Signed Exchange: Add scripts to generate test data for Layout Tests

Bug: 803774
Change-Id: Ic0d8445643d3a0639ce9b4527675be50d1f4b1af
Reviewed-on: https://chromium-review.googlesource.com/1147886
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#577432}

third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/README.md

-The certificate message files (\*.msg) and the signed exchange files
-(\*.sxg) in this directory are generated using the following commands.
-
-gen-certurl and gen-signedexchange are available in [webpackage repository][1].
-Revision cf19833 is used to generate these files.
-
-[1]: https://github.com/WICG/webpackage
+To regenerate the key/certificate pair for the signed-exchanges in this
+directory, run `generate-test-certs.sh`.
 
+The signed exchange files in this directory are generated using
+`generate-test-sxgs.sh`. it requires command-line tools in the
+[webpackage repository][1]. To install them, run:
 ```
-# Install gen-certurl command.
-go get github.com/WICG/webpackage/go/signedexchange/cmd/gen-certurl
-
-# Install gen-signedexchange command.
-go get github.com/WICG/webpackage/go/signedexchange/cmd/gen-signedexchange
-
-# Generate key/certificate pair for 127.0.0.1 signed-exchanges
-(
-  cd src/third_party/blink/tools/blinkpy/third_party/wpt/certs;
-  openssl ecparam -out 127.0.0.1.sxg.key -name prime256v1 -genkey;
-  openssl req -new -sha256 -key 127.0.0.1.sxg.key -out 127.0.0.1.sxg.csr \
-    --subj '/CN=127.0.0.1/O=Test/C=US' \
-    -config 127.0.0.1.sxg.cnf;
-  openssl x509 -req -days 3650 \
-    -in 127.0.0.1.sxg.csr -extfile 127.0.0.1.sxg.ext \
-    -CA cacert.pem -CAkey cakey.pem -passin pass:web-platform-tests \
-    -set_serial 3 -out 127.0.0.1.sxg.pem
-)
-
-# Make dummy OCSP data for cbor certificate chains.
-echo -n OCSP >/tmp/ocsp
-
-# Generate the certificate chain of "127.0.0.1.sxg.pem".
-gen-certurl  \
-  -pem ../../../../../../../blink/tools/blinkpy/third_party/wpt/certs/127.0.0.1.sxg.pem \
-  -ocsp /tmp/ocsp \
-  > 127.0.0.1.sxg.pem.cbor
-
-# Generate the signed exchange file.
-gen-signedexchange \
-  -uri https://127.0.0.1:8443/test.html \
-  -status 200 \
-  -content sxg-location.html \
-  -certificate ../../../../../../../blink/tools/blinkpy/third_party/wpt/certs/127.0.0.1.sxg.pem \
-  -certUrl https://127.0.0.1:8443/loading/sxg/resources/127.0.0.1.sxg.pem.cbor \
-  -validityUrl https://127.0.0.1:8443/loading/sxg/resources/resource.validity.msg \
-  -privateKey ../../../../../../../blink/tools/blinkpy/third_party/wpt/certs/127.0.0.1.sxg.key \
-  -date 2018-04-01T00:00:00Z \
-  -expire 168h \
-  -o sxg-location.sxg \
-  -miRecordSize 100
-
-# Generate the signed exchange file which certificate file is not available.
-gen-signedexchange \
-  -uri https://127.0.0.1:8443/not_found_cert.html \
-  -status 200 \
-  -content sxg-location.html \
-  -certificate ../../../../../../../blink/tools/blinkpy/third_party/wpt/certs/127.0.0.1.sxg.pem \
-  -certUrl https://127.0.0.1:8443/loading/sxg/resources/not_found_cert.pem.cbor \
-  -validityUrl https://127.0.0.1:8443/loading/sxg/resources/not_found_cert.validity.msg \
-  -privateKey ../../../../../../../blink/tools/blinkpy/third_party/wpt/certs/127.0.0.1.sxg.key \
-  -date 2018-04-01T00:00:00Z \
-  -expire 168h \
-  -o sxg-cert-not-found.sxg \
-  -miRecordSize 100
-
-# Generate the signed exchange file which validity URL is different origin from
-# request URL.
-gen-signedexchange \
-  -uri https://127.0.0.1:8443/test.html \
-  -status 200 \
-  -content sxg-location.html \
-  -certificate ../../../../../../../blink/tools/blinkpy/third_party/wpt/certs/127.0.0.1.sxg.pem \
-  -certUrl https://127.0.0.1:8443/loading/sxg/resources/127.0.0.1.sxg.pem.cbor \
-  -validityUrl https://www2.127.0.0.1/loading/sxg/resources/resource.validity.msg \
-  -privateKey ../../../../../../../blink/tools/blinkpy/third_party/wpt/certs/127.0.0.1.sxg.key \
-  -date 2018-04-01T00:00:00Z \
-  -expire 168h \
-  -o sxg-invalid-validity-url.sxg \
-  -miRecordSize 100
+go get -u github.com/WICG/webpackage/go/signedexchange/cmd/...
 ```
+The revision of the tools used to generate the test files is `cf19833`.
+
+[1]: https://github.com/WICG/webpackage

third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/generate-test-certs.sh

