2 * Copyright (c) 2010-2022 Contributors to the openHAB project
4 * See the NOTICE file(s) distributed with this work for additional
7 * This program and the accompanying materials are made available under the
8 * terms of the Eclipse Public License 2.0 which is available at
9 * http://www.eclipse.org/legal/epl-2.0
11 * SPDX-License-Identifier: EPL-2.0
13 package org.openhab.binding.ipcamera.internal;
15 import java.security.MessageDigest;
16 import java.security.NoSuchAlgorithmException;
17 import java.util.Random;
19 import org.eclipse.jdt.annotation.NonNullByDefault;
20 import org.eclipse.jdt.annotation.Nullable;
21 import org.openhab.binding.ipcamera.internal.handler.IpCameraHandler;
22 import org.slf4j.Logger;
23 import org.slf4j.LoggerFactory;
25 import io.netty.channel.ChannelDuplexHandler;
26 import io.netty.channel.ChannelHandlerContext;
27 import io.netty.handler.codec.http.HttpResponse;
30 * The {@link MyNettyAuthHandler} is responsible for handling the basic and digest auths
33 * @author Matthew Skinner - Initial contribution
37 public class MyNettyAuthHandler extends ChannelDuplexHandler {
38 public final Logger logger = LoggerFactory.getLogger(getClass());
39 private IpCameraHandler ipCameraHandler;
40 private String username, password;
41 private String httpMethod = "", httpUrl = "";
42 private byte ncCounter = 0;
43 private String nonce = "", opaque = "", qop = "";
44 private String realm = "";
46 public MyNettyAuthHandler(String user, String pass, IpCameraHandler handle) {
47 ipCameraHandler = handle;
52 public void setURL(String method, String url) {
57 private String calcMD5Hash(String toHash) {
59 MessageDigest messageDigest = MessageDigest.getInstance("MD5");
60 byte[] array = messageDigest.digest(toHash.getBytes());
61 StringBuffer stringBuffer = new StringBuffer();
62 for (int i = 0; i < array.length; ++i) {
63 stringBuffer.append(Integer.toHexString((array[i] & 0xFF) | 0x100).substring(1, 3));
65 return stringBuffer.toString();
66 } catch (NoSuchAlgorithmException e) {
67 logger.warn("NoSuchAlgorithmException error when calculating MD5 hash");
72 // Method can be used a few ways. processAuth(null, string,string, false) to return the digest on demand, and
73 // processAuth(challString, string,string, true) to auto send new packet
74 // First run it should not have authenticate as null
75 // nonce is reused if authenticate is null so the NC needs to increment to allow this//
76 public void processAuth(String authenticate, String httpMethod, String requestURI, boolean reSend) {
77 if (authenticate.contains("Basic realm=")) {
78 if (ipCameraHandler.useDigestAuth) {
79 // Possible downgrade authenticate attack avoided.
82 logger.debug("Setting up the camera to use Basic Auth and resending last request with correct auth.");
83 if (ipCameraHandler.setBasicAuth(true)) {
84 ipCameraHandler.sendHttpRequest(httpMethod, requestURI, null);
89 /////// Fresh Digest Authenticate method follows as Basic is already handled and returned ////////
90 realm = Helper.searchString(authenticate, "realm=\"");
91 if (realm.isEmpty()) {
93 "No valid WWW-Authenticate in response. Has the camera activated the illegal login lock? Details:{}",
97 nonce = Helper.searchString(authenticate, "nonce=\"");
98 opaque = Helper.searchString(authenticate, "opaque=\"");
99 qop = Helper.searchString(authenticate, "qop=\"");
100 if (!qop.isEmpty() && !realm.isEmpty()) {
101 ipCameraHandler.useDigestAuth = true;
104 "!!!! Something is wrong with the reply back from the camera. WWW-Authenticate header: qop:{}, realm:{}",
108 String stale = Helper.searchString(authenticate, "stale=\"");
109 if ("true".equalsIgnoreCase(stale)) {
110 logger.debug("Camera reported stale=true which normally means the NONCE has expired.");
113 if (password.isEmpty()) {
114 ipCameraHandler.cameraConfigError("Camera gave a 401 reply: You need to provide a password.");
117 // create the MD5 hashes
118 String ha1 = username + ":" + realm + ":" + password;
119 ha1 = calcMD5Hash(ha1);
120 Random random = new Random();
121 String cnonce = Integer.toHexString(random.nextInt());
122 ncCounter = (ncCounter > 125) ? 1 : ++ncCounter;
123 String nc = String.format("%08X", ncCounter); // 8 digit hex number
124 String ha2 = httpMethod + ":" + requestURI;
125 ha2 = calcMD5Hash(ha2);
127 String response = ha1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + ha2;
128 response = calcMD5Hash(response);
130 String digestString = "username=\"" + username + "\", realm=\"" + realm + "\", nonce=\"" + nonce + "\", uri=\""
131 + requestURI + "\", cnonce=\"" + cnonce + "\", nc=" + nc + ", qop=\"" + qop + "\", response=\""
133 if (!opaque.isEmpty()) {
134 digestString += ", opaque=\"" + opaque + "\"";
137 ipCameraHandler.sendHttpRequest(httpMethod, requestURI, digestString);
143 public void channelRead(@Nullable ChannelHandlerContext ctx, @Nullable Object msg) throws Exception {
144 if (msg == null || ctx == null) {
147 if (msg instanceof HttpResponse) {
148 HttpResponse response = (HttpResponse) msg;
149 if (response.status().code() == 401) {
151 if (!response.headers().isEmpty()) {
152 String authenticate = "";
153 for (CharSequence name : response.headers().names()) {
154 for (CharSequence value : response.headers().getAll(name)) {
155 if (name.toString().equalsIgnoreCase("WWW-Authenticate")) {
156 authenticate = value.toString();
160 if (!authenticate.isEmpty()) {
161 processAuth(authenticate, httpMethod, httpUrl, true);
163 ipCameraHandler.cameraConfigError(
164 "Camera gave no WWW-Authenticate: Your login details must be wrong.");
167 } else if (response.status().code() != 200) {
169 switch (response.status().code()) {
172 "403 Forbidden: Check camera setup or has the camera activated the illegal login lock?");
175 logger.debug("Camera at IP:{} gave a reply with a response code of :{}",
176 ipCameraHandler.cameraConfig.getIp(), response.status().code());
181 // Pass the Message back to the pipeline for the next handler to process//
182 super.channelRead(ctx, msg);
projects / openhab-addons.git / blob