generate-test-sxgs.sh (21541B)
1 #!/bin/sh 2 sxg_version=1b3 3 certfile=127.0.0.1.sxg.pem 4 keyfile=127.0.0.1.sxg.key 5 inner_url_origin=https://127.0.0.1:8444 6 # TODO: Stop hard-coding "web-platform.test" when generating Signed Exchanges on 7 # the fly. 8 wpt_test_origin=https://web-platform.test:8444 9 wpt_test_remote_origin=https://www1.web-platform.test:8444 10 wpt_test_alt_origin=https://not-web-platform.test:8444 11 cert_url_origin=$wpt_test_origin 12 sxg_content_type='content-type: application/signed-exchange;v=b3' 13 variants_header=variants-04 14 variant_key_header=variant-key-04 15 16 set -e 17 18 for cmd in gen-signedexchange gen-certurl dump-signedexchange; do 19 if ! command -v $cmd > /dev/null 2>&1; then 20 echo "$cmd is not installed. Please run:" 21 echo " go get -u github.com/WICG/webpackage/go/signedexchange/cmd/..." 22 echo ' export PATH=$PATH:$(go env GOPATH)/bin' 23 exit 1 24 fi 25 done 26 27 tmpdir=$(mktemp -d) 28 29 echo -n OCSP >$tmpdir/ocsp 30 gen-certurl -pem $certfile -ocsp $tmpdir/ocsp > $certfile.cbor 31 32 option="-w 0" 33 if [ "$(uname -s)" = "Darwin" ]; then 34 option="" 35 fi 36 37 cert_base64=$(base64 ${option} ${certfile}.cbor) 38 data_cert_url="data:application/cert-chain+cbor;base64,$cert_base64" 39 40 41 # A valid Signed Exchange. 42 gen-signedexchange \ 43 -version $sxg_version \ 44 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 45 -status 200 \ 46 -content sxg-location.html \ 47 -certificate $certfile \ 48 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 49 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 50 -privateKey $keyfile \ 51 -date 2018-04-01T00:00:00Z \ 52 -expire 168h \ 53 -o sxg/sxg-location.sxg \ 54 -miRecordSize 100 55 56 # A valid Signed Exchange. The origin of certUrl is the "alt" origin where NEL 57 # policy is installed in reporting tests. 58 gen-signedexchange \ 59 -version $sxg_version \ 60 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 61 -status 200 \ 62 -content sxg-location.html \ 63 -certificate $certfile \ 64 -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \ 65 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 66 -privateKey $keyfile \ 67 -date 2018-04-01T00:00:00Z \ 68 -expire 168h \ 69 -o sxg/sxg-location-cert-on-alt-origin.sxg \ 70 -miRecordSize 100 71 72 # A signed exchange of unsupported version. 73 gen-signedexchange \ 74 -version 1b2 \ 75 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 76 -status 200 \ 77 -content sxg-location.html \ 78 -certificate $certfile \ 79 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 80 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 81 -privateKey $keyfile \ 82 -date 2018-04-01T00:00:00Z \ 83 -expire 168h \ 84 -o sxg-version1b2.sxg \ 85 -miRecordSize 100 86 87 # A valid Signed Exchange for testing referrer which logical origin is the wpt 88 # test origin. 89 gen-signedexchange \ 90 -version $sxg_version \ 91 -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \ 92 -status 200 \ 93 -content sxg-location.html \ 94 -certificate $certfile \ 95 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 96 -validityUrl $wpt_test_origin/resource.validity.msg \ 97 -privateKey $keyfile \ 98 -date 2018-04-01T00:00:00Z \ 99 -expire 168h \ 100 -o sxg/sxg-referrer-same-origin.sxg \ 101 -miRecordSize 100 102 103 # A valid Signed Exchange for testing referrer which logical origin is the wpt 104 # test remote origin. 105 gen-signedexchange \ 106 -version $sxg_version \ 107 -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \ 108 -status 200 \ 109 -content sxg-location.html \ 110 -certificate $certfile \ 111 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 112 -validityUrl $wpt_test_remote_origin/resource.validity.msg \ 113 -privateKey $keyfile \ 114 -date 2018-04-01T00:00:00Z \ 115 -expire 168h \ 116 -o sxg/sxg-referrer-remote-origin.sxg \ 117 -miRecordSize 100 118 119 # A invalid Signed Exchange for testing referrer which logical origin is the wpt 120 # test origin. Response has Cache-Control: no-store header. 