tests/signed-exchange/resources/inner-url.html new file mode 100644 index 0000000000..5b247bbfe9 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/inner-url.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<title>Content of fallback URL</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage({ + location: document.location.href, + referrer: document.referrer, + is_fallback: true}); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor new file mode 100644 index 0000000000..82f15ff924 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor @@ -0,0 +1 @@ +This is an invalid certificate file. diff --git a/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers new file mode 100644 index 0000000000..d581d5987e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/invalid-cert-format.cbor.headers @@ -0,0 +1 @@ +Content-Type: application/cert-chain+cbor diff --git a/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py new file mode 100644 index 0000000000..e1dffebe18 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-cert.py @@ -0,0 +1,18 @@ +import os + +from wptserve.utils import isomorphic_decode + +def main(request, response): + stash_id = request.GET.first(b"id") + if request.server.stash.take(stash_id) is not None: + response.status = (404, b"Not Found") + response.headers.set(b"Content-Type", b"text/plain") + return u"not found" + request.server.stash.put(stash_id, True) + + path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"127.0.0.1.sxg.pem.cbor") + body = open(path, u"rb").read() + + response.headers.set(b"Content-Type", b"application/cert-chain+cbor") + response.headers.set(b"Cache-Control", b"public, max-age=600") + return body diff --git a/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py new file mode 100644 index 0000000000..84b9ebe408 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/prefetch-test-sxg.py @@ -0,0 +1,20 @@ +import os + +from wptserve.utils import isomorphic_decode + +def main(request, response): + stash_id = request.GET.first(b"id") + if request.server.stash.take(stash_id) is not None: + response.status = (404, u"Not Found") + response.headers.set(b"Content-Type", b"text/plain") + return u"not found" + request.server.stash.put(stash_id, True) + + path = os.path.join(os.path.dirname(isomorphic_decode(__file__)), u"sxg", u"sxg-prefetch-test.sxg") + body = open(path, u"rb").read() + + response.headers.set(b"Content-Type", b"application/signed-exchange;v=b3") + response.headers.set(b"X-Content-Type-Options", b"nosniff") + response.headers.set(b"Cache-Control", b"public, max-age=600") + + return body.replace(b'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', stash_id) diff --git a/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html b/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html new file mode 100644 index 0000000000..2711fc241f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/register-sw-after-fallback.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<script src="sxg-util.js"></script> +<script> +window.addEventListener('message', async (event) => { + try { + const scope = './scope/' + location.href; + await registerServiceWorkerAndWaitUntilActivated( + './service-worker.js', scope) + const iframe = await withIframe(scope, 'inner_iframe'); + event.data.port.postMessage({ + location: document.location.href, + is_fallback: true, + err: undefined, + iframe_body: iframe.contentWindow.document.body.innerHTML}); + } catch (err) { + event.data.port.postMessage({ + location: document.location.href, + is_fallback: true, + err: err.toString() + }); + } +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/register-sw.html b/testing/web-platform/tests/signed-exchange/resources/register-sw.html new file mode 100644 index 0000000000..8a3873bfde --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/register-sw.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<script src="sxg-util.js"></script> +<script> +window.addEventListener('message', async (event) => { + try { + const scope = './scope/' + location.href; + await registerServiceWorkerAndWaitUntilActivated( + './service-worker.js', scope) + const iframe = await withIframe(scope, 'inner_iframe'); + event.data.port.postMessage({ + location: document.location.href, + is_fallback: false, + err: undefined, + iframe_body: iframe.contentWindow.document.body.innerHTML}); + } catch (err) { + event.data.port.postMessage({ + location: document.location.href, + is_fallback: false, + err: err.toString() + }); + } +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/service-worker.js b/testing/web-platform/tests/signed-exchange/resources/service-worker.js new file mode 100644 index 0000000000..2647f45a3e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/service-worker.js @@ -0,0 +1,5 @@ +self.addEventListener('fetch', function(event) { + event.respondWith(new Response( + '<body>Generated by service worker</body>', + {headers:[['content-type', 'text/html']]})); +}); diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-location.html b/testing/web-platform/tests/signed-exchange/resources/sxg-location.html new file mode 100644 index 0000000000..b3ebd2bde7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-location.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<title>Content of SignedHTTPExchange</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage({ + location: document.location.href, + referrer: document.referrer, + is_fallback: false}); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html b/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html new file mode 100644 index 0000000000..ddbe350354 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-navigation-timing.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<title>Navigation timing of SignedHTTPExchange</title> +<script> +window.addEventListener('message', (event) => { + event.data.port.postMessage({ + location: document.location.href, + timing: JSON.stringify(performance.getEntriesByType('navigation')[0]), + is_fallback: false}); +}, false); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html b/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html new file mode 100644 index 0000000000..5383a4a561 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-prefetch-test.html @@ -0,0 +1,5 @@ +<!DOCTYPE html> +<title>Prefetch test SXG</title> +<script> +window.opener.postMessage('loaded', '*'); +</script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html new file mode 100644 index 0000000000..bd812857b4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-iframe.