设备注册 未完

gb28181-service/src/main/java/cn/skcks/docking/gb28181/core/sip/listener/SipListenerImpl.java

@@ -26,7 +26,7 @@ public class SipListenerImpl implements SipListener {
     @Async(DefaultSipExecutor.EXECUTOR_BEAN_NAME)
     public void processRequest(RequestEvent requestEvent) {
         String method = requestEvent.getRequest().getMethod();
-        log.debug("method => {}",method);
+        log.debug("传入请求 method => {}",method);
         Optional.ofNullable(processor.get(method)).ifPresent(processor -> {
             processor.process(requestEvent);
         });

gb28181-service/src/main/java/cn/skcks/docking/gb28181/core/sip/message/auth/DigestServerAuthenticationHelper.java

@@ -0,0 +1,229 @@
+/*
+ * Conditions Of Use
+ *
+ * This software was developed by employees of the National Institute of
+ * Standards and Technology (NIST), an agency of the Federal Government.
+ * Pursuant to title 15 Untied States Code Section 105, works of NIST
+ * employees are not subject to copyright protection in the United States
+ * and are considered to be in the public domain.  As a result, a formal
+ * license is not needed to use the software.
+ *
+ * This software is provided by NIST as a service and is expressly
+ * provided "AS IS."  NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED
+ * OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT
+ * AND DATA ACCURACY.  NIST does not warrant or make any representations
+ * regarding the use of the software or the results thereof, including but
+ * not limited to the correctness, accuracy, reliability or usefulness of
+ * the software.
+ *
+ * Permission to use this software is contingent upon your acceptance
+ * of the terms of this agreement
+ *
+ * .
+ *
+ */
+package cn.skcks.docking.gb28181.core.sip.message.auth;
+
+import gov.nist.core.InternalErrorHandler;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.ObjectUtils;
+
+import javax.sip.address.URI;
+import javax.sip.header.AuthorizationHeader;
+import javax.sip.header.HeaderFactory;
+import javax.sip.header.WWWAuthenticateHeader;
+import javax.sip.message.Request;
+import javax.sip.message.Response;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
+import java.util.Random;
+
+/**
+ * Implements the HTTP digest authentication method server side functionality.
+ *
+ * @author M. Ranganathan
+ * @author Marc Bednarek
+ */
+@Slf4j
+public class DigestServerAuthenticationHelper {
+    private static final MessageDigest messageDigest;
+
+    public static final String DEFAULT_ALGORITHM = "MD5";
+    public static final String DEFAULT_SCHEME = "Digest";
+
+
+    /** to hex converter */
+    private static final char[] toHex = { '0', '1', '2', '3', '4', '5', '6',
+            '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+
+    /**
+     * Default constructor.
+     * @throws NoSuchAlgorithmException
+     */
+    static{
+        try {
+            messageDigest = MessageDigest.getInstance(DEFAULT_ALGORITHM);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public static String toHexString(byte b[]) {
+        int pos = 0;
+        char[] c = new char[b.length * 2];
+        for (int i = 0; i < b.length; i++) {
+            c[pos++] = toHex[(b[i] >> 4) & 0x0F];
+            c[pos++] = toHex[b[i] & 0x0f];
+        }
+        return new String(c);
+    }
+
+    /**
+     * Generate the challenge string.
+     *
+     * @return a generated nonce.
+     */
+    private static String generateNonce() {
+        long time = Instant.now().toEpochMilli();
+        Random rand = new Random();
+        long pad = rand.nextLong();
+        String nonceString = Long.valueOf(time).toString()
+                + Long.valueOf(pad).toString();
+        byte[] mdBytes = messageDigest.digest(nonceString.getBytes());
+        return toHexString(mdBytes);
+    }
+
+    public static void generateChallenge(HeaderFactory headerFactory, Response response, String realm) {
+        try {
+            WWWAuthenticateHeader proxyAuthenticate = headerFactory
+                    .createWWWAuthenticateHeader(DEFAULT_SCHEME);
+            proxyAuthenticate.setParameter("realm", realm);
+            proxyAuthenticate.setParameter("qop", "auth");
+            proxyAuthenticate.setParameter("nonce", generateNonce());
+            proxyAuthenticate.setParameter("algorithm", DEFAULT_ALGORITHM);
+
+            response.setHeader(proxyAuthenticate);
+        } catch (Exception ex) {
+            InternalErrorHandler.handleException(ex);
+        }
+    }
+    /**
+     * Authenticate the inbound request.
+     *
+     * @param request - the request to authenticate.
+     * @param hashedPassword -- the MD5 hashed string of username:realm:plaintext password.
+     *
+     * @return true if authentication succeded and false otherwise.
+     */
+    public boolean doAuthenticateHashedPassword(Request request, String hashedPassword) {
+        AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
+        if ( authHeader == null ) {
+            return false;
+        }
+        String realm = authHeader.getRealm();
+        String username = authHeader.getUsername();
+
+        if ( username == null || realm == null ) {
+            return false;
+        }
+
+        String nonce = authHeader.getNonce();
+        URI uri = authHeader.getURI();
+        if (uri == null) {
+            return false;
+        }
+
+        String A2 = request.getMethod().toUpperCase() + ":" + uri;
+        String HA1 = hashedPassword;
+
+        byte[] mdbytes = messageDigest.digest(A2.getBytes());
+        String HA2 = toHexString(mdbytes);
+
+        String cnonce = authHeader.getCNonce();
+        String KD = HA1 + ":" + nonce;
+        if (cnonce != null) {
+            KD += ":" + cnonce;
+        }
+        KD += ":" + HA2;
+        mdbytes = messageDigest.digest(KD.getBytes());
+        String mdString = toHexString(mdbytes);
+        String response = authHeader.getResponse();
+
+
+        return mdString.equals(response);
+    }
+
+    /**
+     * Authenticate the inbound request given plain text password.
+     *
+     * @param request - the request to authenticate.
+     * @param pass -- the plain text password.
+     *
+     * @return true if authentication succeded and false otherwise.
+     */
+    public boolean doAuthenticatePlainTextPassword(Request request, String pass) {
+        AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
+        if ( authHeader == null || authHeader.getRealm() == null) {
+            return false;
+        }
+        String realm = authHeader.getRealm().trim();
+        String username = authHeader.getUsername().trim();
+
+        if(ObjectUtils.anyNull(username,realm)){
+            return false;
+        }
+
+        String nonce = authHeader.getNonce();
+        URI uri = authHeader.getURI();
+        if (uri == null) {
+            return false;
+        }
+        // qop 保护质量 包含auth（默认的）和auth-int（增加了报文完整性检测）两种策略
+        String qop = authHeader.getQop();
+
+        // 客户端随机数，这是一个不透明的字符串值，由客户端提供，并且客户端和服务器都会使用，以避免用明文文本。
+        // 这使得双方都可以查验对方的身份，并对消息的完整性提供一些保护
+        String cnonce = authHeader.getCNonce();
+
+        // nonce计数器，是一个16进制的数值，表示同一nonce下客户端发送出请求的数量
+        int nc = authHeader.getNonceCount();
+        String ncStr = String.format("%08x", nc).toUpperCase();
+        String A1 = String.join(":",username , realm , pass);
+        String A2 = String.join(":",request.getMethod().toUpperCase() , uri.toString());
+
+        byte[] mdbytes = messageDigest.digest(A1.getBytes());
+        String HA1 = toHexString(mdbytes);
+        log.debug("A1: " + A1);
+        log.debug("A2: " + A2);
+        mdbytes = messageDigest.digest(A2.getBytes());
+        String HA2 = toHexString(mdbytes);
+        log.debug("HA1: " + HA1);
+        log.debug("HA2: " + HA2);
+        // String cnonce = authHeader.getCNonce();
+        log.debug("nonce: " + nonce);
+        log.debug("nc: " + ncStr);
+        log.debug("cnonce: " + cnonce);
+        log.debug("qop: " + qop);
+        String KD = HA1 + ":" + nonce;
+
+        if (qop != null && qop.equalsIgnoreCase("auth") ) {
+            if (nc != -1) {
+                KD += ":" + ncStr;
+            }
+            if (cnonce != null) {
+                KD += ":" + cnonce;
+            }
+            KD += ":" + qop;
+        }
+        KD += ":" + HA2;
+        log.debug("KD: " + KD);
+        mdbytes = messageDigest.digest(KD.getBytes());
+        String mdString = toHexString(mdbytes);
+        log.debug("mdString: " + mdString);
+        String response = authHeader.getResponse();
+        log.debug("response: " + response);
+        return mdString.equals(response);
+    }
+}

