问题
I'm working on ONVIF of send "GetDeviceInformation". That's required wsse:UsernameToken. After searching data for authority, there are two faormula:
(1) by "ONVIF-Core-Specification-v241.pdf", "5.12.2.1 Password derivation"
PE_UA = base64(HMAC_SHA-1(UA+P_UA,NEP+”ONVIF password”))
(2) by soap of WEB protocol
Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )
I am confused!!which one is correct?
Moreover, when i test ONVIF test tool by wireshark
the XML i got as:
<wsse:UsernameToken> <wsse:Username>admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">lu9ywjDwSt8oW7M4tMjCb50/xRg=</wsse:Password> <wsse:Nonce>TgBYFHxSc3Oo8yPzwnQn8A==</wsse:Nonce> <wsu:Created>2014-06-20T04:41:45Z</wsu:Created> </wsse:UsernameToken>
ok, then I've try to figure out the formula by those data.
a> username: "admin"
b> password: "pass" ( un-entropy)
c> Nonce: "TgBYFHxSc3Oo8yPzwnQn8A=="
d> created: "2014-06-20T04:41:45Z"
somehow to get the final password: "lu9ywjDwSt8oW7M4tMjCb50/xRg="
the "nonce" may converted by Base64 so the original should be"4E0058147C527373A8F323F3C27427F0"
I've try use
base64(SHA1("TgBYFHxSc3Oo8yPzwnQn8A==2014-06-12T04:03:45Zpass"))
or
base64(SHA1("4E0058147C527373A8F323F3C27427F0==2014-06-12T04:03:45Zpass"))
but I still can't get the password send by Test tool as "lu9ywjDwSt8oW7M4tMjCb50/xRg="
any one could help me to figure out what the exact formula used by ONVIF test tool?
Do need your help!!! thanks!!
回答1:
finally, the device send OK to me!
After reference to gSoap
At the first, the formula is:
Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )
for the Nonce, it should be 20 bytes random "numeric" value as:
char caNonceTest[20]={0x9E,0xBD,0xBB,0x53,0x7C,0x96,0xB4,0xC1,0xCE,0xEB,
0xFB,0x06,0x17,0x31,0x41,0x4E,0x5B,0x68,0x86,0x93};
it could be generated by any method (event could be make it)
after getting, caNonceTest, like above, the string should be looked like "艋|蹉鋿1AN[h?昍昍昍昍"
and for XML send to device, the base64 should be like "nr27U3yWtMHO6/gGFzFBTltohpPMzMzMzMzMzBQ="
this is the key point of correct foramte! (not ASCII string!) Moreover, just feed to sha-1 function as the exactly as the caNonceTest (no need to convert to Base64)
for the created and password, just feed to sha-1 as string format (ex. "2014-07-08T09:26:13Z" and "pass")
then, world peace!
来源:https://stackoverflow.com/questions/24443835/whats-the-formula-of-onvif-passworddigest