验证客户端的合法性

验证客户端的合法性

# 生成一个随机字符串
import os
ret = os.urandom(8)
print(ret)
print(len(ret))
#b'x0exb0x87<IKxe7x0f'
#8

# import hashlib
# sha = hashlib.sha1(密钥)
# sha.update(随机字符串)
# 结果 = sha.hexdigest()

import os
import hmac   # 替代hashlib模块的

h = hmac.new(b'alex_sb',os.urandom(32))
ret = h.digest()
print(ret)

#server端——————————————————————————————————————————————

import os
import socket
import hashlib

secret_key = b'alex_sb'
sk = socket.socket()
sk.bind(('127.0.0.1',9001))
sk.listen()

conn,addr = sk.accept()
# 创建一个随机的字符串
rand = os.urandom(32)
# 发送随机字符串
conn.send(rand)

# 根据发送的字符串 + secrete key 进行摘要
sha = hashlib.sha1(secret_key)
sha.update(rand)
res = sha.hexdigest()

# 等待接收客户端的摘要结果
res_client = conn.recv(1024).decode('utf-8')
# 做比对
if res_client == res:
    print('是合法的客户端')
    # 如果一致,就显示是合法的客户端
    # 并可以继续操作
    conn.send(b'hello')
else:
    conn.close()
    # 如果不一致,应立即关闭连接
    
#client端——————————————————————————————————
import socket
import hashlib

secret_key = b'alex_sb979'
sk = socket.socket()
sk.connect(('127.0.0.1',9001))

# 接收客户端发送的随机字符串
rand = sk.recv(32)
# 根据发送的字符串 + secret key 进行摘要
sha = hashlib.sha1(secret_key)
sha.update(rand)
res = sha.hexdigest()
# 摘要结果发送回server端
sk.send(res.encode('utf-8'))
# 继续和server端进行通信
msg = sk.recv(1024)
print(msg)