+#!/bin/sh
+
+# Test authentication.
+
+# Copyright (C) 2013 Simon Ruderich
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+test "x$srcdir" = x && srcdir=.
+. "$srcdir/common.sh"
+
+
+# Create necessary files.
+cleanup
+tlsproxy_setup
+
+echo 'dXNlcm5hbWU6cGFzc3dvcmQ=' > digest-authentication
+tlsproxy -a digest-authentication 4711
+server --x509certfile "$srcdir/server.pem" \
+ --x509keyfile "$srcdir/server-key.pem"
+wait_for_ports 4711 4712
+rm -f digest-authentication
+
+echo missing authentication 1
+client localhost 4712 invalid \
+ && abort 'client localhost 4712 invalid'
+test_proxy_authentication_failure
+
+# Create the proxy certificate.
+tlsproxy_add localhost server.pem
+
+echo missing authentication 2
+client localhost 4712 localhost \
+ && abort 'client localhost 4712 localhost'
+test_proxy_authentication_failure
+
+echo invalid authentication 1
+client localhost 4712 localhost 'username:password' \
+ && abort 'client localhost 4712 localhost username:password'
+test_proxy_authentication_failure
+
+echo invalid authentication 2
+client localhost 4712 localhost 'dXNlcm5hbWU6cGFzc3dvcmQ' \
+ && abort 'client localhost 4712 localhost dXNlcm5hbWU6cGFzc3dvcmQ'
+test_proxy_authentication_failure
+
+echo invalid authentication 3
+client localhost 4712 localhost 'dXNlcm5hbWU6cGFzc3dvcmQ=X' \
+ && abort 'client localhost 4712 localhost dXNlcm5hbWU6cGFzc3dvcmQ=X'
+test_proxy_authentication_failure
+
+echo valid authentication
+client localhost 4712 localhost 'dXNlcm5hbWU6cGFzc3dvcmQ=' \
+ || abort 'client localhost 4712 localhost dXNlcm5hbWU6cGFzc3dvcmQ='
+test_proxy_successful
+
+echo valid authentication with invalid certificate
+tlsproxy_add localhost server-bad.pem
+client localhost 4712 localhost 'dXNlcm5hbWU6cGFzc3dvcmQ=' \
+ && abort 'client localhost 4712 invalid dXNlcm5hbWU6cGFzc3dvcmQ='
+test_proxy_successful
+test_invalid_certificate
+
+
+# stop_servers in trap-handler
+cleanup
+
+exit 0