I am developing an iPhone application for Onvif supported IPCams. here is the soap request that i am sending to cam. the cam is made by axis having firmware 5.40
NSString *passwordDigest = [self base64:input];
NSLog(@"Password %@",passwordDigest);
NSString *nonceDigest = [self base64:[NSString stringWithFormat:@"%i",nonce]];
NSLog(@"Nonce %@",nonceDigest);
[postBody appendData:[[NSString stringWithFormat:@"<?xml version=\"1.0\" encoding=\"utf-8\"?>"
"<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\""
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401"
"-wss-wssecurity-secext-1.0.xsd\""
"xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-"
"200401-wss-wssecurity-utility-1.0.xsd\""
"xmlns:tds=\"http://www.onvif.org/onvif/ver10/device/wsdl/devicemgmt.wsdl\">"
"<SOAP-ENV:Header><wsse:Security><wsse:UsernameToken>"
"<wsse:Username>root</wsse:Username>"
"<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-"
"200401-wss-username-token-profile-1.0#PasswordDigest\">"
"%@</wsse:Password><wsse:Nonce>%@</wsse:Nonce>"
"<wsu:Created>%@</wsu:Created></wsse:UsernameToken>"
"</wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body>"
"<tds:GetCapabilities>"
"</SOAP-ENV:Body></SOAP-ENV:Envelope>",
passwordDigest, nonceDigest, date] dataUsingEncoding:NSUTF8StringEncoding]];
and here is the response from camera
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" xmlns:aa="http://www.axis.com/vapix/ws/action1" xmlns:aev="http://www.axis.com/vapix/ws/event1" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:tan1="http://www.onvif.org/ver20/analytics/wsdl/RuleEngineBinding" xmlns:tan2="http://www.onvif.org/ver20/analytics/wsdl/AnalyticsEngineBinding" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding" xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding" xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding" xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding" xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl" xmlns:tns1="http://www.onvif.org/ver10/topics" xmlns:tnsaxis="http://www.axis.com/2009/event/topics" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wsrfr="http://docs.oasis-open.org/wsrf/r-2" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header />
<SOAP-ENV:Body>
<SOAP-ENV:Fault SOAP-ENV:encodingStyle="http://www.w3.org/2003/05/soap-encoding">
<SOAP-ENV:Code>
<SOAP-ENV:Value>SOAP-ENV:Sender</SOAP-ENV:Value>
<SOAP-ENV:Subcode>
<SOAP-ENV:Value>ter:NotAuthorized</SOAP-ENV:Value>
</SOAP-ENV:Subcode>
</SOAP-ENV:Code>
<SOAP-ENV:Reason>
<SOAP-ENV:Text xml:lang="en">Sender not authorized</SOAP-ENV:Text>
</SOAP-ENV:Reason>
<SOAP-ENV:Detail>
<SOAP-ENV:Text>The action requested requires authorization and the sender is not authorized</SOAP-ENV:Text>
</SOAP-ENV:Detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
i have used many methods like GetCapabilities, GetStreamUri etc but no result in any case. here is the base64 method used for encoding
-(NSString*) base64:(NSString *) input
{
int i;
const char *cstr = [input cStringUsingEncoding:NSUTF8StringEncoding];
NSData *data = [NSData dataWithBytes:cstr length:input.length];
uint8_t digest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(data.bytes, data.length, digest);
NSMutableString* output = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];
length:CC_SHA1_DIGEST_LENGTH;
for(i = 0; i < CC_SHA1_DIGEST_LENGTH; i++)
{
[output appendFormat:@"%02x", digest[i]];
}
return [data base64Encoding];
}
i have tried with simple nonce, base64encoded nonce, simple pass, base64 encoded pass, timestamp, local time, UTC time but no luck
i am creating passwordDigest as specified here
like base64(SHA-1 (nonce+created+password))
what am i doing wrong please guide me
It is probably the same as stated in the onvif docs:
6.1.1.3 ONVIF::AuthenticatingByWS-UsernameToken When a device requires authentication through WS-UsernameToken, the client must set user information with the appropriate privileges in WS-UsernameToken. This use case contains an example of setting that user information using SetHostname. WS-UsernameToken requires the following parameters:Password should not be set in plain text. Setting a password generates PasswordDigest, a digest that is calculated according to an algorithm defined in the specification for WS-UsernameToken: Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )Seems the way of calculating the digest is a bit different than the way you're trying to accomplish it.
Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )Maybe it helps :)