tests/mod-secdownload.t

   1 #!/usr/bin/env perl
   2 BEGIN {
   3         # add current source dir to the include-path
   4         # we need this for make distcheck
   5         (my $srcdir = $0) =~ s,/[^/]+$,/,;
   6         unshift @INC, $srcdir;
   7 }
   8
   9 use strict;
  10 use IO::Socket;
  11 use Test::More tests => 15;
  12 use LightyTest;
  13 use Digest::MD5 qw(md5_hex);
  14 use Digest::SHA qw(hmac_sha1 hmac_sha256);
  15 use MIME::Base64 qw(encode_base64url);
  16
  17 my $tf = LightyTest->new();
  18 my $t;
  19
  20 ok($tf->start_proc == 0, "Starting lighttpd") or die();
  21
  22 my $secret = "verysecret";
  23 my ($f, $thex, $m);
  24
  25 $t->{REQUEST}  = ( <<EOF
  26 GET /index.html HTTP/1.0
  27 Host: www.example.org
  28 EOF
  29  );
  30 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  31
  32 ok($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
  33
  34 ## MD5
  35 $f = "/index.html";
  36 $thex = sprintf("%08x", time);
  37 $m = md5_hex($secret.$f.$thex);
  38
  39 $t->{REQUEST}  = ( <<EOF
  40 GET /sec/$m/$thex$f HTTP/1.0
  41 Host: vvv.example.org
  42 EOF
  43  );
  44 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  45
  46 ok($tf->handle_http($t) == 0, 'secdownload (md5)');
  47
  48 $thex = sprintf("%08x", time - 1800);
  49 $m = md5_hex($secret.$f.$thex);
  50
  51 $t->{REQUEST}  = ( <<EOF
  52 GET /sec/$m/$thex$f HTTP/1.0
  53 Host: vvv.example.org
  54 EOF
  55  );
  56 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
  57
  58 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
  59
  60 $t->{REQUEST}  = ( <<EOF
  61 GET /sec$f HTTP/1.0
  62 Host: vvv.example.org
  63 EOF
  64  );
  65 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  66
  67 ok($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
  68
  69 $f = "/noexists";
  70 $thex = sprintf("%08x", time);
  71 $m = md5_hex($secret.$f.$thex);
  72
  73 $t->{REQUEST}  = ( <<EOF
  74 GET /sec/$m/$thex$f HTTP/1.0
  75 Host: vvv.example.org
  76 EOF
  77  );
  78 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  79
  80 ok($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
  81
  82 ## HMAC-SHA1
  83 $f = "/index.html";
  84 $thex = sprintf("%08x", time);
  85 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
  86
  87 $t->{REQUEST}  = ( <<EOF
  88 GET /sec/$m/$thex$f HTTP/1.0
  89 Host: vvv-sha1.example.org
  90 EOF
  91  );
  92 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  93
  94 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
  95
  96 $thex = sprintf("%08x", time - 1800);
  97 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
  98
  99 $t->{REQUEST}  = ( <<EOF
 100 GET /sec/$m/$thex$f HTTP/1.0
 101 Host: vvv-sha1.example.org
 102 EOF
 103  );
 104 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
 105
 106 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
 107
 108 $t->{REQUEST}  = ( <<EOF
 109 GET /sec$f HTTP/1.0
 110 Host: vvv-sha1.example.org
 111 EOF
 112  );
 113 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 114
 115 ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
 116
 117
 118 $f = "/noexists";
 119 $thex = sprintf("%08x", time);
 120 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
 121
 122 $t->{REQUEST}  = ( <<EOF
 123 GET /sec/$m/$thex$f HTTP/1.0
 124 Host: vvv-sha1.example.org
 125 EOF
 126  );
 127 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 128
 129 ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
 130
 131 ## HMAC-SHA256
 132 $f = "/index.html";
 133 $thex = sprintf("%08x", time);
 134 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
 135
 136 $t->{REQUEST}  = ( <<EOF
 137 GET /sec/$m/$thex$f HTTP/1.0
 138 Host: vvv-sha256.example.org
 139 EOF
 140  );
 141 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
 142
 143 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
 144
 145 $thex = sprintf("%08x", time - 1800);
 146 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
 147
 148 $t->{REQUEST}  = ( <<EOF
 149 GET /sec/$m/$thex$f HTTP/1.0
 150 Host: vvv-sha256.example.org
 151 EOF
 152  );
 153 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
 154
 155 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
 156
 157 $t->{REQUEST}  = ( <<EOF
 158 GET /sec$f HTTP/1.0
 159 Host: vvv-sha256.example.org
 160 EOF
 161  );
 162 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 163
 164 ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
 165
 166
 167 $f = "/noexists";
 168 $thex = sprintf("%08x", time);
 169 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
 170
 171 $t->{REQUEST}  = ( <<EOF
 172 GET /sec/$m/$thex$f HTTP/1.0
 173 Host: vvv-sha256.example.org
 174 EOF
 175  );
 176 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
 177
 178 ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
 179
 180 ## THE END
 181
 182 ok($tf->stop_proc == 0, "Stopping lighttpd");
 183