《Extensible Messaging and Presence Protocol (XMPP): Core》阅读笔记（一）-阿里云开发者社区

文档链接：《Extensible Messaging and Presence Protocol (XMPP): Core》

客户和服务器之间端口为5222，服务器之间的端口为5269.

通信协议格式：

复制代码

|--------------------|

| <stream> |

|--------------------|

| <presence> |

| <show/> |

| </presence> |

|--------------------|

| <message to='foo'> |

| <body/> |

| </message> |

|--------------------|

| <iq to='bar'> |

| <query/> |

| </iq> |

|--------------------|

| |

|--------------------|

| </stream> |

复制代码

客户端和服务器之间维持一个TCP连接，服务器之间维持两个TCP连接。

想传输数据之间必须得通过验证，否则不予处理

To:用于客户端到服务器端，

From:用于服务器到客户端

Id:用于服务器到客户端，是服务器端生成的会话id号

Xml:lang：包括在客户端的初始流种，指定XML数据的字体，服务器端应该记住此设置，若客户端没有设置，则服务器使用其默认配置，并在应答流中通知给客户端。

复制代码

| initiating to receiving | receiving to initiating

---------+---------------------------+-----------------------

to | hostname of receiver | silently ignored

from | silently ignored | hostname of receiver

id | silently ignored | session key

xml:lang | default language | default language

version | signals XMPP 1.0 support | signals XMPP 1.0 support

复制代码

若客户端在初始化流包中包含了版本字段，则服务器在应答中必须包含一个<features/>元素，从而让客户端知道服务器支持的特性是哪些,以便客户端和服务器就某些特性进行协商。

流级别的错误是不可恢复的，因此一旦出现，则探测到错误的实体必须发送一个流错误信息给对方，并且发送</stream>结束符，关闭底层TCP连接。

一次简单的会话示例：

复制代码

C: <?xml version='1.0'?>

<stream:stream

to='example.com'

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

version='1.0'>

S: <?xml version='1.0'?>

<stream:stream

from='example.com'

id='someid'

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

version='1.0'>

encryption, authentication, and resource binding

C: <message from='juliet@example.com'

to='romeo@example.net'

xml:lang='en'>

C: <body>Art thou not Romeo, and a Montague?</body>

C: </message>

S: <message from='romeo@example.net'

to='juliet@example.com'

xml:lang='en'>

S: <body>Neither, fair saint, if either thee dislike.</body>

S: </message>

C: </stream:stream>

S: </stream:stream>

复制代码

一次发生错误的会话：

复制代码

C: <?xml version='1.0'?>

<stream:stream

to='example.com'

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

version='1.0'>

S: <?xml version='1.0'?>

<stream:stream

from='example.com'

id='someid'

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

version='1.0'>

encryption, authentication, and resource binding

C: <message xml:lang='en'>

<body>Bad XML, no closing body tag!

</message>

S: <stream:error>

<xml-not-well-formed

xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>

</stream:error>

S: </stream:stream>

复制代码

出于安全性的考虑，在客户和服务器之间，服务器之间可能会要求先进行TLS 安全性的验证，而且必须在SASL协商之前完成。

客户到服务器示例：

复制代码

Step 1: 客户端初始化到服务器端的流:

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

to='example.com'

version='1.0'>

Step 2: 服务器的应答，回送一个<stream>标签，并指明会话id:

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

id='c2s_123'

from='example.com'

version='1.0'>

Step 3: 服务器发送STARTTLS extension 给客户端，并且指明验证机制和其他支持的流特性:

<stream:features>

</starttls>

<mechanism>DIGEST-MD5</mechanism>

<mechanism>PLAIN</mechanism>

</mechanisms>

</stream:features>

Step 4:客户端发送STARTTLS命令给服务器:

Step 5: 服务器通知客户端，它被允许继续处理:

Step 5 (alt): 服务器通知客户，TLS协商失败，关闭流和TCP连接:

</stream:stream>

Step 6:客户端和服务器端准备在现有的TCP连接上完成TLS验证。

Step 7: 若TLS验证成功，客户端初始化一个到服务器的新流:

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

to='example.com'

version='1.0'>

Step 7 (alt): 若TLS验证失败,服务器关闭TCP连接

Step 8:服务器回送应答信息，包含了一个流头部和其他可用的流特性：

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

from='example.com'

id='c2s_234'

version='1.0'>

<stream:features>

<mechanism>DIGEST-MD5</mechanism>

<mechanism>PLAIN</mechanism>

<mechanism>EXTERNAL</mechanism>

</mechanisms>

</stream:features>

Step 9: 客户端继续进行SASL验证。

复制代码

服务器到服务器示例：

复制代码

Step 1: Server1 initiates stream to Server2:

<stream:stream

xmlns='jabber:server'

xmlns:stream='http://etherx.jabber.org/streams'

to='example.com'

version='1.0'>

Step 2: Server2 responds by sending a stream tag to Server1:

<stream:stream

xmlns='jabber:server'

xmlns:stream='http://etherx.jabber.org/streams'

from='example.com'

id='s2s_123'

version='1.0'>

Step 3: Server2 sends the STARTTLS extension to Server1 along with authentication mechanisms and any other stream features:

<stream:features>

</starttls>

<mechanism>DIGEST-MD5</mechanism>

<mechanism>KERBEROS_V4</mechanism>

</mechanisms>

</stream:features>

Step 4: Server1 sends the STARTTLS command to Server2:

Step 5: Server2 informs Server1 that it is allowed to proceed:

Step 5 (alt): Server2 informs Server1 that TLS negotiation has failed and closes stream:

</stream:stream>

Step 6: Server1 and Server2 attempt to complete TLS negotiation via TCP.