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<body> +<script> +(async () => { + const sxg_path = 'sxg/sxg-subresource.sxg'; + const scipt_sxg_path = 'sxg/sxg-subresource-script.sxg'; + const scipt_path = 'sxg-subresource-script.js'; + const wait_for_prefetch = new Promise((resolve) => { + new PerformanceObserver((list) => { + for (let e of list.getEntries()) { + if (e.name.endsWith(scipt_sxg_path)) { + resolve(); + } else if (e.name.endsWith(scipt_path)) { + window.parent.postMessage( + scipt_path + ' should not be prefetched', '*'); + } + } + }).observe({ entryTypes: ['resource'] }); + }); + + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = sxg_path; + document.body.appendChild(link); + await wait_for_prefetch; + location.href = sxg_path; +})() +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html new file mode 100644 index 0000000000..f05fcc99f8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-mismatch-iframe.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<body> +<script> +(async () => { + const sxg_path = 'sxg/sxg-subresource-header-integrity-mismatch.sxg'; + const scipt_sxg_path = 'sxg/sxg-subresource-script.sxg'; + const scipt_path = 'sxg-subresource-script.js'; + const wait_for_prefetch = new Promise((resolve) => { + new PerformanceObserver((list) => { + for (let e of list.getEntries()) { + if (e.name.endsWith(scipt_sxg_path)) { + resolve(); + } else if (e.name.endsWith(scipt_path)) { + window.parent.postMessage( + scipt_path + ' should not be prefetched', '*'); + } + } + }).observe({ entryTypes: ['resource'] }); + }); + + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = sxg_path; + document.body.appendChild(link); + await wait_for_prefetch; + location.href = sxg_path; +})() +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js new file mode 100644 index 0000000000..dcc7a356a0 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script-inner.js @@ -0,0 +1,4 @@ +// Usually the alternate resource should have the same content as the original +// one (sxg-subresource-script.js), but for now we use differentiated content +// for easy testing. +window.parent.postMessage('from signed exchange', '*'); diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js new file mode 100644 index 0000000000..c730568fcf --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-script.js @@ -0,0 +1 @@ +window.parent.postMessage('from server', '*'); diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html new file mode 100644 index 0000000000..9dfff56ad8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-subresource-sxg-inner.html @@ -0,0 +1,2 @@ +<!DOCTYPE html> +<script src="sxg-subresource-script.js"></script> diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-util.js b/testing/web-platform/tests/signed-exchange/resources/sxg-util.js new file mode 100644 index 0000000000..fa2d200fb2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-util.js @@ -0,0 +1,89 @@ +// Opens |url| in an iframe, establish a message channel with it, and waits for +// a message from the frame content. Returns a promise that resolves with the +// data of the message, or rejects on 15000ms timeout. +// If the iframe load is expected to fail, the test should have +// <meta name="timeout" content="long"> tag. +function openSXGInIframeAndWaitForMessage(test_object, url, referrerPolicy) { + return new Promise(async (resolve, reject) => { + // We can't catch the network error on iframe. So we use the timer. + test_object.step_timeout(() => reject('timeout'), 15000); + + const frame = await withIframe(url, 'sxg_iframe', referrerPolicy); + const channel = new MessageChannel(); + channel.port1.onmessage = (event) => resolve(event.data); + frame.contentWindow.postMessage( + {port: channel.port2}, '*', [channel.port2]); + }); +} + +function withIframe(url, name, referrerPolicy) { + return new Promise((resolve, reject) => { + const frame = document.createElement('iframe'); + frame.src = url; + frame.name = name; + if (referrerPolicy !== undefined) { + frame.referrerPolicy = referrerPolicy; + } + frame.onload = () => resolve(frame); + frame.onerror = () => reject('failed to load ' + url); + document.body.appendChild(frame); + }); +} + +function loadScript(url) { + return new Promise((resolve, reject) => { + const scriptTag = document.createElement('script'); + scriptTag.src = url; + scriptTag.onload = () => resolve(); + scriptTag.onerror = () => reject('failed to load ' + url); + document.head.appendChild(scriptTag); + }); +} + +function innerURLOrigin() { + return 'https://127.0.0.1:8444'; +} + +function runReferrerTests(test_cases) { + for (const i in test_cases) { + const test_case = test_cases[i]; + promise_test(async (t) => { + const sxgUrl = test_case.origin + '/signed-exchange/resources/sxg/' + + test_case.sxg; + const message = + await openSXGInIframeAndWaitForMessage( + t, sxgUrl, test_case.referrerPolicy); + assert_false(message.is_fallback); + assert_equals(message.referrer, test_case.expectedReferrer); + + const invalidSxgUrl = + test_case.origin + '/signed-exchange/resources/sxg/invalid-' + + test_case.sxg; + const fallbackMessage = + await openSXGInIframeAndWaitForMessage( + t, invalidSxgUrl, test_case.referrerPolicy); + assert_true(fallbackMessage.is_fallback); + assert_equals(fallbackMessage.referrer, test_case.expectedReferrer); + }, 'Referrer of SignedHTTPExchange test : ' + JSON.stringify(test_case)); + } +} + +function addPrefetch(url) { + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = url; + document.body.appendChild(link); +} + +async function registerServiceWorkerAndWaitUntilActivated(script, scope) { + const reg = await navigator.serviceWorker.register(script, {scope: scope}); + if (reg.active) + return; + const worker = reg.installing || reg.waiting; + await new Promise((resolve) => { + worker.addEventListener('statechange', (event) => { + if (event.target.state == 'activated') + resolve(); + }); + }); +} diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg Binary files differnew file mode 100644 index 0000000000..092eb9d38f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers new file mode 100644 index 0000000000..ca41178420 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers @@ -0,0 +1,2 @@ +Content-Type: application/signed-exchange;v=b2 +X-Content-Type-Options: nosniff diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers new file mode 100644 index 0000000000..83a3c128cf --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/__dir__.headers @@ -0,0 +1,2 @@ +Content-Type: application/signed-exchange;v=b3 +X-Content-Type-Options: nosniff diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg Binary files differnew file mode 100644 index 0000000000..8129b5479c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/check-cert-request.