search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- next is 1.4.56
[lighttpd.git] / tests / mod-secdownload.t
blob3907a94405263b680d292a008445d46f1eb224b7
1 #!/usr/bin/env perl
2 BEGIN {
3 # add current source dir to the include-path
4 # we need this for make distcheck
5 (my $srcdir = $0) =~ s,/[^/]+$,/,;
6 unshift @INC, $srcdir;
7 }
8
9 use strict;
10 use IO::Socket;
11 use Test::More tests => 16;
12 use LightyTest;
13 use Digest::MD5 qw(md5_hex);
14 use Digest::SHA qw(hmac_sha1 hmac_sha256);
15 use MIME::Base64 qw(encode_base64url);
16
17 my $tf = LightyTest->new();
18 my $t;
19
20 $tf->{CONFIGFILE} = 'mod-secdownload.conf';
21 ok($tf->start_proc == 0, "Starting lighttpd") or die();
22
23 my $secret = "verysecret";
24 my ($f, $thex, $m);
25
26 $t->{REQUEST} = ( <<EOF
27 GET /index.html HTTP/1.0
28 Host: www.example.org
29 EOF
30 );
31 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
32
33 ok($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
34
35 ## MD5
36 $f = "/index.html";
37 $thex = sprintf("%08x", time);
38 $m = md5_hex($secret.$f.$thex);
39
40 $t->{REQUEST} = ( <<EOF
41 GET /sec/$m/$thex$f HTTP/1.0
42 Host: vvv.example.org
43 EOF
44 );
45 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
46
47 ok($tf->handle_http($t) == 0, 'secdownload (md5)');
48
49 $thex = sprintf("%08x", time - 1800);
50 $m = md5_hex($secret.$f.$thex);
51
52 $t->{REQUEST} = ( <<EOF
53 GET /sec/$m/$thex$f HTTP/1.0
54 Host: vvv.example.org
55 EOF
56 );
57 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
58
59 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
60
61 $t->{REQUEST} = ( <<EOF
62 GET /sec$f HTTP/1.0
63 Host: vvv.example.org
64 EOF
65 );
66 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
67
68 ok($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
69
70 $f = "/noexists";
71 $thex = sprintf("%08x", time);
72 $m = md5_hex($secret.$f.$thex);
73
74 $t->{REQUEST} = ( <<EOF
75 GET /sec/$m/$thex$f HTTP/1.0
76 Host: vvv.example.org
77 EOF
78 );
79 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
80
81 ok($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
82
83
84 if (!$tf->has_feature("SSL support")) {
85
86 for (1..4) { ok(1, "secdownload (hmac-sha1) (skipped) - (missing SSL support)"); }
87 for (1..5) { ok(1, "secdownload (hmac-sha256) (skipped) - (missing SSL support)"); }
88
89 }
90 else {
91
92 ## HMAC-SHA1
93 $f = "/index.html";
94 $thex = sprintf("%08x", time);
95 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
96
97 $t->{REQUEST} = ( <<EOF
98 GET /sec/$m/$thex$f HTTP/1.0
99 Host: vvv-sha1.example.org
100 EOF
101 );
102 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
103
104 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
105
106 $thex = sprintf("%08x", time - 1800);
107 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
108
109 $t->{REQUEST} = ( <<EOF
110 GET /sec/$m/$thex$f HTTP/1.0
111 Host: vvv-sha1.example.org
112 EOF
113 );
114 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
115
116 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
117
118 $t->{REQUEST} = ( <<EOF
119 GET /sec$f HTTP/1.0
120 Host: vvv-sha1.example.org
121 EOF
122 );
123 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
124
125 ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
126
127
128 $f = "/noexists";
129 $thex = sprintf("%08x", time);
130 $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
131
132 $t->{REQUEST} = ( <<EOF
133 GET /sec/$m/$thex$f HTTP/1.0
134 Host: vvv-sha1.example.org
135 EOF
136 );
137 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
138
139 ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
140
141 ## HMAC-SHA256
142 $f = "/index.html";
143 $thex = sprintf("%08x", time);
144 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
145
146 $t->{REQUEST} = ( <<EOF
147 GET /sec/$m/$thex$f HTTP/1.0
148 Host: vvv-sha256.example.org
149 EOF
150 );
151 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
152
153 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
154
155 ## HMAC-SHA256
156 $f = "/index.html?qs=1";
157 $thex = sprintf("%08x", time);
158 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
159
160 $t->{REQUEST} = ( <<EOF
161 GET /sec/$m/$thex$f HTTP/1.0
162 Host: vvv-sha256.example.org
163 EOF
164 );
165 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
166
167 ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256) with hash-querystr');
168
169 $thex = sprintf("%08x", time - 1800);
170 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
171
172 $t->{REQUEST} = ( <<EOF
173 GET /sec/$m/$thex$f HTTP/1.0
174 Host: vvv-sha256.example.org
175 EOF
176 );
177 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
178
179 ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
180
181 $t->{REQUEST} = ( <<EOF
182 GET /sec$f HTTP/1.0
183 Host: vvv-sha256.example.org
184 EOF
185 );
186 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
187
188 ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
189
190
191 $f = "/noexists";
192 $thex = sprintf("%08x", time);
193 $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
194
195 $t->{REQUEST} = ( <<EOF
196 GET /sec/$m/$thex$f HTTP/1.0
197 Host: vvv-sha256.example.org
198 EOF
199 );
200 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
201
202 ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
203
204 } # SKIP if lighttpd built without crypto algorithms (e.g. without openssl)
205
206 ## THE END
207
208 ok($tf->stop_proc == 0, "Stopping lighttpd");
209
A fast webserver with minimal memory-footprint (lighttpd)