Step 7: If TLS negotiation is successful, Server1 initiates a new stream to Server2:

<stream:stream

xmlns='jabber:server'

xmlns:stream='http://etherx.jabber.org/streams'

to='example.com'

version='1.0'>

Step 7 (alt): If TLS negotiation is unsuccessful, Server2 closes TCP connection.

Step 8: Server2 responds by sending a stream header to Server1 along with any available stream features:

<stream:stream

xmlns='jabber:server'

xmlns:stream='http://etherx.jabber.org/streams'

from='example.com'

id='s2s_234'

version='1.0'>

<stream:features>

<mechanism>DIGEST-MD5</mechanism>

<mechanism>KERBEROS_V4</mechanism>

<mechanism>EXTERNAL</mechanism>

</mechanisms>

</stream:features>

Step 9: server1继续进行SASL验证

复制代码

在TLS验证后，进行SASL验证

客户到服务器示例：

Step 1: 客户端初始到服务器的流:

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

to='example.com'

version='1.0'>

Step 2:服务器发送应答:

复制代码

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

id='c2s_234'

from='example.com'

version='1.0'>

复制代码

Step 3:服务器通知客户可选的验证机制:

复制代码

<stream:features>

<mechanism>DIGEST-MD5</mechanism>

<mechanism>PLAIN</mechanism>

</mechanisms>

</stream:features>

复制代码

Step 4: 客户端选择一种验证机制:

<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'

mechanism='DIGEST-MD5'/>

Step 5: 服务器发送BASE64编码过的应答数据给客户端:

cmVhbG09InNvbWVyZWFsbSIsbm9uY2U9Ik9BNk1HOXRFUUdtMmhoIixxb3A9ImF1dGgi

LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNzCg==

</challenge>

解码后的数据为:

realm="somerealm",nonce="OA6MG9tEQGm2hh",\

qop="auth",charset=utf-8,algorithm=md5-sess

Step 5 (alt):服务器返回错误给客户端:

<incorrect-encoding/>

</failure>

</stream:stream>

Step 6: 客户端发送一个BASE64编码的应答数据给服务器:

复制代码

dXNlcm5hbWU9InNvbWVub2RlIixyZWFsbT0ic29tZXJlYWxtIixub25jZT0i

T0E2TUc5dEVRR20yaGgiLGNub25jZT0iT0E2TUhYaDZWcVRyUmsiLG5jPTAw

MDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvZXhhbXBsZS5jb20i

LHJlc3BvbnNlPWQzODhkYWQ5MGQ0YmJkNzYwYTE1MjMyMWYyMTQzYWY3LGNo

YXJzZXQ9dXRmLTgK

</response>

复制代码

解码后的应答消息是:

username="somenode",realm="somerealm",\

nonce="OA6MG9tEQGm2hh",cnonce="OA6MHXh6VqTrRk",\

nc=00000001,qop=auth,digest-uri="xmpp/example.com",\

response=d388dad90d4bbd760a152321f2143af7,charset=utf-8

Step 7: 服务器发送第二个BASE64编码的challenge数据给客户:

cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo=

</challenge>

解码后的challenge是:

rspauth=ea40f60335c427b5527b84dbabcdfffd

Step 7 (alt): 服务器返回错误给客户:

<temporary-auth-failure/>

</failure>

</stream:stream>

Step 8: 客户返回应答消息给服务器:

Step 9: 服务器通知客户成功通过验证:

Step 9 (alt):服务器通知客户验证失败:

<temporary-auth-failure/>

</failure>

</stream:stream>

Step 10:客户端初始化一个到服务器的新流:

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

to='example.com'

version='1.0'>

Step 11: 服务器返回一个流头部，包含了服务器支持的流特性:

复制代码

<stream:stream

xmlns='jabber:client'

xmlns:stream='http://etherx.jabber.org/streams'

id='c2s_345'

from='example.com'

version='1.0'>

<stream:features>

</stream:features>

复制代码

本文转自Phinecos(洞庭散人)博客园博客，原文链接：http://www.cnblogs.com/phinecos/archive/2008/07/15/1243402.html，如需转载请自行联系原作者

《Extensible Messaging and Presence Protocol (XMPP): Core》阅读笔记（一）

热门文章

最新文章

相关电子书