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg Binary files differnew file mode 100644 index 0000000000..b5dcb6b86d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/fallback-to-another-sxg.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg Binary files differnew file mode 100644 index 0000000000..db08ad072c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-remote-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg Binary files differnew file mode 100644 index 0000000000..5057e9ddf4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/invalid-sxg-referrer-same-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg Binary files differnew file mode 100644 index 0000000000..6d8538882d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/nested-sxg.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg Binary files differnew file mode 100644 index 0000000000..20ae275818 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-after-fallback.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg Binary files differnew file mode 100644 index 0000000000..792222029f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/register-sw-from-sxg.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..2a7dbf6fa6 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg Binary files differnew file mode 100644 index 0000000000..072125400a --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-cert-not-found.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg Binary files differnew file mode 100644 index 0000000000..b5972d545c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-data-cert-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg Binary files differnew file mode 100644 index 0000000000..8f57c63dfa --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg Binary files differnew file mode 100644 index 0000000000..0093eb1d37 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..62acedd390 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg Binary files differnew file mode 100644 index 0000000000..30e4fcd912 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..066a3cc0a4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg Binary files differnew file mode 100644 index 0000000000..46d2bb1386 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg new file mode 100644 index 0000000000..3fbb151b5c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-format.sxg @@ -0,0 +1 @@ +This is an invalid Signed Exchange. diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg Binary files differnew file mode 100644 index 0000000000..95d358245c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg Binary files differnew file mode 100644 index 0000000000..65357e14ac --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg Binary files differnew file mode 100644 index 0000000000..62e88d6386 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..a2ddc77951 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location-cert-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg Binary files differnew file mode 100644 index 0000000000..1678b751bc --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-location.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg Binary files differnew file mode 100644 index 0000000000..0c6dce01da --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg Binary files differnew file mode 100644 index 0000000000..56a90d5125 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-navigation-timing.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg Binary files differnew file mode 100644 index 0000000000..88439982f6 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-noncacheable.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg Binary files differnew file mode 100644 index 0000000000..f452270c5b --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-prefetch-test.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg Binary files differnew file mode 100644 index 0000000000..00aa755efc --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-remote-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg Binary files differnew file mode 100644 index 0000000000..cc7793efa2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-referrer-same-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg Binary files differnew file mode 100644 index 0000000000..ace89dde64 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers new file mode 100644 index 0000000000..8f1b47ef06 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg.sub.headers @@ -0,0 +1 @@ +Link: <https://{{hosts[alt][]}}:{{ports[https][0]}}/signed-exchange/resources/sxg/sxg-subresource-script.sxg>;rel=alternate;type="application/signed-exchange;v=b3";anchor="https://127.0.0.1:8444/signed-exchange/resources/sxg-subresource-script.js"; diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg Binary files differnew file mode 100644 index 0000000000..fe1bd97645 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource-script.