ONVIF Authentication Error?

StackOverflow https://stackoverflow.com/questions/10812098

  •  11-06-2021
  •  | 
  •  

Question

I am writing an API in C for authenticating user using ONVIF. I write some code to make authentication header. But when I sent these headers the server respond that "The security token could not be authenticated or authorized"

unsigned int nonce_int = 0, i = 0;
  time_t utcTime = 0;
  struct tm *timeInfo = NULL;
  char sha1_input[100] = { 0 };
  SHA1Context sha = { 0 };

  nonce_int = GetRandomNumber();
  encode_base64(sizeof(nonce_int), (char*)&nonce_int, nonceLen, noncestr);

  utcTime = time(NULL);
  timeInfo = localtime(&utcTime);
  strftime(timestr, timeLen, "%Y-%m-%dT%H:%M:%SZ", timeInfo);
  printf("\nTime in String Format = %s", timestr);

  sprintf(sha1_input, "%d+%d+%s", nonce_int, utcTime, password);

  SHA1Reset(&sha);
  SHA1Input(&sha, (const unsigned char*)sha1_input, strlen(sha1_input));

  if(!SHA1Result(&sha))
  {
    printf("\nERROR-- could not compute message digest");
  }
  else
  {
    memset(sha1_input, 0x00, sizeof(sha1_input));
    /*sprintf(sha1_input, "%X%X%X%X%X", sha.Message_Digest[0], sha.Message_Digest[1],
      sha.Message_Digest[2], sha.Message_Digest[3], sha.Message_Digest[4]);*/

    sprintf(sha1_input, "%u%u%u%u%u", sha.Message_Digest[0], sha.Message_Digest[1],
      sha.Message_Digest[2], sha.Message_Digest[3], sha.Message_Digest[4]);

    printf("\nSHA1 Digest = %s", sha1_input);
    encode_base64(strlen(sha1_input), sha1_input, digestLen, digeststr);
    printf("\nSHA1 Digest Base64 Encoded = %s", digeststr);
  }

after that I sent this request on HTTP using POST method this.

Response:

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope  xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" 
                    xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" 
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                    xmlns:wsa5="http://www.w3.org/2005/08/addressing" 
                    xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" 
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
                    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                    xmlns:ptzimg2="http://www.onvif.org/ver10/schema" 
                    xmlns:ptzimg3="http://www.w3.org/2005/05/xmlmime" 
                    xmlns:ptzimg4="http://docs.oasis-open.org/wsn/b-2" 
                    xmlns:ptzimg5="http://docs.oasis-open.org/wsrf/bf-2" 
                    xmlns:ptzimg6="http://docs.oasis-open.org/wsn/t-1" 
                    xmlns:ptzimg1="http://www.onvif.org/ver20/ptz/wsdl" 
                    xmlns:ptzimg7="http://www.onvif.org/ver20/imaging/wsdl" 
                    xmlns:ter="http://www.onvif.org/ver10/error">

    <SOAP-ENV:Header></SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <SOAP-ENV:Code>
                <SOAP-ENV:Value>
                    SOAP-ENV:Sender
                </SOAP-ENV:Value>
                <SOAP-ENV:Subcode>
                    <SOAP-ENV:Value>
                        wsse:FailedAuthentication
                    </SOAP-ENV:Value>
                </SOAP-ENV:Subcode>
            </SOAP-ENV:Code>
            <SOAP-ENV:Reason>
                <SOAP-ENV:Text xml:lang="en">
                    The security token could not be authenticated or authorized
                </SOAP-ENV:Text>
            </SOAP-ENV:Reason>
            <SOAP-ENV:Node>
                http://www.w3.org/2003/05/soap-envelope/node/ultimateReceiver
            </SOAP-ENV:Node>
            <SOAP-ENV:Role>
                http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver
            </SOAP-ENV:Role>
            <SOAP-ENV:Detail></SOAP-ENV:Detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

I synchronized the time. I think the problem is with my authentication headers. I did not find any useful documentation that specifies the exact data type and creation method for digest and other headers. any help will be appreciated. Thanks

Was it helpful?

Solution 2

I figured out the problem. I was using local time string rather than utc time string. this solved my problem. thanks

OTHER TIPS

I assume you are using ONVIF Core Specification. It looks like it specifies the use of HTTP Digest Authentication which is a standard means of authentication at the HTTP level. You might be able to find some C/C++ version of that around somewhere to check your logic for that.

Another thing I suggest is the use of Wireshark. This will tell you exactly what's going on at the HTTP and SOAP level. If it cannot figure out your Digest responses for example, then it will be clear that the problem is in your handling of that.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top