0


基于OpenSSL的安全Web Server实现

一、实验目的

熟悉软件安全需求分析方法,掌握软件安全分析技术。

二、实验软硬件要求

1、操作系统:windows 7/8/10等

2、安装OpenSSL-win64

3、安装VS2019

三、实验预习

《软件安全技术》教材第8章

四、实验内容(实验步骤、测试数据等)

  1. 目标:完成基于OpenSSL的安全Web Server实现,要求:

(1)在理解HTTPS及SSL工作原理的基础上,实现安全的Web Server。

(2)Server能够并发处理多个请求,要求至少能支持Get命令。可以增加Web Server的功能,如支持Head、Post及Delete命令等;

(3)编写必要的客户端测试程序,用户发送HTTPS请求并返回结果,也可以使用一般的浏览器程序。

  1. 步骤:

(1) 在VS 上实现服务端、客户端程序;

(2) 功能测试。

3、实验报告。

实验步骤

1编辑代码

2解决报错

文件会报sscanf的错误

VS2019:严重性代码说明项目文件行禁止显示状态错误C4996:‘scanf‘: This function or variable may be unsafe

在项目-属性-C/C++这边,选择SDL检查否。

3准备网页

3-1编辑网页

3-2将文件放在代码里面的路径上

4测试结果

在编写的网页上,上传图片,测试Server是否能够成功处理命令

注意url输入是http://127.0.0.1/WebServer1.0/index.html

点击上传图片

无法检测到这个上传动作

进行刷新,可以检测到重连的动作

五、实验体会(遇到的问题及解决方法)

实验遇到一些代码函数与编译器不匹配的问题,通过搜索进行解决。实验依旧遇到了一些没法解决的问题,例如网页上传图片,负责监测的ooo.exe无法进行检测,只能检测到get,不能检测到put。需要后面的时间里,再进行分析解决。

六、服务器代码

#define _WINSOCK_DEPRECATED_NO_WARNINGS
#define _CRT_SECURE_NO_WARNNINGS

#define SERVER_IP_ADDR "127.0.0.1"    //服务器IP地址
#define SERVER_PORT 80                //服务器端口号
#define BACKLOG 10
#define BUF_SIZE 1024
#define OK 1
#define ERROR 0

#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h> 
#include <time.h>
#include <WinSock2.h>
#pragma comment(lib,"ws2_32.lib")

const char* Server_name = "Server: Web Server 1.0 - BooLo\r\n";
//Web服务器信息 

int Server_Socket_Init();
int Handle_Request_Message(char* message, int Socket);
int Judge_URI(char* URI, int Socket);
int Send_Ifon(int Socket, const char* sendbuf, int Length);
int Error_Request_Method(int Socket);
int Inquire_File(char* URI);
int File_not_Inquire(int Socket);
int Send_File(char* URI, int Socket);
int Logo();
const char* Judge_Method(char* method, int Socket);
const char* Judge_File_Type(char* URI, const char* content_type);
const char* Get_Data(const char* cur_time);
const char* Post_Value(char* message);

int Server_Socket_Init() {
    //初始化和构造套接字 
    WORD wVersionrequested;
    WSADATA wsaData;
    SOCKET ServerSock;
    struct sockaddr_in ServerAddr;
    int rval;

    /* 加载Winsock */
    wVersionrequested = MAKEWORD(2, 2);
    if (WSAStartup(wVersionrequested, &wsaData) != 0) {
        printf("Failed to load Winsock!\n");
        system("pause");
        return -1;
    }
    printf("Succeed to load Winsock!\n");

    /* 创建套接字 */
    ServerSock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if (ServerSock == INVALID_SOCKET) {
        printf("Failed to create socket!\n");
        system("pause");
        exit(1);
    }
    printf("Succeed to create socket!\n");

    /* 配置服务器IP、端口信息 */
    memset(&ServerAddr, 0, sizeof(struct sockaddr));    //每一个字节都用0来填充
    ServerAddr.sin_family = AF_INET;
    ServerAddr.sin_port = htons(SERVER_PORT);
    ServerAddr.sin_addr.s_addr = inet_addr(SERVER_IP_ADDR);

    /* 绑定 */
    rval = bind(ServerSock, (SOCKADDR*)&ServerAddr, sizeof(struct sockaddr));
    if (rval == SOCKET_ERROR) {
        printf("Failed to bind stream socket!\n");
        system("pause");
        exit(1);
    }
    printf("Succeed to bind stream socket!\n");

    return ServerSock;
}

int Handle_Request_Message(char* message, int Socket) {
    //处理HTTP请求报文信息 
    int rval = 0;
    char Method[BUF_SIZE];
    char URI[BUF_SIZE];
    char Version[BUF_SIZE];

    if (sscanf(message, "%s %s %s", Method, URI, Version) != 3) {
        printf("Request line error!\n");
        return ERROR;
    }    //提取"请求方法"、"URL"、"HTTP版本"三个关键要素 

