ios - iPhone上的ONVIF身份验证错误

Question

我正在为支持 Onvif 的 IPCam 开发 iPhone 应用程序。这是我发送给 cam 的肥皂请求。凸轮由具有固件 5.40 的轴制成

NSString *passwordDigest = [self base64:input];

    NSLog(@"Password %@",passwordDigest);

    NSString *nonceDigest = [self base64:[NSString stringWithFormat:@"%i",nonce]];

    NSLog(@"Nonce %@",nonceDigest);


    [postBody appendData:[[NSString stringWithFormat:@"<?xml version=\"1.0\" encoding=\"utf-8\"?>"
                           "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\""
                           "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401"
                           "-wss-wssecurity-secext-1.0.xsd\""
                           "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-"
                           "200401-wss-wssecurity-utility-1.0.xsd\""
                           "xmlns:tds=\"http://www.onvif.org/onvif/ver10/device/wsdl/devicemgmt.wsdl\">"
                           "<SOAP-ENV:Header><wsse:Security><wsse:UsernameToken>"
                           "<wsse:Username>root</wsse:Username>"
                           "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-"
                           "200401-wss-username-token-profile-1.0#PasswordDigest\">"
                           "%@</wsse:Password><wsse:Nonce>%@</wsse:Nonce>"
                           "<wsu:Created>%@</wsu:Created></wsse:UsernameToken>"
                           "</wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body>"
                           "<tds:GetCapabilities>"
                           "</SOAP-ENV:Body></SOAP-ENV:Envelope>", 
                            passwordDigest, nonceDigest, date] dataUsingEncoding:NSUTF8StringEncoding]];

这是来自相机的回应

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" xmlns:aa="http://www.axis.com/vapix/ws/action1" xmlns:aev="http://www.axis.com/vapix/ws/event1" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:tan1="http://www.onvif.org/ver20/analytics/wsdl/RuleEngineBinding" xmlns:tan2="http://www.onvif.org/ver20/analytics/wsdl/AnalyticsEngineBinding" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding" xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding" xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding" xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding" xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl" xmlns:tns1="http://www.onvif.org/ver10/topics" xmlns:tnsaxis="http://www.axis.com/2009/event/topics" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wsrfr="http://docs.oasis-open.org/wsrf/r-2" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <SOAP-ENV:Header />
   <SOAP-ENV:Body>
      <SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding">
         <SOAP-ENV:Code>
            <SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
            <SOAP-ENV:Subcode>
               <SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
            </SOAP-ENV:Subcode>
         </SOAP-ENV:Code>
         <SOAP-ENV:Reason>
            <SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
         </SOAP-ENV:Reason>
         <SOAP-ENV:Detail>
            <SOAP-ENV:Text>The action requested requires authorization and the sender is not authorized</SOAP-ENV:Text>
         </SOAP-ENV:Detail>
      </SOAP-ENV:Fault>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

我使用了许多方法，例如 GetCapabilities、GetStreamUri 等，但无论如何都没有结果。这是用于编码的base64方法

-(NSString*) base64:(NSString *) input
{
    int i;

    const char *cstr = [input cStringUsingEncoding:NSUTF8StringEncoding];
    NSData *data = [NSData dataWithBytes:cstr length:input.length];

    uint8_t digest[CC_SHA1_DIGEST_LENGTH];

    CC_SHA1(data.bytes, data.length, digest);

    NSMutableString* output = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];
length:CC_SHA1_DIGEST_LENGTH;

    for(i = 0; i < CC_SHA1_DIGEST_LENGTH; i++)
    {
        [output appendFormat:@"%02x", digest[i]];
    }





    return [data base64Encoding];

}

我尝试过简单的随机数、base64 编码的随机数、简单的传递、base64 编码的传递、时间戳、本地时间、UTC 时间，但没有运气

我正在创建此处指定的密码摘要

喜欢base64(SHA-1 (nonce+created+password))

我在做什么错请指导我

Answer 1

它可能与onvif 文档中所述相同：

6.1.1.3 ONVIF::AuthenticatingByWS-UsernameToken When a device requires authentication through WS-UsernameToken, the client must set user information with the appropriate privileges in WS-UsernameToken. This use case contains an example of setting that user information using SetHostname. WS-UsernameToken requires the following parameters:

* Username – The user name for a certified user.
* Nonce – A random, unique number generated by a client.
* Created – The UtcTime when the request is made.
* Password – The password for a certified user. According to the ONVIF specification

Password should not be set in plain text. Setting a password generates PasswordDigest, a digest that is calculated according to an algorithm defined in the specification for WS-UsernameToken: Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )

似乎计算摘要的方式与您尝试完成它的方式有点不同。 Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )

也许它有帮助:)