补充漏掉的文件

This commit is contained in:
648540858 2020-12-21 16:01:47 +08:00
parent bfd1628d5b
commit b5c9de775d
4 changed files with 188 additions and 15 deletions

View File

@ -27,6 +27,7 @@ package com.genersoft.iot.vmp.gb28181.auth;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.text.DecimalFormat;
import java.util.Date; import java.util.Date;
import java.util.Random; import java.util.Random;
@ -103,9 +104,12 @@ public class DigestServerAuthenticationHelper {
.createWWWAuthenticateHeader(DEFAULT_SCHEME); .createWWWAuthenticateHeader(DEFAULT_SCHEME);
proxyAuthenticate.setParameter("realm", realm); proxyAuthenticate.setParameter("realm", realm);
proxyAuthenticate.setParameter("nonce", generateNonce()); proxyAuthenticate.setParameter("nonce", generateNonce());
proxyAuthenticate.setParameter("opaque", "");
proxyAuthenticate.setParameter("stale", "FALSE"); // proxyAuthenticate.setParameter("opaque", "");
proxyAuthenticate.setParameter("algorithm", DEFAULT_ALGORITHM); // proxyAuthenticate.setParameter("stale", "FALSE");
// proxyAuthenticate.setParameter("algorithm", DEFAULT_ALGORITHM);
proxyAuthenticate.setParameter("qop", "auth");
response.setHeader(proxyAuthenticate); response.setHeader(proxyAuthenticate);
} catch (Exception ex) { } catch (Exception ex) {
InternalErrorHandler.handleException(ex); InternalErrorHandler.handleException(ex);
@ -170,42 +174,116 @@ public class DigestServerAuthenticationHelper {
public boolean doAuthenticatePlainTextPassword(Request request, String pass) { public boolean doAuthenticatePlainTextPassword(Request request, String pass) {
AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME); AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
if ( authHeader == null ) return false; if ( authHeader == null ) return false;
String realm = authHeader.getRealm(); String realm = authHeader.getRealm().trim();
String username = authHeader.getUsername(); String username = authHeader.getUsername().trim();
if ( username == null || realm == null ) { if ( username == null || realm == null ) {
return false; return false;
} }
String nonce = authHeader.getNonce(); String nonce = authHeader.getNonce();
URI uri = authHeader.getURI(); URI uri = authHeader.getURI();
if (uri == null) { if (uri == null) {
return false; return false;
} }
// qop 保护质量 包含auth默认的和auth-int增加了报文完整性检测两种策略
String qop = authHeader.getQop().trim();
// 客户端随机数这是一个不透明的字符串值由客户端提供并且客户端和服务器都会使用以避免用明文文本
// 这使得双方都可以查验对方的身份并对消息的完整性提供一些保护
String cNonce = authHeader.getCNonce().trim();
// nonce计数器是一个16进制的数值表示同一nonce下客户端发送出请求的数量
int nc = authHeader.getNonceCount();
String ncStr = new DecimalFormat("00000000").format(nc);
// String ncStr = new DecimalFormat("00000000").format(Integer.parseInt(nc + "", 16));
String A1 = username + ":" + realm + ":" + pass; String A1 = username + ":" + realm + ":" + pass;
String A2 = request.getMethod().toUpperCase() + ":" + uri.toString(); String A2 = request.getMethod().toUpperCase() + ":" + uri.toString();
byte mdbytes[] = messageDigest.digest(A1.getBytes()); byte mdbytes[] = messageDigest.digest(A1.getBytes());
String HA1 = toHexString(mdbytes); String HA1 = toHexString(mdbytes);
System.out.println("A1: " + A1);
System.out.println("A2: " + A2);
mdbytes = messageDigest.digest(A2.getBytes()); mdbytes = messageDigest.digest(A2.getBytes());
String HA2 = toHexString(mdbytes); String HA2 = toHexString(mdbytes);
System.out.println("HA1: " + HA1);
System.out.println("HA2: " + HA2);
String cnonce = authHeader.getCNonce(); String cnonce = authHeader.getCNonce();
System.out.println("nonce: " + nonce);
System.out.println("nc: " + ncStr);
System.out.println("cnonce: " + cnonce);
System.out.println("qop: " + qop);
String KD = HA1 + ":" + nonce; String KD = HA1 + ":" + nonce;
if (cnonce != null) {
KD += ":" + cnonce; if (qop != null && qop.equals("auth") ) {
if (nc != -1) {
KD += ":" + ncStr;
}
if (cnonce != null) {
KD += ":" + cnonce;
}
KD += ":" + qop;
} }
KD += ":" + HA2; KD += ":" + HA2;
System.out.println("KD: " + KD);
mdbytes = messageDigest.digest(KD.getBytes()); mdbytes = messageDigest.digest(KD.getBytes());
String mdString = toHexString(mdbytes); String mdString = toHexString(mdbytes);
System.out.println("mdString: " + mdString);
String response = authHeader.getResponse(); String response = authHeader.getResponse();
System.out.println("response: " + response);
return mdString.equals(response); return mdString.equals(response);
} }
public static void main(String[] args) throws NoSuchAlgorithmException {
MessageDigest messageDigest2 = MessageDigest.getInstance(DEFAULT_ALGORITHM);
String realm = "DS-2CD2520F";
String username = "admin";
String passwd = "12345";
String nonce = "4d6a553452444d30525441364e6d4d304e6a68684e47553d";
String uri = "/ISAPI/Streaming/channels/101/picture";
// qop 保护质量 包含auth默认的和auth-int增加了报文完整性检测两种策略
String qop = "auth";
// 客户端随机数这是一个不透明的字符串值由客户端提供并且客户端和服务器都会使用以避免用明文文本
// 这使得双方都可以查验对方的身份并对消息的完整性提供一些保护
String cNonce = "C1A5298F939E87E8F962A5EDFC206918";
// nonce计数器是一个16进制的数值表示同一nonce下客户端发送出请求的数量
int nc = 1;
String A1 = username + ":" + realm + ":" + passwd;
System.out.println("A1: " + A1);
String A2 = "GET" + ":" + uri.toString();
System.out.println("A2: " + A2);
byte mdbytes[] = messageDigest2.digest(A1.getBytes());
String HA1 = toHexString(mdbytes);
System.out.println("HA1: " + HA1);
mdbytes = messageDigest2.digest(A2.getBytes());
String HA2 = toHexString(mdbytes);
System.out.println("HA2: " + HA2);
String cnonce = "93d4d37df32e1a85";
String KD = HA1 + ":" + nonce;
if (nc != -1) {
KD += ":" + "00000001";
}
if (cnonce != null) {
KD += ":" + cnonce;
}
if (qop != null) {
KD += ":" + qop;
}
KD += ":" + HA2;
System.out.println("KD: " + KD);
mdbytes = messageDigest2.digest(KD.getBytes());
String mdString = toHexString(mdbytes);
String response = "3993a815e5cdaf4470e9b4f9bd41cf4a";
System.out.println(mdString);
}
} }