+#!/bin/sh
+
+# Copyright 2018 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+set -e
+
+topdir=$(git rev-parse --show-toplevel)
+cd $topdir/third_party/blink/tools/blinkpy/third_party/wpt/certs
+
+openssl ecparam -out 127.0.0.1.sxg.key -name prime256v1 -genkey;
+openssl req -new -sha256 -key 127.0.0.1.sxg.key -out 127.0.0.1.sxg.csr \
+  --subj '/CN=127.0.0.1/O=Test/C=US' \
+  -config 127.0.0.1.sxg.cnf;
+openssl x509 -req -days 3650 \
+  -in 127.0.0.1.sxg.csr -extfile 127.0.0.1.sxg.ext \
+  -CA cacert.pem -CAkey cakey.pem -passin pass:web-platform-tests \
+  -set_serial 3 -out 127.0.0.1.sxg.pem

third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/generate-test-sxgs.sh

+#!/bin/sh
+
+# Copyright 2018 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+set -e
+
+for cmd in gen-signedexchange gen-certurl; do
+    if ! command -v $cmd > /dev/null 2>&1; then
+        echo "$cmd is not installed. Please run:"
+        echo "  go get -u github.com/WICG/webpackage/go/signedexchange/cmd/..."
+        exit 1
+    fi
+done
+
+certs_dir=../../../../../../../blink/tools/blinkpy/third_party/wpt/certs
+tmpdir=$(mktemp -d)
+
+# Make dummy OCSP data for cbor certificate chains.
+echo -n OCSP >$tmpdir/ocsp
+
+# Generate the certificate chain of "127.0.0.1.sxg.pem".
+gen-certurl  \
+  -pem $certs_dir/127.0.0.1.sxg.pem \
+  -ocsp $tmpdir/ocsp \
+  > 127.0.0.1.sxg.pem.cbor
+
+# Generate the signed exchange file.
+gen-signedexchange \
+  -uri https://127.0.0.1:8443/test.html \
+  -status 200 \
+  -content sxg-location.html \
+  -certificate $certs_dir/127.0.0.1.sxg.pem \
+  -certUrl https://127.0.0.1:8443/loading/sxg/resources/127.0.0.1.sxg.pem.cbor \
+  -validityUrl https://127.0.0.1:8443/loading/sxg/resources/resource.validity.msg \
+  -privateKey $certs_dir/127.0.0.1.sxg.key \
+  -date 2018-04-01T00:00:00Z \
+  -expire 168h \
+  -o sxg-location.sxg \
+  -miRecordSize 100
+
+# Generate the signed exchange file which certificate file is not available.
+gen-signedexchange \
+  -uri https://127.0.0.1:8443/not_found_cert.html \
+  -status 200 \
+  -content sxg-location.html \
+  -certificate $certs_dir/127.0.0.1.sxg.pem \
+  -certUrl https://127.0.0.1:8443/loading/sxg/resources/not_found_cert.pem.cbor \
+  -validityUrl https://127.0.0.1:8443/loading/sxg/resources/not_found_cert.validity.msg \
+  -privateKey $certs_dir/127.0.0.1.sxg.key \
+  -date 2018-04-01T00:00:00Z \
+  -expire 168h \
+  -o sxg-cert-not-found.sxg \
+  -miRecordSize 100
+
+# Generate the signed exchange file which validity URL is different origin from
+# request URL.
+gen-signedexchange \
+  -uri https://127.0.0.1:8443/test.html \
+  -status 200 \
+  -content sxg-location.html \
+  -certificate $certs_dir/127.0.0.1.sxg.pem \
+  -certUrl https://127.0.0.1:8443/loading/sxg/resources/127.0.0.1.sxg.pem.cbor \
+  -validityUrl https://www2.127.0.0.1/loading/sxg/resources/resource.validity.msg \
+  -privateKey $certs_dir/127.0.0.1.sxg.key \
+  -date 2018-04-01T00:00:00Z \
+  -expire 168h \
+  -o sxg-invalid-validity-url.sxg \
+  -miRecordSize 100
+
+rm -fr $tmpdir