1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
<testcase>
<info>
<keywords>
HTTP
HTTP GET
HTTP Digest auth
followlocation
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 401 authentication please swsbounce
Server: Microsoft-IIS/6.0
WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth"
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
</data>
<data1000>
HTTP/1.1 302 Thanks for this, but we want to redir you!
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Location: /12860001
Content-Length: 0
</data1000>
<data1001>
HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
</data1001>
<datacheck>
HTTP/1.1 401 authentication please swsbounce
Server: Microsoft-IIS/6.0
WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth"
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
HTTP/1.1 302 Thanks for this, but we want to redir you!
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Location: /12860001
Content-Length: 0
HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
</datacheck>
</reply>
# Client-side
<client>
#
<server>
http
</server>
<features>
crypto
</features>
<name>
HTTP GET --digest increasing nonce-count
</name>
# This test is to ensure the nonce-count (nc) increases
# https://github.com/curl/curl/pull/1251
<command>
-u auser:apasswd --location --digest http://%HOSTIP:%HTTPPORT/1286
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
# Reorder the fields in 'Authorization: Digest' header.
# Since regular and SSPI digest auth header fields may not have the same order
# or whitespace we homogenize so that both may be tested. Also:
# - Remove the unique value from cnonce if in RFC format
# - Remove the unique value from response if in RFC format
# - Remove quotes from qop="auth" used by SSPI
# The if statement is one line because runtests evaluates one line at a time.
<strippart>
if(s/^(Authorization: Digest )([^\r\n]+)(\r?\n)$//) { $_ = $1 . join(', ', map { s/^(cnonce=)"[a-zA-Z0-9+\/=]+"$/$1REMOVED/; s/^(response=)"[a-f0-9]{32}"$/$1REMOVED/; s/^qop="auth"$/qop=auth/; $_ } sort split(/, */, $2)) . $3; }
</strippart>
<protocol>
GET /1286 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /1286 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest cnonce=REMOVED, nc=00000001, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/1286", username="auser"
Accept: */*
GET /12860001 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest cnonce=REMOVED, nc=00000002, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/12860001", username="auser"
Accept: */*
</protocol>
</verify>
</testcase>
|