View File

@ -0,0 +1,95 @@
package com.genersoft.iot.vmp.media.zlm;
import com.alibaba.fastjson.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.HashMap;
import java.util.Map;
@Component
public class ZLMRTPServerFactory {
private Logger logger = LoggerFactory.getLogger("ZLMRTPServerFactory");
@Value("${media.rtp.udpPortRange}")
private String udpPortRange;
@Autowired
private ZLMRESTfulUtils zlmresTfulUtils;
private int[] udpPortRangeArray = new int[2];
private int currentPort = 0;
public int createRTPServer(String streamId) {
Map<String, Object> param = new HashMap<>();
int result = -1;
int newPort = getPortFromUdpPortRange();
param.put("port", newPort);
param.put("enable_tcp", 1);
param.put("stream_id", streamId);
JSONObject jsonObject = zlmresTfulUtils.openRtpServer(param);
System.out.println(jsonObject);
if (jsonObject != null) {
switch (jsonObject.getInteger("code")){
case 0:
result= newPort;
break;
case -300: // id已经存在
result = newPort;
break;
case -400: // 端口占用
result= createRTPServer(streamId);
break;
default:
logger.error("创建RTP Server 失败: " + jsonObject.getString("msg"));
break;
}
}else {
// 检查ZLM状态
logger.error("创建RTP Server 失败: 请检查ZLM服务");
}
return result;
}
public boolean closeRTPServer(String streamId) {
boolean result = false;
Map<String, Object> param = new HashMap<>();
param.put("stream_id", streamId);
JSONObject jsonObject = zlmresTfulUtils.closeRtpServer(param);
if (jsonObject != null ) {
if (jsonObject.getInteger("code") == 0) {
result = jsonObject.getInteger("hit") == 1;
}else {
logger.error("关闭RTP Server 失败: " + jsonObject.getString("msg"));
}
}else {
// 检查ZLM状态
logger.error("关闭RTP Server 失败: 请检查ZLM服务");
}
return result;
}
private int getPortFromUdpPortRange() {
if (currentPort == 0) {
String[] udpPortRangeStrArray = udpPortRange.split(",");
udpPortRangeArray[0] = Integer.parseInt(udpPortRangeStrArray[0]);
udpPortRangeArray[1] = Integer.parseInt(udpPortRangeStrArray[1]);
}
if (currentPort == 0 || currentPort++ > udpPortRangeArray[1]) {
currentPort = udpPortRangeArray[0];
return udpPortRangeArray[0];
} else {
if (currentPort % 2 == 1) {
currentPort++;
}
return currentPort++;
}
}
}

View File

@ -1,3 +1,3 @@
spring: spring:
profiles: profiles:
active: dev active: local

View File

@ -23,4 +23,4 @@ export default {
} }
} }
</script> </script>