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg Binary files differnew file mode 100644 index 0000000000..97823ee8f7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers new file mode 100644 index 0000000000..8bc3938df8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-subresource.sxg.sub.headers @@ -0,0 +1 @@ +Link: <https://{{host}}:{{ports[https][0]}}/signed-exchange/resources/sxg/sxg-subresource-script.sxg>;rel=alternate;type="application/signed-exchange;v=b3";anchor="https://127.0.0.1:8444/signed-exchange/resources/sxg-subresource-script.js"; diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg Binary files differnew file mode 100644 index 0000000000..3edf285f1b --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg Binary files differnew file mode 100644 index 0000000000..294f97b097 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg Binary files differnew file mode 100644 index 0000000000..e90d9bc66d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg Binary files differnew file mode 100644 index 0000000000..aed8bd175d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-match.sxg diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg Binary files differnew file mode 100644 index 0000000000..ae96b7213f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg diff --git a/testing/web-platform/tests/signed-exchange/service-workers/sxg-sw-register-after-fallback.tentative.https.html b/testing/web-platform/tests/signed-exchange/service-workers/sxg-sw-register-after-fallback.tentative.https.html new file mode 100644 index 0000000000..2b76a70dc9 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/service-workers/sxg-sw-register-after-fallback.tentative.https.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<title>Service worker registration after fallback</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = + get_host_info().HTTPS_ORIGIN + + '/signed-exchange/resources/sxg/register-sw-after-fallback.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, + get_host_info().HTTPS_ORIGIN + + '/signed-exchange/resources/register-sw-after-fallback.html'); + assert_true(message.is_fallback); + + assert_equals(message.err, undefined); + assert_equals(message.iframe_body, 'Generated by service worker'); +}, 'Service worker registration after fallback'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/service-workers/sxg-sw-register.tentative.https.html b/testing/web-platform/tests/signed-exchange/service-workers/sxg-sw-register.tentative.https.html new file mode 100644 index 0000000000..ad21ebb20d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/service-workers/sxg-sw-register.tentative.https.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<title>Service worker registration from signed exchange</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = + get_host_info().HTTPS_ORIGIN + + '/signed-exchange/resources/sxg/register-sw-from-sxg.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, + get_host_info().HTTPS_ORIGIN + + '/signed-exchange/resources/register-sw-from-sxg.html'); + assert_false(message.is_fallback); + + assert_equals(message.err, undefined); + assert_equals(message.iframe_body, 'Generated by service worker'); +}, 'Service worker registration from signed exchange'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/subresource/sxg-subresource-header-integrity-mismatch.tentative.html b/testing/web-platform/tests/signed-exchange/subresource/sxg-subresource-header-integrity-mismatch.tentative.html new file mode 100644 index 0000000000..a7f42d9461 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/subresource/sxg-subresource-header-integrity-mismatch.tentative.html @@ -0,0 +1,144 @@ +<!DOCTYPE html> +<title>Subresource signed exchange prefetch.</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +nel_iframe_test(async t => { + const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + const test_origin = get_host_info().HTTPS_ORIGIN; + await loadResourceWithBasicPolicyInIframe(); + const iframe_path = + alt_origin + + '/signed-exchange/resources/sxg-subresource-mismatch-iframe.html'; + const wait_message = (new Promise((resolve) => { + const on_message = (event) => { + window.removeEventListener('message', on_message); + resolve(event.data); + }; + window.addEventListener('message', on_message); + })); + withIframe(iframe_path); + const message = await wait_message; + assert_equals(message, 'from server'); + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + + const main_outer_url = alt_origin + '/signed-exchange/resources/sxg/sxg-subresource-header-integrity-mismatch.sxg'; + const main_inner_url = innerURLOrigin() + '/signed-exchange/resources/sxg-subresource-sxg.html'; + const sub_outer_url = alt_origin + '/signed-exchange/resources/sxg/sxg-subresource-script.sxg'; + const sub_inner_url = innerURLOrigin() + '/signed-exchange/resources/sxg-subresource-script.js'; + const iframe_url = alt_origin + '/signed-exchange/resources/sxg-subresource-mismatch-iframe.html'; + assert_true(await reportsExist([ + // Normal NEL report for the iframe's HTML. + { + url: iframe_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + // Normal NEL report for the main resource signed exchange. + { + url: main_outer_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: iframe_url, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + // Signed Exchange NEL report for the main resource signed exchange. + { + url: main_outer_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: iframe_url, + sxg: { + outer_url: main_outer_url, + inner_url: main_inner_url, + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + // Signed Exchange NEL report for the subresource signed exchange header + // integrity mismatch. + { + url: sub_outer_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.header_integrity_mismatch", + status_code: 200, + referrer: main_outer_url, + sxg: { + outer_url: sub_outer_url, + inner_url: sub_inner_url, + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + // Normal NEL report for the main resource signed exchange. + { + url: sub_outer_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: iframe_url, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + // Signed Exchange NEL report for the sub resource signed exchange. + { + url: sub_outer_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: iframe_url, + sxg: { + outer_url: sub_outer_url, + inner_url: sub_inner_url, + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'Subresource signed exchange prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/subresource/sxg-subresource.tentative.html b/testing/web-platform/tests/signed-exchange/subresource/sxg-subresource.tentative.html new file mode 100644 index 0000000000..8ca12b4cbc --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/subresource/sxg-subresource.tentative.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<title>Subresource signed exchange prefetch.