3 # add current source dir to the include-path
4 # we need this for make distcheck
5 (my $srcdir = $0) =~ s
,/[^/]+$,/,;
11 use Test
::More tests
=> 16;
13 use Digest
::MD5
qw(md5_hex);
14 use Digest
::SHA
qw(hmac_sha1 hmac_sha256);
15 use MIME
::Base64
qw(encode_base64url);
17 my $tf = LightyTest
->new();
20 $tf->{CONFIGFILE
} = 'mod-secdownload.conf';
21 ok
($tf->start_proc == 0, "Starting lighttpd") or die();
23 my $secret = "verysecret";
26 $t->{REQUEST
} = ( <<EOF
27 GET /index.html HTTP/1.0
31 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
33 ok
($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
37 $thex = sprintf("%08x", time);
38 $m = md5_hex
($secret.$f.$thex);
40 $t->{REQUEST
} = ( <<EOF
41 GET /sec/$m/$thex$f HTTP/1.0
45 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
47 ok
($tf->handle_http($t) == 0, 'secdownload (md5)');
49 $thex = sprintf("%08x", time - 1800);
50 $m = md5_hex
($secret.$f.$thex);
52 $t->{REQUEST
} = ( <<EOF
53 GET /sec/$m/$thex$f HTTP/1.0
57 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
59 ok
($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
61 $t->{REQUEST
} = ( <<EOF
66 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
68 ok
($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
71 $thex = sprintf("%08x", time);
72 $m = md5_hex
($secret.$f.$thex);
74 $t->{REQUEST
} = ( <<EOF
75 GET /sec/$m/$thex$f HTTP/1.0
79 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
81 ok
($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
84 if (!$tf->has_feature("SSL support")) {
86 for (1..4) { ok
(1, "secdownload (hmac-sha1) (skipped) - (missing SSL support)"); }
87 for (1..5) { ok
(1, "secdownload (hmac-sha256) (skipped) - (missing SSL support)"); }
94 $thex = sprintf("%08x", time);
95 $m = encode_base64url
(hmac_sha1
("/$thex$f", $secret));
97 $t->{REQUEST
} = ( <<EOF
98 GET /sec/$m/$thex$f HTTP/1.0
99 Host: vvv-sha1.example.org
102 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
104 ok
($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
106 $thex = sprintf("%08x", time - 1800);
107 $m = encode_base64url
(hmac_sha1
("/$thex$f", $secret));
109 $t->{REQUEST
} = ( <<EOF
110 GET /sec/$m/$thex$f HTTP/1.0
111 Host: vvv-sha1.example.org
114 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
116 ok
($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
118 $t->{REQUEST
} = ( <<EOF
120 Host: vvv-sha1.example.org
123 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
125 ok
($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
129 $thex = sprintf("%08x", time);
130 $m = encode_base64url
(hmac_sha1
("/$thex$f", $secret));
132 $t->{REQUEST
} = ( <<EOF
133 GET /sec/$m/$thex$f HTTP/1.0
134 Host: vvv-sha1.example.org
137 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
139 ok
($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
143 $thex = sprintf("%08x", time);
144 $m = encode_base64url
(hmac_sha256
("/$thex$f", $secret));
146 $t->{REQUEST
} = ( <<EOF
147 GET /sec/$m/$thex$f HTTP/1.0
148 Host: vvv-sha256.example.org
151 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
153 ok
($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
156 $f = "/index.html?qs=1";
157 $thex = sprintf("%08x", time);
158 $m = encode_base64url
(hmac_sha256
("/$thex$f", $secret));
160 $t->{REQUEST
} = ( <<EOF
161 GET /sec/$m/$thex$f HTTP/1.0
162 Host: vvv-sha256.example.org
165 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
167 ok
($tf->handle_http($t) == 0, 'secdownload (hmac-sha256) with hash-querystr');
169 $thex = sprintf("%08x", time - 1800);
170 $m = encode_base64url
(hmac_sha256
("/$thex$f", $secret));
172 $t->{REQUEST
} = ( <<EOF
173 GET /sec/$m/$thex$f HTTP/1.0
174 Host: vvv-sha256.example.org
177 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
179 ok
($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
181 $t->{REQUEST
} = ( <<EOF
183 Host: vvv-sha256.example.org
186 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
188 ok
($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
192 $thex = sprintf("%08x", time);
193 $m = encode_base64url
(hmac_sha256
("/$thex$f", $secret));
195 $t->{REQUEST
} = ( <<EOF
196 GET /sec/$m/$thex$f HTTP/1.0
197 Host: vvv-sha256.example.org
200 $t->{RESPONSE
} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
202 ok
($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
204 } # SKIP if lighttpd built without crypto algorithms (e.g. without openssl)
208 ok
($tf->stop_proc == 0, "Stopping lighttpd");