python3 验证客户端链接的合法性

服务端:

　　1.secret_key为bytes类型

　　2.random_bytes = os.urandom(n) 随机生成一个长度为n的random_bytes

　　server.send(random_bytes)发送给客户端

　　3.hmac_bytes = hmac(secret_key, random_bytes, 'md5').digest()

　　通过hmac模块对secret_key和random_bytes进行md5加密,生成一个md5加密后的hmac_bytes

　　client_hmac_bytes = server.recv(len(hmac_bytes))

　　接收长度为len(hmac_bytes)的客户端md5加密后的client_hmac_bytes

　　hmac.compare_digest(hmac_bytes, client_hmac_bytes)

　　使用hmac.compare_digest()方法对比hmac_bytes和client_hmac_bytes是否一致

客户端:

　　1.secret_key为bytes类型

　　2.random_bytes = client.recv(n) 接收长度为n的random_bytes

　　3.client_hmac_bytes = hmac(secret_key, random_bytes, 'md5').digest()

　　通过hmac模块对secret_key和random_bytes进行md5加密,生成一个md5加密后的client_hmac_bytes

　　client.send(client_hmac_bytes) 将client_hmac_bytes发送给服务端

--------------------------------tcp_server.py--------------------------------
# coding:utf-8
import os
import hmac
import socket

secret_key = b'This is my secret key'  # bytes类型

def conn_auth(conn):
    random_bytes = os.urandom(32)  # 随机生成长度为32字节的bytes
    conn.send(random_bytes)  # 发送给客户端
    server_md5_bytes = hmac.new(secret_key, random_bytes, 'md5').digest()  # md5加密后的bytes
    client_md5_bytes = conn.recv(len(server_md5_bytes))  # 接收客户端数据
    return hmac.compare_digest(server_md5_bytes, client_md5_bytes)  # 对比md5加密后的bytes


def data_handler(conn, bufsize=1024):
    if not conn_auth(conn):
        print("客户端链接认证失败.")
        conn.close()
        return

    print("客户端链接认证成功.")
    while 1:
        client_msg = conn.recv(bufsize)
        if not client_msg: break
        print("客户端消息: ", client_msg.decode("utf-8"))
        conn.send(client_msg.upper())


def server_handler(ip_port, backlog=5):
    server = socket.socket()
    server.bind(ip_port)
    server.listen(backlog)

    while 1:
        conn, addr = server.accept()
        print("客户端链接地址: %s 端口号: %s" % (addr[0], addr[1]))
        data_handler(conn)

    conn.close()
    server.close()


if __name__ == '__main__':
    ip_port = ("127.0.0.1", 8001)
    bufsize = 1024
    server_handler(ip_port, bufsize)

--------------------------------tcp_client.py--------------------------------
# coding:utf-8
import hmac
import socket

secret_key = b'This is my secret key.'  # bytes类型

def conn_auth(conn):
    server_bytes = conn.recv(32)  # 接收来自服务端的随机bytes
    client_md5_bytes = hmac.new(secret_key, server_bytes, 'md5').digest()  # md5加密后的bytes
    conn.send(client_md5_bytes)  # 把md5加密后的bytes发送给服务端


def client_handler(ip_port, bufsize=1024):
    client = socket.socket()
    client.connect(ip_port)
    conn_auth(client)

    while 1:
        inp = input(">>>: ").strip()
        if not inp: continue
        if inp.upper() == "Q": break
        client.send(inp.encode("utf-8"))
        server_msg = client.recv(bufsize)
        print("服务端消息: ", server_msg.decode("utf-8"))
    client.close()


if __name__ == '__main__':
    ip_port = ("127.0.0.1", 8001)
    bufsize = 1024
    client_handler(ip_port, bufsize)