</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const iframe_path = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg-subresource-iframe.html'; + const wait_message = (new Promise((resolve) => { + const on_message = (event) => { + window.removeEventListener('message', on_message); + resolve(event.data); + }; + window.addEventListener('message', on_message); + })); + withIframe(iframe_path); + const message = await wait_message; + assert_equals(message, 'from signed exchange'); +}, 'Subresource signed exchange prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-data-cert-url.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-data-cert-url.tentative.html new file mode 100644 index 0000000000..0d6bd5602e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-data-cert-url.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>SignedHTTPExchange using data URL for cert-url</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-data-cert-url.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); +}, 'SignedHTTPExchange using data URL for cert-url'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-double-prefetch.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-double-prefetch.tentative.html new file mode 100644 index 0000000000..d682741744 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-double-prefetch.tentative.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<title>Prefetching double SignedHTTPExchange files must not crash</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +function addPrefetch(url) { + let link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = url; + document.body.appendChild(link); +} +promise_test(async (t) => { + const sxg1_url = + get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-location.sxg?1'; + const sxg2_url = + get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-location.sxg?2'; + addPrefetch(sxg1_url); + addPrefetch(sxg2_url); + await new Promise(resolve => { + setInterval(() => { + const entries = performance.getEntriesByType("resource"); + let hit_count = 0; + for (let i = 0; i < entries.length; ++i) { + const entry = entries[i]; + if (entry.name == sxg1_url || entry.name == sxg2_url) { + if (++hit_count == 2) + resolve(); + } + } + }, 100); + }); +}, 'Prefetching double SignedHTTPExchange files must not crash'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-fallback-with-fragment.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-fallback-with-fragment.tentative.html new file mode 100644 index 0000000000..aae8fa8bd1 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-fallback-with-fragment.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Fallback redirect of SignedHTTPExchange should preserve URL fragment</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg#fragment'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html#fragment'); + assert_true(message.is_fallback); +}, 'Fallback redirect of SignedHTTPExchange should preserve URL fragment'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-hsts.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-hsts.tentative.html new file mode 100644 index 0000000000..6024e2879e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-hsts.tentative.html @@ -0,0 +1,21 @@ +<!DOCTYPE html> +<title>Loading SignedHTTPExchange with strict-transport-security must fail</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + + '/signed-exchange/resources/sxg/sxg-hsts.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + const innerURL = innerURLOrigin() + + '/signed-exchange/resources/inner-url.html'; + assert_equals(message.location, innerURL); + assert_true(message.is_fallback); +}, 'Loading SignedHTTPExchange with an uncached header ' + + 'Strict-Transport-Security must fail and fallback redirect.'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-inner-url-bom.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-inner-url-bom.tentative.html new file mode 100644 index 0000000000..be2d7e5022 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-inner-url-bom.tentative.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<title>SignedHTTPExchange's fallback url must not have UTF-8 BOM</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + try { + const sxgUrl = get_host_info().HTTP_ORIGIN + '/signed-exchange/resources/sxg/sxg-inner-url-bom.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + if (message.is_fallback) { + assert_unreached('Fallback redirect should not have happened'); + } else { + assert_unreached('SXG should not have loaded'); + } + } catch (e) { + assert_equals(e, 'timeout'); + } +}, "SignedHTTPExchange's fallback url must not have UTF-8 BOM"); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-invalid-utf8-inner-url.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-invalid-utf8-inner-url.tentative.html new file mode 100644 index 0000000000..7512d639e8 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-invalid-utf8-inner-url.tentative.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<title>SignedHTTPExchange's fallback url must not have invalid UTF-8 sequence</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + try { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-invalid-utf8-inner-url.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + if (message.is_fallback) { + assert_unreached('Fallback redirect should not have happened'); + } else { + assert_unreached('SXG should not have loaded'); + } + } catch (e) { + assert_equals(e, 'timeout'); + } +}, "SignedHTTPExchange's fallback url must not have invalid UTF-8 sequence"); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-invalid-validity-url.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-invalid-validity-url.tentative.html new file mode 100644 index 0000000000..bb027b1669 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-invalid-validity-url.tentative.html @@ -0,0 +1,19 @@ +<!DOCTYPE html> +<title>Loading SignedHTTPExchange which validity URL is different origin from +request URL must fail</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-invalid-validity-url.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); +}, 'Loading SignedHTTPExchange which validity URL is different origin from ' + + 'request URL must fail'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-location-fragment.