summaryrefslogtreecommitdiff
path: root/data/lighttpd/lighttpd-1.4.53/tests/mod-secdownload.t
diff options
context:
space:
mode:
Diffstat (limited to 'data/lighttpd/lighttpd-1.4.53/tests/mod-secdownload.t')
-rwxr-xr-xdata/lighttpd/lighttpd-1.4.53/tests/mod-secdownload.t198
1 files changed, 198 insertions, 0 deletions
diff --git a/data/lighttpd/lighttpd-1.4.53/tests/mod-secdownload.t b/data/lighttpd/lighttpd-1.4.53/tests/mod-secdownload.t
new file mode 100755
index 000000000..91276cdda
--- /dev/null
+++ b/data/lighttpd/lighttpd-1.4.53/tests/mod-secdownload.t
@@ -0,0 +1,198 @@
+#!/usr/bin/env perl
+BEGIN {
+ # add current source dir to the include-path
+ # we need this for make distcheck
+ (my $srcdir = $0) =~ s,/[^/]+$,/,;
+ unshift @INC, $srcdir;
+}
+
+use strict;
+use IO::Socket;
+use Test::More tests => 16;
+use LightyTest;
+use Digest::MD5 qw(md5_hex);
+use Digest::SHA qw(hmac_sha1 hmac_sha256);
+use MIME::Base64 qw(encode_base64url);
+
+my $tf = LightyTest->new();
+my $t;
+
+$tf->{CONFIGFILE} = 'mod-secdownload.conf';
+ok($tf->start_proc == 0, "Starting lighttpd") or die();
+
+my $secret = "verysecret";
+my ($f, $thex, $m);
+
+$t->{REQUEST} = ( <<EOF
+GET /index.html HTTP/1.0
+Host: www.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+
+ok($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
+
+## MD5
+$f = "/index.html";
+$thex = sprintf("%08x", time);
+$m = md5_hex($secret.$f.$thex);
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload (md5)');
+
+$thex = sprintf("%08x", time - 1800);
+$m = md5_hex($secret.$f.$thex);
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
+
+$t->{REQUEST} = ( <<EOF
+GET /sec$f HTTP/1.0
+Host: vvv.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
+
+$f = "/noexists";
+$thex = sprintf("%08x", time);
+$m = md5_hex($secret.$f.$thex);
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
+
+## HMAC-SHA1
+$f = "/index.html";
+$thex = sprintf("%08x", time);
+$m = encode_base64url(hmac_sha1("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha1.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
+
+$thex = sprintf("%08x", time - 1800);
+$m = encode_base64url(hmac_sha1("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha1.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
+
+$t->{REQUEST} = ( <<EOF
+GET /sec$f HTTP/1.0
+Host: vvv-sha1.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
+
+
+$f = "/noexists";
+$thex = sprintf("%08x", time);
+$m = encode_base64url(hmac_sha1("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha1.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
+
+## HMAC-SHA256
+$f = "/index.html";
+$thex = sprintf("%08x", time);
+$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha256.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
+
+## HMAC-SHA256
+$f = "/index.html?qs=1";
+$thex = sprintf("%08x", time);
+$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha256.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256) with hash-querystr');
+
+$thex = sprintf("%08x", time - 1800);
+$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha256.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
+
+$t->{REQUEST} = ( <<EOF
+GET /sec$f HTTP/1.0
+Host: vvv-sha256.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
+
+
+$f = "/noexists";
+$thex = sprintf("%08x", time);
+$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
+
+$t->{REQUEST} = ( <<EOF
+GET /sec/$m/$thex$f HTTP/1.0
+Host: vvv-sha256.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
+
+ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
+
+## THE END
+
+ok($tf->stop_proc == 0, "Stopping lighttpd");
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 00:45:40 +0000