TASK-062: address review feedback — HA1 resources + wire-format coverage

* test/integ/authentication.cpp: migrate digest_ha1_md5_resource and
  digest_ha1_sha256_resource to emit digest_challenge{} (with
  algorithm=MD5 / SHA256) so curl --digest can complete the handshake;
  HA1 round-trip tests now assert 200 SUCCESS instead of the static
  401 FAIL. Refresh the file-top tracking note and per-test comments
  to reflect the new state; flag the still-uncovered NONCE_STALE
  re-challenge branch as a follow-up (needs real-time nonce expiry).
* test/integ/digest_challenge_format_test.cpp: add wire-format tests
  for the SHA-256 algorithm token and for the opaque/domain fields.
* test/unit/http_response_digest_factory_test.cpp: drop assertions
  that reached into detail::digest_challenge_body via the friend hook
  (algorithm/opaque/domain/body-size); pin only body_kind discrimination
  at the unit level. Wire-format coverage of those fields lives in the
  integ test above, per the test-quality-reviewer recommendation
  (iter1-3).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: etr

test/integ/authentication.cpp

@@ -41,23 +41,28 @@
 
 #define MY_OPAQUE "11733b200778ce33060f31c9af70a870ba96ddd4"
 
-// v2-digest tracking note (consolidated):
-// Under v2, libhttpserver only emits the static 401 Digest challenge; the
-// nonce/opaque state machine is not driven, so check_digest_auth_check[_digest]()
-// is never reached and get_digested_user() always returns an empty view.
-// As a result the following tests are all observationally indistinguishable
-// from the canonical `digest_auth` case (both correct- and wrong-pass arms
-// see the same 401 + "FAIL"):
+// v2-digest tracking note (updated after TASK-062):
+// After TASK-062, digest_resource and the HA1 resources (digest_ha1_md5_resource,
+// digest_ha1_sha256_resource) all emit full RFC-7616 challenges via
+// http_response::unauthorized(digest_challenge{...}). The nonce/opaque
+// state machine is driven by MHD_queue_auth_required_response3, and the
+// following tests now complete the full digest handshake and assert 200 SUCCESS:
+//   - digest_auth, digest_auth_with_ha1_md5, digest_auth_with_ha1_sha256
+//
+// The following tests still assert the 401 FAIL contract (wrong credentials or
+// no auth provided -- the handshake completes but auth fails):
 //   - digest_auth_wrong_pass
-//   - digest_auth_with_ha1_md5 / *_wrong_pass
-//   - digest_auth_with_ha1_sha256 / *_wrong_pass
-//   - digest_user_cache_with_auth
-// They are retained as pins for the static-challenge contract and become
-// meaningful again only when full v2 Digest support (MHD nonce/opaque state
-// machine) lands. At that point the wrong-pass arms should assert a distinct
-// 403/401-with-stale, the HA1-MD5/SHA-256 arms should validate the chosen
-// algorithm, and digest_user_cache_with_auth should exercise the cache-hit
-// path. See PRD §digest-auth for the follow-up.
+//   - digest_auth_with_ha1_md5_wrong_pass, *_sha256_wrong_pass
+//
+// Remaining gap (signal_stale re-challenge path):
+//   The NONCE_STALE branch inside digest_resource/digest_ha1_*_resource
+//   (signal_stale = true) cannot be reliably triggered in CI because MHD's
+//   nonce expiry requires a real time delay and concurrent replay requests.
+//   This gap is documented in TASK-062 test-quality-reviewer iter1-2; it will
+//   be covered when full nonce-expiry testing infrastructure lands.
+//
+// Also pending: digest_user_cache_with_auth exercises the cache-hit path only
+// once the digest handshake completes (see resource definition below).
 
 using std::shared_ptr;
 using httpserver::webserver;
@@ -213,51 +218,77 @@ static const unsigned char PRECOMPUTED_HA1_SHA256[32] = {
     0x20, 0x7e, 0x02, 0xd7, 0xc4, 0xbd, 0x8a, 0x05
 };
 