    if (Judge_Method(Method, Socket) == ERROR) {
        return ERROR;
    }
    else if (Judge_Method(Method, Socket) == "POST") {
        Post_Value(message);
    }    //判断处理"请求方法" 

    if (Judge_URI(URI, Socket) == ERROR) {
        return ERROR;
    }    //判断处理"URI" 
    else
        rval = Send_File(URI, Socket);

    if (rval == OK) {
        printf("The process is successfully finished!\n");
    }

    return OK;
}

const char* Judge_Method(char* method, int Socket) {
    //判断请求方式 
    if (strcmp(method, "GET") == 0) {
        return "GET";
    }
    else if (strcmp(method, "POST") == 0) {
        return "POST";
    }
    else {
        Error_Request_Method(Socket);
        return ERROR;
    }
}

int Judge_URI(char* URI, int Socket) {
    //判断请求URI 
    if (Inquire_File(URI) == ERROR) {
        File_not_Inquire(Socket);
        return ERROR;
    }
    else
        return OK;
}

int Send_Ifon(int Socket, const char* sendbuf, int Length) {
    //发送信息到客户端 
    int sendtotal = 0, bufleft, rval = 0;

    bufleft = Length;
    while (sendtotal < Length) {
        rval = send(Socket, sendbuf + sendtotal, bufleft, 0);
        if (rval < 0) {
            break;
        }
        sendtotal += rval;
        bufleft -= rval;
    }

    Length = sendtotal;

    return rval < 0 ? ERROR : OK;
}

int Error_Request_Method(int Socket) {
    //501 Not Implemented响应 
    const char* Method_err_line = "HTTP/1.1 501 Not Implemented\r\n";
    const char* cur_time = "";
    const char* Method_err_type = "Content-type: text/plain\r\n";
    const char* File_err_length = "Content-Length: 41\r\n";
    const char* Method_err_end = "\r\n";
    const char* Method_err_info = "The request method is not yet completed!\n";

    printf("The request method from client's request message is not yet completed!\n");

    if (Send_Ifon(Socket, Method_err_line, strlen(Method_err_line)) == ERROR) {
        printf("Sending method_error_line failed!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, Server_name, strlen(Server_name)) == ERROR) {
        printf("Sending Server_name failed!\n");
        return ERROR;
    }

    cur_time = Get_Data(cur_time);
    Send_Ifon(Socket, "Data: ", 6);
    if (Send_Ifon(Socket, cur_time, strlen(cur_time)) == ERROR) {
        printf("Sending cur_time error!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, Method_err_type, strlen(Method_err_type)) == ERROR) {
        printf("Sending method_error_type failed!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, Method_err_end, strlen(Method_err_end)) == ERROR) {
        printf("Sending method_error_end failed!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, Method_err_info, strlen(Method_err_info)) == ERROR) {
        printf("Sending method_error_info failed!\n");
        return ERROR;
    }

    return OK;
}

int Inquire_File(char* URI) {
    //查找文件 
    struct stat File_info;

    if (stat(URI, &File_info) == -1)
        return ERROR;
    else
        return File_info.st_size;
}

int File_not_Inquire(int Socket) {
    //404 Not Found响应 
    const char* File_err_line = "HTTP/1.1 404 Not Found\r\n";
    const char* cur_time = "";
    const char* File_err_type = "Content-type: text/plain\r\n";
    const char* File_err_length = "Content-Length: 42\r\n";
    const char* File_err_end = "\r\n";
    const char* File_err_info = "The file which is requested is not found!\n";

    printf("The request file from client's request message is not found!\n");

    if (Send_Ifon(Socket, File_err_line, strlen(File_err_line)) == ERROR) {
        printf("Sending file_error_line error!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, Server_name, strlen(Server_name)) == ERROR) {
        printf("Sending Server_name failed!\n");
        return ERROR;
    }

    cur_time = Get_Data(cur_time);
    Send_Ifon(Socket, "Data: ", 6);
    if (Send_Ifon(Socket, cur_time, strlen(cur_time)) == ERROR) {
        printf("Sending cur_time error!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, File_err_type, strlen(File_err_type)) == ERROR) {
        printf("Sending file_error_type error!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, File_err_length, strlen(File_err_length)) == ERROR) {
        printf("Sending file_error_length error!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, File_err_end, strlen(File_err_end)) == ERROR) {
        printf("Sending file_error_end error!\n");
        return ERROR;
    }

    if (Send_Ifon(Socket, File_err_info, strlen(File_err_info)) == ERROR) {
        printf("Sending file_error_info failed!\n");
        return ERROR;
    }

    return OK;
}

int Send_File(char* URI, int Socket) {
    //200 OK响应 
    const char* File_ok_line = "HTTP/1.1 200 OK\r\n";
    const char* cur_time = "";
    const char* File_ok_type = "";
    const char* File_ok_length = "Content-Length: ";
    const char* File_ok_end = "\r\n";

