/* Most of this function is taken from the function 'soap_wsse_add_UsernameTokenDigest()' defined in wsseapi.cpp // // Used to alter the soap request for an offset time (for authorization purposes - replay attack protection) */ int OnvifClientDevice::LocalAddUsernameTokenDigest(struct soap *soapOff,double cam_pc_offset) { string strUrl; string strUser; string strPass; if (this->GetUserPasswd(strUser, strPass) == false || this->GetUrl(strUrl) == false) { return SOAP_ERR; } /* start soap_wsse_add_UsernameTokenDigest; Taken from wsseapi.cpp*/ /* All of this is taken from the function soap_wsse_add_UsernameTokenDigest() defined in wsseapi.cpp */ _wsse__Security *security = soap_wsse_add_Security(soapOff); time_t now = time(NULL); now -= (time_t) cam_pc_offset; //offset so digest comes out correctly (synced times between cam and pc); const char *created = soap_dateTime2s(soapOff, now); char HA[SOAP_SMD_SHA1_SIZE], HABase64[29]; char nonce[20], *nonceBase64; /*start calc_nonce(soapOff, nonce); Taken from wsseapi.cpp */ time_t r = time(NULL); cout << "now time: " << r << endl; r -= (time_t) cam_pc_offset; //offset so digest comes out correctly (synced times between cam and pc); cout << "now time minus offset: " << r << endl; memcpy(nonce, &r, 4); for (int i = 4; i < 20; i += 4) { r = soap_random; memcpy(nonce + i, &r, 4); } /*end calc_nonce(soapOff, nonce); */ nonceBase64 = soap_s2base64(soapOff, (unsigned char*)nonce, NULL, 20); /* start calc_digest(soapOff, created, nonce, 20, strPass, HA); Taken from wsseapi.cpp */ struct soap_smd_data context; /* use smdevp engine */ soap_smd_init(soapOff, &context, SOAP_SMD_DGST_SHA1, NULL, 0); soap_smd_update(soapOff, &context, nonce, 20); soap_smd_update(soapOff, &context, created, strlen(created)); soap_smd_update(soapOff, &context, strPass.c_str(), strlen(strPass.c_str())); soap_smd_final(soapOff, &context, HA, NULL); /* end calc_digest(soapOff, created, nonce, 20, strPass, HA); */ soap_s2base64(soapOff, (unsigned char*)HA, HABase64, SOAP_SMD_SHA1_SIZE); /* populate the UsernameToken with digest */ soap_wsse_add_UsernameTokenText(soapOff, "Id", strUser.c_str(), HABase64); /* populate the remainder of the password, nonce, and created */ security->UsernameToken->Password->Type = (char*)wsse_PasswordDigestURI; security->UsernameToken->Nonce = nonceBase64; security->UsernameToken->wsu__Created = soap_strdup(soapOff, created); /* end soap_wsse_add_UsernameTokenDigest */ return SOAP_OK; }
/** @fn size_t soap_smd_recv(struct soap *soap, char *buf, size_t len) @brief Callback to intercept messages for digest or signature computation/verification. @param soap context @param[in] buf buffer @param[in] len max buffer length @return message size in buffer or 0 on error. */ static size_t soap_smd_recv(struct soap *soap, char *buf, size_t len) { size_t ret = ((struct soap_smd_data*)soap->data[0])->frecv(soap, buf, len); if (ret && soap_smd_update(soap, (struct soap_smd_data*)soap->data[0], buf, ret)) return 0; return ret; }
/** @fn int soap_smd_send(struct soap *soap, const char *buf, size_t len) @brief Callback to intercept messages for digest or signature computation/verification. @param soap context @param[in] buf message @param[in] len message length @return SOAP_OK or SOAP_SSL_ERROR */ static int soap_smd_send(struct soap *soap, const char *buf, size_t len) { int err; if (((struct soap_smd_data*)soap->data[0])->alg & SOAP_SMD_PASSTHRU) { if ((err = ((struct soap_smd_data*)soap->data[0])->fsend(soap, buf, len))) return err; } return soap_smd_update(soap, (struct soap_smd_data*)soap->data[0], buf, len); }
