《Extensible Messaging and Presence Protocol (XMPP): Core》阅读笔记(二)

简介:
服务器到服务器SASL验证示例:
Step 1: Server1 initiates stream to Server2: 



复制代码
<stream:stream

    xmlns='jabber:server'

    xmlns:stream='http://etherx.jabber.org/streams'

    to='example.com'

    version='1.0'>


复制代码



Step 2: Server2 responds with a stream tag sent to Server1: 

复制代码
<stream:stream

    xmlns='jabber:server'

    xmlns:stream='http://etherx.jabber.org/streams'

    from='example.com'

    id='s2s_234'

    version='1.0'>


复制代码


Step 3: Server2 informs Server1 of available authentication mechanisms:

复制代码
<stream:features>

 <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

    <mechanism>DIGEST-MD5</mechanism>

    <mechanism>KERBEROS_V4</mechanism>

 </mechanisms>

</stream:features>


复制代码


Step 4: Server1 selects an authentication mechanism:

<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'

      mechanism='DIGEST-MD5'/>



Step 5: Server2 sends a BASE64 encoded challenge to Server1: 

复制代码
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

cmVhbG09InNvbWVyZWFsbSIsbm9uY2U9Ik9BNk1HOXRFUUdtMmhoIixxb3A9

ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz

</challenge>


复制代码


The decoded challenge is: 

realm="somerealm",nonce="OA6MG9tEQGm2hh","

qop="auth",charset=utf-8,algorithm=md5-sess




Step 5 (alt): Server2 returns error to Server1: 

复制代码
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

 <incorrect-encoding/>

</failure>

</stream:stream>


复制代码


Step 6: Server1 sends a BASE64 encoded response to the challenge: 

复制代码
<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

dXNlcm5hbWU9ImV4YW1wbGUub3JnIixyZWFsbT0ic29tZXJlYWxtIixub25j

ZT0iT0E2TUc5dEVRR20yaGgiLGNub25jZT0iT0E2TUhYaDZWcVRyUmsiLG5j

PTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvZXhhbXBsZS5v

cmciLHJlc3BvbnNlPWQzODhkYWQ5MGQ0YmJkNzYwYTE1MjMyMWYyMTQzYWY3

LGNoYXJzZXQ9dXRmLTgK

</response>


复制代码


The decoded response is:

复制代码
username="example.org",realm="somerealm","

nonce="OA6MG9tEQGm2hh",cnonce="OA6MHXh6VqTrRk","

nc=00000001,qop=auth,digest-uri="xmpp/example.org","

response=d388dad90d4bbd760a152321f2143af7,charset=utf-8


复制代码


Step 7: Server2 sends another  BASE64 encoded challenge to Server1: 

复制代码
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo=

</challenge>


复制代码


The decoded challenge is: 

rspauth=ea40f60335c427b5527b84dbabcdfffd

Step 7 (alt): Server2 returns error to Server1: 



复制代码
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

 <invalid-authzid/>

</failure>

</stream:stream>


复制代码



Step 8: Server1 responds to the challenge: 

<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

Step 8 (alt): Server1 aborts negotiation:


<abort xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

Step 9: Server2 informs Server1 of successful authentication:


<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

Step 9 (alt): Server2 informs Server1 of failed authentication: 



复制代码
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>

 <aborted/>

</failure>

</stream:stream>


复制代码



Step 10: Server1 initiates a new stream to Server2: 

复制代码
<stream:stream

    xmlns='jabber:server'

    xmlns:stream='http://etherx.jabber.org/streams'

    to='example.com'

    version='1.0'>


复制代码


Step 11: Server2 responds by sending a stream header to Server1 along with any additional features (or an empty features element): 

复制代码
<stream:stream

    xmlns='jabber:server'

    xmlns:stream='http://etherx.jabber.org/streams'

    from='example.com'

    id='s2s_345'

    version='1.0'>

<stream:features/>


复制代码



 
服务器回拨


      这是一种单向的,不安全的验证方式。


 具体过程:
1,              服务器A发送流头部给服务器B:

复制代码
<stream:stream

    xmlns:stream='http://etherx.jabber.org/streams'

    xmlns='jabber:server'

    xmlns:db='jabber:server:dialback'>


复制代码

 
2,服务器B回送一个应答给A,包含了此次交互的ID:

<stream:stream
    xmlns:stream='http://etherx.jabber.org/streams'
    xmlns='jabber:server'
    xmlns:db='jabber:server:dialback'
id='457F9224A0...'>
3,服务器A发送一个回拨key给B
<db:result
    to='Receiving Server'
    from='Originating Server'>
 98AF014EDC0...
</db:result>
 
4,服务器B同验证服务器C建立TCP连接,向C发送流头部:
<stream:stream
    xmlns:stream='http://etherx.jabber.org/streams'
    xmlns='jabber:server'
    xmlns:db='jabber:server:dialback'>
5,C回送应答:
<stream:stream
    xmlns:stream='http://etherx.jabber.org/streams'
    xmlns='jabber:server'
    xmlns:db='jabber:server:dialback'
    id='1251A342B...'>
6,B发送验证key的请求
<db:verify
    from='Receiving Server'
    to='Originating Server'
    id='457F9224A0...'>
 98AF014EDC0...
</db:verify>
 
7,验证服务器验证key是否合法:

<db:verify

    from='Originating Server'

    to='Receiving Server'

    type='valid'

    id='457F9224A0...'/>

or

<db:verify

    from='Originating Server'

    to='Receiving Server'

    type='invalid'

    id='457F9224A0...'/>

8,B通知A结果:

<db:result
    from='Receiving Server'
    to='Originating Server'
    type='valid'/>
上面这个示例只是验证了从A到B的流是否合法,但不能保证从B到A是否合法,因此需要在反方向再进行一次验证。




本文转自Phinecos(洞庭散人)博客园博客,原文链接:http://www.cnblogs.com/phinecos/archive/2008/07/15/1243470.html,如需转载请自行联系原作者
目录
相关文章
|
测试技术 流计算
gRPC阅读日记(四)Client-side streaming RPC and Bidirectional streaming RPC
gRPC阅读日记(四)Client-side streaming RPC and Bidirectional streaming RPC
|
消息中间件 JSON 网络协议
Transport|学习笔记
快速学习 Transport。
|
消息中间件 JSON 网络协议
Transport | 学习笔记
快速学习 Transport
|
消息中间件 Dubbo Java
jms的全称
jms的全称
209 0
|
消息中间件 测试技术
基于NET Framework使用阿里云AMQP
消息队列 AMQP 由阿里云消息队列(MQ)团队基于 AMQP 0.91 标准协议研发,完全兼容 RabbitMQ 开源社区,打造分布式、高吞吐、低延迟、高可扩展的云消息服务。用户可开箱即用,无需部署免运维,从而实现快速上云,阿里云提供全托管服务,更专业、更可靠、更安全。
1771 0
|
机器学习/深度学习 XML 数据格式