/* Most of this function is taken from the function 'soap_wsse_add_UsernameTokenDigest()' defined in wsseapi.cpp //
// Used to alter the soap request for an offset time (for authorization purposes - replay attack protection) */
int OnvifClientDevice::LocalAddUsernameTokenDigest(struct soap *soapOff,double cam_pc_offset)
{
string strUrl;
string strUser;
string strPass;
if (this->GetUserPasswd(strUser, strPass) == false
|| this->GetUrl(strUrl) == false)
{
return SOAP_ERR;
}
/* start soap_wsse_add_UsernameTokenDigest; Taken from wsseapi.cpp*/
/* All of this is taken from the function soap_wsse_add_UsernameTokenDigest() defined in wsseapi.cpp */
_wsse__Security *security = soap_wsse_add_Security(soapOff);
time_t now = time(NULL);
now -= (time_t) cam_pc_offset; //offset so digest comes out correctly (synced times between cam and pc);
const char *created = soap_dateTime2s(soapOff, now);
char HA[SOAP_SMD_SHA1_SIZE], HABase64[29];
char nonce[20], *nonceBase64;
/*start calc_nonce(soapOff, nonce); Taken from wsseapi.cpp */
time_t r = time(NULL);
cout << "now time: " << r << endl;
r -= (time_t) cam_pc_offset; //offset so digest comes out correctly (synced times between cam and pc);
cout << "now time minus offset: " << r << endl;
memcpy(nonce, &r, 4);
for (int i = 4; i < 20; i += 4)
{ r = soap_random;
memcpy(nonce + i, &r, 4);
}
/*end calc_nonce(soapOff, nonce); */
nonceBase64 = soap_s2base64(soapOff, (unsigned char*)nonce, NULL, 20);
/* start calc_digest(soapOff, created, nonce, 20, strPass, HA); Taken from wsseapi.cpp */
struct soap_smd_data context;
/* use smdevp engine */
soap_smd_init(soapOff, &context, SOAP_SMD_DGST_SHA1, NULL, 0);
soap_smd_update(soapOff, &context, nonce, 20);
soap_smd_update(soapOff, &context, created, strlen(created));
soap_smd_update(soapOff, &context, strPass.c_str(), strlen(strPass.c_str()));
soap_smd_final(soapOff, &context, HA, NULL);
/* end calc_digest(soapOff, created, nonce, 20, strPass, HA); */
soap_s2base64(soapOff, (unsigned char*)HA, HABase64, SOAP_SMD_SHA1_SIZE);
/* populate the UsernameToken with digest */
soap_wsse_add_UsernameTokenText(soapOff, "Id", strUser.c_str(), HABase64);
/* populate the remainder of the password, nonce, and created */
security->UsernameToken->Password->Type = (char*)wsse_PasswordDigestURI;
security->UsernameToken->Nonce = nonceBase64;
security->UsernameToken->wsu__Created = soap_strdup(soapOff, created);
/* end soap_wsse_add_UsernameTokenDigest */
return SOAP_OK;
}
/**
@fn size_t soap_smd_recv(struct soap *soap, char *buf, size_t len)
@brief Callback to intercept messages for digest or signature computation/verification.
@param soap context
@param[in] buf buffer
@param[in] len max buffer length
@return message size in buffer or 0 on error.
*/
static size_t
soap_smd_recv(struct soap *soap, char *buf, size_t len)
{ size_t ret = ((struct soap_smd_data*)soap->data[0])->frecv(soap, buf, len);
if (ret && soap_smd_update(soap, (struct soap_smd_data*)soap->data[0], buf, ret))
return 0;
return ret;
}
/**
@fn int soap_smd_send(struct soap *soap, const char *buf, size_t len)
@brief Callback to intercept messages for digest or signature computation/verification.
