Enable more black box tests for android.

Consider all service worker URL's to be trustworthy for black box
tests.

b/299309300

cobalt/black_box_tests/black_box_tests.py

@@ -250,8 +250,11 @@ def __init__(self, args):
       self.proxy_port = args.proxy_port or str(
           self.GetUnusedPort([_server_binding_address]))
       proxy_address = args.proxy_address or _server_binding_address
-      _launcher_params.target_params.append(
-          f'--proxy={proxy_address}:{self.proxy_port}')
+      proxy_url = f'{proxy_address}:{self.proxy_port}'
+      _launcher_params.target_params.append(f'--proxy={proxy_url}')
+
+    _launcher_params.target_params.append(
+        '--unsafely-treat-insecure-origin-as-secure=*web-platform.test')
 
     self.device_ips = args.device_ips
 

cobalt/tools/automated_testing/cobalt_runner.py

@@ -151,8 +151,23 @@ def __init__(self,
         self.target_params = [url_string]
       else:
         self.target_params.append(url_string)
+
     if self.launcher_params.target_params:
-      self.target_params.extend(self.launcher_params.target_params)
+      for target_param in self.launcher_params.target_params:
+        if target_param not in self.target_params:
+          self.target_params.append(target_param)
+
+    if hasattr(self, 'url') and self.url.startswith('http://'):
+      url_base = 'http://' + self.url.split('/')[2]
+      found = False
+      for (i, p) in enumerate(self.target_params):
+        if p.startswith('--unsafely-treat-insecure-origin-as-secure='):
+          found = True
+          self.target_params[i] += ',' + url_base
+          break
+      if not found:
+        self.target_params.append(
+            f'--unsafely-treat-insecure-origin-as-secure={url_base}')
 
   def SendResume(self):
     """Sends a resume signal to start Cobalt from preload."""

cobalt/worker/service_worker_jobs.cc

@@ -14,7 +14,10 @@
 
 #include "cobalt/worker/service_worker_jobs.h"
 
+#include <vector>
+
 #include "base/bind.h"
+#include "base/command_line.h"
 #include "base/strings/stringprintf.h"
 #include "base/task/current_thread.h"
 #include "base/time/time.h"
@@ -25,12 +28,20 @@
 #include "cobalt/worker/extendable_event.h"
 #include "net/base/mime_util.h"
 #include "net/base/url_util.h"
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+#include "base/strings/pattern.h"
+#endif
 
 namespace cobalt {
 namespace worker {
 
 namespace {
 
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+const char kUnsafelyTreatInsecureOriginAsSecure[] =
+    "unsafely-treat-insecure-origin-as-secure";
+#endif
+
 bool PathContainsEscapedSlash(const GURL& url) {
   const std::string path = url.path();
   return (path.find("%2f") != std::string::npos ||
@@ -39,7 +50,93 @@ bool PathContainsEscapedSlash(const GURL& url) {
           path.find("%5C") != std::string::npos);
 }
 
+bool PermitAnyNonRedirectedURL(const GURL&, bool did_redirect) {
+  return !did_redirect;
+}
+
+}  // namespace
+
 bool IsOriginPotentiallyTrustworthy(const GURL& url) {
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+  {
+    const url::Origin origin(url::Origin::Create(url));
+    const base::CommandLine& command_line =
+        *base::CommandLine::ForCurrentProcess();
+    if (command_line.HasSwitch(kUnsafelyTreatInsecureOriginAsSecure)) {
+      std::string origins_str = command_line.GetSwitchValueASCII(
+          kUnsafelyTreatInsecureOriginAsSecure);
+      std::vector<std::string> allowlist = base::SplitString(
+          origins_str, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+      bool contained = false;
+      if (base::Contains(allowlist, origin.Serialize())) {
+        contained = true;
+      }
+
+      std::string matched_pattern;
+      bool matched = false;
+      for (const std::string& origin_or_pattern : allowlist) {
+        if (base::MatchPattern(origin.host(), origin_or_pattern)) {
+          matched_pattern = origin_or_pattern;
+          matched = true;
+          break;
+        }
+      }
+      std::string result_msg =
+          (contained
+               ? base::StringPrintf("%s contains %s\n", origins_str.c_str(),
+                                    origin.Serialize().c_str())
+               : "") +
+          (matched
+               ? base::StringPrintf("%s matches %s\n", origin.host().c_str(),
+                                    matched_pattern.c_str())
+               : "");
+      LOG(INFO)
+          << "\n"
+             "#############################################################\n"
+             "#                                                           #\n"
+             "#                                                           #\n"
+             "#  !defined(COBALT_BUILD_TYPE_GOLD)                         #\n" +
+                 command_line.GetCommandLineString() + "\n" +
+                 command_line.GetArgumentsString() + "\n" +
+                 base::StringPrintf("url: %s\n", url.spec().c_str()) +
+                 base::StringPrintf("origin url: %s\n",
+                                    origin.Serialize().c_str()) +
+                 result_msg +
+                 "#                                                           "
+                 "#\n"
+                 "#                                                           "
+                 "#\n"
+                 "#############################################################"
+                 "\n";
+    } else {
+      LOG(INFO)
+          << "\n"
+             "#############################################################\n"
+             "#                                                           #\n"
+             "#                                                           #\n"
+             "#  No switch                                                #\n" +
+                 command_line.GetCommandLineString() + "\n" +
+                 command_line.GetArgumentsString() + "\n" +
+                 "#                                                           "
+                 "#\n"
+                 "#                                                           "
+                 "#\n"
+                 "#############################################################"
+                 "\n";
+    }
+  }
+#else
+  LOG(INFO)
+      << "\n"
+         "#############################################################\n"
+         "#                                                           #\n"
+         "#                                                           #\n"
+         "#  defined(COBALT_BUILD_TYPE_GOLD)                          #\n"
+         "#                                                           #\n"
+         "#                                                           #\n"
+         "#############################################################\n";
+#endif
+
   // Algorithm for potentially trustworthy origin:
   //   https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-origin
 
