unknown-parameter.window.js (3669B)
1 // META: script=helper.js 2 3 // The following tests validate the behavior of unknown signature parameters. 4 // They'll all be rooted in the following response, generated using the steps at 5 // https://wicg.github.io/signature-based-sri/#examples, relying on the test 6 // key from https://www.rfc-editor.org/rfc/rfc9421.html#name-example-ed25519-test-key: 7 // 8 // ``` 9 // NOTE: '\' line wrapping per RFC 8792 10 // 11 // HTTP/1.1 200 OK 12 // Date: Tue, 20 Apr 2021 02:07:56 GMT 13 // Content-Type: application/json 14 // Unencoded-Digest: sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=: 15 // Content-Length: 18 16 // Signature-Input: signature=("unencoded-digest";sf "@status"); \ 17 // keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="; \ 18 // tag="sri" 19 // Signature: signature=:oVQ+s/OqXLAVdfvgZ3HaPiyzkpNXZSit9l6e1FB/gOOL3t8FOrIRDV \ 20 // CkcIEcJjd3MA1mROn39/WQShTmnKmlDg==: 21 // 22 // 23 // {"hello": "world"} 24 // ``` 25 26 // Metadata from the response above: 27 const kRequestsWithValidSignature = [ 28 // ``` 29 // "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=: 30 // "@signature-params": ("unencoded-digest";sf "@status");keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri";unknown=1 31 // ``` 32 { 33 body: "window.hello = `world`;", 34 digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:", 35 signature: `signature=:eZ2DGIHUsTNMxFReOMkbOrTmn+CqDckCZ5/635x1Apl2ws0nA+qZcHqZFMdjBvcGw0WElh3zYD0ynkQ+cHiWCA==:`, 36 signatureInput: `signature=("unencoded-digest";sf);keyid="${kValidKeys['rfc']}";tag="sri";unknown=1` 37 }, 38 // ``` 39 // "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=: 40 // "@signature-params": ("unencoded-digest";sf "@status");unknown=1;keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri" 41 // ``` 42 { 43 body: "window.hello = `world`;", 44 digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:", 45 signature: `signature=:YXQH8lkKBcGOMNSFbS56j3d5nK3j15HbFPIdsljzQVGFFd93T6FmXb2cLsoINYQbnMUOQBSROIzFZpgUQTBTBA==:`, 46 signatureInput: `signature=("unencoded-digest";sf);unknown=1;keyid="${kValidKeys['rfc']}";tag="sri"` 47 }, 48 ]; 49 50 // Valid signatures depend upon integrity checks. 51 // 52 // We're testing our handling of malformed and multiple keys generally in 53 // the broader `client-initiated.*` tests. Here we'll just focus on ensuring 54 // that responses with unknown parameters load at all (no integrity check), 55 // load when integrity checks match, and fail when integrity checks mismatch. 56 for (const request of kRequestsWithValidSignature) { 57 // fetch(): 58 generate_fetch_test(request, {}, EXPECT_LOADED, 59 `Valid signature (${request.signature}), no integrity check: loads.`); 60 generate_fetch_test(request, {integrity:`ed25519-${kValidKeys['rfc']}`}, EXPECT_LOADED, 61 `Valid signature (${request.signature}), matching integrity check: loads.`); 62 63 generate_fetch_test(request, {integrity:`ed25519-${kInvalidKey}`}, EXPECT_BLOCKED, 64 `Valid signature (${request.signature}), mismatched integrity check: blocked.`); 65 66 // <script>: 67 generate_script_test(request, "", EXPECT_LOADED, 68 `Valid signature (${request.signature}), no integrity check: loads.`); 69 generate_script_test(request, `ed25519-${kValidKeys['rfc']}`, EXPECT_LOADED, 70 `Valid signature (${request.signature}), matching integrity check: loads.`); 71 generate_script_test(request, `ed25519-${kInvalidKey}`, EXPECT_BLOCKED, 72 `Valid signature (${request.signature}), mismatched integrity check: blocked.`); 73 }