gb28181-service/src/main/java/cn/skcks/docking/gb28181/core/sip/message/processor/MessageProcessor.java

@@ -1,7 +1,35 @@
 package cn.skcks.docking.gb28181.core.sip.message.processor;
 
+import lombok.extern.slf4j.Slf4j;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.sip.PeerUnavailableException;
 import javax.sip.RequestEvent;
+import javax.sip.SipFactory;
+import javax.sip.header.HeaderFactory;
+import javax.sip.message.MessageFactory;
 
 public interface MessageProcessor {
+    Logger log = LoggerFactory.getLogger(MessageProcessor.class);
+
     void process(RequestEvent requestEvent);
+
+    default MessageFactory getMessageFactory() {
+        try {
+            return SipFactory.getInstance().createMessageFactory();
+        } catch (PeerUnavailableException e) {
+            log.error("未处理的异常 ", e);
+        }
+        return null;
+    }
+
+    default HeaderFactory getHeaderFactory() {
+        try {
+            return SipFactory.getInstance().createHeaderFactory();
+        } catch (PeerUnavailableException e) {
+            log.error("未处理的异常 ", e);
+        }
+        return null;
+    }
 }

gb28181-service/src/main/java/cn/skcks/docking/gb28181/core/sip/message/processor/request/RegisterRequestProcessor.java

