#!perl

BEGIN {
  require Test::More;
  eval { require Digest::MD5 } or Test::More->import(skip_all => 'Need Digest::MD5');
  eval { require Digest::HMAC_MD5 } or Test::More->import(skip_all => 'Need Digest::HMAC_MD5');
}

use Test::More (tests => 27);

use Authen::SASL qw(Perl);

my $authname;

my $sasl = Authen::SASL->new(
  mechanism => 'DIGEST-MD5',
  callback => {
    user => 'gbarr',
    pass => 'fred',
    authname => sub { $authname },
  },
);
ok($sasl,'new');

is($sasl->mechanism, 'DIGEST-MD5', 'sasl mechanism');

my $conn = $sasl->client_new("ldap","localhost", "noplaintext noanonymous");

is($conn->mechanism, 'DIGEST-MD5', 'conn mechanism');

is($conn->client_start, '', 'client_start');
ok  $conn->need_step, "we need extra steps";
ok !$conn->is_success, "success will be later if we are good boys";
ok !$conn->error, "so far so good";

my $sparams = 'realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth,auth-inf",algorithm=md5-sess,charset=utf-8';
# override for testing as by default it uses $$, time and rand
$Authen::SASL::Perl::DIGEST_MD5::CNONCE = "foobar";
$Authen::SASL::Perl::DIGEST_MD5::CNONCE = "foobar"; # avoid used only once warning
my $initial = $conn->client_step($sparams);
ok  $conn->need_step, "we need extra steps";
ok !$conn->is_success, "success will be later if we are good boys";
ok !$conn->error, "so far so good";

my @expect = qw(
  charset=utf-8
  cnonce="3858f62230ac3c915f300c664312c63f"
  digest-uri="ldap/localhost"
  nc=00000001
  nonce="OA6MG9tEQGm2hh"
  qop=auth
  realm="elwood.innosoft.com"
  response=9c81619e12f61fb2eed6bc8ed504ad28
  username="gbarr"
);

is(
  $initial,
  join(",", @expect),
  'client_step [1]'
);

my $response='rspauth=d1273170c120bae49cea49de9b4c5bdc';
$initial = $conn->client_step($response);
ok !$conn->need_step, "we're done";
ok $conn->is_success, "success !";
ok !$conn->error, "we did a good job";

is(
  $initial,
  '',
  'client_step [2]'
);

# .. .and now everything with an authname
is($conn->client_start, '', 'client_start');
ok  $conn->need_step, "we need extra steps";
ok !$conn->is_success, "success will be later if we are good boys";
ok !$conn->error, "so far so good";

$authname = 'meme';
$initial = $conn->client_step($sparams);
ok  $conn->need_step, "we need extra steps";
ok !$conn->is_success, "success will be later if we are good boys";
ok !$conn->error, "so far so good";

$expect[3] = 'nc=00000002';
$expect[7] = 'response=8d8afc5ff9cf3add40e50a5eaabb9aac';

is(
  $initial,
  join(",", 'authzid="meme"', @expect),
  'client_step + authname [1]'
);

$response='rspauth=dcb2b36dcd0750d3a7d0482fe1872769';
$initial = $conn->client_step($response);
ok !$conn->need_step, "we're done";
ok $conn->is_success, "success !";
ok !$conn->error, "we did a good job";

is(
  $initial,
  '',
  'client_step + authname [2]'
) or diag $conn->error;