ESP32通过onvif获取的HTTP读海康摄像头截图，arduino代码实现digest认证

        ESP32开发，所以不能用海康SDK，之前用QT开发时也不想用SDK，发现有这种通过HTTP直接获取最新截图的方式，直接一个QNetworkRequest，不要太简单。URL是这样的：http://user:password@192.168.1.64/onvif-http/snapshot?Profile_2

        本来还用onvif去获取URL，后发现是固定的，也不用每次去获取XML了。

话不多说，贴代码：

String md5(String str)
{
  MD5Builder md;
  md.begin();
  md.add(str);
  md.calculate();
  return md.toString();
}
String extractParam(String& authHeader, String param) {
    int start = authHeader.indexOf(param + "=\"") + param.length() + 2;
    int end = authHeader.indexOf("\"", start);
    return authHeader.substring(start, end);
}

int digestAuthRequest(HTTPClient &http) {
  const char* keys[] = {"WWW-Authenticate"};
  http.collectHeaders(keys, 1);
  int httpCode = http.GET();
  if(httpCode == HTTP_CODE_UNAUTHORIZED) {
    String authHeader = http.header("WWW-Authenticate");
    // 解析realm, nonce等参数
    String realm = extractParam(authHeader, "realm");
    String nonce = extractParam(authHeader, "nonce");
    //String opaque = extractParam(authHeader, "opaque");

    // 计算响应值
    String ha1 = md5("admin:" + realm + ":password");//我这里user是admin直接写死了
    String ha2 = md5("GET:/onvif-http/snapshot?Profile_2");
    String response = md5(ha1 + ":" + nonce + ":" + ha2);
        
    // 构造Authorization头部
    String authHeaderValue = "Digest username=\"admin\", realm=\"" + realm + 
                            "\", nonce=\"" + nonce + "\", uri=\"/onvif-http/snapshot?Profile_2\", " +
                            "response=\"" + response + "\"";
    
    // 发送认证请求
    http.addHeader("Authorization", authHeaderValue);
    httpCode = http.GET();
  }
  return httpCode;
}

注意点：网上有代码缺少collectHeaders过程，导致http.header(...)得不到内容！

以下是使用的代码：
#define USE_SERIAL Serial

    //从http获取
    HTTPClient http;

    USE_SERIAL.print("[HTTP] begin...\n");
    // configure traged server and url

    //http.begin("http://user:password@192.168.1.64/onvif-http/snapshot?Profile_2");//这种默认是basic认证，新海康摄像头用不了
    http.begin("http://192.168.1.64/onvif-http/snapshot?Profile_2");

    USE_SERIAL.print("[HTTP] GET...\n");
    // start connection and send HTTP header
    //int httpCode = http.GET();//这是直接get，会得到401，要求认证
    int httpCode = digestAuthRequest(http);//这里会判断401，则去digest认证

    // httpCode will be negative on error
    if (httpCode > 0) {
      // HTTP header has been send and Server response header has been handled
      USE_SERIAL.printf("[HTTP] GET... code: %d,%d\n", httpCode,httpCode2);

      // file found at server
      if (httpCode == HTTP_CODE_OK) {
        // create buffer for read
        uint8_t buff[1024] = {0};

        int len = http.getSize();
        USE_SERIAL.println(len);
        // get tcp stream
        NetworkClient *stream = http.getStreamPtr();
        // read all data from server
        while (http.connected() && len > 0) {
          if(http.connected() && len>0) {
            // get available data size
            size_t size = stream->available();

            if (size) {
              int c = stream->readBytes(buff, ((size > sizeof(buff)) ? sizeof(buff) : size));

              // write it to tcp
              tcp.write(buff, c);//我这里是转发给服务器，再保存为png文件

              if (len > 0) {
                len -= c;
              }
            }
            delay(1);
          }
        }
      }
    }
使用的代码很平常，arduino的HTTPClient例子很多，我就替换了http.GET()这函数，在返回401的时候加上了认证。其实更应该完善HTTPClient这个库更合理，我找到头文件中有
  void setAuthorization(const char *user, const char *password);
  void setAuthorization(const char *auth);
  void setAuthorizationType(const char *authType);

可惜setAuthorizationType这函数只是会把认证类型直接填上，后面的加密方式还是直接按base64，有这么段代码：

if (_base64Authorization.length()) {
    _base64Authorization.replace("\n", "");
    header += F("Authorization: ");
    header += _authorizationType;
    header += " ";
    header += _base64Authorization;
    header += "\r\n";
  }

不深究了，自己的需求是实现了。

附新摄像头配置:
1、配置->高级配置->集成协议中勾选 启用onvif
2、请你为onvif协议设置用户名和密码（admin,password,管理员），这是onvif协议认证时候需要的
3、关闭如下“开启非法登录锁定”设置（可选）