《Onvif 用户验证实现方式》由会员分享,可在线阅读,更多相关《Onvif 用户验证实现方式(4页珍藏版)》请在装配图网上搜索。
1、基于gsaop实现onvif之二.用户验证1原理在 ONVIF_WG-APG-Application_ProgrammeFs_Guide.pdf 文档中第 6 章描述了 onvif加密方式。Soap通信的验证机制是WS_UsernameToken,流加密的方式是 HTTPS。DeviceAuthentication and cryptography communications by TLS 6.3Streaming over HTTPS 0ClientAuthentication byWS-UsernameToken 6.1 and 6.2我们知道onvif的用户验证是基于WS_Userna
2、meToken,而且密码是Digest而 不是明文,先来看一段带有用户验证信息的消息:s:Envelope xmlns:s=http:/www.w3.org/2003/05/soap-envelop已wsse:Security xmlns:wsse=http:/docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec12345 65: Password Type=#PasswordDigestQYdKOTiy5i9s+g/b3eEz+gZ114e8=9 9Qo Z WBBWy 6 8 tiXz 3VG JkYA=2012-ll-30T01:4
3、9:12Z3 s :Body xmlns :xsi=http: /www.w3 . org/2001 /Xt4LSchema-instance11 xmlns :xsd.=http: /www.w3 . orgL所谓的WS_UsernameToken加密,就是将用户名,密码,Nonce , Created都 包含在了 header里面。如果将#passwordDigest换成#passwordText的话,密码就是 明文的,当然onvif说了,密码是Digest。我们知道了用户名密码,那如何验证呢?文档里面提到了获取Digest的公式:Digest = B64ENCODE( SHA1( B64
4、DECODE( Nonce) + Date + Password)2实现现在知道了 WS_UsernameToken是怎么回事,下面我们来看看如何实现验证 吧。在gsoap文档中推荐使用wsseapi的插件来实现,这肯定最方便的方法,这个很 简单,看看wsse的帮助就知道了。我不需要wsse里面的那么多冗余代码。想用最精 简的办法来实现,毕竟wsseap i里面包含了非常多的加密方式,而onvif只规定了 WS_UsernameToken。所以自己动手。第一步,先要把用户名,密码Digest,nonce给获取到。我们知道这些都再 Header中。soap_in_SOAP_ENV_Header这
5、个函数是用来反序列化(xml转成数据结 构)header中信息的。所以就在这里面干。我们依葫芦画瓢的写了个soap_in_PointerTo_Authentication函数调用,这个函数是用 来从header中将我们需要的信息提取出来的。int soap_in_PointerTo_Authentication(struct soap *soap ,SOAP_ENV_Header *a) (size_t soap_flag_Username = 1;size_t soap_flag_Password = 1;size_t soap_flag_Nonce = 1;size_t soap_flag
6、_wsu_Created = 1;char * username=NULL;char * password=NULL;char * onece=NULL;char * created = NULL;char * password_local =NULL;if (soap_element_begin_in(soap, wsse:Security, 1, NULL) != 0 )(TraceErr(in wsse:Security fail!n);a-user_group= USER_LEAVEL_GUEST;return 1;)if(soap_element_begin_in(soap, wss
7、e:UsernameToken, 0, NULL) != 0 )(TraceErr(in wsse:UsernameToken fail!n);a-user_group= USER_LEAVEL_GUEST;return 1;) for (;)( soap-error = SOAP_TAG_MISMATCH;/printf(%d:%d:%d:%dn,soap_flag_Username,soap_flag_Password,soap_flag_Nonce,soap_flag_wsu_Create d);if (soap_flag_Username & (soap-error = SOAP_TA
8、G_MISMATCH | soap -error=SOAP_NO_TAG)if (soap_in_string(soap, wsse:Username, &username, xsd:string)( soap_flag_Username-;TraceImport(username:%sn,username);continue;)if (soap_flag_Password & so ap-error = SOAP_TAG_MISMATCH)if (soap_in_string(soap, wsse:Password,&password, xsd:string)( soap_flag_Pass
9、word-;TraceImport(password:%sn,password);continue;)if (soap_flag_Nonce & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TAG)if (soap_in_string(soap, wsse:Nonce, &onece, xsd:string)( soap_flag_Nonce-;TraceImport(onece:%sn,onece);continue;)if (soap_flag_wsu_Created & (soap-error = SOAP_TAG_MIS
10、MATCH | soap-error = SOAP_NO_TaG5)if (soap_in_string(soap, wsu:Created, &created, xsd:string)(soap_flag_wsu_Created-;TraceImport(onece:%sn,created);continue;)if (soap-error = SOAP_TAG_MISMATCH)soap-error = soap_ignore_element(soap);if (soap-error = SOAP_NO_TAG)break;if (soap-error)return USER_LEAVEL
11、_GUEST;)soap_element_end_in(soap, wsse:UsernameToken);soap_element_end_in(soap, wsse:Security);/*到这里已经完整的获取了用户信息。*/验证return SOAP_OK;获取到了用户信息,接下来就可以验证了参考 soap_wsse_verify_Password(struct soap *soap, const char *password)函数,你就可以验 证密码了。其实本来我们可以在soap_in_SOAP_ENV_Header直接返回验证错误的信息给 client,但是ONVIF规定了一些函数不需要验证,比如说getSystemDateAndTime、所 以我们只能保存验证是否通过的信息,然后在调用不同方法的时候根据实际情况返回 验证失败。参考信息:洪子Whtc123
Onvif 用户验证实现方式
