wvp-pro.git - Gitblit

			@@ -1,35 +1,33 @@
			/*
			* Conditions Of Use
			*
			* This software was developed by employees of the National Institute of
			* Standards and Technology (NIST), an agency of the Federal Government.
			* Pursuant to title 15 Untied States Code Section 105, works of NIST
			* employees are not subject to copyright protection in the United States
			* and are considered to be in the public domain. As a result, a formal
			* license is not needed to use the software.
			*
			* This software is provided by NIST as a service and is expressly
			* provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED
			* OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF
			* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT
			* AND DATA ACCURACY. NIST does not warrant or make any representations
			* regarding the use of the software or the results thereof, including but
			* not limited to the correctness, accuracy, reliability or usefulness of
			* the software.
			*
			* Permission to use this software is contingent upon your acceptance
			* of the terms of this agreement
			*
			* .
			*
			*/
			* Conditions Of Use
			*
			* This software was developed by employees of the National Institute of
			* Standards and Technology (NIST), an agency of the Federal Government.
			* Pursuant to title 15 Untied States Code Section 105, works of NIST
			* employees are not subject to copyright protection in the United States
			* and are considered to be in the public domain. As a result, a formal
			* license is not needed to use the software.
			*
			* This software is provided by NIST as a service and is expressly
			* provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED
			* OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF
			* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT
			* AND DATA ACCURACY. NIST does not warrant or make any representations
			* regarding the use of the software or the results thereof, including but
			* not limited to the correctness, accuracy, reliability or usefulness of
			* the software.
			*
			* Permission to use this software is contingent upon your acceptance
			* of the terms of this agreement
			*
			* .
			*
			*/
			package com.genersoft.iot.vmp.gb28181.auth;

			import java.security.MessageDigest;
			import java.security.NoSuchAlgorithmException;
			import java.text.DecimalFormat;
			import java.util.Date;
			import java.util.Random;
			import gov.nist.core.InternalErrorHandler;
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;

			import javax.sip.address.URI;
			import javax.sip.header.AuthorizationHeader;
			@@ -37,23 +35,27 @@
			import javax.sip.header.WWWAuthenticateHeader;
			import javax.sip.message.Request;
			import javax.sip.message.Response;

			import gov.nist.core.InternalErrorHandler;
			import java.security.MessageDigest;
			import java.security.NoSuchAlgorithmException;
			import java.time.Instant;
			import java.util.Random;

			/**
			* Implements the HTTP digest authentication method server side functionality.
			*
			*
			* @author M. Ranganathan
			* @author Marc Bednarek
			*/

			public class DigestServerAuthenticationHelper {


			private Logger logger = LoggerFactory.getLogger(DigestServerAuthenticationHelper.class);

			private MessageDigest messageDigest;


			public static final String DEFAULT_ALGORITHM = "MD5";
			public static final String DEFAULT_SCHEME = "Digest";





			@@ -63,11 +65,11 @@

			/**
			* Default constructor.
			* @throws NoSuchAlgorithmException
			* @throws NoSuchAlgorithmException
			*/
			public DigestServerAuthenticationHelper()
			throws NoSuchAlgorithmException {
			messageDigest = MessageDigest.getInstance(DEFAULT_ALGORITHM);
			public DigestServerAuthenticationHelper()
			throws NoSuchAlgorithmException {
			messageDigest = MessageDigest.getInstance(DEFAULT_ALGORITHM);
			}

			public static String toHexString(byte b[]) {
			@@ -79,22 +81,19 @@
			}
			return new String(c);
			}


			/**
			* Generate the challenge string.
			*
			* @return a generated nonce.
			*/
			private String generateNonce() {
			// Get the time of day and run MD5 over it.
			Date date = new Date();
			long time = date.getTime();
			long time = Instant.now().toEpochMilli();
			Random rand = new Random();
			long pad = rand.nextLong();
			String nonceString = (new Long(time)).toString()
			+ (new Long(pad)).toString();
			String nonceString = Long.valueOf(time).toString()
			+ Long.valueOf(pad).toString();
			byte mdbytes[] = messageDigest.digest(nonceString.getBytes());
			// Convert the mdbytes array into a hex string.
			return toHexString(mdbytes);
			}

