I'm working on ONVIF of send "GetDeviceInformation". That's required wsse:UsernameToken. After searching data for authority, there are two faormula:
(1) by "ONVIF-Core-Specification-v241.pdf", "5.12.2.1 Password derivation"
PE_UA = base64(HMAC_SHA-1(UA+P_UA,NEP+”ONVIF password”))
(2) by soap of WEB protocol
Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )
I am confused!!which one is correct?
Moreover, when i test ONVIF test tool by wireshark
the XML i got as:
<wsse:UsernameToken> <wsse:Username>admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">lu9ywjDwSt8oW7M4tMjCb50/xRg=</wsse:Password> <wsse:Nonce>TgBYFHxSc3Oo8yPzwnQn8A==</wsse:Nonce> <wsu:Created>2014-06-20T04:41:45Z</wsu:Created> </wsse:UsernameToken>
ok, then I've try to figure out the formula by those data.
a> username: "admin"
b> password: "pass" ( un-entropy)
c> Nonce: "TgBYFHxSc3Oo8yPzwnQn8A=="
d> created: "2014-06-20T04:41:45Z"
somehow to get the final password: "lu9ywjDwSt8oW7M4tMjCb50/xRg="
the "nonce" may converted by Base64 so the original should be"4E0058147C527373A8F323F3C27427F0"
I've try use
base64(SHA1("TgBYFHxSc3Oo8yPzwnQn8A==2014-06-12T04:03:45Zpass"))
or
base64(SHA1("4E0058147C527373A8F323F3C27427F0==2014-06-12T04:03:45Zpass"))
but I still can't get the password send by Test tool as "lu9ywjDwSt8oW7M4tMjCb50/xRg="
any one could help me to figure out what the exact formula used by ONVIF test tool?
Do need your help!!! thanks!!
finally, the device send OK to me!
After reference to gSoap
At the first, the formula is:
for the Nonce, it should be 20 bytes random "numeric" value as:
it could be generated by any method (event could be make it)
after getting, caNonceTest, like above, the string should be looked like "艋|蹉鋿1AN[h?昍昍昍昍"
and for XML send to device, the base64 should be like "nr27U3yWtMHO6/gGFzFBTltohpPMzMzMzMzMzBQ="
this is the key point of correct foramte! (not ASCII string!) Moreover, just feed to sha-1 function as the exactly as the caNonceTest (no need to convert to Base64)
for the created and password, just feed to sha-1 as string format (ex. "2014-07-08T09:26:13Z" and "pass")
then, world peace!