<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy"
      content="script-src 'unsafe-inline' 'nonce-abcd' 'ed25519-qGFmwTxlocg707D1cX4w60iTwtfwbMLf8ITDyfko7s0='">

<title>Subresource Integrity with Ed25519 plus Content Security Policy</title>
<script src="/resources/testharness.js" nonce="abcd"></script>
<script src="/resources/testharnessreport.js" nonce="abcd"></script>
<script src="/resources/sriharness.js" nonce="abcd"></script>

<div id="log"></div>
<div id="container"></div>
<script nonce="abcd">
    // This needs to be the same key as in this doc's content security policy.
    var public_key = "qGFmwTxlocg707D1cX4w60iTwtfwbMLf8ITDyfko7s0=";
    new SRIScriptTest(
        true,
        "Ed25519-with-CSP, passes, valid key, valid signature.",
        "ed25519-signature.js",
        "ed25519-" + public_key
    ).execute();

    new SRIScriptTest(
        false,
        "Ed25519-with-CSP, fails, valid key, invalid signature.",
        "ed25519-broken-signature.js",
        "ed25519-" + public_key
    ).execute();

    // The first of these uses the nonce rather than the signature to pass CSP.
    // That doesn't test anything useful about the Ed25519 feature, but is here
    // to test the precondition for the next test. So if this test passes and
    // the second one fails, then we can be sure that the 2nd test failed only
    // because of the CSP key mismatch, as that's the only difference between
    // the tests.
    var key_not_in_csp = "5MVHFfs/9Ri+YSwH4FwneSFp88t1ljryPoLxdiyTKks=";
    new SRIScriptTest(
        true,
        "Ed25519-with-CSP, passes, alternative key.",
        "ed25519-signature2.js",
        "ed25519-" + key_not_in_csp,
        /* cross origin */ undefined,
        /* nonce */ "abcd").execute();
    new SRIScriptTest(
        false,
        "Ed25519-with-CSP, fails, valid key, valid signature, key not in CSP.",
        "ed25519-signature2.js",
        "ed25519-" + key_not_in_csp,
        ).execute();
</script>