Java onvif gsoap 授权（http 401 错误）

Question

这是我相机的授权功能。我在任何请求中都有错误 http 401（未经授权）。未经授权的请求正常工作。我使用文档编写了这段代码：https://www.oasis-open.org/committees/download.php/13392/wss-v1.1-spec-pr-UsernameTokenProfile-01.htm 并嗅探 OnvifDeviceManager 的流量（授权在这里工作！）。我使用 post-method 从这个函数发送返回值。问题出在哪里？可能是字符串随机数？是随机数吗？

public static String getAuthXML(String body)
{
        Date date = new Date(System.currentTimeMillis() - 3 * 3_600_000);
        //time of camera - UTC, time of my PC - GMT+3:00 (3 hours difference)

        String now = dateformat.format(date).concat("T").concat(timeformatptz.format(date).concat("Z"));

        String nonce = "";
        //generate random hex-number (21 symbol)
        while (nonce.length() < 21)
            nonce = nonce.concat(new BigInteger(String.valueOf(date.getTime())).toString(16));
        nonce = nonce.substring(0, 21);

        MessageDigest md = MessageDigest.getInstance("SHA-1");
        md.reset();
        md.update(nonce.concat(now).concat(pass).getBytes(StandardCharsets.UTF_8));
        String sha1 = new String(md.digest());

        return "<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\"><s:Header><Security s:mustUnderstand=\"1\" xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><UsernameToken><Username>"
                .concat(login)
                .concat("</Username><Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">")
                .concat(pass)
                .concat("</Password><Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">")
                .concat(Base64.getEncoder().encodeToString(sha1.getBytes(StandardCharsets.UTF_8)))
                .concat("</Password><Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">")
                .concat(Base64.getEncoder().encodeToString(nonce.getBytes(StandardCharsets.UTF_8)))
                .concat("</Nonce><Created xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">")
                .concat(now)
                .concat("</Created></UsernameToken></Security></s:Header><s:Body xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">")
                .concat(body)
                .concat("</s:Body></s:Envelope>");
}

P.S.：对不起我的英语，我是俄罗斯人）

Answer 1

    MessageDigest md = MessageDigest.getInstance("SHA-1");
    md.reset();
    md.update(nonce.concat(now).concat(pass).getBytes(StandardCharsets.UTF_8));

    return "<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\"><s:Header><Security s:mustUnderstand=\"1\" xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><UsernameToken><Username>"
            .concat(login)
            .concat("</Username><Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">")
            .concat(Base64.getEncoder().encodeToString(md.digest()))
            .concat("</Password><Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">")
            .concat(Base64.getEncoder().encodeToString(nonce.getBytes(StandardCharsets.UTF_8)))
            .concat("</Nonce><Created xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">")
            .concat(now)
            .concat("</Created></UsernameToken></Security></s:Header><s:Body xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">")
            .concat(body)
            .concat("</s:Body></s:Envelope>");