@param soap context
@param[in] buf message
@param[in] len message length
@return SOAP_OK or SOAP_SSL_ERROR
*/
static int
soap_smd_send(struct soap *soap, const char *buf, size_t len)
{ int err;
if (((struct soap_smd_data*)soap->data[0])->alg & SOAP_SMD_PASSTHRU)
{ if ((err = ((struct soap_smd_data*)soap->data[0])->fsend(soap, buf, len)))
return err;
}
return soap_smd_update(soap, (struct soap_smd_data*)soap->data[0], buf, len);
}
static int http_da_calc_HA1(struct soap *soap, struct soap_smd_data *smd_data, const char *alg, const char *userid, const char *realm, const char *passwd, const char *nonce, const char *cnonce, char HA1hex[65])
{
int smd_alg = SOAP_SMD_DGST_MD5;
size_t smd_len = 16;
char HA1[32];
if (alg && !soap_tag_cmp(alg, "SHA-256*"))
{
smd_alg = SOAP_SMD_DGST_SHA256;
smd_len = 32;
}
if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0)
|| soap_smd_update(soap, smd_data, userid, strlen(userid))
|| soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, realm, strlen(realm))
|| soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, passwd, strlen(passwd))
|| soap_smd_final(soap, smd_data, HA1, NULL))
return soap->error;
if (alg && !soap_tag_cmp(alg, "*-sess"))
{
if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0)
|| soap_smd_update(soap, smd_data, HA1, smd_len))
return soap->error;
if (nonce)
{
if (soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, nonce, strlen(nonce)))
return soap->error;
}
if (soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, cnonce, strlen(cnonce))
|| soap_smd_final(soap, smd_data, HA1, NULL))
return soap->error;
}
(void)soap_s2hex(soap, (unsigned char*)HA1, HA1hex, smd_len);
return SOAP_OK;
};
static int http_da_preparerecv(struct soap *soap, const char *buf, size_t len)
{
struct http_da_data *data = (struct http_da_data*)soap_lookup_plugin(soap, http_da_id);
if (!data)
return SOAP_PLUGIN_ERROR;
if (soap_smd_update(soap, &data->smd_data, buf, len))
return soap->error;
if (data->fpreparerecv)
return data->fpreparerecv(soap, buf, len);
return SOAP_OK;
}
static int http_da_calc_response(struct soap *soap, struct soap_smd_data *smd_data, const char *alg, char HA1hex[65], const char *nonce, const char *ncount, const char *cnonce, const char *qop, const char *method, const char *uri, char entityHAhex[65], char response[65], char responseHA[32])
{
int smd_alg = SOAP_SMD_DGST_MD5;
size_t smd_len = 16;
char HA2[32], HA2hex[65];
if (alg && !soap_tag_cmp(alg, "SHA-256*"))
{
smd_alg = SOAP_SMD_DGST_SHA256;
smd_len = 32;
}
if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0)
|| soap_smd_update(soap, smd_data, method, strlen(method))
|| soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, uri, strlen(uri)))
return soap->error;
if (qop && !soap_tag_cmp(qop, "auth-int"))
{
if (soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, entityHAhex, 2*smd_len))
return soap->error;
}
if (soap_smd_final(soap, smd_data, HA2, NULL))
return soap->error;
(void)soap_s2hex(soap, (unsigned char*)HA2, HA2hex, smd_len);
if (soap_smd_init(soap, smd_data, smd_alg, NULL, 0)
|| soap_smd_update(soap, smd_data, HA1hex, 2*smd_len))
return soap->error;
if (nonce)
{
if (soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, nonce, strlen(nonce)))
return soap->error;
}
if (qop && *qop)
{
if (soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, ncount, strlen(ncount))
|| soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, cnonce, strlen(cnonce))
|| soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, qop, strlen(qop)))
return soap->error;
}
if (soap_smd_update(soap, smd_data, ":", 1)
|| soap_smd_update(soap, smd_data, HA2hex, 2*smd_len)
|| soap_smd_final(soap, smd_data, responseHA, NULL))
return soap->error;
(void)soap_s2hex(soap, (unsigned char*)responseHA, response, smd_len);
return SOAP_OK;
}
/**
@fn int soap_smd_send(struct soap *soap, const char *buf, size_t len)
@brief Callback to intercept messages for digest or signature computation.
@param soap context
@param[in] buf message
@param[in] len message length
@return SOAP_OK or SOAP_SSL_ERROR
*/
static int
soap_smd_send(struct soap *soap, const char *buf, size_t len)
{ return soap_smd_update(soap, (struct soap_smd_data*)soap->user, buf, len);
}