121 gen-signedexchange \ 122 -version $sxg_version \ 123 -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \ 124 -status 200 \ 125 -responseHeader "Cache-Control: no-store" \ 126 -content sxg-location.html \ 127 -certificate $certfile \ 128 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 129 -validityUrl $wpt_test_origin/resource.validity.msg \ 130 -privateKey $keyfile \ 131 -date 2018-04-01T00:00:00Z \ 132 -expire 168h \ 133 -o sxg/invalid-sxg-referrer-same-origin.sxg \ 134 -miRecordSize 100 \ 135 -ignoreErrors true 136 137 # A invalid Signed Exchange for testing referrer which logical origin is the wpt 138 # test remote origin. Response has Cache-Control: no-store header. 139 gen-signedexchange \ 140 -version $sxg_version \ 141 -uri $wpt_test_remote_origin/signed-exchange/resources/inner-url.html \ 142 -status 200 \ 143 -responseHeader "Cache-Control: no-store" \ 144 -content sxg-location.html \ 145 -certificate $certfile \ 146 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 147 -validityUrl $wpt_test_remote_origin/resource.validity.msg \ 148 -privateKey $keyfile \ 149 -date 2018-04-01T00:00:00Z \ 150 -expire 168h \ 151 -o sxg/invalid-sxg-referrer-remote-origin.sxg \ 152 -miRecordSize 100 \ 153 -ignoreErrors true 154 155 # For check-cert-request.tentative.html 156 gen-signedexchange \ 157 -version $sxg_version \ 158 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 159 -status 200 \ 160 -content sxg-location.html \ 161 -certificate $certfile \ 162 -certUrl $cert_url_origin/signed-exchange/resources/check-cert-request.py \ 163 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 164 -privateKey $keyfile \ 165 -date 2018-04-01T00:00:00Z \ 166 -expire 168h \ 167 -o sxg/check-cert-request.sxg \ 168 -miRecordSize 100 169 170 # validityUrl is different origin from request URL. 171 gen-signedexchange \ 172 -version $sxg_version \ 173 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 174 -status 200 \ 175 -content failure.html \ 176 -certificate $certfile \ 177 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 178 -validityUrl https://example.com/signed-exchange/resources/resource.validity.msg \ 179 -privateKey $keyfile \ 180 -date 2018-04-01T00:00:00Z \ 181 -expire 168h \ 182 -o sxg/sxg-invalid-validity-url.sxg \ 183 -miRecordSize 100 \ 184 -ignoreErrors true 185 186 # certUrl is 404 and the origin of certUrl is different from the "alt" origin 187 # where NEL policy is installed in reporting tests. 188 gen-signedexchange \ 189 -version $sxg_version \ 190 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 191 -status 200 \ 192 -content sxg-location.html \ 193 -certificate $certfile \ 194 -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \ 195 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 196 -privateKey $keyfile \ 197 -date 2018-04-01T00:00:00Z \ 198 -expire 168h \ 199 -o sxg/sxg-cert-not-found.sxg \ 200 -miRecordSize 100 201 202 # certUrl is 404 and the origin of certUrl is the "alt" origin where NEL policy 203 # is installed in reporting tests. 204 gen-signedexchange \ 205 -version $sxg_version \ 206 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 207 -status 200 \ 208 -content sxg-location.html \ 209 -certificate $certfile \ 210 -certUrl $wpt_test_alt_origin/signed-exchange/resources/not_found_certfile.cbor \ 211 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 212 -privateKey $keyfile \ 213 -date 2018-04-01T00:00:00Z \ 214 -expire 168h \ 215 -o sxg/sxg-cert-not-found-on-alt-origin.sxg \ 216 -miRecordSize 100 217 218 # certUrl is 404 and fallback URL is another signed exchange. 219 gen-signedexchange \ 220 -version $sxg_version \ 221 -uri $inner_url_origin/signed-exchange/resources/sxg/sxg-location.sxg \ 222 -status 200 \ 223 -content failure.html \ 224 -certificate $certfile \ 225 -certUrl $cert_url_origin/signed-exchange/resources/not_found_$certfile.cbor \ 226 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 227 -privateKey $keyfile \ 228 -date 2018-04-01T00:00:00Z \ 229 -expire 168h \ 230 -o sxg/fallback-to-another-sxg.sxg \ 231 -miRecordSize 100 \ 232 -ignoreErrors true 233 234 # certUrl is an invalid cert and the origin of certUrl is different from the 235 # "alt" origin where NEL policy is installed in reporting tests. 