Mercurial > hg > nginx-tests
view auth_delay.t @ 1884:6f1508d53a26
Tests: fixed extracting QUIC early secret if PSK is not in use.
Although, PSK binder values in the pre-shared key extension are constructed
with a binder key derived from the early secret extracted with input keying
material of the corresponding offered PSK, an actual early secret should be
recomputed with a selected PSK. See RFC 8446, section 7.1 and 4.2.11.2.
Seen with QuicTLS and disabled session tickets, which, unlike in BoringSSL,
still sends session tickets but doesn't accept any pre-shared keys.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 18 Jan 2023 16:04:33 +0400 |
parents | 5ac6efbe5552 |
children |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for auth_delay directive using auth basic module. ############################################################################### use warnings; use strict; use Test::More; use MIME::Base64; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http auth_basic/) ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% server { listen 127.0.0.1:8080; server_name localhost; location / { auth_delay 2s; auth_basic "closed site"; auth_basic_user_file %%TESTDIR%%/htpasswd; } } } EOF $t->write_file('index.html', ''); $t->write_file('htpasswd', 'user:' . '{PLAIN}good' . "\n"); $t->run()->plan(4); ############################################################################### my $t1 = time(); like(http_get_auth('/', 'user', 'bad'), qr/401 Unauthorize/, 'not authorized'); cmp_ok(time() - $t1, '>=', 2, 'auth delay'); $t1 = time(); like(http_get_auth('/', 'user', 'good'), qr/200 OK/, 'authorized'); cmp_ok(time() - $t1, '<', 2, 'no delay'); ############################################################################### sub http_get_auth { my ($url, $user, $password) = @_; my $auth = encode_base64($user . ':' . $password, ''); return http(<<EOF); GET $url HTTP/1.0 Host: localhost Authorization: Basic $auth EOF } ###############################################################################