<testcase>
<info>
<keywords>
HTTP
HTTP GET
HTTP Digest auth
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 401 Authorization Required swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
WWW-Authenticate: Digest realm="testrealm", algorithm=MD5, algorithm=MD5, nonce=1, nonce=2
Content-Type: text/html; charset=iso-8859-1
Content-Length: 26

This is not the real page
</data>

# This is supposed to be returned when the server gets a
# Authorization: Digest line passed-in from the client
<data1000>
HTTP/1.1 200 OK swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
Content-Type: text/html; charset=iso-8859-1
Content-Length: 23

This IS the real page!
</data1000>

<datacheck>
HTTP/1.1 401 Authorization Required swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
WWW-Authenticate: Digest realm="testrealm", algorithm=MD5, algorithm=MD5, nonce=1, nonce=2
Content-Type: text/html; charset=iso-8859-1
Content-Length: 26

HTTP/1.1 200 OK swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
Content-Type: text/html; charset=iso-8859-1
Content-Length: 23

This IS the real page!
</datacheck>

</reply>

# Client-side
<client>
<server>
http
</server>
<features>
!SSPI
crypto
</features>
 <name>
HTTP with duplicated WWW-Authenticate parameters
 </name>
 <command>
http://%HOSTIP:%HTTPPORT/1437 -u testuser:testpass --digest
</command>
</client>

# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /1437 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*

GET /1437 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest username="testuser", realm="testrealm", nonce="2", uri="/1437", response="4376eb639bf8e7343a6e7b56e1b89c4f", algorithm="MD5"
User-Agent: curl/7.10.5 (i686-pc-linux-gnu) libcurl/7.10.5 OpenSSL/0.9.7a ipv6 zlib/1.1.3
Accept: */*

</protocol>
</verify>
</testcase>