1<testcase> 2<info> 3<keywords> 4HTTP 5HTTP GET 6HTTP Digest auth 7</keywords> 8</info> 9# Server-side 10<reply> 11 12<!-- 13 14 Explanation for the duplicate 400 requests: 15 16 libcurl doesn't detect that a given Digest password is wrong already on the 17 first 401 response (as the data400 gives). libcurl will instead consider the 18 new response just as a duplicate and it sends another and detects the auth 19 problem on the second 401 response! 20 21--> 22 23<!-- First request has Digest auth, wrong password --> 24<data100> 25HTTP/1.1 401 Need Digest auth 26Server: Microsoft-IIS/5.0 27Content-Type: text/html; charset=iso-8859-1 28Content-Length: 27 29WWW-Authenticate: Digest realm="testrealm", nonce="1" 30 31This is not the real page! 32</data100> 33 34<data1100> 35HTTP/1.1 401 Sorry wrong password 36Server: Microsoft-IIS/5.0 37Content-Type: text/html; charset=iso-8859-1 38Content-Length: 29 39WWW-Authenticate: Digest realm="testrealm", nonce="2" 40 41This is a bad password page! 42</data1100> 43 44<!-- Second request has Digest auth, right password --> 45<data200> 46HTTP/1.1 401 Need Digest auth (2) 47Server: Microsoft-IIS/5.0 48Content-Type: text/html; charset=iso-8859-1 49Content-Length: 27 50WWW-Authenticate: Digest realm="testrealm", nonce="3" 51 52This is not the real page! 53</data200> 54 55<data1200> 56HTTP/1.1 200 Things are fine in server land 57Server: Microsoft-IIS/5.0 58Content-Type: text/html; charset=iso-8859-1 59Content-Length: 32 60 61Finally, this is the real page! 62</data1200> 63 64<!-- Third request has Digest auth, wrong password --> 65<data300> 66HTTP/1.1 401 Need Digest auth (3) 67Server: Microsoft-IIS/5.0 68Content-Type: text/html; charset=iso-8859-1 69Content-Length: 27 70WWW-Authenticate: Digest realm="testrealm", nonce="4" 71 72This is not the real page! 73</data300> 74 75<data1300> 76HTTP/1.1 401 Sorry wrong password (2) 77Server: Microsoft-IIS/5.0 78Content-Type: text/html; charset=iso-8859-1 79Content-Length: 29 80WWW-Authenticate: Digest realm="testrealm", nonce="5" 81 82This is a bad password page! 83</data1300> 84 85<!-- Fourth request has Digest auth, wrong password --> 86<data400> 87HTTP/1.1 401 Need Digest auth (4) 88Server: Microsoft-IIS/5.0 89Content-Type: text/html; charset=iso-8859-1 90Content-Length: 27 91WWW-Authenticate: Digest realm="testrealm", nonce="6" 92 93This is not the real page! 94</data400> 95 96<data1400> 97HTTP/1.1 401 Sorry wrong password (3) 98Server: Microsoft-IIS/5.0 99Content-Type: text/html; charset=iso-8859-1 100Content-Length: 29 101WWW-Authenticate: Digest realm="testrealm", nonce="7" 102 103This is a bad password page! 104</data1400> 105 106<!-- Fifth request has Digest auth, right password --> 107<data1500> 108HTTP/1.1 200 Things are fine in server land (2) 109Server: Microsoft-IIS/5.0 110Content-Type: text/html; charset=iso-8859-1 111Content-Length: 32 112 113Finally, this is the real page! 114</data1500> 115 116<datacheck> 117HTTP/1.1 401 Need Digest auth 118Server: Microsoft-IIS/5.0 119Content-Type: text/html; charset=iso-8859-1 120Content-Length: 27 121WWW-Authenticate: Digest realm="testrealm", nonce="1" 122 123HTTP/1.1 401 Sorry wrong password 124Server: Microsoft-IIS/5.0 125Content-Type: text/html; charset=iso-8859-1 126Content-Length: 29 127WWW-Authenticate: Digest realm="testrealm", nonce="2" 128 129This is a bad password page! 130HTTP/1.1 200 Things