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-location-fragment.tentative.html new file mode 100644 index 0000000000..92e1efbc20 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-location-fragment.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Navigating to a Signed Exchange should preserve URL fragment</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-location.sxg#fragment'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html#fragment'); + assert_false(message.is_fallback); +}, 'Navigating to a Signed Exchange should preserve URL fragment'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-location.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-location.tentative.html new file mode 100644 index 0000000000..17ca0768d6 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-location.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Location of SignedHTTPExchange</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-location.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); +}, 'Location of SignedHTTPExchange'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-merkle-integrity-error.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-merkle-integrity-error.tentative.html new file mode 100644 index 0000000000..a5c4a2f7ee --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-merkle-integrity-error.tentative.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<title>SignedHTTPExchange with payload integrity error</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + try { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + if (message.is_fallback) { + assert_unreached('Fallback redirect should not have happened'); + } else { + assert_unreached('SXG should not have loaded'); + } + } catch (e) { + assert_equals(e, 'timeout'); + } +}, "SignedHTTPExchange with payload integrity error"); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-navigation-timing.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-navigation-timing.tentative.html new file mode 100644 index 0000000000..b3f088241f --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-navigation-timing.tentative.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<title>Navigation timing of SignedHTTPExchange</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-navigation-timing.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_false(message.is_fallback); + + let timing = JSON.parse(message.timing); + let originalContent = await fetch('resources/sxg-navigation-timing.html').then(resp => resp.arrayBuffer()); + + assert_equals(timing.decodedBodySize, originalContent.byteLength); + assert_equals(timing.encodedBodySize, computeMiceLength(originalContent.byteLength, 100)); + // TODO(https://crbug.com/928589): Test other fields too. +}, 'Navigation timing of SignedHTTPExchange'); + +// Returns content length after MI encode. +function computeMiceLength(len, recordSize) { + const recordSizeLen = 8; + const sha256DigestLength = 32; + return recordSizeLen + len + Math.floor(len / recordSize) * sha256DigestLength; +} + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-non-secure-origin.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-non-secure-origin.tentative.html new file mode 100644 index 0000000000..84938da76d --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-non-secure-origin.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Loading SignedHTTPExchange from non secure origin must fail</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTP_ORIGIN + '/signed-exchange/resources/sxg/sxg-location.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); +}, 'Loading SignedHTTPExchange from non secure origin must fail'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-noncacheable.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-noncacheable.tentative.html new file mode 100644 index 0000000000..1315360745 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-noncacheable.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>Loading SignedHTTPExchange with non-cacheable response must fail</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-noncacheable.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); +}, 'Loading SignedHTTPExchange with non-cacheable response must fail'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-prefetch-merkle-integrity-error.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-prefetch-merkle-integrity-error.tentative.html new file mode 100644 index 0000000000..2086c38545 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-prefetch-merkle-integrity-error.tentative.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<title>Prefetching SignedHTTPExchange with payload integrity error should fail</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg'; + await new Promise(resolve => { + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = sxgUrl; + link.addEventListener('error', t.step_func(() => { + resolve(); + })); + link.addEventListener('load', t.step_func(() => { + assert_unreached('Prefetch should fail'); + })); + document.body.appendChild(link); + }); +}, "Prefetching SignedHTTPExchange with payload integrity error should fail"); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-prefetch-resource-timing.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-prefetch-resource-timing.tentative.html new file mode 100644 index 0000000000..5b60ab9e1a --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-prefetch-resource-timing.tentative.html @@ -0,0 +1,44 @@ +<!DOCTYPE html> +<title>Resource Timing for prefetched SignedHTTPExchange</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +function addPrefetch(url) { + let link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = url; + document.body.appendChild(link); +} + +async function waitForPerformanceEntries(url) { + let entries = performance.getEntriesByName(url); + if (entries.length > 0) { + return entries; + } + return new Promise((resolve) => { + new PerformanceObserver((list) => { + const entries = list.getEntriesByName(url); + if (entries.length > 0) { + resolve(entries); + } + }).observe({ entryTypes: ['resource'] }); + }); +} + +promise_test(async (t) => { + const url = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-location.sxg'; + addPrefetch(url); + return waitForPerformanceEntries(url).then((entries) => { + assert_equals(entries.length, 1, "Should have only one resource timing entry"); + const e = entries[0]; + assert_greater_than(e.duration, 0, "duration should be greater than 0"); + assert_greater_than(e.fetchStart, 0, "fetchStart should be greater than 0"); + assert_greater_than(e.responseEnd, e.fetchStart, + "responseEnd should be greater than fetchStart"); + }); +}, 'Resource Timing for prefetched SignedHTTPExchange'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-prefetch.tentative.https.html b/testing/web-platform/tests/signed-exchange/sxg-prefetch.tentative.https.html new file mode 100644 index 0000000000..a6e55567e0 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-prefetch.tentative.