| <testcase> |
| <info> |
| <keywords> |
| HTTP |
| HTTP GET |
| HTTP Digest auth |
| </keywords> |
| </info> |
| # Server-side |
| <reply> |
| |
| <!-- |
| |
| Explanation for the duplicate 400 requests: |
| |
| libcurl doesn't detect that a given Digest password is wrong already on the |
| first 401 response (as the data400 gives). libcurl will instead consider the |
| new response just as a duplicate and it sends another and detects the auth |
| problem on the second 401 response! |
| |
| --> |
| |
| <!-- First request has Digest auth, wrong password --> |
| <data100> |
| HTTP/1.1 401 Need Digest auth
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 27
|
| WWW-Authenticate: Digest realm="testrealm", nonce="1"
|
|
|
| This is not the real page! |
| </data100> |
| |
| <data1100> |
| HTTP/1.1 401 Sorry wrong password
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 29
|
| WWW-Authenticate: Digest realm="testrealm", nonce="2"
|
|
|
| This is a bad password page! |
| </data1100> |
| |
| <!-- Second request has Digest auth, right password --> |
| <data200> |
| HTTP/1.1 401 Need Digest auth (2)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 27
|
| WWW-Authenticate: Digest realm="testrealm", nonce="3"
|
|
|
| This is not the real page! |
| </data200> |
| |
| <data1200> |
| HTTP/1.1 200 Things are fine in server land
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 32
|
|
|
| Finally, this is the real page! |
| </data1200> |
| |
| <!-- Third request has Digest auth, wrong password --> |
| <data300> |
| HTTP/1.1 401 Need Digest auth (3)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 27
|
| WWW-Authenticate: Digest realm="testrealm", nonce="4"
|
|
|
| This is not the real page! |
| </data300> |
| |
| <data1300> |
| HTTP/1.1 401 Sorry wrong password (2)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 29
|
| WWW-Authenticate: Digest realm="testrealm", nonce="5"
|
|
|
| This is a bad password page! |
| </data1300> |
| |
| <!-- Fourth request has Digest auth, wrong password --> |
| <data400> |
| HTTP/1.1 401 Need Digest auth (4)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 27
|
| WWW-Authenticate: Digest realm="testrealm", nonce="6"
|
|
|
| This is not the real page! |
| </data400> |
| |
| <data1400> |
| HTTP/1.1 401 Sorry wrong password (3)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 29
|
| WWW-Authenticate: Digest realm="testrealm", nonce="7"
|
|
|
| This is a bad password page! |
| </data1400> |
| |
| <!-- Fifth request has Digest auth, right password --> |
| <data1500> |
| HTTP/1.1 200 Things are fine in server land (2)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 32
|
|
|
| Finally, this is the real page! |
| </data1500> |
| |
| <datacheck> |
| HTTP/1.1 401 Need Digest auth
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 27
|
| WWW-Authenticate: Digest realm="testrealm", nonce="1"
|
|
|
| HTTP/1.1 401 Sorry wrong password
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 29
|
| WWW-Authenticate: Digest realm="testrealm", nonce="2"
|
|
|
| This is a bad password page! |
| HTTP/1.1 200 Things are fine in server land
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 32
|
|
|
| Finally, this is the real page! |
| HTTP/1.1 401 Need Digest auth (3)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 27
|
| WWW-Authenticate: Digest realm="testrealm", nonce="4"
|
|
|
| HTTP/1.1 401 Sorry wrong password (2)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 29
|
| WWW-Authenticate: Digest realm="testrealm", nonce="5"
|
|
|
| This is a bad password page! |
| HTTP/1.1 401 Sorry wrong password (3)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 29
|
| WWW-Authenticate: Digest realm="testrealm", nonce="7"
|
|
|
| HTTP/1.1 401 Sorry wrong password (3)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 29
|
| WWW-Authenticate: Digest realm="testrealm", nonce="7"
|
|
|
| This is a bad password page! |
| HTTP/1.1 200 Things are fine in server land (2)
|
| Server: Microsoft-IIS/5.0
|
| Content-Type: text/html; charset=iso-8859-1
|
| Content-Length: 32
|
|
|
| Finally, this is the real page! |
| </datacheck> |
| |
| </reply> |
| |
| # Client-side |
| <client> |
| <server> |
| http |
| </server> |
| <features> |
| !SSPI |
| crypto |
| </features> |
| <tool> |
| libauthretry |
| </tool> |
| |
| <name> |
| HTTP authorization retry (Digest) |
| </name> |
| <setenv> |
| # we force our own host name, in order to make the test machine independent |
| CURL_GETHOSTNAME=curlhost |
| # we try to use the LD_PRELOAD hack, if not a debug build |
| LD_PRELOAD=%PWD/libtest/.libs/libhostname.so |
| </setenv> |
| <command> |
| http://%HOSTIP:%HTTPPORT/%TESTNUMBER digest digest |
| </command> |
| <precheck> |
| chkhostname curlhost |
| </precheck> |
| </client> |
| |
| # Verify data after the test has been "shot" |
| <verify> |
| <protocol> |
| GET /%TESTNUMBER0100 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Accept: */*
|
|
|
| GET /%TESTNUMBER0100 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Authorization: Digest username="testuser", realm="testrealm", nonce="1", uri="/%TESTNUMBER0100", response="f7fd60eefaff5225971bf9b3d80d6ba6"
|
| Accept: */*
|
|
|
| GET /%TESTNUMBER0200 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Authorization: Digest username="testuser", realm="testrealm", nonce="2", uri="/%TESTNUMBER0200", response="785ca3ef511999f7e9c178195f5b388c"
|
| Accept: */*
|
|
|
| GET /%TESTNUMBER0300 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Accept: */*
|
|
|
| GET /%TESTNUMBER0300 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Authorization: Digest username="testuser", realm="testrealm", nonce="4", uri="/%TESTNUMBER0300", response="4c735d2360fd6848e7cb32a11ae3612b"
|
| Accept: */*
|
|
|
| GET /%TESTNUMBER0400 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/%TESTNUMBER0400", response="f5906785511fb60a2af8b1cd53008ead"
|
| Accept: */*
|
|
|
| GET /%TESTNUMBER0400 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/%TESTNUMBER0400", response="f5906785511fb60a2af8b1cd53008ead"
|
| Accept: */*
|
|
|
| GET /%TESTNUMBER0500 HTTP/1.1
|
| Host: %HOSTIP:%HTTPPORT
|
| Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/%TESTNUMBER0500", response="8ef4d935fd964a46c3965c0863b52cf1"
|
| Accept: */*
|
|
|
| </protocol> |
| </verify> |
| </testcase> |