+// TASK-062: migrated to digest_challenge so the nonce/opaque handshake can
+// complete and check_digest_auth_digest() is exercised. Previously used the
+// legacy string overload which emitted a static challenge with no nonce,
+// making the handshake impossible and the algorithm parameter meaningless.
 class digest_ha1_md5_resource : public http_resource {
  public:
      http_response render_get(const http_request& req) {
          using httpserver::http::http_utils;
+         using httpserver::digest_challenge;
          if (req.get_digested_user() == "") {
-             return http_response::unauthorized("Digest", "examplerealm", "FAIL");
+             return http_response::unauthorized(
+                 digest_challenge{.realm     = "examplerealm",
+                                  .algorithm = http_utils::digest_algorithm::MD5,
+                                  .body      = "FAIL"});
          }
          auto result = req.check_digest_auth_digest("examplerealm", PRECOMPUTED_HA1_MD5,
                  http_utils::md5_digest_size, 300, 0,
                  http_utils::digest_algorithm::MD5);
          if (result == http_utils::digest_auth_result::NONCE_STALE) {
-             return http_response::unauthorized("Digest", "examplerealm", "FAIL");
+             return http_response::unauthorized(
+                 digest_challenge{.realm        = "examplerealm",
+                                  .algorithm    = http_utils::digest_algorithm::MD5,
+                                  .signal_stale = true,
+                                  .body         = "FAIL"});
          } else if (result != http_utils::digest_auth_result::OK) {
-             return http_response::unauthorized("Digest", "examplerealm", "FAIL");
+             return http_response::unauthorized(
+                 digest_challenge{.realm     = "examplerealm",
+                                  .algorithm = http_utils::digest_algorithm::MD5,
+                                  .body      = "FAIL"});
          }
          return http_response::string("SUCCESS");
      }
 };
 
+// TASK-062: migrated to digest_challenge with algorithm=SHA256 so the
+// nonce/opaque handshake can complete and check_digest_auth_digest() is
+// exercised with the SHA-256 algorithm. Previously used the legacy string
+// overload which made the algorithm parameter meaningless.
 class digest_ha1_sha256_resource : public http_resource {
  public:
      http_response render_get(const http_request& req) {
          using httpserver::http::http_utils;
+         using httpserver::digest_challenge;
          if (req.get_digested_user() == "") {
-             return http_response::unauthorized("Digest", "examplerealm", "FAIL");
+             return http_response::unauthorized(
+                 digest_challenge{.realm     = "examplerealm",
+                                  .algorithm = http_utils::digest_algorithm::SHA256,
+                                  .body      = "FAIL"});
          }
          auto result = req.check_digest_auth_digest("examplerealm", PRECOMPUTED_HA1_SHA256,
                  http_utils::sha256_digest_size, 300, 0,
                  http_utils::digest_algorithm::SHA256);
          if (result == http_utils::digest_auth_result::NONCE_STALE) {
-             return http_response::unauthorized("Digest", "examplerealm", "FAIL");
+             return http_response::unauthorized(
+                 digest_challenge{.realm        = "examplerealm",
+                                  .algorithm    = http_utils::digest_algorithm::SHA256,
+                                  .signal_stale = true,
+                                  .body         = "FAIL"});
          } else if (result != http_utils::digest_auth_result::OK) {
-             return http_response::unauthorized("Digest", "examplerealm", "FAIL");
+             return http_response::unauthorized(
+                 digest_challenge{.realm     = "examplerealm",
+                                  .algorithm = http_utils::digest_algorithm::SHA256,
+                                  .body      = "FAIL"});
          }
          return http_response::string("SUCCESS");
      }
 };
 
-// TASK-013 §2 / §10: full digest-auth round-trip is a v1-only behaviour.
-// The v1 `digest_auth_fail_response::enqueue_response` path called
-// MHD_queue_auth_required_response3 to drive libmicrohttpd's nonce/opaque
-// state machine; v2's `unauthorized("Digest", ...)` only emits a static
-// WWW-Authenticate challenge (see http_response.hpp:175-180 doxygen).
-// These tests now assert the v2 contract: the resource emits FAIL on the
-// initial request because curl's nonce roundtrip cannot complete.
+// TASK-062: digest_resource uses http_response::unauthorized(digest_challenge{...})
+// which routes through MHD_queue_auth_required_response3 so curl --digest can
+// complete the full RFC-7616 nonce/opaque handshake and receive 200 SUCCESS.
 LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth)
     webserver ws{create_webserver(PORT)
         .digest_auth_random("myrandom")
@@ -305,7 +336,18 @@ LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth)
     ws.stop();
 LT_END_AUTO_TEST(digest_auth)
 