are fine in server land 131Server: Microsoft-IIS/5.0 132Content-Type: text/html; charset=iso-8859-1 133Content-Length: 32 134 135Finally, this is the real page! 136HTTP/1.1 401 Need Digest auth (3) 137Server: Microsoft-IIS/5.0 138Content-Type: text/html; charset=iso-8859-1 139Content-Length: 27 140WWW-Authenticate: Digest realm="testrealm", nonce="4" 141 142HTTP/1.1 401 Sorry wrong password (2) 143Server: Microsoft-IIS/5.0 144Content-Type: text/html; charset=iso-8859-1 145Content-Length: 29 146WWW-Authenticate: Digest realm="testrealm", nonce="5" 147 148This is a bad password page! 149HTTP/1.1 401 Sorry wrong password (3) 150Server: Microsoft-IIS/5.0 151Content-Type: text/html; charset=iso-8859-1 152Content-Length: 29 153WWW-Authenticate: Digest realm="testrealm", nonce="7" 154 155HTTP/1.1 401 Sorry wrong password (3) 156Server: Microsoft-IIS/5.0 157Content-Type: text/html; charset=iso-8859-1 158Content-Length: 29 159WWW-Authenticate: Digest realm="testrealm", nonce="7" 160 161This is a bad password page! 162HTTP/1.1 200 Things are fine in server land (2) 163Server: Microsoft-IIS/5.0 164Content-Type: text/html; charset=iso-8859-1 165Content-Length: 32 166 167Finally, this is the real page! 168</datacheck> 169 170</reply> 171 172# Client-side 173<client> 174<server> 175http 176</server> 177<features> 178!SSPI 179crypto 180</features> 181<tool> 182libauthretry 183</tool> 184 185<name> 186HTTP authorization retry (Digest) 187</name> 188 <setenv> 189# we force our own host name, in order to make the test machine independent 190CURL_GETHOSTNAME=curlhost 191# we try to use the LD_PRELOAD hack, if not a debug build 192LD_PRELOAD=%PWD/libtest/.libs/libhostname.so 193 </setenv> 194<command> 195http://%HOSTIP:%HTTPPORT/%TESTNUMBER digest digest 196</command> 197<precheck> 198chkhostname curlhost 199</precheck> 200</client> 201 202# Verify data after the test has been "shot" 203<verify> 204<protocol> 205GET /%TESTNUMBER0100 HTTP/1.1 206Host: %HOSTIP:%HTTPPORT 207Accept: */* 208 209GET /%TESTNUMBER0100 HTTP/1.1 210Host: %HOSTIP:%HTTPPORT 211Authorization: Digest username="testuser", realm="testrealm", nonce="1", uri="/%TESTNUMBER0100", response="f7fd60eefaff5225971bf9b3d80d6ba6" 212Accept: */* 213 214GET /%TESTNUMBER0200 HTTP/1.1 215Host: %HOSTIP:%HTTPPORT 216Authorization: Digest username="testuser", realm="testrealm", nonce="2", uri="/%TESTNUMBER0200", response="785ca3ef511999f7e9c178195f5b388c" 217Accept: */* 218 219GET /%TESTNUMBER0300 HTTP/1.1 220Host: %HOSTIP:%HTTPPORT 221Accept: */* 222 223GET /%TESTNUMBER0300 HTTP/1.1 224Host: %HOSTIP:%HTTPPORT 225Authorization: Digest username="testuser", realm="testrealm", nonce="4", uri="/%TESTNUMBER0300", response="4c735d2360fd6848e7cb32a11ae3612b" 226Accept: */* 227 228GET /%TESTNUMBER0400 HTTP/1.1 229Host: %HOSTIP:%HTTPPORT 230Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/%TESTNUMBER0400", response="f5906785511fb60a2af8b1cd53008ead" 231Accept: */* 232 233GET /%TESTNUMBER0400 HTTP/1.1 234Host: %HOSTIP:%HTTPPORT 235Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/%TESTNUMBER0400", response="f5906785511fb60a2af8b1cd53008ead" 236Accept: */* 237 238GET /%TESTNUMBER0500 HTTP/1.1 239Host: %HOSTIP:%HTTPPORT 240Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/%TESTNUMBER0500", response="8ef4d935fd964a46c3965c0863b52cf1" 241Accept: */* 242 243</protocol> 244</verify> 245</testcase> 246