MINOR: sample: Add digest and hmac converters Make the digest and HMAC function of OpenSSL accessible to the user via converters. They can be used to sign and validate content. Reviewed-by: Tim Duesterhus <tim@bastelstu.be>

commit: 8e36651ed361487d796dd0591fbb41aac955be93 [log] [tgz]
author: Patrick Gansterer <paroga@paroga.com> Wed Apr 22 16:47:57 2020 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Tue May 12 10:08:11 2020 +0200
tree: 21128f5d255434cbd80db07aa87e6694d56873cd
parent: b399bfb9e21d9076133e00511dc07026ac9301d6 [diff]
diff --git a/reg-tests/converter/digest.vtc b/reg-tests/converter/digest.vtc
new file mode 100644
index 0000000..a14f1cc
--- /dev/null
+++ b/reg-tests/converter/digest.vtc

@@ -0,0 +1,57 @@
+varnishtest "digest converter Test"
+
+#REQUIRE_VERSION=2.2
+#REQUIRE_OPTION=OPENSSL
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect 1s
+	timeout client  1s
+	timeout server  1s
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.hash) req.hdr(hash)
+
+	http-response set-header SHA1   "%[var(txn.hash),digest(sha1),hex,lower]"
+	http-response set-header SHA224   "%[var(txn.hash),digest(sha224),hex,lower]"
+	http-response set-header SHA256   "%[var(txn.hash),digest(sha256),hex,lower]"
+	http-response set-header SHA384   "%[var(txn.hash),digest(sha384),hex,lower]"
+	http-response set-header SHA512   "%[var(txn.hash),digest(sha512),hex,lower]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "Hash: 1"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1 == "356a192b7913b04c54574d18c28d46e6395428ab"
+	expect resp.http.sha224 == "e25388fde8290dc286a6164fa2d97e551b53498dcbf7bc378eb1f178"
+	expect resp.http.sha256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
+	expect resp.http.sha384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776"
+	expect resp.http.sha512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a"
+	txreq -url "/" \
+	  -hdr "Hash: 2"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1 == "da4b9237bacccdf19c0760cab7aec4a8359010b0"
+	expect resp.http.sha224 == "58b2aaa0bfae7acc021b3260e941117b529b2e69de878fd7d45c61a9"
+	expect resp.http.sha256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
+	expect resp.http.sha384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e"
+	expect resp.http.sha512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114"
+} -run

diff --git a/reg-tests/converter/hmac.vtc b/reg-tests/converter/hmac.vtc
new file mode 100644
index 0000000..f9d9d35
--- /dev/null
+++ b/reg-tests/converter/hmac.vtc

@@ -0,0 +1,55 @@
+varnishtest "HMAC converter Test"
+
+#REQUIRE_VERSION=2.2
+#REQUIRE_OPTION=OPENSSL
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect 1s
+	timeout client  1s
+	timeout server  1s
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.hash) req.hdr(hash)
+	http-request  set-var(txn.key) str(my_super_secret_long_key),base64
+
+	http-response set-header SHA1-short   "%[var(txn.hash),hmac(sha1,a2V5),hex,lower]"
+	http-response set-header SHA1-long   "%[var(txn.hash),hmac(sha1,txn.key),hex,lower]"
+	http-response set-header SHA256-short   "%[var(txn.hash),hmac(sha256,a2V5),hex,lower]"
+	http-response set-header SHA256-long   "%[var(txn.hash),hmac(sha256,txn.key),hex,lower]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "Hash: 1"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1-short == "e23feb105f9622241bf23db1638cd2b4208b1f53"
+	expect resp.http.sha1-long == "87b10ddcf39e26f6bd7c3b0e38e0125997b255be"
+	expect resp.http.sha256-short == "6da91fb91517be1f5cdcf3af91d7d40c717dd638a306157606fb2e584f7ae926"
+	expect resp.http.sha256-long == "2fb3de6a462c54d1803f946b52202f3a8cd46548ffb3f789b4ac11a4361ffef2"
+	txreq -url "/" \
+	  -hdr "Hash: 2"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1-short == "311219c4a80c5ef81b1cee5505236c1d0ab1922c"
+	expect resp.http.sha1-long == "c5758af565ba4b87b3db49c8b32d4a94d430cb78"
+	expect resp.http.sha256-short == "ae7b3ee87b8c9214f714df1c2042c7a985b9d711e9938a063937ad1636775a88"
+	expect resp.http.sha256-long == "c073191a2ebf29f510444b92c187d62199d84b58f58dceeadb91994c170a9a16"
+} -run
commit	8e36651ed361487d796dd0591fbb41aac955be93	[log] [tgz]
author	Patrick Gansterer <paroga@paroga.com>	Wed Apr 22 16:47:57 2020 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Tue May 12 10:08:11 2020 +0200
tree	21128f5d255434cbd80db07aa87e6694d56873cd
parent	b399bfb9e21d9076133e00511dc07026ac9301d6 [diff]