Onvif 用戶驗證實現(xiàn)方式

1、基于gsaop實現(xiàn)onvif之二.用戶驗證1原理在 ONVIF_WG-APG-Application_ProgrammeFs_Guide.pdf 文檔中第 6 章描述了 onvif加密方式。Soap通信的驗證機制是WS_UsernameToken，流加密的方式是 HTTPS。DeviceAuthentication and cryptography communications by TLS 6.3Streaming over HTTPS 0ClientAuthentication byWS-UsernameToken 6.1 and 6.2我們知道onvif的用戶驗證是基于WS_Userna

2、meToken，而且密碼是Digest而 不是明文，先來看一段帶有用戶驗證信息的消息：s:Envelope xmlns:s= HYPERLINK /2003/05/soap-envelop%e5%b7%b2%22%e3%80%89 /2003/05/soap-envelop已wsse:Security xmlns:wsse= HYPERLINK /wss/2004/01/oasis-200401-wss-wssec /wss/2004/01/oasis-200401-wss-wssec12345 65: Password Type=#PasswordDigestQYdKOTiy5i9s+g/b

3、3eEz+gZ114e8=9 9Qo Z WBBWy 6 8 tiXz 3VG JkYA=2012-ll-30T01:49:12Z3 s :Body xmlns :xsi=http: / HYPERLINK http:/www.w3 www.w3 . org/2001 /Xt4LSchema-instance11 xmlns :xsd.=http: / HYPERLINK http:/www.w3 www.w3 . orgL所謂的WS_UsernameToken加密，就是將用戶名，密碼，Nonce , Created都 包含在了 header里面。如果將#passwordDigest換成#pa

4、sswordText的話，密碼就是 明文的，當然onvif說了，密碼是Digest。我們知道了用戶名密碼，那如何驗證呢？文檔里面提到了獲取Digest的公式：Digest = B64ENCODE( SHA1( B64DECODE( Nonce) + Date + Password)2實現(xiàn)現(xiàn)在知道了 WS_UsernameToken是怎么回事，下面我們來看看如何實現(xiàn)驗證 吧。在gsoap文檔中推薦使用wsseapi的插件來實現(xiàn)，這肯定最方便的方法，這個很 簡單，看看wsse的幫助就知道了。我不需要wsse里面的那么多冗余代碼。想用最精 簡的辦法來實現(xiàn)，畢竟wsseap i里面包含了非常多的加密方

5、式，而onvif只規(guī)定了 WS_UsernameToken。所以自己動手。第一步，先要把用戶名，密碼Digest，nonce給獲取到。我們知道這些都再 Header中。soap_in_SOAP_ENV_Header這個函數(shù)是用來反序列化(xml轉成數(shù)據(jù)結 構)header中信息的。所以就在這里面干。我們依葫蘆畫瓢的寫了個soap_in_PointerTo_Authentication函數(shù)調用，這個函數(shù)是用 來從header中將我們需要的信息提取出來的。int soap_in_PointerTo_Authentication(struct soap *soap ,SOAP_ENV_Header

6、*a) (size_t soap_flag_Username = 1;size_t soap_flag_Password = 1;size_t soap_flag_Nonce = 1;size_t soap_flag_wsu_Created = 1;char * username=NULL;char * password=NULL;char * onece=NULL;char * created = NULL;char * password_local =NULL;if (soap_element_begin_in(soap, wsse:Security, 1, NULL) != 0 )(Tr

7、aceErr(in wsse:Security fail!n);a-user_group= USER_LEAVEL_GUEST;return 1;)if(soap_element_begin_in(soap, wsse:UsernameToken, 0, NULL) != 0 )(TraceErr(in wsse:UsernameToken fail!n);a-user_group= USER_LEAVEL_GUEST;return 1;) for (;)( soap-error = SOAP_TAG_MISMATCH;/printf(%d:%d:%d:%dn,soap_flag_Userna

8、me,soap_flag_Password,soap_flag_Nonce,soap_flag_wsu_Create d);if (soap_flag_Username & (soap-error = SOAP_TAG_MISMATCH | soap -error=SOAP_NO_TAG)if (soap_in_string(soap, wsse:Username, &username, xsd:string)( soap_flag_Username-;TraceImport(username:%sn,username);continue;)if (soap_flag_Password & s

9、o ap-error = SOAP_TAG_MISMATCH)if (soap_in_string(soap, wsse:Password,&password, xsd:string)( soap_flag_Password-;TraceImport(password:%sn,password);continue;)if (soap_flag_Nonce & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TAG)if (soap_in_string(soap, wsse:Nonce, &onece, xsd:string)( so

10、ap_flag_Nonce-;TraceImport(onece:%sn,onece);continue;)if (soap_flag_wsu_Created & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TaG5)if (soap_in_string(soap, wsu:Created, &created, xsd:string)(soap_flag_wsu_Created-;TraceImport(onece:%sn,created);continue;)if (soap-error = SOAP_TAG_MISMATCH

11、)soap-error = soap_ignore_element(soap);if (soap-error = SOAP_NO_TAG)break;if (soap-error)return USER_LEAVEL_GUEST;)soap_element_end_in(soap, wsse:UsernameToken);soap_element_end_in(soap, wsse:Security);/*到這里已經(jīng)完整的獲取了用戶信息。*/驗證return SOAP_OK;獲取到了用戶信息，接下來就可以驗證了參考 soap_wsse_verify_Password(struct soap *soap, const char *password)函數(shù)，你就可以驗 證密碼了。其實本來我