			@@ -103,13 +102,10 @@
			WWWAuthenticateHeader proxyAuthenticate = headerFactory
			.createWWWAuthenticateHeader(DEFAULT_SCHEME);
			proxyAuthenticate.setParameter("realm", realm);
			proxyAuthenticate.setParameter("nonce", generateNonce());

			// proxyAuthenticate.setParameter("opaque", "");
			// proxyAuthenticate.setParameter("stale", "FALSE");
			// proxyAuthenticate.setParameter("algorithm", DEFAULT_ALGORITHM);

			proxyAuthenticate.setParameter("qop", "auth");
			proxyAuthenticate.setParameter("nonce", generateNonce());
			proxyAuthenticate.setParameter("algorithm", DEFAULT_ALGORITHM);

			response.setHeader(proxyAuthenticate);
			} catch (Exception ex) {
			InternalErrorHandler.handleException(ex);
			@@ -121,34 +117,36 @@
			*
			* @param request - the request to authenticate.
			* @param hashedPassword -- the MD5 hashed string of username:realm:plaintext password.
			*
			*
			* @return true if authentication succeded and false otherwise.
			*/
			public boolean doAuthenticateHashedPassword(Request request, String hashedPassword) {
			AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
			if ( authHeader == null ) return false;
			AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
			if ( authHeader == null ) {
			return false;
			}
			String realm = authHeader.getRealm();
			String username = authHeader.getUsername();


			if ( username == null \|\| realm == null ) {
			return false;
			}


			String nonce = authHeader.getNonce();
			URI uri = authHeader.getURI();
			if (uri == null) {
			return false;
			}





			String A2 = request.getMethod().toUpperCase() + ":" + uri.toString();
			String HA1 = hashedPassword;



			byte[] mdbytes = messageDigest.digest(A2.getBytes());
			String HA2 = toHexString(mdbytes);


			String cnonce = authHeader.getCNonce();
			String KD = HA1 + ":" + nonce;
			if (cnonce != null) {
			@@ -158,7 +156,7 @@
			mdbytes = messageDigest.digest(KD.getBytes());
			String mdString = toHexString(mdbytes);
			String response = authHeader.getResponse();



			return mdString.equals(response);
			}
			@@ -168,12 +166,14 @@
			*
			* @param request - the request to authenticate.
			* @param pass -- the plain text password.
			*
			*
			* @return true if authentication succeded and false otherwise.
			*/
			public boolean doAuthenticatePlainTextPassword(Request request, String pass) {
			AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
			if ( authHeader == null ) return false;
			AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
			if ( authHeader == null \|\| authHeader.getRealm() == null) {
			return false;
			}
			String realm = authHeader.getRealm().trim();
			String username = authHeader.getUsername().trim();

			@@ -184,39 +184,41 @@
			String nonce = authHeader.getNonce();
			URI uri = authHeader.getURI();
			if (uri == null) {
			return false;
			return false;
			}
			// qop 保护质量包含auth（默认的）和auth-int（增加了报文完整性检测）两种策略
			String qop = authHeader.getQop().trim();
			String qop = authHeader.getQop();

			// 客户端随机数，这是一个不透明的字符串值，由客户端提供，并且客户端和服务器都会使用，以避免用明文文本。
			// 这使得双方都可以查验对方的身份，并对消息的完整性提供一些保护
			String cNonce = authHeader.getCNonce().trim();
			String cnonce = authHeader.getCNonce();

			// nonce计数器，是一个16进制的数值，表示同一nonce下客户端发送出请求的数量
			int nc = authHeader.getNonceCount();
			String ncStr = new DecimalFormat("00000000").format(nc);
			// String ncStr = new DecimalFormat("00000000").format(Integer.parseInt(nc + "", 16));
			String ncStr = String.format("%08x", nc).toUpperCase();
			// String ncStr = new DecimalFormat("00000000").format(nc);
			// String ncStr = new DecimalFormat("00000000").format(Integer.parseInt(nc + "", 16));

