Fails when WS-UsernameToken (WS-Security) is used with old ONVIF Device

[zebity]

Issue

ONVIF specification: "The services defined in this standard shall be protected using digest authentication according to [RFC 2617] with the following exceptions.

• legacy devices supporting [WS-UsernameToken] and
• TLS client authorization."

Currently code supports Digest (RFC2617), but fails with older devices which only support WS-UsernameToken based authentication.

Need to add support for WS-Security

• if get HTTP 400 with "SOAP:Fault env:Sender ter:NotAuthorized" result then add WS-Security headers and retry.

Expectation

Access should try:

1. HTTP (no credential)
2. HTTP 401 returned
   • Retry HTTP with Digest header
3. HTTP 400 returned with SOAP NotAuthorized
   • Retry HTTP with WS-UsernameToken

NOTE: This may be require GetSystemDateTime to get clock of device for Auth Token generation

[zebity]

Added ws-security option on onvif-cxf-relay, based on example from cxf: https://github.com/apache/cxf/tree/main/distribution/src/main/release/samples/ws_security/ut/src/main/java/demo/wssec/client

Tested and commited: https://github.com/zebity/onvif-relay/commit/9d29e439bec16e04cee07537af9a29cb1974af05 & https://github.com/zebity/onvif-relay/commit/476c5fcf2841306beb552d4c20fc3c4fafc460d3

Change from example is to use constant classes (rather then string names) & put status method in call back to set password prior to use.