tests/mod-secdownload.t

   1 #!/usr/bin/env perl
   2 BEGIN {
   3         # add current source dir to the include-path
   4         # we need this for make distcheck
   5         (my $srcdir = $0) =~ s,/[^/]+$,/,;
   6         unshift @INC, $srcdir;
   7 }
   8
   9 use strict;
  10 use IO::Socket;
  11 use Test::More tests => 16;
  12 use LightyTest;
  13 use Digest::MD5 qw(md5_hex);
  14 use Digest::SHA qw(hmac_sha1 hmac_sha256);
  15 use MIME::Base64 qw(encode_base64url);
  16
  17 my $tf = LightyTest->new();
  18 my $t;
  19
  20 $tf->{CONFIGFILE} = 'mod-secdownload.conf';
  21 ok($tf->start_proc == 0, "Starting lighttpd") or die();
  22
  23 my $secret = "verysecret";
  24 my ($f, $thex, $m);
  25
  26 $t->{REQUEST}  = ( <<EOF
  27 GET /index.html HTTP/1.0
  28 Host: www.example.org
  29 EOF
  30  );
  31 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  32
  33 ok($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
  34
  35 ## MD5
  36 $f = "/index.html";
  37 $thex = sprintf("%08x", time);
  38 $m = md5_hex($secret.$f.$thex);
  39
  40 $t->{REQUEST}  = ( <<EOF
  41 GET /sec/$m/$thex$f HTTP/1.0
  42 Host: vvv.example.org
  43 EOF
  44  );
  45 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  46
  47 ok($tf->handle_http($t) == 0, 'secdownload (md5)');
  48
  49 $thex = sprintf("%08x", time - 1800);
  50 $m = md5_hex($secret.$f.$thex);
  51
  52 $t->{REQUEST}  = ( <<EOF
  53 GET /sec/$m/$thex$f HTTP/1.0
  54 Host: vvv.example.org
  55 EOF
  56  );
  57 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
  58
  59 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
  60
  61 $t->{REQUEST}  = ( <<EOF
  62 GET /sec$f HTTP/1.0
  63 Host: vvv.example.org
  64 EOF
  65  );
  66 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  67
  68 ok($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
  69
  70 $f = "/noexists";
  71 $thex = sprintf("%08x", time);
  72 $m = md5_hex($secret.$f.$thex);
  73
  74 $t->{REQUEST}  = ( <<EOF
  75 GET /sec/$m/$thex$f HTTP/1.0
  76 Host: vvv.example.org
  77 EOF
  78  );
  79 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  80
  81 ok($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
  82
  83 ## HMAC-SHA1
  84 $f = "/index.html";
  85 $thex = sprintf("%08x", time);
  86 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
  87
  88 $t->{REQUEST}  = ( <<EOF
  89 GET /sec/$m/$thex$f HTTP/1.0
  90 Host: vvv-sha1.example.org
  91 EOF
  92  );
  93 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  94
  95 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
  96
  97 $thex = sprintf("%08x", time - 1800);
  98 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
  99
 100 $t->{REQUEST}  = ( <<EOF
 101 GET /sec/$m/$thex$f HTTP/1.0
 102 Host: vvv-sha1.example.org
 103 EOF
 104  );
 105 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
 106
 107 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
 108
 109 $t->{REQUEST}  = ( <<EOF
 110 GET /sec$f HTTP/1.0
 111 Host: vvv-sha1.example.org
 112 EOF
 113  );
 114 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 115
 116 ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
 117
 118
 119 $f = "/noexists";
 120 $thex = sprintf("%08x", time);
 121 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
 122
 123 $t->{REQUEST}  = ( <<EOF
 124 GET /sec/$m/$thex$f HTTP/1.0
 125 Host: vvv-sha1.example.org
 126 EOF
 127  );
 128 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 129
 130 ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
 131
 132 ## HMAC-SHA256
 133 $f = "/index.html";
 134 $thex = sprintf("%08x", time);
 135 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
 136
 137 $t->{REQUEST}  = ( <<EOF
 138 GET /sec/$m/$thex$f HTTP/1.0
 139 Host: vvv-sha256.example.org
 140 EOF
 141  );
 142 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
 143
 144 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
 145
 146 ## HMAC-SHA256
 147 $f = "/index.html?qs=1";
 148 $thex = sprintf("%08x", time);
 149 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
 150
 151 $t->{REQUEST}  = ( <<EOF
 152 GET /sec/$m/$thex$f HTTP/1.0
 153 Host: vvv-sha256.example.org
 154 EOF
 155  );
 156 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
 157
 158 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256) with hash-querystr');
 159
 160 $thex = sprintf("%08x", time - 1800);
 161 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
 162
 163 $t->{REQUEST}  = ( <<EOF
 164 GET /sec/$m/$thex$f HTTP/1.0
 165 Host: vvv-sha256.example.org
 166 EOF
 167  );
 168 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
 169
 170 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
 171
 172 $t->{REQUEST}  = ( <<EOF
 173 GET /sec$f HTTP/1.0
 174 Host: vvv-sha256.example.org
 175 EOF
 176  );
 177 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 178
 179 ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
 180
 181
 182 $f = "/noexists";
 183 $thex = sprintf("%08x", time);
 184 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
 185
 186 $t->{REQUEST}  = ( <<EOF
 187 GET /sec/$m/$thex$f HTTP/1.0
 188 Host: vvv-sha256.example.org
 189 EOF
 190  );
 191 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 192
 193 ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
 194
 195 ## THE END
 196
 197 ok($tf->stop_proc == 0, "Stopping lighttpd");
 198