-// See v2-digest tracking note at top of file.
+// Wrong-password case: curl completes the nonce handshake but check_digest_auth()
+// returns NOT_AUTHORIZED, so the resource emits a new 401 challenge (body "FAIL").
+//
+// TODO(TASK-062 test-quality-reviewer iter1-2): The signal_stale=true re-challenge
+// branch in digest_resource::render_get (NONCE_STALE path) is not covered here.
+// Triggering NONCE_STALE requires sending a replayed/expired nonce. MHD's nonce
+// expiry (nonce_nc_size window) cannot be reliably exhausted in a single-threaded
+// CI test without real-time delays or replay injection. Once nonce-expiry
+// infrastructure is available, add a test that:
+//   (a) sends the correct credentials with a replayed/expired nonce,
+//   (b) asserts status 401 with WWW-Authenticate containing stale=true,
+//   (c) asserts body is "FAIL".
 LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_wrong_pass)
     webserver ws{create_webserver(PORT)
         .digest_auth_random("myrandom")
@@ -350,7 +392,10 @@ LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_wrong_pass)
     ws.stop();
 LT_END_AUTO_TEST(digest_auth_wrong_pass)
 
-// See v2-digest tracking note at top of file.
+// TASK-062: digest_ha1_md5_resource now emits a full RFC-7616 digest_challenge
+// with algorithm=MD5 so the nonce/opaque handshake can complete. curl --digest
+// authenticates using the precomputed HA1 and the server verifies via
+// check_digest_auth_digest(). On success the resource returns 200 SUCCESS.
 LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_md5)
     webserver ws{create_webserver(PORT)
         .digest_auth_random("myrandom")
@@ -387,17 +432,17 @@ LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_md5)
     res = curl_easy_perform(curl);
     LT_ASSERT_EQ(res, 0);
     curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
-    // v2 contract: static 401 Digest challenge, no handshake completes.
-    LT_CHECK_EQ(http_code, 401);
-    // TASK-013 §2 / §10: v2 digest auth only emits a static challenge — see
-    // digest_auth test above. Handshake cannot complete; body remains FAIL.
-    LT_CHECK_EQ(s, "FAIL");
+    // TASK-062 contract: digest_challenge emits a full RFC-7616 challenge with
+    // algorithm=MD5; curl --digest completes the handshake. Final response: 200.
+    LT_CHECK_EQ(http_code, 200);
+    LT_CHECK_EQ(s, "SUCCESS");
     curl_easy_cleanup(curl);
 
     ws.stop();
 LT_END_AUTO_TEST(digest_auth_with_ha1_md5)
 
-// See v2-digest tracking note at top of file.
+// TASK-062: digest_ha1_md5_resource now uses digest_challenge; curl completes
+// the handshake but check_digest_auth_digest() rejects the wrong HA1. 401 FAIL.
 LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_md5_wrong_pass)
     webserver ws{create_webserver(PORT)
         .digest_auth_random("myrandom")
@@ -434,15 +479,18 @@ LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_md5_wrong_pass)
     res = curl_easy_perform(curl);
     LT_ASSERT_EQ(res, 0);
     curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
-    // v2 contract: static 401 Digest challenge, no handshake completes.
+    // TASK-062 contract: handshake completes, but wrong HA1 fails check_digest_auth_digest.
     LT_CHECK_EQ(http_code, 401);
     LT_CHECK_EQ(s, "FAIL");
     curl_easy_cleanup(curl);
 
     ws.stop();
 LT_END_AUTO_TEST(digest_auth_with_ha1_md5_wrong_pass)
 
