1: #!/usr/bin/env perl
2: BEGIN {
3: # add current source dir to the include-path
4: # we need this for make distcheck
5: (my $srcdir = $0) =~ s,/[^/]+$,/,;
6: unshift @INC, $srcdir;
7: }
8:
9: use strict;
10: use IO::Socket;
11: use Test::More tests => 15;
12: use LightyTest;
13: use Digest::MD5 qw(md5_hex);
14: use Digest::SHA qw(hmac_sha1 hmac_sha256);
15: use MIME::Base64 qw(encode_base64url);
16:
17: my $tf = LightyTest->new();
18: my $t;
19:
20: ok($tf->start_proc == 0, "Starting lighttpd") or die();
21:
22: my $secret = "verysecret";
23: my ($f, $thex, $m);
24:
25: $t->{REQUEST} = ( <<EOF
26: GET /index.html HTTP/1.0
27: Host: www.example.org
28: EOF
29: );
30: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
31:
32: ok($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
33:
34: ## MD5
35: $f = "/index.html";
36: $thex = sprintf("%08x", time);
37: $m = md5_hex($secret.$f.$thex);
38:
39: $t->{REQUEST} = ( <<EOF
40: GET /sec/$m/$thex$f HTTP/1.0
41: Host: vvv.example.org
42: EOF
43: );
44: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
45:
46: ok($tf->handle_http($t) == 0, 'secdownload (md5)');
47:
48: $thex = sprintf("%08x", time - 1800);
49: $m = md5_hex($secret.$f.$thex);
50:
51: $t->{REQUEST} = ( <<EOF
52: GET /sec/$m/$thex$f HTTP/1.0
53: Host: vvv.example.org
54: EOF
55: );
56: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
57:
58: ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
59:
60: $t->{REQUEST} = ( <<EOF
61: GET /sec$f HTTP/1.0
62: Host: vvv.example.org
63: EOF
64: );
65: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
66:
67: ok($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
68:
69: $f = "/noexists";
70: $thex = sprintf("%08x", time);
71: $m = md5_hex($secret.$f.$thex);
72:
73: $t->{REQUEST} = ( <<EOF
74: GET /sec/$m/$thex$f HTTP/1.0
75: Host: vvv.example.org
76: EOF
77: );
78: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
79:
80: ok($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
81:
82: ## HMAC-SHA1
83: $f = "/index.html";
84: $thex = sprintf("%08x", time);
85: $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
86:
87: $t->{REQUEST} = ( <<EOF
88: GET /sec/$m/$thex$f HTTP/1.0
89: Host: vvv-sha1.example.org
90: EOF
91: );
92: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
93:
94: ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
95:
96: $thex = sprintf("%08x", time - 1800);
97: $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
98:
99: $t->{REQUEST} = ( <<EOF
100: GET /sec/$m/$thex$f HTTP/1.0
101: Host: vvv-sha1.example.org
102: EOF
103: );
104: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
105:
106: ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
107:
108: $t->{REQUEST} = ( <<EOF
109: GET /sec$f HTTP/1.0
110: Host: vvv-sha1.example.org
111: EOF
112: );
113: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
114:
115: ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
116:
117:
118: $f = "/noexists";
119: $thex = sprintf("%08x", time);
120: $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
121:
122: $t->{REQUEST} = ( <<EOF
123: GET /sec/$m/$thex$f HTTP/1.0
124: Host: vvv-sha1.example.org
125: EOF
126: );
127: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
128:
129: ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
130:
131: ## HMAC-SHA256
132: $f = "/index.html";
133: $thex = sprintf("%08x", time);
134: $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
135:
136: $t->{REQUEST} = ( <<EOF
137: GET /sec/$m/$thex$f HTTP/1.0
138: Host: vvv-sha256.example.org
139: EOF
140: );
141: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
142:
143: ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
144:
145: $thex = sprintf("%08x", time - 1800);
146: $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
147:
148: $t->{REQUEST} = ( <<EOF
149: GET /sec/$m/$thex$f HTTP/1.0
150: Host: vvv-sha256.example.org
151: EOF
152: );
153: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
154:
155: ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
156:
157: $t->{REQUEST} = ( <<EOF
158: GET /sec$f HTTP/1.0
159: Host: vvv-sha256.example.org
160: EOF
161: );
162: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
163:
164: ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
165:
166:
167: $f = "/noexists";
168: $thex = sprintf("%08x", time);
169: $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
170:
171: $t->{REQUEST} = ( <<EOF
172: GET /sec/$m/$thex$f HTTP/1.0
173: Host: vvv-sha256.example.org
174: EOF
175: );
176: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
177:
178: ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
179:
180: ## THE END
181:
182: ok($tf->stop_proc == 0, "Stopping lighttpd");
183:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>