@@ -1,13 +1,24 @@
 package cn.skcks.docking.gb28181.core.sip.message.processor.request;
 
+import cn.skcks.docking.gb28181.config.sip.SipConfig;
+import cn.skcks.docking.gb28181.core.sip.dto.RemoteInfo;
 import cn.skcks.docking.gb28181.core.sip.listener.SipListener;
+import cn.skcks.docking.gb28181.core.sip.message.auth.DigestServerAuthenticationHelper;
 import cn.skcks.docking.gb28181.core.sip.message.processor.MessageProcessor;
+import cn.skcks.docking.gb28181.core.sip.utils.SipUtil;
+import gov.nist.javax.sip.address.SipUri;
+import gov.nist.javax.sip.header.Authorization;
+import gov.nist.javax.sip.message.SIPRequest;
 import jakarta.annotation.PostConstruct;
 import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
 
 import javax.sip.RequestEvent;
+import javax.sip.address.Address;
+import javax.sip.header.FromHeader;
+import javax.sip.message.Response;
 
 @Slf4j
 @RequiredArgsConstructor
@@ -17,13 +28,33 @@ public class RegisterRequestProcessor implements MessageProcessor {
 
     private final SipListener sipListener;
 
+    private final SipConfig sipConfig;
+
     @PostConstruct
     private void init(){
         sipListener.addProcessor(METHOD,this);
     }
 
+    @SneakyThrows
     @Override
     public void process(RequestEvent requestEvent) {
+        SIPRequest request = (SIPRequest)requestEvent.getRequest();
+        FromHeader fromHeader = request.getFrom();
+        Address address = fromHeader.getAddress();
+        log.debug("From {}",address);
 
+        SipUri uri = (SipUri)address.getURI();
+        String deviceId = uri.getUser();
+        log.debug("请求注册 设备id => {}", deviceId);
+
+        RemoteInfo remoteInfo = SipUtil.getRemoteInfoFromRequest(request, false);
+        log.debug("远程连接信息 => {}", remoteInfo);
+
+        String password = sipConfig.getPassword();
+        Authorization authorization = request.getAuthorization();
+        log.debug("认证信息 => {}", authorization);
+
+        Response response = getMessageFactory().createResponse(Response.UNAUTHORIZED, request);
+        DigestServerAuthenticationHelper.generateChallenge(getHeaderFactory(),response,sipConfig.getDomain());
     }
 }

gb28181-service/src/main/java/cn/skcks/docking/gb28181/core/sip/service/SipServiceImpl.java

@@ -65,7 +65,7 @@ public class SipServiceImpl implements SipService {
             sipStack.setMessageParserFactory(new GbStringMsgParserFactory());
             // sipStack.setMessageProcessorFactory();
             try {
-                ListeningPoint tcpListen = sipStack.createListeningPoint(ip, port, "TCP");
+                ListeningPoint tcpListen = sipStack.createListeningPoint(ip, port, ListeningPoint.TCP);
                 SipProviderImpl tcpSipProvider = (SipProviderImpl) sipStack.createSipProvider(tcpListen);
                 tcpSipProvider.setDialogErrorsAutomaticallyHandled();
                 tcpSipProvider.addSipListener(sipListener);
@@ -78,7 +78,7 @@ public class SipServiceImpl implements SipService {
             }
 
             try {
-                ListeningPoint udpListen = sipStack.createListeningPoint(ip, port, "UDP");
+                ListeningPoint udpListen = sipStack.createListeningPoint(ip, port, ListeningPoint.UDP);
                 SipProviderImpl udpSipProvider = (SipProviderImpl) sipStack.createSipProvider(udpListen);
                 udpSipProvider.addSipListener(sipListener);
                 pool.add(udpSipProvider);

gb28181-service/src/main/java/cn/skcks/docking/gb28181/core/sip/utils/SipUtil.java

@@ -103,7 +103,7 @@ public class SipUtil implements ApplicationContextAware {
             remoteAddress = request.getPeerPacketSourceAddress().getHostAddress();
             remotePort = request.getPeerPacketSourcePort();
 
-        }else {
+        } else {
             // 判断RPort是否改变，改变则说明路由nat信息变化，修改设备信息
             // 获取到通信地址等信息
             remoteAddress = request.getTopmostViaHeader().getReceived();