openfire 3.8.1 的JDK陷阱

因爲系統是使用RMXMPPLib.dll基礎上的二次開發，在鏈接到openfire服務器時，發現對於window版本的Openfire能夠鏈接成功，但在linux版本下，就是沒法鏈接。比對2者的登入過程日誌以及google好久後，發現竟然是JDK版本不對引發的。

JDK6.0的版本，對於DIGEST-MD5算法支持存在問題，openfire在判斷JDK版本爲6.0時，就自動會關閉採用DIGEST-MD5的登入驗證算法，但RMXMPPLib.dll默認就是採用這種登入算法，因此就登入不成功。

在linux JDK6.0下的日誌過程以下:

<stream:stream to="kftest2" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="kftest2" id="51d61c00" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

SSL status: "before/connect initialization"

SSL status: "before/connect initialization"

SSL status: "SSLv3 write client hello A"

SSL status: "SSLv3 read server hello A"

SSL status: "SSLv3 read server certificate A"

SSL status: "SSLv3 read server key exchange A"

SSL status: "SSLv3 read server done A"

SSL status: "SSLv3 write client key exchange A"

SSL status: "SSLv3 write change cipher spec A"

SSL status: "SSLv3 write finished A"

SSL status: "SSLv3 flush data"

SSL status: "SSLv3 read finished A"

SSL status: "SSL negotiation finished successfully"

SSL status: "SSL negotiation finished successfully"

Cipher: name = EDH-RSA-DES-CBC3-SHA; description = EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
; bits = 168; version = TLSv1/SSLv3; 

<stream:stream to="kftest2" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="kftest2" id="51d61c00" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<compress xmlns="http://jabber.org/protocol/compress"><method>zlib</method></compress>

<compressed xmlns="http://jabber.org/protocol/compress"/>

<stream:stream to="kftest2" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

SSL status: "SSL negotiation finished successfully"

主要問題出在:

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

這是openfire運行驗證的集中機制，有JIVE-SHAREDSECRET，PLAIN，ANONYMOUS。可是就是沒有DIGEST-MD5

在windows JDK5.0下的日誌過程:

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="condy" id="4cdae09e" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

SSL status: "before/connect initialization"

SSL status: "before/connect initialization"

SSL status: "SSLv3 write client hello A"

SSL status: "SSLv3 read server hello A"

SSL status: "SSLv3 read server certificate A"

SSL status: "SSLv3 read server key exchange A"

SSL status: "SSLv3 read server done A"

SSL status: "SSLv3 write client key exchange A"

SSL status: "SSLv3 write change cipher spec A"

SSL status: "SSLv3 write finished A"

SSL status: "SSLv3 flush data"

SSL status: "SSLv3 read finished A"

SSL status: "SSL negotiation finished successfully"

SSL status: "SSL negotiation finished successfully"

Cipher: name = EDH-RSA-DES-CBC3-SHA; description = EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
; bits = 168; version = TLSv1/SSLv3; 

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="condy" id="4cdae09e" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<compress xmlns="http://jabber.org/protocol/compress"><method>zlib</method></compress>

<compressed xmlns="http://jabber.org/protocol/compress"/>

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="condy" id="4cdae09e" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09ImNvbmR5Iixub25jZT0iMXJveGRITXAvajc5elNDUVg3S0R4dFk1bDdseWE0cWQ3UlBYZlNMTCIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=</challenge>

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9IjU5MTEyMzQyNiIscmVhbG09ImNvbmR5Iixub25jZT0iMXJveGRITXAvajc5elNDUVg3S0R4dFk1bDdseWE0cWQ3UlBYZlNMTCIsY25vbmNlPSJiOGI3YTYyZWIyNjhkYjNjYmE3MDAxMmVkYWFlNjUzYiIsbmM9MDAwMDAwMDEscW9wPWF1dGgsZGlnZXN0LXVyaT0ieG1wcC9jb25keSIsY2hhcnNldD11dGYtOCxyZXNwb25zZT03OTcwNDkxNDcxOTJiODZjNWRmYWVkYjAzYzdkYmZhNg==</response>

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD03MTc0MzA4MGM5ZmNhY2IyMWE4NGFhNzI0MzI1YWI4ZA==</success>

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >