• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1<testcase>
2<info>
3<keywords>
4HTTP
5HTTP GET
6HTTP Digest auth
7followlocation
8</keywords>
9</info>
10
11# Server-side
12<reply>
13<data>
14HTTP/1.1 401 authentication please swsbounce
15Server: Microsoft-IIS/6.0
16WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth"
17Content-Type: text/html; charset=iso-8859-1
18Content-Length: 0
19
20</data>
21<data1000>
22HTTP/1.1 302 Thanks for this, but we want to redir you!
23Server: Microsoft-IIS/5.0
24Content-Type: text/html; charset=iso-8859-1
25Location: /12860001
26Content-Length: 0
27
28</data1000>
29<data1001>
30HTTP/1.1 404 Not Found
31Server: Microsoft-IIS/5.0
32Content-Type: text/html; charset=iso-8859-1
33Content-Length: 0
34
35</data1001>
36
37<datacheck>
38HTTP/1.1 401 authentication please swsbounce
39Server: Microsoft-IIS/6.0
40WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth"
41Content-Type: text/html; charset=iso-8859-1
42Content-Length: 0
43
44HTTP/1.1 302 Thanks for this, but we want to redir you!
45Server: Microsoft-IIS/5.0
46Content-Type: text/html; charset=iso-8859-1
47Location: /12860001
48Content-Length: 0
49
50HTTP/1.1 404 Not Found
51Server: Microsoft-IIS/5.0
52Content-Type: text/html; charset=iso-8859-1
53Content-Length: 0
54
55</datacheck>
56
57</reply>
58
59# Client-side
60<client>
61#
62<server>
63http
64</server>
65<features>
66crypto
67</features>
68<name>
69HTTP GET --digest increasing nonce-count
70</name>
71# This test is to ensure the nonce-count (nc) increases
72# https://github.com/curl/curl/pull/1251
73<command>
74-u auser:apasswd --location --digest http://%HOSTIP:%HTTPPORT/1286
75</command>
76</client>
77
78# Verify data after the test has been "shot"
79<verify>
80
81# Reorder the fields in 'Authorization: Digest' header.
82# Since regular and SSPI digest auth header fields may not have the same order
83# or whitespace we homogenize so that both may be tested. Also:
84# - Remove the unique value from cnonce if in RFC format
85# - Remove the unique value from response if in RFC format
86# - Remove quotes from qop="auth" used by SSPI
87# The if statement is one line because runtests evaluates one line at a time.
88<strippart>
89if(s/^(Authorization: Digest )([^\r\n]+)(\r?\n)$//) { $_ = $1 . join(', ', map { s/^(cnonce=)"[a-zA-Z0-9+\/=]+"$/$1REMOVED/; s/^(response=)"[a-f0-9]{32}"$/$1REMOVED/; s/^qop="auth"$/qop=auth/; $_ } sort split(/, */, $2)) . $3; }
90</strippart>
91<protocol>
92GET /1286 HTTP/1.1
93Host: %HOSTIP:%HTTPPORT
94User-Agent: curl/%VERSION
95Accept: */*
96
97GET /1286 HTTP/1.1
98Host: %HOSTIP:%HTTPPORT
99Authorization: Digest cnonce=REMOVED, nc=00000001, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/1286", username="auser"
100User-Agent: curl/%VERSION
101Accept: */*
102
103GET /12860001 HTTP/1.1
104Host: %HOSTIP:%HTTPPORT
105Authorization: Digest cnonce=REMOVED, nc=00000002, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/12860001", username="auser"
106User-Agent: curl/%VERSION
107Accept: */*
108
109</protocol>
110</verify>
111</testcase>
112