From f71b1ea7327e2183dc6f53b64edd63b308b739da Mon Sep 17 00:00:00 2001
From: Ian Denhardt <ian@zenhack.net>
Date: Sat, 7 May 2022 10:56:35 +0000
Subject: [PATCH] Bug 1756328 [wpt PR 32914] - Test
 webrtc/content-security-policy integration, a=testonly

Automatic update from web-platform-tests
Test webrtc/content-security-policy integration (#32914)

* Test webrtc/content-security-policy integration

...as specified in:

- https://github.com/w3c/webappsec-csp/pull/457
- https://github.com/w3c/webrtc-extensions/pull/81

* Fix typos in comment.

Co-authored-by: Jan-Ivar Bruaroey <jan-ivar@users.noreply.github.com>

* Fix ice candidate exchange in CSP webrtc tests.

we should be passing each candidate to the *other* pc.

Tests now behave as expected.

* CSP webrtc tests: listen for connection state change, not gathering.

See https://github.com/web-platform-tests/wpt/pull/32914#discussion_r831320820

* CSP webrtc tests: drop unnecessary stun server.

* webrtc csp: simplify state checking

"new" is the initial state.

Co-authored-by: Jan-Ivar Bruaroey <jan-ivar@users.noreply.github.com>

Co-authored-by: Jan-Ivar Bruaroey <jan-ivar@users.noreply.github.com>
--

wpt-commits: 0abba58602758eb8be11c38788c6f51fed2529e4
wpt-pr: 32914
---
 .../webrtc-allowed-default-src-none.html      | 21 +++++++
 .../webrtc/webrtc-allowed-explicit.html       | 19 +++++++
 .../webrtc/webrtc-allowed-nopolicy.html       | 18 ++++++
 .../webrtc/webrtc-blocked-explicit.html       | 19 +++++++
 .../webrtc/webrtc-blocked-unknown.html        | 19 +++++++
 .../content-security-policy/webrtc/webrtc.js  | 56 +++++++++++++++++++
 6 files changed, 152 insertions(+)
 create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-default-src-none.html
 create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-explicit.html
 create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-nopolicy.html
 create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-explicit.html
 create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-unknown.html
 create mode 100644 testing/web-platform/tests/content-security-policy/webrtc/webrtc.js

diff --git a/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-default-src-none.html b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-default-src-none.html
new file mode 100644
index 0000000000000..5b0f8cc9c561e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-default-src-none.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src 'none'; script-src 'self' 'unsafe-inline'">
+    <title>webrtc allowed with default-src 'none'</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectAllow();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-explicit.html b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-explicit.html
new file mode 100644
index 0000000000000..835f650d5f8e2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-explicit.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta http-equiv="Content-Security-Policy" content="webrtc 'allow';">
+    <title>webrtc allowed with an explicit webrtc allowed policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectAllow();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-nopolicy.html b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-nopolicy.html
new file mode 100644
index 0000000000000..bc49a63a43432
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-allowed-nopolicy.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>webrtc allowed with no policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectAllow();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-explicit.html b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-explicit.html
new file mode 100644
index 0000000000000..dbd56f2f2c63d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-explicit.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta http-equiv="Content-Security-Policy" content="webrtc 'block';">
+    <title>webrtc blocked with an explicit webrtc blocked policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectBlock();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-unknown.html b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-unknown.html
new file mode 100644
index 0000000000000..1605c0a642d84
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/webrtc/webrtc-blocked-unknown.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta http-equiv="Content-Security-Policy" content="webrtc 'unrecognized';">
+    <title>webrtc blocked with an unrecognized explicit webrtc policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="webrtc.js"></script>
+</head>
+
+<body>
+    <script>
+        expectBlock();
+    </script>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/webrtc/webrtc.js b/testing/web-platform/tests/content-security-policy/webrtc/webrtc.js
new file mode 100644
index 0000000000000..a4075557add82
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/webrtc/webrtc.js
@@ -0,0 +1,56 @@
+
+// Creates two RTCPeerConnection and tries to connect them. Returns
+// "allowed" if the connection is permitted, "blocked" if it is
+// blocked on both sides and "inconsistent" in the event that the
+// result is not the same on both sides (should never happen).
+async function tryConnect() {
+    const pc1 = new RTCPeerConnection();
+    const pc2 = new RTCPeerConnection();
+
+    // Returns a promise which resolves to a boolean which is true
+    // if and only if pc.iceConnectionState settles in the "failed"
+    // state, and never transitions to any state other than "new"
+    // or "failed."
+    const pcFailed = (pc) => {
+        return new Promise((resolve, _reject) => {
+            pc.oniceconnectionstatechange = (e) => {
+                resolve(pc.iceConnectionState == "failed");
+            };
+        });
+    }
+    pc1Failed = pcFailed(pc1);
+    pc2Failed = pcFailed(pc2);
+
+    // Creating a data channel is necessary to induce negotiation:
+    const channel = pc1.createDataChannel('test');
+
+    // Usual webrtc signaling dance:
+    pc1.onicecandidate = ({candidate}) => pc2.addIceCandidate(candidate);
+    pc2.onicecandidate = ({candidate}) => pc1.addIceCandidate(candidate);
+    const offer = await pc1.createOffer();
+    await pc1.setLocalDescription(offer);
+    await pc2.setRemoteDescription(pc1.localDescription);
+    const answer = await pc2.createAnswer();
+    await pc2.setLocalDescription(answer);
+    await pc1.setRemoteDescription(pc2.localDescription);
+
+    const failed1 = await pc1Failed;
+    const failed2 = await pc2Failed;
+    if(failed1 && failed2) {
+        return 'blocked';
+    } else if(!failed1 && !failed2) {
+        return 'allowed';
+    } else {
+        return 'inconsistent';
+    }
+}
+
+async function expectAllow() {
+    promise_test(async () => assert_equals(await tryConnect(), 'allowed'));
+}
+
+async function expectBlock() {
+    promise_test(async () => assert_equals(await tryConnect(), 'blocked'));
+}
+
+// vim: set ts=4 sw=4 et :