Bug 1756328 [wpt PR 32914] - Test webrtc/content-security-policy integration, a=testonly

Automatic update from web-platform-tests
Test webrtc/content-security-policy integration (#32914)

* Test webrtc/content-security-policy integration

...as specified in:

- w3c/webappsec-csp#457
- w3c/webrtc-extensions#81

* Fix typos in comment.

Co-authored-by: Jan-Ivar Bruaroey <[email protected]>

* Fix ice candidate exchange in CSP webrtc tests.

we should be passing each candidate to the *other* pc.

Tests now behave as expected.

* CSP webrtc tests: listen for connection state change, not gathering.

See web-platform-tests/wpt#32914 (comment)

* CSP webrtc tests: drop unnecessary stun server.

* webrtc csp: simplify state checking

"new" is the initial state.

Co-authored-by: Jan-Ivar Bruaroey <[email protected]>

Co-authored-by: Jan-Ivar Bruaroey <[email protected]>
--

wpt-commits: 0abba58602758eb8be11c38788c6f51fed2529e4
wpt-pr: 32914

Author: zenhack

testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-default-src-none.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src 'none'; script-src 'self' 'unsafe-inline'">
+    <title>webrtc allowed with default-src 'none'</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectAllow();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>

testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-explicit.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta http-equiv="Content-Security-Policy" content="webrtc 'allow';">
+    <title>webrtc allowed with an explicit webrtc allowed policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectAllow();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>

testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-nopolicy.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>webrtc allowed with no policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectAllow();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>

testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-explicit.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta http-equiv="Content-Security-Policy" content="webrtc 'block';">
+    <title>webrtc blocked with an explicit webrtc blocked policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectBlock();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>

testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-unknown.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta http-equiv="Content-Security-Policy" content="webrtc 'unrecognized';">
+    <title>webrtc blocked with an unrecognized explicit webrtc policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectBlock();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>

testing/web-platform/tests/content-security-policy/webrtc/webrtc.js

@@ -0,0 +1,56 @@
+
+// Creates two RTCPeerConnection and tries to connect them. Returns
+// "allowed" if the connection is permitted, "blocked" if it is
+// blocked on both sides and "inconsistent" in the event that the
+// result is not the same on both sides (should never happen).
+async function tryConnect() {
+    const pc1 = new RTCPeerConnection();
+    const pc2 = new RTCPeerConnection();
+
+    // Returns a promise which resolves to a boolean which is true
+    // if and only if pc.iceConnectionState settles in the "failed"
+    // state, and never transitions to any state other than "new"
+    // or "failed."
+    const pcFailed = (pc) => {
+        return new Promise((resolve, _reject) => {
+            pc.oniceconnectionstatechange = (e) => {
+                resolve(pc.iceConnectionState == "failed");
+            };
+        });
+    }
+    pc1Failed = pcFailed(pc1);
+    pc2Failed = pcFailed(pc2);
+
+    // Creating a data channel is necessary to induce negotiation:
+    const channel = pc1.createDataChannel('test');
+
+    // Usual webrtc signaling dance:
+    pc1.onicecandidate = ({candidate}) => pc2.addIceCandidate(candidate);
+    pc2.onicecandidate = ({candidate}) => pc1.addIceCandidate(candidate);
+    const offer = await pc1.createOffer();
+    await pc1.setLocalDescription(offer);
+    await pc2.setRemoteDescription(pc1.localDescription);
+    const answer = await pc2.createAnswer();
+    await pc2.setLocalDescription(answer);
+    await pc1.setRemoteDescription(pc2.localDescription);
+
+    const failed1 = await pc1Failed;
+    const failed2 = await pc2Failed;
+    if(failed1 && failed2) {
+        return 'blocked';
+    } else if(!failed1 && !failed2) {
+        return 'allowed';
+    } else {
+        return 'inconsistent';
+    }
+}
+
+async function expectAllow() {
+    promise_test(async () => assert_equals(await tryConnect(), 'allowed'));
+}
+
+async function expectBlock() {
+    promise_test(async () => assert_equals(await tryConnect(), 'blocked'));
+}
+
+// vim: set ts=4 sw=4 et :