@@ -73,22 +170,32 @@ bool IsOriginPotentiallyTrustworthy(const GURL& url) {
   // authenticated, return "Potentially Trustworthy".
   if (url.SchemeIs("h5vcc-embedded")) return true;
 
-  // 8. If origin has been configured as a trustworthy origin, return
-  // "Potentially Trustworthy".
-  if (origin.host() == "web-platform.test") {
-    return true;
+    // 8. If origin has been configured as a trustworthy origin, return
+    // "Potentially Trustworthy".
+#if !defined(COBALT_BUILD_TYPE_GOLD)
+  const base::CommandLine& command_line =
+      *base::CommandLine::ForCurrentProcess();
+  if (command_line.HasSwitch(kUnsafelyTreatInsecureOriginAsSecure)) {
+    std::string origins_str =
+        command_line.GetSwitchValueASCII(kUnsafelyTreatInsecureOriginAsSecure);
+    std::vector<std::string> allowlist = base::SplitString(
+        origins_str, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+    if (base::Contains(allowlist, origin.Serialize())) {
+      return true;
+    }
+
+    for (const std::string& origin_or_pattern : allowlist) {
+      if (base::MatchPattern(origin.host(), origin_or_pattern)) {
+        return true;
+      }
+    }
   }
+#endif
 
   // 9. Return "Not Trustworthy".
   return false;
 }
 
-bool PermitAnyNonRedirectedURL(const GURL&, bool did_redirect) {
-  return !did_redirect;
-}
-
-}  // namespace
-
 ServiceWorkerJobs::ServiceWorkerJobs(
     ServiceWorkerContext* service_worker_context,
     network::NetworkModule* network_module,
@@ -310,7 +417,9 @@ void ServiceWorkerJobs::Register(Job* job) {
     RejectJobPromise(
         job, PromiseErrorData(
                  web::DOMException::kSecurityErr,
-                 "Service Worker Register failed: Script URL is Not Trusted."));
+                 base::StringPrintf("Service Worker Register failed: Script "
+                                    "URL is Not Trusted. %s, %d!",
+                                    job->script_url.spec().c_str(), __LINE__)));
     // 1.2. Invoke Finish Job with job and abort these steps.
     FinishJob(job);
     return;

cobalt/worker/service_worker_jobs.h

@@ -45,6 +45,8 @@
 namespace cobalt {
 namespace worker {
 
+bool IsOriginPotentiallyTrustworthy(const GURL& url);
+
 class ServiceWorkerContext;
 
 // Algorithms for Service Worker Jobs.

starboard/android/arm/cobalt/configuration.py

@@ -27,15 +27,6 @@
         'suspend_visibility',
         'timer_hit_after_preload',
         'timer_hit_in_preload',
-        'service_worker_add_to_cache_test',
-        'service_worker_cache_keys_test',
-        'service_worker_controller_activation_test',
-        'service_worker_get_registrations_test',
-        'service_worker_fetch_main_resource_test',
-        'service_worker_fetch_test',
-        'service_worker_message_test',
-        'service_worker_post_message_test',
-        'service_worker_test',
         'service_worker_persist_test',
         'deep_links',
         'web_platform_tests',