RTSP 的認證基本認證 basic authentication和摘要認證 digest authentication。摘要認證是 http 1.1 提出的基本認證的替代方案,其消息經過 MD5 哈希轉換因此具有更高的安全性。
交互過程
- DESCRIBE 環節,客戶發送與不需要認證一樣的請求。服務器端返回401錯誤,提示未認證,並且在響應報文裏面返回 nonce 。
DESCRIBE Request
rtsp://admin:[email protected]:554/cam/playback?channel=2&subtype=0&starttime=2019_08_05_18_13_13 RTSP/1.0
CSeq: 2
User-Agent: ./testRTSPClient (LIVE555 Streaming Media v2019.07.27)
Accept: application/sdp
DESCRIBE Response
Received 139 new bytes of response data.
Received a complete DESCRIBE response:
RTSP/1.0 401 Unauthorized
CSeq: 2
WWW-Authenticate: Digest realm="Login to 4M05CC9FAC28B0B", nonce="c5cdebfb791630ad189ac43081c7c01e"
- DESCRIBE 環節,客戶端以用戶名,密碼,nonce,請求方法(OPTIONS/DESCRIBE/SETUP/PLAY),請求的 URI 等信息爲基礎產生 response 信息進行反饋:
DESCRIBE Request
rtsp://admin:[email protected]:554/cam/playback?channel=2&subtype=0&starttime=2019_08_05_18_13_13 RTSP/1.0
CSeq: 3
Authorization: Digest username="admin", realm="Login to 4M05CC9FAC28B0B", nonce="c5cdebfb791630ad189ac43081c7c01e", uri="rtsp://admin:[email protected]:554/cam/playback?channel=2&subtype=0&starttime=2019_08_05_18_13_13", response="5e607d3405777309839c3d4fe4509e4e"
User-Agent: ./testRTSPClient (LIVE555 Streaming Media v2019.07.27)
Accept: application/sdp
DESCRIBE Response 認證通過
RTSP/1.0 200 OK
CSeq: 3
x-Accept-Dynamic-Rate: 1
Content-Base: rtsp://admin:[email protected]:554/cam/playback?channel=2&subtype=0&starttime=2019_08_05_18_13_13/
Cache-Control: must-revalidate
Content-Length: 409
Content-Type: application/sdp
.......
DESCRIBE Response 認證不通過
RTSP/1.0 401 Unauthorized
CSeq: 2
WWW-Authenticate: Digest realm="Login to 4M05CC9FAC28B0B", nonce="f015500fc594469c59837dcdca716b13"
digest/response 計算方法
hs1 := md5hash(username + ":" + realm + ":" + password)
hs2 := md5hash(method + ":" + requestUri)
response := md5hash(hs1 + ":" + nonce + ":" + hs2)
- username:用戶名
- password: 密碼
- realm: 通常一個 server 對應一個 realm
- method:請求方法(OPTIONS/DESCRIBE/SETUP/PLAY)
- requestUri: 請求的 uri
- nonce: 隨機字符串,通常一個 session 對應一個 nonce
- SETUP, PLAY 階段用相同的方式進行認證
