Add signed exchange reporting error test cases

Bug: 910516
Change-Id: I01f776e0a787e97430cc033d55bb1a32e900f9e9
Reviewed-on: https://chromium-review.googlesource.com/c/1480363
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#634520}

network-error-logging/support/nel.sub.js

@@ -55,14 +55,19 @@ function _getNELResourceURL(subdomain, suffix) {
  */
 
 function getURLForResourceWithBasicPolicy(subdomain) {
-  return _getNELResourceURL(subdomain, "pass.png?id="+reportID);
+  return _getNELResourceURL(subdomain, "pass.png?id="+reportID+"&success_fraction=1.0");
 }
 
 function fetchResourceWithBasicPolicy(subdomain) {
   const url = getURLForResourceWithBasicPolicy(subdomain);
   return fetch(url, {mode: "no-cors"});
 }
 
+function fetchResourceWithZeroSuccessFractionPolicy(subdomain) {
+  const url = _getNELResourceURL(subdomain, "pass.png?id="+reportID+"&success_fraction=0.0");
+  return fetch(url, {mode: "no-cors"});
+}
+
 /*
  * Fetches a resource whose headers define an include_subdomains NEL policy.
  */

network-error-logging/support/pass.png.sub.headers

@@ -3,4 +3,4 @@ Cache-Control: no-store, no-cache, must-revalidate
 Cache-Control: post-check=0, pre-check=0, false
 Pragma: no-cache
 Report-To: { "group": "nel-group", "max_age": 10886400, "endpoints": [{ "url": "https://{{hosts[][www]}}:{{ports[https][0]}}/network-error-logging/support/report.py?op=put&reportID={{GET[id]}}" }] }
-NEL: {"report_to": "nel-group", "max_age": 10886400, "success_fraction": 1.0}
+NEL: {"report_to": "nel-group", "max_age": 10886400, "success_fraction": {{GET[success_fraction]}}}

signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+  await fetchResourceWithBasicPolicy();
+  const sxg_url =
+      alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?navigation';
+  const cert_url = test_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+  assert_equals(message.location,
+                innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+  assert_true(message.is_fallback);
+  assert_true(await reportsExist([
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "sxg",
+        // The origin of this SXG's certURL is different from the reporting
+        // origin. So the report must be downgraded.
+        type: "sxg.failed",
+        elapsed_time: 0,
+        status_code: 200,
+        referrer: location.href,
+        sxg: {
+          outer_url: sxg_url,
+          inner_url:
+              innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+          cert_url: [cert_url]
+        }
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "application",
+        type: "ok",
+        status_code: 200,
+        referrer: location.href,
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+  ]));
+}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for' +
+   ' navigation.');
+</script>
+</body>

signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html

@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_fetch_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_test(async t => {
+  await fetchResourceWithBasicPolicy();
+  const sxg_url =
+      alt_origin +
+      '/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg?navigation';
+  const cert_url =
+      alt_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+  assert_equals(message.location,
+                innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+  assert_true(message.is_fallback);
+  assert_true(await reportsExist([
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "sxg",
+        // The origin of this SXG's certURL is same as the reporting origin. So
+        // the report must not be downgraded.
+        type: "sxg.cert_fetch_error",
+        status_code: 200,
+        referrer: location.href,
+        sxg: {
+          outer_url: sxg_url,
+          inner_url:
+              innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+          cert_url: [cert_url]
+        }
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "application",
+        type: "ok",
+        status_code: 200,
+        referrer: location.href,
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+    {
+      url: cert_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "application",
+        type: "http.error",
+        status_code: 404,
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+  ]));
+}, 'SXG reporting test of sxg.cert_fetch_error for navigation.');
+</script>
+</body>

signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html

@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+  await fetchResourceWithBasicPolicy();
+  const sxg_url =
+      alt_origin +
+      '/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg?navigation';
+  const cert_url =
+      test_origin + '/signed-exchange/resources/invalid-cert-format.cbor';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+  assert_equals(message.location,
+                innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+  assert_true(message.is_fallback);
+  assert_true(await reportsExist([
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "sxg",
+        // The origin of this SXG's certURL is different from the reporting
+        // origin. So the report must be downgraded.
+        type: "sxg.failed",
+        elapsed_time: 0,
+        status_code: 200,
+        referrer: location.href,
+        sxg: {
+          outer_url: sxg_url,
+          inner_url:
+              innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+          cert_url: [cert_url]
+        }
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "application",
+        type: "ok",
+        status_code: 200,
+        referrer: location.href,
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+  ]));
+}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation.');
+</script>
+</body>

signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html

@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_parse_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_test(async t => {
+  await fetchResourceWithBasicPolicy();
+  const sxg_url =
+      alt_origin +
+      '/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg?navigation';
+  const cert_url =
+      alt_origin + '/signed-exchange/resources/invalid-cert-format.cbor';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+  assert_equals(message.location,
+                innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+  assert_true(message.is_fallback);
+  assert_true(await reportsExist([
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "sxg",
+        // The origin of this SXG's certURL is same as the reporting origin. So
+        // the report must not be downgraded.
+        type: "sxg.cert_parse_error",
+        status_code: 200,
+        referrer: location.href,
+        sxg: {
+          outer_url: sxg_url,
+          inner_url:
+              innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+          cert_url: [cert_url]
+        }
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "application",
+        type: "ok",
+        status_code: 200,
+        referrer: location.href,
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+    {
+      url: cert_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "application",
+        type: "ok",
+        status_code: 200,
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+  ]));
+}, 'SXG reporting test of sxg.cert_parse_error for navigation.');
+</script>
+</body>

signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html

@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_verification_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+  await fetchResourceWithBasicPolicy();
+  const sxg_url =
+      alt_origin +
+      '/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg?navigation';
+  const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+  assert_equals(message.location,
+                innerURLOrigin() + '/signed-exchange/resources/inner-url.html', 'location');
+  assert_true(message.is_fallback, 'is_fallback');
+  assert_true(await reportsExist([
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "sxg",
+        // The origin of this SXG's certURL is different from the reporting
+        // origin. So the report must be downgraded.
+        type: "sxg.failed",
+        elapsed_time: 0,
+        status_code: 200,
+        referrer: location.href,
+        sxg: {
+          outer_url: sxg_url,
+          inner_url:
+              innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+          cert_url: [cert_url]
+        }
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+    {
+      url: sxg_url,
+      user_agent: navigator.userAgent,
+      type: "network-error",
+      body: {
+        phase: "application",
+        type: "ok",
+        status_code: 200,
+        referrer: location.href,
+      },
+      metadata: {
+        content_type: "application/reports+json",
+      },
+    },
+  ]));
+}, 'SXG reporting test of sxg.failed downgraded from ' +
+    'sxg.cert_verification_error for navigation.');
+</script>
+</body>