Rtsp认证主要分为两种:
基本认证(basic authentication)和摘要认证( digest authentication )。
基本认证是http 1.0提出的认证方案,其消息传输不经过加密转换因此存在严重的安全隐患。
摘要认证是http 1.1提出的基本认证的替代方案,其消息经过MD5哈希转换因此具有更高的安全性。下面主要介绍摘要认证:
1.基本认证 (basic 认证)
1. 客户端发送DESCRIBE请求到服务端,
-
DESCRIBE rtsp://192.168.1.55:554/11
RTSP/1.0\r\n
CSeq: 1\r\n
Accept: application/sdp\r\n
User-agent: Realplayer\r\n\r\n
2:RTSP服务端认为没有通过认证,发出WWW-Authenticate认证响应
RTSP/1.0 401 Unauthorized\r\n
CSeq: 1\r\n
WWW-Authenticate: Basic realm="RTSPD"\r\n\r\n
此时客户端程序应该如果弹出密码认证窗口 ,提示用户名,输入认证信息,密码认证窗口从响应消息中进行判断,如果发现是Basic 认证,按如下方式处理
步骤3:客户端携带Authorization串再次发出DESCRIBE请求
DESCRIBE rtsp://192.168.1.55:554/live/1/video.sdp?token=A00453FR805a54C8
RTSP/1.0\r\n
CSeq: 2\r\n
Accept: application/sdp\r\n
User-Agent: RealMedia Player HelixDNAClient/12.0.1.647 (win32)\r\n
Authorization: Basic YWRtaW46YWRtaW4=\r\n\r\n
其中“YWRtaW46YWRtaW4=”是通过对 username:password 进行base64编码所得。
2. 摘要认证 Digest authentication
1.客户端发送DESCRIBE请求
DESCRIBE rtsp://192.168.123.158:554/11 RTSP/1.0
CSeq: 2
User-Agent: LibVLC/2.0.5(LIVE555 Streaming Media v2012.09.13)
Accept: application/sdp
服务器端返回401错误,提示未认证并以nonce质询:
RTSP/1.0 401 Unauthorized
Server: HiIpcam/V100R003 VodServer/1.0.0
Cseq: 2
WWW-Authenticate:Digest realm="HipcamRealServer", nonce="3b27a446bfa49b0c48c3edb83139543d"
2.客户端以用户名,密码,nonce,HTTP方法,请求的URI等信息为基础产生response信息进行反馈
DESCRIBE rtsp://192.168.123.158:554/11 RTSP/1.0
CSeq: 3
Authorization: Digest username="admin",realm="Hipcam RealServer", nonce="3b27a446bfa49b0c48c3edb83139543d",uri="rtsp://192.168.123.158:554/11", response="258af9d739589e615f711838a0ff8c58"
User-Agent: LibVLC/2.0.5(LIVE555 Streaming Media v2016.06.13)
Accept: application/sdp
服务器对客户端反馈的response进行校验,通过则返回如下字段:
RTSP/1.0 200 OK
Server: HiIpcam/V100R003 VodServer/1.0.0
Cseq: 3
Content-Type: application/sdp
Cache-Control: must-revalidate
Content-length: 306
Content-Base: rtsp://192.168.123.158:554/11/
v=0
o=StreamingServer 3331435948 1116907222000 IN IP4192.168.123.158
s=\11
c=IN IP4 0.0.0.0
b=AS:1032
t=0 0
a=control:*
m=video 0 RTP/AVP 96
b=AS:1024
a=control:trackID=0
a=rtpmap:96 H264/90000
a=fmtp:96 packetization-mode=1;sprop-parameter-sets=Z0LgHtoCgPRA,aM4wpIA=
a=framesize:96 640-480
说明:
response计算方法如下:
RTSP客户端应该使用username + password并计算response如下:
(1)当password为MD5编码,则
response = md5( password:nonce:md5(public_method:url) );
(2)当password为ANSI字符串,则
response= md5( md5(username:realm:password):nonce:md5(public_method:url) );
客户端在每次发起不同的请求方法时都需要计算response字段,同样在服务器端校验时也默认采取同样的计算方法。
3、带有认证信息的RTSP过程
DESCRIBE rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi RTSP/1.0
CSeq: 1
Accept: application/sdp
Session: 1495700359
RTSP/1.0 401 Unauthorized
CSeq: 1
Thu, May 25 2017 08:21:29 GMT
WWW-Authenticate: Digest realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb"
DESCRIBE rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi RTSP/1.0
CSeq: 2
Accept: application/sdp
Authorization: Digest username="admin", realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb", uri="rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi", response="92edf3ade54179369eb807ef371aff8f" //每次计算生成的response肯定不一样,这里为了省劲,都一样的
RTSP/1.0 200 OK
CSeq: 2
Content-Type: application/sdp
Content-Length: 325
v=0
o=NVR 1495700489 1495700489 IN IP4 0.0.0.0
s=3GPP Unicast SDP
c=IN IP4 0.0.0.0
t=0 0
a=range:npt=0-
a=control:*
m=video 0 RTP/AVP 96
a=control:video_0
a=rtpmap:96 H264/90000
a=fmtp:96 profile-level-id=;sprop-parameter-sets=;packetization-mode=0
m=audio 0 RTP/AVP 8
a=control:audio_0
a=rtpmap:8 PCMA/8000
SETUP rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi/video_0 RTSP/1.0
CSeq: 3
Transport: RTP/AVP;unicast;destination=172.16.192.60;client_port=60000-60001
