XMPP HTTP-BIND 认证交互的消息流

XMPP定义的BOSH规范（XEP 1024）是为了在HTTP协议上承载XMPP消息。下面是XEP 1024定义的非安全方式下的认证消息流。只有在 SSL (or TLS) HTTP连接保护下的消息才是安全的消息，否则为非安全的消息。XEP 1024定义了主键系列的方式保护非安全的消息，这种方案只能防御到不能修改消息内容的攻击者；如果需要彻底的保护消息，只能使用SSL或者TLS。为了清楚地截取交互过程，下面的流程基于非安全的方式。

主键系列生成算法：

        K(1) = hex(SHA-1(seed))
        K(2) = hex(SHA-1(K(1)))
        ...
        K(n) = hex(SHA-1(K(n-1)))

交互的XMPP消息流中 第一个消息包含newkey的属性，其值为第一个主键系列的值。
后续的客户端给服务器端发送的消息必须带上SID及key的值，每个key的值由前一个key的值计算而来。当循环用到最后一个key值
的时候，可以同时设置newkey的属性，开始新的一系列key值。
下面的交互过程从jwchat与openfire3.3.2的http-bind模块通信中截取。
xml 代码
Accept-Language: zh-cn
Referer: http://191.1.11.56:8082/CIM/index.htm?jid=user1.org1&server=191.1.11.77&pass=123456&nickname=........
Content-Type: text/xml; charset=utf-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 191.1.11.77:8080
Content-Length: 151
Connection: Keep-Alive
Cache-Control: no-cache

<body hold='1' xmlns='http://jabber.org/protocol/httpbind' to='191.1.11.77'
wait='300' rid='803757' newkey='b543ff6c4c105dba31d70c6f1c7304ed7bece24b'/>
Server返回一个SID，并给出认证的选择。
xml 代码
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 662
Server: Jetty(6.1.x)



<body xmlns="http://jabber.org/protocol/httpbind"
xmlns:stream="http://etherx.jabber.org/streams"
authid="1fc3b503" sid="1fc3b503" secure="true"
requests="2" inactivity="30" polling="0" wait="10">
<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>DIGEST-MD5<!---->mechanism>
<mechanism>JIVE-SHAREDSECRET<!---->mechanism>
<mechanism>PLAIN<!---->mechanism>
<mechanism>ANONYMOUS<!---->mechanism>
<mechanism>CRAM-MD5<!---->mechanism><!---->mechanisms>
<compression xmlns="http://jabber.org/features/compress">
<method>zlib<!---->method><!---->compression>
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
<session xmlns="urn:ietf:params:xml:ns:xmpp-session"/><!---->stream:features><!---->body>
下面是客户端发送认证

请求。digest的值为sha1(sid + password)
xml 代码
POST /http-bind/ HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Referer:http://191.1.11.56:8082/CIM/index.htm?jid=user1.org1&server=191.1.11.77&pass=123456&nickname=........
Content-Type: text/xml; charset=utf-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 191.1.11.77:8080
Content-Length: 346
Connection: Keep-Alive
Cache-Control: no-cache

<body rid='803759' sid='1fc3b503' xmlns='http://jabber.org/protocol/httpbind'
key='aabcfc3ad7a327fa9542da51b24d024361d4b6f1' >
<iq xmlns="jabber:client" type="set" id="auth2">
<query xmlns="jabber:iq:auth">
<username>user1.org1<!---->username>
<resource>............<!---->resource>
<digest>33f2e458193401a8eb12443b0f459c16079463d9<!---->digest><!---->query><!---->iq>
<!---->body>
xml 代码
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 136
Server: Jetty(6.1.x)

<body xmlns='http://jabber.org/protocol/httpbind'>
<iq type="result" id="auth2" to="user1.org1@domainname/............"/>
<!---->body>
认证结束，客户端发送呈现的消息流，查询用户的状态
xml 代码
POST /http-bind/ HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Referer:http://191.1.11.56:8082/CIM/index.htm?jid=user1.org1&server=191.1.11.77&pass=123456&nickname=........
Content-Type: text/xml; charset=utf-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 191.1.11.77:8080
Content-Length: 266
Connection: Keep-Alive
Cache-Control: no-cache

<body rid='803761' sid='1fc3b503' xmlns='http://jabber.org/protocol/httpbind'
key='d32ea55815de2c52f1b736080a79825cc227e09d' >
<iq xmlns="jabber:client" type="get" id="jwchat_state">
<query xmlns="jabber:iq:private"><jwchat xmlns="jwchat:state"/><!---->query><!---->iq>
<!---->body>
查询状态返回：
xml 代码
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 265
Server: Jetty(6.1.x)

<body xmlns='http://jabber.org/protocol/httpbind'>
<iq type="result" id="jwchat_state" to="user1.org1@domainname/............">
<query xmlns="jabber:iq:private">
<jwchat xmlns="jwchat:state">
<presence>available<!---->presence>
<onlmsg/>
<!---->jwchat><!---->query><!---->iq><!---->body>
发布呈现信息
xml 代码
POST /http-bind/ HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Referer: http://191.1.11.56:8082/CIM/index.htm?jid=user1.org1&server=191.1.11.77&pass=123456&nickname=........
Content-Type: text/xml; charset=utf-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 191.1.11.77:8080
Content-Length: 620
Connection: Keep-Alive
Cache-Control: no-cache

<body rid='803763' sid='1fc3b503' xmlns='http://jabber.org/protocol/httpbind'
key='192ed9480229081924997e91a275411df3bdfb0f' >
<presence xmlns="jabber:client"><priority>10<!---->priority><!---->presence>
<iq xmlns="jabber:client" to="191.1.11.77" type="get" id="disco_item_1">
<query xmlns="http://jabber.org/protocol/disco#items"/><!---->iq>
<iq xmlns="jabber:client" type="get" id="storage_bookmarks">
<query xmlns="jabber:iq:private"><storage xmlns="storage:bookmarks"/><!---->query><!---->iq>
<iq xmlns="jabber:client" type="get" id="jwchat_notes">
<query xmlns="jabber:iq:private"><storage xmlns="storage:rosternotes"/><!---->query><!---->iq>
<!---->body>
返回
xml 代码
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 201
Server: Jetty(6.1.x)

<body xmlns='http://jabber.org/protocol/httpbind'>
<presence from="user1.org1@domainname/............"
to="user1.org1@domainname/............"><priority>10<!---->priority>
<!---->presence><!---->body>

评论

2 楼 shallon 2007-12-27  

配置没对巴，要看是什么异常。

1 楼 tangdinghua 2007-11-26  

我现在正在用JSJAC库连接OPENFIRE。。。


不知道为什么，接的时候老是异常。