-// See v2-digest tracking note at top of file.
+// TASK-062: digest_ha1_sha256_resource now emits a full RFC-7616 digest_challenge
+// with algorithm=SHA256 so the nonce/opaque handshake can complete. curl --digest
+// authenticates using the precomputed HA1 and the server verifies via
+// check_digest_auth_digest() with SHA-256. On success the resource returns 200 SUCCESS.
 LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_sha256)
     webserver ws{create_webserver(PORT)
         .digest_auth_random("myrandom")
@@ -479,17 +527,17 @@ LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_sha256)
     res = curl_easy_perform(curl);
     LT_ASSERT_EQ(res, 0);
     curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
-    // v2 contract: static 401 Digest challenge, no handshake completes.
-    LT_CHECK_EQ(http_code, 401);
-    // TASK-013 §2 / §10: v2 digest auth only emits a static challenge — see
-    // digest_auth test above. Handshake cannot complete; body remains FAIL.
-    LT_CHECK_EQ(s, "FAIL");
+    // TASK-062 contract: digest_challenge emits a full RFC-7616 challenge with
+    // algorithm=SHA256; curl --digest completes the handshake. Final response: 200.
+    LT_CHECK_EQ(http_code, 200);
+    LT_CHECK_EQ(s, "SUCCESS");
     curl_easy_cleanup(curl);
 
     ws.stop();
 LT_END_AUTO_TEST(digest_auth_with_ha1_sha256)
 
-// See v2-digest tracking note at top of file.
+// TASK-062: digest_ha1_sha256_resource now uses digest_challenge; curl completes
+// the handshake but check_digest_auth_digest() rejects the wrong HA1. 401 FAIL.
 LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_sha256_wrong_pass)
     webserver ws{create_webserver(PORT)
         .digest_auth_random("myrandom")
@@ -526,7 +574,7 @@ LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth_with_ha1_sha256_wrong_pass)
     res = curl_easy_perform(curl);
     LT_ASSERT_EQ(res, 0);
     curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
-    // v2 contract: static 401 Digest challenge, no handshake completes.
+    // TASK-062 contract: handshake completes, but wrong HA1 fails check_digest_auth_digest.
     LT_CHECK_EQ(http_code, 401);
     LT_CHECK_EQ(s, "FAIL");
     curl_easy_cleanup(curl);

test/integ/digest_challenge_format_test.cpp

@@ -111,6 +111,31 @@ class challenge_resource : public http_resource {
                              .body  = "access denied"});
     }
 };
+
+// Resource that emits a SHA-256 Digest challenge (RFC 7616 §3.3 algorithm
+// coverage — wire-observable, unlike the unit-test friend-hook assertions).
+class sha256_challenge_resource : public http_resource {
+ public:
+    http_response render_get(const http_request& /*req*/) override {
+        return http_response::unauthorized(
+            digest_challenge{.realm      = "sha256realm@host.com",
+                             .algorithm  = http_utils::digest_algorithm::SHA256,
+                             .body       = "denied"});
+    }
+};
+
+// Resource that emits a challenge with an explicit opaque and domain so we
+// can verify those fields appear in the wire challenge (RFC 7616 §3.3).
+class opaque_domain_challenge_resource : public http_resource {
+ public:
+    http_response render_get(const http_request& /*req*/) override {
+        return http_response::unauthorized(
+            digest_challenge{.realm   = "odrealm@host.com",
+                             .opaque  = "deadbeef",
+                             .domain  = "/protected",
+                             .body    = "denied"});
+    }
+};
 #endif  // HAVE_DAUTH
 
 }  // namespace
@@ -176,6 +201,104 @@ LT_BEGIN_AUTO_TEST(digest_challenge_format_suite,
     ws.stop();
 LT_END_AUTO_TEST(rfc7616_challenge_carries_required_fields)
 