			String A1 = username + ":" + realm + ":" + pass;

			String A2 = request.getMethod().toUpperCase() + ":" + uri.toString();

			byte mdbytes[] = messageDigest.digest(A1.getBytes());
			String HA1 = toHexString(mdbytes);
			System.out.println("A1: " + A1);
			System.out.println("A2: " + A2);

			logger.debug("A1: " + A1);
			logger.debug("A2: " + A2);
			mdbytes = messageDigest.digest(A2.getBytes());
			String HA2 = toHexString(mdbytes);
			System.out.println("HA1: " + HA1);
			System.out.println("HA2: " + HA2);
			String cnonce = authHeader.getCNonce();
			System.out.println("nonce: " + nonce);
			System.out.println("nc: " + ncStr);
			System.out.println("cnonce: " + cnonce);
			System.out.println("qop: " + qop);
			logger.debug("HA1: " + HA1);
			logger.debug("HA2: " + HA2);
			// String cnonce = authHeader.getCNonce();
			logger.debug("nonce: " + nonce);
			logger.debug("nc: " + ncStr);
			logger.debug("cnonce: " + cnonce);
			logger.debug("qop: " + qop);
			String KD = HA1 + ":" + nonce;

			if (qop != null && qop.equals("auth") ) {
			if (qop != null && qop.equalsIgnoreCase("auth") ) {
			if (nc != -1) {
			KD += ":" + ncStr;
			}
			@@ -226,64 +228,14 @@
			KD += ":" + qop;
			}
			KD += ":" + HA2;
			System.out.println("KD: " + KD);
			logger.debug("KD: " + KD);
			mdbytes = messageDigest.digest(KD.getBytes());
			String mdString = toHexString(mdbytes);
			System.out.println("mdString: " + mdString);
			logger.debug("mdString: " + mdString);
			String response = authHeader.getResponse();
			System.out.println("response: " + response);
			logger.debug("response: " + response);
			return mdString.equals(response);


			}


			public static void main(String[] args) throws NoSuchAlgorithmException {
			MessageDigest messageDigest2 = MessageDigest.getInstance(DEFAULT_ALGORITHM);
			String realm = "DS-2CD2520F";
			String username = "admin";
			String passwd = "12345";

			String nonce = "4d6a553452444d30525441364e6d4d304e6a68684e47553d";

			String uri = "/ISAPI/Streaming/channels/101/picture";
			// qop 保护质量包含auth（默认的）和auth-int（增加了报文完整性检测）两种策略
			String qop = "auth";

			// 客户端随机数，这是一个不透明的字符串值，由客户端提供，并且客户端和服务器都会使用，以避免用明文文本。
			// 这使得双方都可以查验对方的身份，并对消息的完整性提供一些保护
			String cNonce = "C1A5298F939E87E8F962A5EDFC206918";

			// nonce计数器，是一个16进制的数值，表示同一nonce下客户端发送出请求的数量
			int nc = 1;

			String A1 = username + ":" + realm + ":" + passwd;
			System.out.println("A1: " + A1);
			String A2 = "GET" + ":" + uri.toString();
			System.out.println("A2: " + A2);
			byte mdbytes[] = messageDigest2.digest(A1.getBytes());
			String HA1 = toHexString(mdbytes);
			System.out.println("HA1: " + HA1);

			mdbytes = messageDigest2.digest(A2.getBytes());
			String HA2 = toHexString(mdbytes);
			System.out.println("HA2: " + HA2);
			String cnonce = "93d4d37df32e1a85";
			String KD = HA1 + ":" + nonce;

			if (nc != -1) {
			KD += ":" + "00000001";
			}
			if (cnonce != null) {
			KD += ":" + cnonce;
			}
			if (qop != null) {
			KD += ":" + qop;
			}
			KD += ":" + HA2;
			System.out.println("KD: " + KD);
			mdbytes = messageDigest2.digest(KD.getBytes());
			String mdString = toHexString(mdbytes);
			String response = "3993a815e5cdaf4470e9b4f9bd41cf4a";
			System.out.println(mdString);
			}
			}