Onvif用户验证实现方式.doc

基于gsaop实现onvif之二 .用户验证1原理在ONVIF_WG-APG-Application_Programmers_Guide.pdf文档中第6章描述了onvif加密方式。Soap通信的验证机制是WS_UsernameToken，流加密的方式是HTTPS。我们知道onvif的用户验证是基于WS_UsernameToken，而且密码是Digest而不是明文，先来看一段带有用户验证信息的消息：所谓的WS_UsernameToken加密，就是将 用户名，密码，Nonce，Created都包含在了header里面。如果将#passwordDigest换成#passwordText的话，密码就是明文的，当然onvif说了，密码是Digest。我们知道了用户名密码，那如何验证呢？文档里面提到了获取Digest的公式：Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )2 实现现在知道了WS_UsernameToken是怎么回事，下面我们来看看如何实现验证吧。在gsoap文档中推荐使用wsseapi的插件来实现，这肯定最方便的方法，这个很简单，看看wsse的帮助就知道了。我不需要wsse里面的那么多冗余代码。想用最精简的办法来实现，毕竟wsseapi里面包含了非常多的加密方式，而onvif只规定了WS_UsernameToken。所以自己动手。第一步，先要把用户名，密码Digest，nonce给获取到。我们知道这些都再Header中。soap_in_SOAP_ENV_Header 这个函数是用来反序列化（xml转成数据结构）header中信息的。所以就在这里面干。我们依葫芦画瓢的写了个soap_in_PointerTo_Authentication函数调用，这个函数是用来从header中将我们需要的信息提取出来的。int soap_in_PointerTo_Authentication(struct soap *soap ,SOAP_ENV_Header *a)size_t soap_flag_Username = 1;size_t soap_flag_Password = 1;size_t soap_flag_Nonce = 1;size_t soap_flag_wsu_Created = 1;char * username=NULL;char * password=NULL;char * onece=NULL;char * created=NULL;char * password_local =NULL;if (soap_element_begin_in(soap, wsse:Security, 1, NULL) != 0 ) TraceErr(in wsse:Security fail!n); a-user_group= USER_LEAVEL_GUEST;return 1; if(soap_element_begin_in(soap, wsse:UsernameToken, 0, NULL) != 0 )TraceErr(in wsse:UsernameToken fail!n); a-user_group= USER_LEAVEL_GUEST;return 1;for (;)soap-error = SOAP_TAG_MISMATCH;/printf(-%d:%d:%d:%dn,soap_flag_Username,soap_flag_Password,soap_flag_Nonce,soap_flag_wsu_Created);if (soap_flag_Username & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TAG)if (soap_in_string(soap, wsse:Username, &username, xsd:string)soap_flag_Username-;TraceImport(username:%sn,username);continue;if (soap_flag_Password & soap-error = SOAP_TAG_MISMATCH)if (soap_in_string(soap, wsse:Password,&password, xsd:string)soap_flag_Password-;TraceImport(password:%sn,password);continue;if (soap_flag_Nonce & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TAG)if (soap_in_string(soap, wsse:Nonce, &onece, xsd:string)soap_flag_Nonce-;TraceImport(onece:%sn,onece);continue;if (soap_flag_wsu_Created & (soap-error = SOAP_TAG_MISMATCH | soap-error = SOAP_NO_TAG)if (soap_in_string(soap, wsu:Created, &created, xsd:string)soap_flag_wsu_Created-;TraceImport(onece:%sn,created);continue;if (soap-error = SOAP_TAG_MISMATCH)soap-error = soap_ignore_element(soap);if (soap-error = SOAP_NO_TAG)break;if (soap-error)return USER_LEAVEL_GUEST;soap_element_end_in(soap, wsse:UsernameToken);soap_element_end_in(soap, wsse:Security);/*到这里已经完整的获取了用户信息。*/验证。return SOAP_OK;获取到了用户信息，接下来就可以验证了参考soap_wsse_verify_Password(struct soap *soap, const char *password)函数，你就可以验证密码了。其实本来我们可以在soap_in_SOAP_ENV_Header直接返回验证错误的信息给client，但是ONVIF规定了一些函数不需要验证