236 gen-signedexchange \ 237 -version $sxg_version \ 238 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 239 -status 200 \ 240 -content sxg-location.html \ 241 -certificate $certfile \ 242 -certUrl $cert_url_origin/signed-exchange/resources/invalid-cert-format.cbor \ 243 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 244 -privateKey $keyfile \ 245 -date 2018-04-01T00:00:00Z \ 246 -expire 168h \ 247 -o sxg/sxg-invalid-cert-format.sxg \ 248 -miRecordSize 100 249 250 # certUrl is an invalid cert and the origin of certUrl is the "alt" origin where 251 # NEL policy is installed in reporting tests. 252 gen-signedexchange \ 253 -version $sxg_version \ 254 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 255 -status 200 \ 256 -content sxg-location.html \ 257 -certificate $certfile \ 258 -certUrl $wpt_test_alt_origin/signed-exchange/resources/invalid-cert-format.cbor \ 259 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 260 -privateKey $keyfile \ 261 -date 2018-04-01T00:00:00Z \ 262 -expire 168h \ 263 -o sxg/sxg-invalid-cert-format-on-alt-origin.sxg \ 264 -miRecordSize 100 265 266 # Nested signed exchange. 267 gen-signedexchange \ 268 -version $sxg_version \ 269 -uri "$inner_url_origin/signed-exchange/resources/inner-url.html?fallback-from-nested-sxg" \ 270 -status 200 \ 271 -content sxg/sxg-location.sxg \ 272 -responseHeader "$sxg_content_type" \ 273 -certificate $certfile \ 274 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 275 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 276 -privateKey $keyfile \ 277 -date 2018-04-01T00:00:00Z \ 278 -expire 168h \ 279 -o sxg/nested-sxg.sxg \ 280 -miRecordSize 100 \ 281 -ignoreErrors true 282 283 # Fallback URL has non-ASCII UTF-8 characters. 284 gen-signedexchange \ 285 -version $sxg_version \ 286 -ignoreErrors \ 287 -uri "$inner_url_origin/signed-exchange/resources/🌐📦.html" \ 288 -status 200 \ 289 -content sxg-location.html \ 290 -certificate $certfile \ 291 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 292 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 293 -privateKey $keyfile \ 294 -date 2018-04-01T00:00:00Z \ 295 -expire 168h \ 296 -o sxg/sxg-utf8-inner-url.sxg \ 297 -miRecordSize 100 \ 298 -ignoreErrors true 299 300 # Fallback URL has invalid UTF-8 sequence. 301 gen-signedexchange \ 302 -version $sxg_version \ 303 -ignoreErrors \ 304 -uri "$inner_url_origin/signed-exchange/resources/$(echo -e '\xce\xce\xa9').html" \ 305 -status 200 \ 306 -content sxg-location.html \ 307 -certificate $certfile \ 308 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 309 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 310 -privateKey $keyfile \ 311 -date 2018-04-01T00:00:00Z \ 312 -expire 168h \ 313 -o sxg/sxg-invalid-utf8-inner-url.sxg \ 314 -miRecordSize 100 \ 315 -ignoreErrors true 316 317 # Fallback URL has UTF-8 BOM. 318 gen-signedexchange \ 319 -version $sxg_version \ 320 -ignoreErrors \ 321 -uri "$(echo -e '\xef\xbb\xbf')$inner_url_origin/signed-exchange/resources/inner-url.html" \ 322 -status 200 \ 323 -content sxg-location.html \ 324 -certificate $certfile \ 325 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 326 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 327 -privateKey $keyfile \ 328 -date 2018-04-01T00:00:00Z \ 329 -expire 168h \ 330 -o sxg/sxg-inner-url-bom.sxg \ 331 -miRecordSize 100 \ 332 -ignoreErrors true 333 334 # Response has Cache-Control: no-store header. 335 gen-signedexchange \ 336 -version $sxg_version \ 337 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 338 -status 200 \ 339 -responseHeader "Cache-Control: no-store" \ 340 -content sxg-location.html \ 341 -certificate $certfile \ 342 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 343 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 344 -privateKey $keyfile \ 345 -date 2018-04-01T00:00:00Z \ 346 -expire 168h \ 347 -o sxg/sxg-noncacheable.sxg \ 348 -miRecordSize 100 \ 349 -ignoreErrors true 350 351 # Response has a strict-transport-security header. 352 gen-signedexchange \ 353 -version $sxg_version \ 354 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 355 -status 200 \ 356 -responseHeader "Strict-Transport-Security: max-age=31536000" \ 357 -content sxg-location.html \ 358 -certificate $certfile \ 359 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 360 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 361 -privateKey $keyfile \ 362 -date 2018-04-01T00:00:00Z \ 363 -expire 168h \ 364 -o sxg/sxg-hsts.sxg \ 365 -miRecordSize 100 \ 366 -ignoreErrors true 367 368 # Signed Exchange with payload integrity error. 