static int http_da_calc_HA1(struct soap *soap, struct soap_smd_data *smd_data, const char *alg, const char *userid, const char *realm, const char *passwd, const char *nonce, const char *cnonce, char HA1hex[65]) { int smd_alg = SOAP_SMD_DGST_MD5; size_t smd_len = 16; char HA1[32]; if (alg && !soap_tag_cmp(alg, "SHA-256*")) { smd_alg = SOAP_SMD_DGST_SHA256; smd_len = 32; } if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0) || soap_smd_update(soap, smd_data, userid, strlen(userid)) || soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, realm, strlen(realm)) || soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, passwd, strlen(passwd)) || soap_smd_final(soap, smd_data, HA1, NULL)) return soap->error; if (alg && !soap_tag_cmp(alg, "*-sess")) { if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0) || soap_smd_update(soap, smd_data, HA1, smd_len)) return soap->error; if (nonce) { if (soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, nonce, strlen(nonce))) return soap->error; } if (soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, cnonce, strlen(cnonce)) || soap_smd_final(soap, smd_data, HA1, NULL)) return soap->error; } (void)soap_s2hex(soap, (unsigned char*)HA1, HA1hex, smd_len); return SOAP_OK; };
static int http_da_preparerecv(struct soap *soap, const char *buf, size_t len) { struct http_da_data *data = (struct http_da_data*)soap_lookup_plugin(soap, http_da_id); if (!data) return SOAP_PLUGIN_ERROR; if (soap_smd_update(soap, &data->smd_data, buf, len)) return soap->error; if (data->fpreparerecv) return data->fpreparerecv(soap, buf, len); return SOAP_OK; }
static int http_da_calc_response(struct soap *soap, struct soap_smd_data *smd_data, const char *alg, char HA1hex[65], const char *nonce, const char *ncount, const char *cnonce, const char *qop, const char *method, const char *uri, char entityHAhex[65], char response[65], char responseHA[32]) { int smd_alg = SOAP_SMD_DGST_MD5; size_t smd_len = 16; char HA2[32], HA2hex[65]; if (alg && !soap_tag_cmp(alg, "SHA-256*")) { smd_alg = SOAP_SMD_DGST_SHA256; smd_len = 32; } if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0) || soap_smd_update(soap, smd_data, method, strlen(method)) || soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, uri, strlen(uri))) return soap->error; if (qop && !soap_tag_cmp(qop, "auth-int")) { if (soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, entityHAhex, 2*smd_len)) return soap->error; } if (soap_smd_final(soap, smd_data, HA2, NULL)) return soap->error; (void)soap_s2hex(soap, (unsigned char*)HA2, HA2hex, smd_len); if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0) || soap_smd_update(soap, smd_data, HA1hex, 2*smd_len)) return soap->error; if (nonce) { if (soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, nonce, strlen(nonce))) return soap->error; } if (qop && *qop) { if (soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, ncount, strlen(ncount)) || soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, cnonce, strlen(cnonce)) || soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, qop, strlen(qop))) return soap->error; } if (soap_smd_update(soap, smd_data, ":", 1) || soap_smd_update(soap, smd_data, HA2hex, 2*smd_len) || soap_smd_final(soap, smd_data, responseHA, NULL)) return soap->error; (void)soap_s2hex(soap, (unsigned char*)responseHA, response, smd_len); return SOAP_OK; }
/** @fn int soap_smd_send(struct soap *soap, const char *buf, size_t len) @brief Callback to intercept messages for digest or signature computation. @param soap context @param[in] buf message @param[in] len message length @return SOAP_OK or SOAP_SSL_ERROR */ static int soap_smd_send(struct soap *soap, const char *buf, size_t len) { return soap_smd_update(soap, (struct soap_smd_data*)soap->user, buf, len); }