EasyDarwin实现RTSP播放动态认证的两种方式：Basic/Digest & Token

问题描述

目前为了能够方便开发者，我们将EasyDarwin中的RTSP认证过程直接忽略过了，如果要开启认证的方式，我们可以在代码中打开：

case kRoutingRequest:
{
// Invoke router modules
numModules = QTSServerInterface::GetNumModulesInRole(QTSSModule::kRTSPRouteRole);
{
// Manipulation of the RTPSession from the point of view of
// a module is guaranteed to be atomic by the API.
Assert(fRTPSession != NULL);
OSMutexLocker   locker(fRTPSession->GetSessionMutex());

for (; (fCurrentModule < numModules) && ((!fRequest->HasResponseBeenSent()) || fModuleState.eventRequested); fCurrentModule++)
{
fModuleState.eventRequested = false;
fModuleState.idleTime = 0;
if (fModuleState.globalLockRequested)
{
fModuleState.globalLockRequested = false;
fModuleState.isGlobalLocked = true;
}
theModule = QTSServerInterface::GetModule(QTSSModule::kRTSPRouteRole, fCurrentModule);
(void)theModule->CallDispatch(QTSS_RTSPRoute_Role, &fRoleParams);
fModuleState.isGlobalLocked = false;

if (fModuleState.globalLockRequested) // call this request back locked
return this->CallLocked();

// If this module has requested an event, return and wait for the event to transpire
if (fModuleState.eventRequested)
{
this->ForceSameThread();    // We are holding mutexes, so we need to force
// the same thread to be used for next Run()
return fModuleState.idleTime; // If the module has requested idle time...
}
}
}
fCurrentModule = 0;

// SetupAuthLocalPath must happen after kRoutingRequest and before kAuthenticatingRequest
// placed here so that if the state is shifted to kPostProcessingRequest from a response being sent
// then the AuthLocalPath will still be set.
fRequest->SetupAuthLocalPath();

if (fRequest->HasResponseBeenSent())
{
fState = kPostProcessingRequest;
break;
}

//!!! 这里打开对RTSPSession进行授权认证的过程 !!!
if (fRequest->SkipAuthorization())
{
// Skip the authentication and authorization states

// The foll. normally gets executed at the end of the authorization state
// Prepare for kPreprocessingRequest state.
fState = kPreprocessingRequest;

if (fRequest->GetMethod() == qtssSetupMethod)
// Make sure to erase the session ID stored in the request at this point.
// If we fail to do so, this same session would be used if another
// SETUP was issued on this same TCP connection.
fLastRTPSessionIDPtr.Len = 0;
else if (fLastRTPSessionIDPtr.Len == 0)
fLastRTPSessionIDPtr.Len = ::strlen(fLastRTPSessionIDPtr.Ptr);

break;
}
else
fState = kAuthenticatingRequest;
}

这里将kAuthenticatingRequest流程打开就能够进行RTSP认证的验证过程了，那么还有一种Token验证的方式，这种方法就类似于RTMP里面的认证方式，在流名称后面增加认证的Token串作为请求URL的QueryString发送给服务器进行动态认证，那么这种方式，我们可以在RTSPSession::SetupRequest中进行Token的相关过滤：

void RTSPSession::SetupRequest()
{
// First parse the request
QTSS_Error theErr = fRequest->Parse();
if (theErr != QTSS_NoErr)
return;

// 对RTSPRequest进行Token解析
StrPtrLen *token = fRequest->GetValue(qtssRTSPReqQueryString);
//TODO::对Token进行自定义验证，失败返回401等相应错误码
//

// let's also refresh RTP session timeout so that it's kept alive in sync with the RTSP session.
//
// Attempt to find the RTP session for this request.
OSRefTable* theMap = QTSServerInterface::GetServer()->GetRTPSessionMap();
theErr = this->FindRTPSession(theMap);

EasyDarwin RTSP认证方式

基于配置文件中用户名/密码认证的方法可参考：EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要认证解析

RTSP动态认证的方式可以参考博客《EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要自定义认证》

EasyDarwin Token认证方式

我们可以自定义一个EasyDarwin的Module，再在上述中的RTSPSession::SetupRequest中，将token以参数的形式传递给Module进行认证处理，其处理流程可以模仿《EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要自定义认证》中的流程进行；

Github

EasyDarwin开源流媒体服务器：https://github.com/EasyDarwin/EasyDarwin

获取更多信息

邮件：support@easydarwin.org

WEB：www.EasyDarwin.org

Copyright © EasyDarwin.org 2012-2016