+// RFC 7616 §3.3 algorithm coverage: when digest_challenge.algorithm is set
+// to SHA256 the WWW-Authenticate header on the wire must contain
+// "SHA-256" (the canonical token per RFC 7616 §3.3, distinct from MD5).
+// This is a wire-format assertion -- the only reliable place to verify it,
+// since the dispatch path (MHD_queue_auth_required_response3) owns the
+// algorithm token serialisation.
+LT_BEGIN_AUTO_TEST(digest_challenge_format_suite,
+                   rfc7616_challenge_sha256_algorithm_in_header)
+    webserver ws{create_webserver(PORT)
+        .digest_auth_random("myrandom")
+        .nonce_nc_size(300)};
+
+    auto resource = std::make_shared<sha256_challenge_resource>();
+    ws.register_path("sha256", resource);
+    ws.start(false);
+
+#if defined(_WINDOWS)
+    curl_global_init(CURL_GLOBAL_WIN32);
+#else
+    curl_global_init(CURL_GLOBAL_ALL);
+#endif
+
+    std::string body;
+    std::string headers;
+    CURL* curl = curl_easy_init();
+    CURLcode res;
+    long http_code = 0;  // NOLINT(runtime/int)
+    curl_easy_setopt(curl, CURLOPT_URL,
+                     "localhost:" PORT_STRING "/sha256");
+    curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writefunc);
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &body);
+    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, headerfunc);
+    curl_easy_setopt(curl, CURLOPT_HEADERDATA, &headers);
+    curl_easy_setopt(curl, CURLOPT_TIMEOUT, 150L);
+    curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 150L);
+    curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
+    curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
+    res = curl_easy_perform(curl);
+    LT_ASSERT_EQ(res, 0);
+    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
+    LT_CHECK_EQ(http_code, 401);
+    LT_CHECK_EQ(body, std::string("denied"));
+    // RFC 7616 §3.3: the algorithm token for SHA-256 is "SHA-256".
+    LT_CHECK_EQ(ci_contains(headers, "SHA-256"), true);
+
+    curl_easy_cleanup(curl);
+    ws.stop();
+LT_END_AUTO_TEST(rfc7616_challenge_sha256_algorithm_in_header)
+
+// Wire-format round-trip for the opaque and domain fields.  The unit tests
+// formerly asserted these through the internal get_params() friend hook;
+// wire-format assertions here are the appropriate place per the
+// test-quality-reviewer recommendation.
+LT_BEGIN_AUTO_TEST(digest_challenge_format_suite,
+                   rfc7616_challenge_opaque_and_domain_in_header)
+    webserver ws{create_webserver(PORT)
+        .digest_auth_random("myrandom")
+        .nonce_nc_size(300)};
+
+    auto resource = std::make_shared<opaque_domain_challenge_resource>();
+    ws.register_path("od", resource);
+    ws.start(false);
+
+#if defined(_WINDOWS)
+    curl_global_init(CURL_GLOBAL_WIN32);
+#else
+    curl_global_init(CURL_GLOBAL_ALL);
+#endif
+
+    std::string body;
+    std::string headers;
+    CURL* curl = curl_easy_init();
+    CURLcode res;
+    long http_code = 0;  // NOLINT(runtime/int)
+    curl_easy_setopt(curl, CURLOPT_URL, "localhost:" PORT_STRING "/od");
+    curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writefunc);
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &body);
+    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, headerfunc);
+    curl_easy_setopt(curl, CURLOPT_HEADERDATA, &headers);
+    curl_easy_setopt(curl, CURLOPT_TIMEOUT, 150L);
+    curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 150L);
+    curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
+    curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
+    res = curl_easy_perform(curl);
+    LT_ASSERT_EQ(res, 0);
+    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
+    LT_CHECK_EQ(http_code, 401);
+    // The opaque value we set must appear verbatim in the challenge header.
+    LT_CHECK_EQ(ci_contains(headers, "deadbeef"), true);
+    // The domain URI must appear in the challenge header.
+    LT_CHECK_EQ(ci_contains(headers, "/protected"), true);
+
+    curl_easy_cleanup(curl);
+    ws.stop();
+LT_END_AUTO_TEST(rfc7616_challenge_opaque_and_domain_in_header)
+
 #else  // !HAVE_DAUTH
 
 LT_BEGIN_AUTO_TEST(digest_challenge_format_suite, dauth_disabled_noop)