lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

197 lines
4.7 KiB

  1. #!/usr/bin/env perl
  2. BEGIN {
  3. # add current source dir to the include-path
  4. # we need this for make distcheck
  5. (my $srcdir = $0) =~ s,/[^/]+$,/,;
  6. unshift @INC, $srcdir;
  7. }
  8. use strict;
  9. use IO::Socket;
  10. use Test::More tests => 16;
  11. use LightyTest;
  12. use Digest::MD5 qw(md5_hex);
  13. use Digest::SHA qw(hmac_sha1 hmac_sha256);
  14. use MIME::Base64 qw(encode_base64url);
  15. my $tf = LightyTest->new();
  16. my $t;
  17. ok($tf->start_proc == 0, "Starting lighttpd") or die();
  18. my $secret = "verysecret";
  19. my ($f, $thex, $m);
  20. $t->{REQUEST} = ( <<EOF
  21. GET /index.html HTTP/1.0
  22. Host: www.example.org
  23. EOF
  24. );
  25. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  26. ok($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
  27. ## MD5
  28. $f = "/index.html";
  29. $thex = sprintf("%08x", time);
  30. $m = md5_hex($secret.$f.$thex);
  31. $t->{REQUEST} = ( <<EOF
  32. GET /sec/$m/$thex$f HTTP/1.0
  33. Host: vvv.example.org
  34. EOF
  35. );
  36. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  37. ok($tf->handle_http($t) == 0, 'secdownload (md5)');
  38. $thex = sprintf("%08x", time - 1800);
  39. $m = md5_hex($secret.$f.$thex);
  40. $t->{REQUEST} = ( <<EOF
  41. GET /sec/$m/$thex$f HTTP/1.0
  42. Host: vvv.example.org
  43. EOF
  44. );
  45. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
  46. ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
  47. $t->{REQUEST} = ( <<EOF
  48. GET /sec$f HTTP/1.0
  49. Host: vvv.example.org
  50. EOF
  51. );
  52. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  53. ok($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
  54. $f = "/noexists";
  55. $thex = sprintf("%08x", time);
  56. $m = md5_hex($secret.$f.$thex);
  57. $t->{REQUEST} = ( <<EOF
  58. GET /sec/$m/$thex$f HTTP/1.0
  59. Host: vvv.example.org
  60. EOF
  61. );
  62. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  63. ok($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
  64. ## HMAC-SHA1
  65. $f = "/index.html";
  66. $thex = sprintf("%08x", time);
  67. $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
  68. $t->{REQUEST} = ( <<EOF
  69. GET /sec/$m/$thex$f HTTP/1.0
  70. Host: vvv-sha1.example.org
  71. EOF
  72. );
  73. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  74. ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
  75. $thex = sprintf("%08x", time - 1800);
  76. $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
  77. $t->{REQUEST} = ( <<EOF
  78. GET /sec/$m/$thex$f HTTP/1.0
  79. Host: vvv-sha1.example.org
  80. EOF
  81. );
  82. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
  83. ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
  84. $t->{REQUEST} = ( <<EOF
  85. GET /sec$f HTTP/1.0
  86. Host: vvv-sha1.example.org
  87. EOF
  88. );
  89. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  90. ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
  91. $f = "/noexists";
  92. $thex = sprintf("%08x", time);
  93. $m = encode_base64url(hmac_sha1("/$thex$f", $secret));
  94. $t->{REQUEST} = ( <<EOF
  95. GET /sec/$m/$thex$f HTTP/1.0
  96. Host: vvv-sha1.example.org
  97. EOF
  98. );
  99. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  100. ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
  101. ## HMAC-SHA256
  102. $f = "/index.html";
  103. $thex = sprintf("%08x", time);
  104. $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
  105. $t->{REQUEST} = ( <<EOF
  106. GET /sec/$m/$thex$f HTTP/1.0
  107. Host: vvv-sha256.example.org
  108. EOF
  109. );
  110. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  111. ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
  112. ## HMAC-SHA256
  113. $f = "/index.html?qs=1";
  114. $thex = sprintf("%08x", time);
  115. $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
  116. $t->{REQUEST} = ( <<EOF
  117. GET /sec/$m/$thex$f HTTP/1.0
  118. Host: vvv-sha256.example.org
  119. EOF
  120. );
  121. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
  122. ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256) with hash-querystr');
  123. $thex = sprintf("%08x", time - 1800);
  124. $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
  125. $t->{REQUEST} = ( <<EOF
  126. GET /sec/$m/$thex$f HTTP/1.0
  127. Host: vvv-sha256.example.org
  128. EOF
  129. );
  130. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
  131. ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
  132. $t->{REQUEST} = ( <<EOF
  133. GET /sec$f HTTP/1.0
  134. Host: vvv-sha256.example.org
  135. EOF
  136. );
  137. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  138. ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
  139. $f = "/noexists";
  140. $thex = sprintf("%08x", time);
  141. $m = encode_base64url(hmac_sha256("/$thex$f", $secret));
  142. $t->{REQUEST} = ( <<EOF
  143. GET /sec/$m/$thex$f HTTP/1.0
  144. Host: vvv-sha256.example.org
  145. EOF
  146. );
  147. $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
  148. ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
  149. ## THE END
  150. ok($tf->stop_proc == 0, "Stopping lighttpd");