Professional Documents
Culture Documents
Unit III - XMPP
Unit III - XMPP
(XMPP)
2
XMPP Architecture
• Distributed client-server architecture
cyberlink.co google.co
TC
m m
P
TC TC
TC
P P
P
sean@cyberlink.com bob@google.com
7
Jabber ID (JID)
• XMPP address
• Bare JID
▫ <localpart@domainpart>
▫ EX: sean@cyberlink.com
• Full JID
▫ <localpart@domainpart/resourcepart>
▫ EX: sean@cyberlink.com/123456789
8
XML Stanzas
• iq
▫ Info/query
• message
▫ Send a Message to a JID (a user or a group)
• presence
▫ Broadcast message
9
xmlns='jabber:client‘
xml:lang
='en'
version='1.0'>
Port:5222
TC
P
sean@cyberlink.com cyberlink.co
m
10
xmlns='jabber:client‘
>
TC
P
sean@cyberlink.com cyberlink.co
m
11
<presence ….>
<show/>
</presence>
TC
P
sean@cyberlink.com cyberlink.co
m
12
Stream Negotiation - iq
TC
P
sean@cyberlink.com cyberlink.co
m
<message….>
Hello
</message>
TC
P
sean@cyberlink.com cyberlink.co
m
14
</stream> </stream>
TC
P
sean@cyberlink.com cyberlink.co
m
15
<?xml version='1.0'?>
<stream
from=“samo@cyberlink.com”
to=“cyberlink.com”>
<presence
…>Online</presence>
<iq …>…</iq>
<message
…>Hello</message>
</stream>
16
Cryptography
• Symmetric
▫ Use the same key for encrypt/decrypt.
▫ Security: Poor
▫ Performance: Good
• Asymmetric
▫ Use public key for encryption and use private for decryption.
▫ Security: Good
▫ Performance: Poor
18
TLS
• TLS 1.0
• TLS 1.1
• TLS 1.2
• TLS 1.3 (draft)
• Employ a handshake using asymmetric cipher.
19
Stream Header
TC
P
sean@cyberlink.com cyberlink.co
m
20
TLS Negotiation
<stream:features>
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
<required/>
</starttls>
</stream:features>
TC
P
sean@cyberlink.com cyberlink.co
m
21
<stream:features xmlns="http://etherx.jabber.org/streams">
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> R
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>PLAIN</mechanism>
</mechanisms>
</stream:features>
I
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNc
PKc PrKc
TLS Handshake Protocol
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNc RNs
RNs
Server_Certificate(CA, )
PKs
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNc RNs
RNs
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNs RNc RNs
Client_Certificate(CA,
) PKc
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNs RNc RNs
Generate random
pre-master-
PsMecSret
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNs PMS RNc RNs
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNs PMS RNc RNs PMS
TC
P
sean@cyberlink.com cyberlink.co
m
RNc RNs PMS
MS
TC
P
sean@cyberlink.com cyberlink.co
m
MS MS
31
TC
P
sean@cyberlink.com cyberlink.co
m
MS MS
32
TC
P
sean@cyberlink.com cyberlink.co
m
MS MS
33
<stream:features xmlns="http://etherx.jabber.org/streams">
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> R
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>PLAIN</mechanism>
</mechanisms>
</stream:features>
I
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
Restarts stream
<stream
<stream
from=“samo@cyberlink.com” id=“++TR84Sm6A3hnt3Q065SnAbbk2Y=”
to=“samo@cyberlink.com”
to=“cyberlink.com”> from=“cyberlink.com”>
TC
P
sean@cyberlink.com cyberlink.co
m
35
Restarts
• On successful negotiation of a feature that necessitates a stream
restart, both parties MUST consider the previous stream to be
replaced but MUST NOT send a closing </stream> tag and MUST
NOT terminate the underlying TCP connection.
• The initiating entity then MUST send a new initial stream header.
36
37
SASL Negotiation
<stream:features
xmlns:stream="http://etherx.jabber.org/streams">
<mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>SCRAM-SHA-1-PLUS</
mechanism>
<mechanism>SCRAM-SHA-1</
mechanism>
<mechanism>PLAIN</mechanism>
</
mechanism
s>
TC
</
P
sean@cyberlink.com stream:feat cyberlink.co
ures> m
38
SASL Negotiation
<stream:features xmlns="http://etherx.jabber.org/streams">
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> R
<mechanism>PLAIN</mechanism>
</mechanisms>
</stream:features>
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl“
I mechanism="PLAIN">
ADc2ODAwMQBkMGY2ZjllMi00YmRlLTQ2ZjItOGI2Yi1lNDM0OTk
2ZjczZGQ=
</auth>
R
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
39
SASL Negotiation
• Restart
40
Resource Binding
<stream:features xmlns:stream="http://etherx.jabber.org/streams">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
</stream:features>
TC
P
sean@cyberlink.com cyberlink.co
m
41
Resource Binding
<stream:features xmlns="http://etherx.jabber.org/streams">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" /> R
<session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</stream:features>
TC
P
sean@cyberlink.com cyberlink.co
m
44
Begin Resume
<clresumed xmlns="urn:xmpp:custom:resume"
sessionid="g2gEbQAAAAYzMTgwMDFtAAAAD3UuY3liZX
JsaW5rLmNvbW0AAAAkRjg5MjlFMzctRTAwMi00QzdGL
TlEOTgtRjkxNTFGNUQ3NEI5aANiAAAFkmIACeRcYgAM3
cE=" />
TC
P
sean@cyberlink.com cyberlink.co
m
45
Resume success
<clresumed xmlns="urn:xmpp:custom:resume"
status="success"
sessionid="g2gEbQAAAAYzMTgwMDFtAAAAD3UuY3liZXJsa
W5rLmNvbW0AAAAkRjg5MjlFMzctRTAwMi00QzdGLTlEOTgt
RjkxNTFGNUQ3NEI5aANiAAAFkmIACeRcYgAM3cE="
expiration="2592000"/>
TC
P
sean@cyberlink.com cyberlink.co
m
49
Q&A