Authorization: Digest username="admin", realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb", uri="rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi", response="92edf3ade54179369eb807ef371aff8f"
RTSP/1.0 200 OK
CSeq: 3
Session: 1495700489 ;timeout=60
Transport: RTP/AVP;unicast;mode=play;client_port=60000-60001;server_port=0-0
Cache-Control: no-cache
SETUP rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi/audio_0 RTSP/1.0
CSeq: 4
Session: 1495700489 ;timeout=60
Transport: RTP/AVP;unicast;destination=172.16.192.60;client_port=60002-60003
Authorization: Digest username="admin", realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb", uri="rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi", response="92edf3ade54179369eb807ef371aff8f"
RTSP/1.0 200 OK
CSeq: 4
Session: 1495700489 ;timeout=60
Transport: RTP/AVP;unicast;mode=play;client_port=60002-60003;server_port=0-0
Cache-Control: no-cache
PLAY rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi RTSP/1.0
CSeq: 5
Range: npt=0.000-
Session: 1495700489 ;timeout=60
Authorization: Digest username="admin", realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb", uri="rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi", response="92edf3ade54179369eb807ef371aff8f"
RTSP/1.0 200 OK
CSeq: 5
Session: 1495700489
RTP-Info: url=video/id=0;seq=0;rtptime=0,url=audio/id=0;seq=0;rtptime=0
Range: npt=0.000-
Date: Thu, May 25 2017 08:21:29 GMT
GET_PARAMETER rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi RTSP/1.0
CSeq: 6
Content-Length: 0
Content-Type: text/parameters
Session: 1495700489
TitleDisplay: OFF
TitleAttrib: White, 0,0
TitleChar:
Authorization: Digest username="admin", realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb", uri="rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi", response="92edf3ade54179369eb807ef371aff8f"
RTSP/1.0 200 OK
CSeq: 6
Session: 1495700489
GET_PARAMETER rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi RTSP/1.0
CSeq: 7
Content-Length: 0
Content-Type: text/parameters
Session: 1495700489
TitleDisplay: OFF
TitleAttrib: White, 0,0
TitleChar:
Authorization: Digest username="admin", realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb", uri="rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi", response="92edf3ade54179369eb807ef371aff8f"
RTSP/1.0 200 OK
CSeq: 7
Session: 1495700489
TEARDOWN rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi RTSP/1.0
CSeq: 8
Session: 1495700489
Authorization: Digest username="admin", realm="Keda Streaming Media", nonce="ecb2ddc1ddef1851c055af808ad9f0fb", uri="rtsp://172.16.193.152:554/realtime?chnid=1;vid=0;aid=0;agent=cgi", response="92edf3ade54179369eb807ef371aff8f"
RTSP/1.0 200 OK
CSeq: 8
Session: 1495700489
sdp 的格式:
v=<version>
o=<username> <session id> <version> <network type> <address type> <address>
s=<session name>
i=<session description>
u=<URI>
e=<email address>
p=<phone number>
c=<network type> <address type> <connection address>
b=<modifier>:<bandwidth-value>
t=<start time> <stop time>
r=<repeat interval> <active duration> <list of offsets from start-time>
z=<adjustment time> <offset> <adjustment time> <offset> ....
k=<method>
k=<method>:<encryption key>
a=<attribute>
a=<attribute>:<value>
m=<media> <port> <transport> <fmt list>
v = (协议版本)
o = (所有者/创建者和会话标识符)
s = (会话名称)
i = * (会话信息)
u = * (URI 描述)
e = * (Email 地址)
p = * (电话号码)
c = * (连接信息)
b = * (带宽信息)
z = * (时间区域调整)
k = * (加密密钥)
a = * (0 个或多个会话属性行)
时间描述:
t = (会话活动时间)
r = * (0或多次重复次数)
媒体描述:
m = (媒体名称和传输地址)
i = * (媒体标题)
c = * (连接信息 — 如果包含在会话层则该字段可选)
b = * (带宽信息)
k = * (加密密钥)
a = * (0 个或多个媒体属性行)