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<title>Prefetched signed exchange and certificate must not be fetched again</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/common/utils.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const id = token(); + const sxgUrl = get_host_info().HTTPS_REMOTE_ORIGIN + '/signed-exchange/resources/prefetch-test-sxg.py?id=' + id; + + await new Promise(resolve => { + const link = document.createElement('link'); + link.rel = 'prefetch'; + link.href = sxgUrl; + link.as = 'document'; + link.addEventListener('error', t.step_func(() => { + assert_unreached('Prefetch should not fail'); + })); + link.addEventListener('load', t.step_func(() => { + resolve(); + })); + document.body.appendChild(link); + }); + const message_promise = new Promise((resolve) => { + window.addEventListener('message', (event) => { + resolve(event.data); + }, false); + }); + const win = window.open(sxgUrl, "_blank"); + const message = await message_promise; + win.close(); + assert_equals(message, 'loaded'); +}, 'Prefetched signed exchange and certificate must not be fetched again.'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-referrer-policy-header.tentative.https.html b/testing/web-platform/tests/signed-exchange/sxg-referrer-policy-header.tentative.https.html new file mode 100644 index 0000000000..5dff6af8cb --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-referrer-policy-header.tentative.https.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<title>Referrer-Policy header in outer SXG response</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +(() => { + const SAME_ORIGIN = get_host_info().HTTPS_ORIGIN; + const SAME_ORIGIN_SXG = 'sxg-referrer-same-origin.sxg'; + const TEST_CASES = [ + // Referrer-Policy header in outer SXG response. + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG + '?pipe=header(Referrer-Policy,no-referrer)', + referrerPolicy: undefined, + expectedReferrer: '' + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG + + '?pipe=header(Referrer-Policy,no-referrer-when-downgrade)', + referrerPolicy: undefined, + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG + '?pipe=header(Referrer-Policy,origin)', + referrerPolicy: undefined, + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG + '?pipe=header(Referrer-Policy,same-origin)', + referrerPolicy: undefined, + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG + '?pipe=header(Referrer-Policy,strict-origin)', + referrerPolicy: undefined, + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG + + '?pipe=header(Referrer-Policy,strict-origin-when-cross-origin)', + referrerPolicy: undefined, + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG + '?pipe=header(Referrer-Policy,unsafe-url)', + referrerPolicy: undefined, + expectedReferrer: document.location.href + }, + ]; + runReferrerTests(TEST_CASES); +})(); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-referrer-remote-physical-remote-logical.tentative.https.html b/testing/web-platform/tests/signed-exchange/sxg-referrer-remote-physical-remote-logical.tentative.https.html new file mode 100644 index 0000000000..67de083d27 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-referrer-remote-physical-remote-logical.tentative.https.html @@ -0,0 +1,67 @@ +<!DOCTYPE html> +<title>Referrer of SignedHTTPExchange(physical:remote origin, logical:remote origin)</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +(() => { + const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN; + const REMOTE_ORIGIN_SXG = 'sxg-referrer-remote-origin.sxg'; + const TEST_CASES = [ + // Physical origin = remote origin. Logical origin = remote origin. + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: undefined, + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'no-referrer', + expectedReferrer: '' + }, + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'no-referrer-when-downgrade', + expectedReferrer: document.location.href + }, + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'same-origin', + expectedReferrer: '' + }, + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'strict-origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'strict-origin-when-cross-origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'unsafe-url', + expectedReferrer: document.location.href + }, + ]; + runReferrerTests(TEST_CASES); +})(); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-referrer-remote-physical-same-logical.tentative.https.html b/testing/web-platform/tests/signed-exchange/sxg-referrer-remote-physical-same-logical.tentative.https.html new file mode 100644 index 0000000000..4d8aff8081 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-referrer-remote-physical-same-logical.tentative.https.html @@ -0,0 +1,66 @@ +<!DOCTYPE html> +<title>Referrer of SignedHTTPExchange(physical:remote origin, logical:same origin)</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +(() => { + const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN; + const SAME_ORIGIN_SXG = 'sxg-referrer-same-origin.sxg'; + const TEST_CASES = [ + // Physical origin = remote origin. Logical origin = same origin. + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: undefined, + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'no-referrer', + expectedReferrer: '' + }, + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'no-referrer-when-downgrade', + expectedReferrer: document.location.href + }, + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'same-origin', + expectedReferrer: '' + }, + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'strict-origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'strict-origin-when-cross-origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: REMOTE_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'unsafe-url', + expectedReferrer: document.location.href + }, + ]; + runReferrerTests(TEST_CASES); +})(); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-referrer-same-physical-remote-logical.tentative.https.html b/testing/web-platform/tests/signed-exchange/sxg-referrer-same-physical-remote-logical.tentative.https.html new file mode 100644 index 0000000000..3ba597ed49 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-referrer-same-physical-remote-logical.tentative.https.html @@ -0,0 +1,67 @@ +<!DOCTYPE html> +<title>Referrer of SignedHTTPExchange(physical:same origin, logical:remote origin)</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +(() => { + const SAME_ORIGIN = get_host_info().HTTPS_ORIGIN; + const REMOTE_ORIGIN_SXG = 'sxg-referrer-remote-origin.sxg'; + const TEST_CASES = [ + // Physical origin = same origin. Logical origin = remote origin. + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: undefined, + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'no-referrer', + expectedReferrer: '' + }, + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'no-referrer-when-downgrade', + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'same-origin', + expectedReferrer: '' + }, + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'strict-origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'strict-origin-when-cross-origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: REMOTE_ORIGIN_SXG, + referrerPolicy: 'unsafe-url', + expectedReferrer: document.location.href + }, + ]; + runReferrerTests(TEST_CASES); +})(); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-referrer-same-physical-same-logical.tentative.https.html b/testing/web-platform/tests/signed-exchange/sxg-referrer-same-physical-same-logical.tentative.https.html new file mode 100644 index 0000000000..88917167b9 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-referrer-same-physical-same-logical.tentative.https.html @@ -0,0 +1,66 @@ +<!DOCTYPE html> +<title>Referrer of SignedHTTPExchange(physical:same origin, logical:same origin)</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +(() => { + const SAME_ORIGIN = get_host_info().HTTPS_ORIGIN; + const SAME_ORIGIN_SXG = 'sxg-referrer-same-origin.sxg'; + const TEST_CASES = [ + // Physical origin = same origin. Logical origin = same origin. + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: undefined, + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'no-referrer', + expectedReferrer: '' + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'no-referrer-when-downgrade', + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'same-origin', + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'strict-origin', + expectedReferrer: document.location.origin + '/' + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'strict-origin-when-cross-origin', + expectedReferrer: document.location.href + }, + { + origin: SAME_ORIGIN, + sxg: SAME_ORIGIN_SXG, + referrerPolicy: 'unsafe-url', + expectedReferrer: document.location.href + }, + ]; + runReferrerTests(TEST_CASES); +})(); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-utf8-inner-url.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-utf8-inner-url.tentative.html new file mode 100644 index 0000000000..85670a786a --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-utf8-inner-url.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>SignedHTTPExchange with UTF-8 inner URL</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-utf8-inner-url.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, new URL(innerURLOrigin() + '/signed-exchange/resources/\uD83C\uDF10\uD83D\uDCE6.html').href); + assert_false(message.is_fallback); +}, 'SignedHTTPExchange with UTF-8 inner URL'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-variants-match.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-variants-match.tentative.html new file mode 100644 index 0000000000..21d1b80d3c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-variants-match.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>SignedHTTPExchange should be loaded if Variants/Variant-Key match the request</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-variants-match.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); +}, 'SignedHTTPExchange should be loaded if Variants/Variant-Key match the request'); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-variants-mismatch.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-variants-mismatch.tentative.html new file mode 100644 index 0000000000..b57ec81926 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-variants-mismatch.tentative.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<title>SignedHTTPExchange should fallback if Variants/Variant-Key don't match the request</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg/sxg-variants-mismatch.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); +}, "SignedHTTPExchange should fallback if Variants/Variant-Key don't match the request"); + +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/sxg-version1b2.tentative.html b/testing/web-platform/tests/signed-exchange/sxg-version1b2.tentative.html new file mode 100644 index 0000000000..43b340dbb7 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/sxg-version1b2.tentative.html @@ -0,0 +1,20 @@ +<!DOCTYPE html> +<title>Loading SignedHTTPExchange of unsupported version must fail</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="./resources/sxg-util.js"></script> +<body> +<p>Note: This test FAILs if your browser supports Signed Exchange version 1b2.</p> +<script> +promise_test(async (t) => { + const sxgUrl = get_host_info().HTTPS_ORIGIN + + '/signed-exchange/resources/sxg-version1b2.sxg'; + const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl); + const innerURL = innerURLOrigin() + + '/signed-exchange/resources/inner-url.html'; + assert_equals(message.location, innerURL); + assert_true(message.is_fallback); +}, 'Loading SignedHTTPExchange of unsupported version must fail and fallback redirect.'); +</script> +</body> |