369 echo 'garbage' | cat sxg/sxg-location.sxg - >sxg/sxg-merkle-integrity-error.sxg 370 371 # An invalid signed exchange which integrity header is invalid. 372 cat sxg/sxg-location.sxg | 373 sed 's/digest\/mi-sha256-03/digest\/mi-sha256-xx/' \ 374 > sxg/sxg-invalid-integrity-header.sxg 375 376 # An invalid signed exchange which cert-sha256 is invalid. 377 dummy_sha256=`echo "dummy" | openssl dgst -binary -sha256 | base64` 378 cat sxg/sxg-location.sxg | 379 sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \ 380 > sxg/sxg-invalid-cert-sha256.sxg 381 cat sxg/sxg-location-cert-on-alt-origin.sxg | 382 sed "s/cert-sha256=\*[^*]*\*;/cert-sha256=*$dummy_sha256*;/" \ 383 > sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg 384 385 # An invalid signed exchange which validity period is too long. 386 gen-signedexchange \ 387 -version $sxg_version \ 388 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 389 -status 200 \ 390 -content sxg-location.html \ 391 -certificate $certfile \ 392 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 393 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 394 -privateKey $keyfile \ 395 -date 2018-04-01T00:00:00Z \ 396 -expire 300h \ 397 -o sxg/sxg-validity-period-too-long.sxg \ 398 -miRecordSize 100 \ 399 -ignoreErrors true 400 401 # An invalid signed exchange which validity period is too long. The origin of 402 # certUrl is the "alt" origin where NEL policy is installed in reporting tests. 403 gen-signedexchange \ 404 -version $sxg_version \ 405 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 406 -status 200 \ 407 -content sxg-location.html \ 408 -certificate $certfile \ 409 -certUrl $wpt_test_alt_origin/signed-exchange/resources/$certfile.cbor \ 410 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 411 -privateKey $keyfile \ 412 -date 2018-04-01T00:00:00Z \ 413 -expire 300h \ 414 -o sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg \ 415 -miRecordSize 100 \ 416 -ignoreErrors true 417 418 # Signed Exchange with variants / variant-key that match any request. 419 gen-signedexchange \ 420 -version $sxg_version \ 421 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 422 -status 200 \ 423 -responseHeader "${variants_header}: accept-language;en" \ 424 -responseHeader "${variant_key_header}: en" \ 425 -content sxg-location.html \ 426 -certificate $certfile \ 427 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 428 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 429 -privateKey $keyfile \ 430 -date 2018-04-01T00:00:00Z \ 431 -expire 168h \ 432 -o sxg/sxg-variants-match.sxg \ 433 -miRecordSize 100 434 435 # Signed Exchange with variants / variant-key that never match any request. 436 gen-signedexchange \ 437 -version $sxg_version \ 438 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 439 -status 200 \ 440 -responseHeader "${variants_header}: accept-language;en" \ 441 -responseHeader "${variant_key_header}: unknown" \ 442 -content sxg-location.html \ 443 -certificate $certfile \ 444 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 445 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 446 -privateKey $keyfile \ 447 -date 2018-04-01T00:00:00Z \ 448 -expire 168h \ 449 -o sxg/sxg-variants-mismatch.sxg \ 450 -miRecordSize 100 451 452 # A valid Signed Exchange that reports navigation timing. 453 gen-signedexchange \ 454 -version $sxg_version \ 455 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 456 -status 200 \ 457 -content sxg-navigation-timing.html \ 458 -certificate $certfile \ 459 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 460 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 461 -privateKey $keyfile \ 462 -date 2018-04-01T00:00:00Z \ 463 -expire 168h \ 464 -o sxg/sxg-navigation-timing.sxg \ 465 -miRecordSize 100 466 467 # A valid Signed Exchange for testing service worker registration. 468 gen-signedexchange \ 469 -version $sxg_version \ 470 -uri $wpt_test_origin/signed-exchange/resources/register-sw-from-sxg.html \ 471 -status 200 \ 472 -content register-sw.html \ 473 -certificate $certfile \ 474 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 475 -validityUrl $wpt_test_origin/resource.validity.msg \ 476 -privateKey $keyfile \ 477 -date 2018-04-01T00:00:00Z \ 478 -expire 168h \ 479 -o sxg/register-sw-from-sxg.sxg \ 480 -miRecordSize 100 481 482 # An invalid Signed Exchange for testing service worker registration after 483 # fallback. 