Guten Morgen liebe Leute,
ich scheitere kläglich an CURL und PHP
Hintergrund:
Eine Hikvision TürCom (IP) mit ISAPI.
Wenn ich im lokalen Browser folgendes eingebe
http://username:passwort@10.0.0.187/ISAPI/AccessControl/RemoteControl/door/capabilities
kommt folgendes Ergebnis:
<RemoteControlDoor xmlns="http://www.isapi.org/ver20/XMLSchema" version="2.0">
<doorNo min="1" max="2"/>
<cmd opt="open,close,alwaysOpen,resume"/>
</RemoteControlDoor>
Wenn ich dann so etwas bastele/kopiere:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://10.0.0.187/ISAPI/AccessControl/RemoteControl/door/capabilities');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_USERPWD, 'admin'.':'.'passwort');
$headers = array();
$headers[] = 'Accept: */*';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);
var_dump(json_decode($result));
kommt:
4
Invalid Operation
badAuthorization
1073741827
The user has not passed the authentication
folgendes habe ich in der ISAPI gefunden:
Authentication
When communicating via ISAPI protocol, the digest of the session must be authenticated.
Note:
The authentication must based on HTTP Authentication: Basic and Digest Access Authentication, see https://tools.ietf.org/html/rfc2617 for details.
The request session must contain authentication information, otherwise, device will return 401 error code.
The message digest, which contains user name, password, specific nonce value, HTTP or RTSP operation methods, and request URL, is generated by the MD5 algorithm, see the calculation rules below.
qop=Undefined
Digest=MD5(MD5(A1):<nonce>:MD5(A2))
qop="auth:"
Digest=MD5(MD5(A1):<nonce>:<nc>:<cnonce>:<qop>:MD5(A2))
qop="auth-int:"
Digest=MD5(MD5(A1):<nonce>:<nc>:<cnonce>:<qop>:MD5(A2))
Note:
The qop is a value for determining whether the authentication is required.
A1 and A2 are two data blocks required for digest calculation.
A1: Data block about security, which contains user name, password, security domain, random number, and so on. If the digest calculation algorithm is MD5, A1=<user>:<realm>:<password>; if the algorithm is MD5-sess, A1=MD5(<user>:<realm>:<password>):<nonce>:<cnonce>.
A2: Data block about message, such as URL, repeated requests, message body, and so on, it helps to prevent repeated, and realize the resource/message tamper-proof. If the qop is not defined or it is "auth:", A2=<request-method>:<uri-directive-value>; if the qop is "auth-int:", A2=<request-method>:<uri-directive-value>:MD5(<request-entity-body>).
The nonce is the random number generated by service, the following generation formula is suggested: nonce = BASE64(time-stamp MD5(time-stamp ":" ETag ":" private-key)). The time-stamp in the formula is the time stamp generated by service or the unique serial No.; the ETag is the value of HTTP ETag header in the request message; the priviate-key is the data that only known by service.
If authentication failed, the device will return the XML_ResponseStatus_AuthenticationFailed message, and the remaining authentication attempts will also be returned. If the remaining attempts is 0, the user will be locked at the next authentication attempt.
Vielen Dank für Eure Hilfe