Onvif 用户验证实现方式

1、基于gsaop实现onvif之二.用户验证1原理在 ONVIF_WG-APG-Application_ProgrammeFs_Guide.pdf 文档中第 6 章描述了 onvif加密方式。Soap通信的验证机制是WS_UsernameToken，流加密的方式是 HTTPS。DeviceAuthentication and cryptography communications by TLS 6.3Streaming over HTTPS 0ClientAuthentication byWS-UsernameToken 6.1 and 6.2我们知道onvif的用户验证是基于WS_Userna

2、meToken，而且密码是Digest而 不是明文，先来看一段带有用户验证信息的消息：s:Envelope xmlns:s= HYPERLINK /2003/05/soap-envelop%e5%b7%b2%22%e3%80%89 /2003/05/soap-envelop已wsse:Security xmlns:wsse= HYPERLINK /wss/2004/01/oasis-200401-wss-wssec /wss/2004/01/oasis-200401-wss-wssec12345 65: Password Type=#PasswordDigestQYdKOTiy5i9s+g/b

3、3eEz+gZ114e8=9 9Qo Z WBBWy 6 8 tiXz 3VG JkYA=2012-ll-30T01:49:12Z3 s :Body xmlns :xsi=http: / HYPERLINK http:/www.w3 www.w3 . org/2001 /Xt4LSchema-instance11 xmlns :xsd.=http: / HYPERLINK http:/www.w3 www.w3 . orgL所谓的WS_UsernameToken加密，就是将用户名，密码，Nonce , Created都 包含在了 header里面。如果将#passwordDigest换成#pa

4、sswordText的话，密码就是 明文的，当然onvif说了，密码是Digest。我们知道了用户名密码，那如何验证呢？文档里面提到了获取Digest的公式：Digest = B64ENCODE( SHA1( B64DECODE( Nonce) + Date + Password)2实现现在知道了 WS_UsernameToken是怎么回事，下面我们来看看如何实现验证 吧。在gsoap文档中推荐使用wsseapi的插件来实现，这肯定最方便的方法，这个很 简单，看看wsse的帮助就知道了。我不需要wsse里面的那么多冗余代码。想用最精 简的办法来实现，毕竟wsseap i里面包含了非常多的加密方

5、式，而onvif只规定了 WS_UsernameToken。所以自己动手。第一步，先要把用户名，密码Digest，nonce给获取到。我们知道这些都再 Header中。soap_in_SOAP_ENV_Header这个函数是用来反序列化(xml转成数据结 构)header中信息的。所以就在这里面干。我们依葫芦画瓢的写了个soap_in_PointerTo_Authentication函数调用，这个函数是用 来从header中将我们需要的信息提取出来的。int soap_in_PointerTo_Authentication(struct soap *soap ,SOAP_ENV_Header

6、*a) (size_t soap_flag_Username = 1;size_t soap_flag_Password = 1;size_t soap_flag_Nonce = 1;size_t soap_flag_wsu_Created = 1;char * username=NULL;char * password=NULL;char * onece=NULL;char * created = NULL;char * password_local =NULL;if (soap_element_begin_in(soap, wsse:Security, 1, NULL) != 0 )(Tr

7、aceErr(in wsse:Security fail!n);a-user_group= USER_LEAVEL_GUEST;return 1;)if(soap_element_begin_in(soap, wsse:UsernameToken, 0, NULL) != 0 )(TraceErr(in wsse:UsernameToken fail!n);a-user_group= USER_LEAVEL_GUEST;return 1;) for (;)( soap-error = SOAP_TAG_MISMATCH;/printf(%d:%d:%d:%dn,soap_flag_Userna

8、me,soap_flag_Password,soap_flag_Nonce,soap_flag_wsu_Create d);if (soap_flag_Username & (soap-error = SOAP_TAG_MISMATCH | soap -error=SOAP_NO_TAG)if (soap_in_string(soap, wsse:Username, &username, xsd:string)( soap_flag_Username-;TraceImport(username:%sn,username);continue;)if (soap_flag_Password & s

9、o ap-error = SOAP_TAG_MISMATCH)if (soap_in_string(soap, wsse:Password,&password, xsd:string)( soap_flag_Password-;TraceImport(password:%sn,password);continue;)if (soap_flag_Nonce & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TAG)if (soap_in_string(soap, wsse:Nonce, &onece, xsd:string)( so

10、ap_flag_Nonce-;TraceImport(onece:%sn,onece);continue;)if (soap_flag_wsu_Created & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TaG5)if (soap_in_string(soap, wsu:Created, &created, xsd:string)(soap_flag_wsu_Created-;TraceImport(onece:%sn,created);continue;)if (soap-error = SOAP_TAG_MISMATCH

11、)soap-error = soap_ignore_element(soap);if (soap-error = SOAP_NO_TAG)break;if (soap-error)return USER_LEAVEL_GUEST;)soap_element_end_in(soap, wsse:UsernameToken);soap_element_end_in(soap, wsse:Security);/*到这里已经完整的获取了用户信息。*/验证return SOAP_OK;获取到了用户信息，接下来就可以验证了参考 soap_wsse_verify_Password(struct soap *soap, const char *password)函数，你就可以验 证密码了。其实本来我