484 gen-signedexchange \ 485 -version $sxg_version \ 486 -uri $wpt_test_origin/signed-exchange/resources/register-sw-after-fallback.html \ 487 -status 200 \ 488 -content sxg-location.html \ 489 -certificate $certfile \ 490 -certUrl $cert_url_origin/signed-exchange/resources/not_found_certfile.cbor \ 491 -validityUrl $wpt_test_origin/resource.validity.msg \ 492 -privateKey $keyfile \ 493 -date 2018-04-01T00:00:00Z \ 494 -expire 168h \ 495 -o sxg/register-sw-after-fallback.sxg \ 496 -miRecordSize 100 497 498 # A valid Signed Exchange using data URL for cert-url. 499 gen-signedexchange \ 500 -version $sxg_version \ 501 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 502 -status 200 \ 503 -content sxg-location.html \ 504 -certificate $certfile \ 505 -certUrl $data_cert_url \ 506 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 507 -privateKey $keyfile \ 508 -date 2018-04-01T00:00:00Z \ 509 -expire 168h \ 510 -o sxg/sxg-data-cert-url.sxg \ 511 -miRecordSize 100 512 513 # Generate the signed exchange file of sxg-subresource-script-inner.js. 514 gen-signedexchange \ 515 -version $sxg_version \ 516 -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-script.js \ 517 -status 200 \ 518 -responseHeader "Content-Type: application/javascript" \ 519 -content sxg-subresource-script-inner.js \ 520 -certificate $certfile \ 521 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 522 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 523 -privateKey $keyfile \ 524 -date 2030-04-01T00:00:00Z \ 525 -expire 168h \ 526 -o sxg/sxg-subresource-script.sxg \ 527 -miRecordSize 100 528 529 # Get the header integrity hash value of sxg-subresource-script.sxg. 530 header_integrity=$(dump-signedexchange -i sxg/sxg-subresource-script.sxg | \ 531 grep -o "header integrity: sha256-.*" | \ 532 grep -o "sha256-.*$") 533 534 # Generate the signed exchange file of signed exchange subresource test. 535 gen-signedexchange \ 536 -version $sxg_version \ 537 -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \ 538 -status 200 \ 539 -content sxg-subresource-sxg-inner.html \ 540 -certificate $certfile \ 541 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 542 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 543 -privateKey $keyfile \ 544 -date 2030-04-01T00:00:00Z \ 545 -expire 168h \ 546 -o sxg/sxg-subresource.sxg \ 547 -miRecordSize 100 \ 548 -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"$header_integrity\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script" 549 550 # Generate the signed exchange file of signed exchange subresource test with 551 # header integrity mismatch. 552 gen-signedexchange \ 553 -version $sxg_version \ 554 -uri $inner_url_origin/signed-exchange/resources/sxg-subresource-sxg.html \ 555 -status 200 \ 556 -content sxg-subresource-sxg-inner.html \ 557 -certificate $certfile \ 558 -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \ 559 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 560 -privateKey $keyfile \ 561 -date 2030-04-01T00:00:00Z \ 562 -expire 168h \ 563 -o sxg/sxg-subresource-header-integrity-mismatch.sxg \ 564 -miRecordSize 100 \ 565 -responseHeader "link:<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=allowed-alt-sxg;header-integrity=\"sha256-$dummy_sha256\",<$inner_url_origin/signed-exchange/resources/sxg-subresource-script.js>;rel=preload;as=script" 566 567 # A Signed Exchange for testing prefetch. 568 # The id query value "XXX..." of prefetch-test-cert.py will be replaced with 569 # UUID for stash token by prefetch-test-sxg.py. 570 gen-signedexchange \ 571 -version $sxg_version \ 572 -uri $inner_url_origin/signed-exchange/resources/inner-url.html \ 573 -status 200 \ 574 -content sxg-prefetch-test.html \ 575 -certificate $certfile \ 576 -certUrl $wpt_test_remote_origin/signed-exchange/resources/prefetch-test-cert.py?id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ 577 -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \ 578 -privateKey $keyfile \ 579 -date 2020-01-29T00:00:00Z \ 580 -expire 168h \ 581 -o sxg/sxg-prefetch-test.sxg \ 582 -miRecordSize 100 583 584 rm -fr $tmpdir