    FILE* file;
    struct stat file_stat;
    char Length[BUF_SIZE];
    char sendbuf[BUF_SIZE];
    int send_length;

    if (Judge_File_Type(URI, File_ok_type) == ERROR) {
        printf("The request file's type from client's request message is error!\n");
        return ERROR;
    }

    file = fopen(URI, "rb");
    if (file != NULL) {
        fstat(fileno(file), &file_stat);
        itoa(file_stat.st_size, Length, 10);

        if (Send_Ifon(Socket, File_ok_line, strlen(File_ok_line)) == ERROR) {
            printf("Sending file_ok_line error!\n");
            return ERROR;
        }

        if (Send_Ifon(Socket, Server_name, strlen(Server_name)) == ERROR) {
            printf("Sending Server_name failed!\n");
            return ERROR;
        }

        cur_time = Get_Data(cur_time);
        Send_Ifon(Socket, "Data: ", 6);
        if (Send_Ifon(Socket, cur_time, strlen(cur_time)) == ERROR) {
            printf("Sending cur_time error!\n");
            return ERROR;
        }

        File_ok_type = Judge_File_Type(URI, File_ok_type);
        if (Send_Ifon(Socket, File_ok_type, strlen(File_ok_type)) == ERROR) {
            printf("Sending file_ok_type error!\n");
            return ERROR;
        }

        if (Send_Ifon(Socket, File_ok_length, strlen(File_ok_length)) != ERROR) {
            if (Send_Ifon(Socket, Length, strlen(Length)) != ERROR) {
                if (Send_Ifon(Socket, "\n", 1) == ERROR) {
                    printf("Sending file_ok_length error!\n");
                    return ERROR;
                }
            }
        }

        if (Send_Ifon(Socket, File_ok_end, strlen(File_ok_end)) == ERROR) {
            printf("Sending file_ok_end error!\n");
            return ERROR;
        }

        while (file_stat.st_size > 0) {
            if (file_stat.st_size < 1024) {
                send_length = fread(sendbuf, 1, file_stat.st_size, file);
                if (Send_Ifon(Socket, sendbuf, send_length) == ERROR) {
                    printf("Sending file information error!\n");
                    continue;
                }
                file_stat.st_size = 0;
            }
            else {
                send_length = fread(sendbuf, 1, 1024, file);
                if (Send_Ifon(Socket, sendbuf, send_length) == ERROR) {
                    printf("Sending file information error!\n");
                    continue;
                }
                file_stat.st_size -= 1024;
            }
        }
    }
    else {
        printf("The file is NULL!\n");
        return ERROR;
    }

    return OK;
}

const char* Judge_File_Type(char* URI, const char* content_type) {
    //文件类型判断 
    const char* suffix;

    if ((suffix = strrchr(URI, '.')) != NULL)
        suffix = suffix + 1;

    if (strcmp(suffix, "html") == 0) {
        return content_type = "Content-type: text/html\r\n";
    }
    else if (strcmp(suffix, "jpg") == 0) {
        return content_type = "Content-type: image/jpg\r\n";
    }
    else if (strcmp(suffix, "png") == 0) {
        return content_type = "Content-type: image/png\r\n";
    }
    else if (strcmp(suffix, "gif") == 0) {
        return content_type = "Content-type: image/gif\r\n";
    }
    else if (strcmp(suffix, "txt") == 0) {
        return content_type = "Content-type: text/plain\r\n";
    }
    else if (strcmp(suffix, "xml") == 0) {
        return content_type = "Content-type: text/xml\r\n";
    }
    else if (strcmp(suffix, "rtf") == 0) {
        return content_type = "Content-type: text/rtf\r\n";
    }
    else
        return ERROR;
}

const char* Get_Data(const char* cur_time) {
    //获取Web服务器的当前时间作为响应时间 
    time_t curtime;
    time(&curtime);
    cur_time = ctime(&curtime);

    return cur_time;
}

const char* Post_Value(char* message) {
    //获取客户端POST请求方式的值 
    const char* suffix;

    if ((suffix = strrchr(message, '\n')) != NULL)
        suffix = suffix + 1;
    printf("\n\nPost Value: %s\n\n", suffix);

    return suffix;
}

int Logo() {
    //Web服务器标志信息 
    printf("___________________________________________________________\n");
    printf("  __          ________ _______\n");
    printf("  \\ \\        / /  ____|  _____\\\n");
    printf("   \\ \\  /\\  / /| |____  |____) )\n");
    printf("    \\ \\/  \\/ / |  ____|  ____(   __  __     __ ___\n");
    printf("     \\  /\\  /  | |____  |____) )(__ |_ \\  /|_ |___)\n");
    printf("      \\/  \\/   |______|_______/  __)|__ \\/ |__|   \\\n");
    printf("\n");
    printf("            Welcome to use the Web Server!\n");
    printf("                     Version 1.0\n\n");
    printf("                         BooLo\n");
    printf("___________________________________________________________\n\n");

    return OK;
}

int main() {
    //实现主要功能 
    SOCKET ServerSock, MessageSock;
    struct sockaddr_in ClientAddr;
    int rval, Length;
    char revbuf[BUF_SIZE];

    Logo();
    printf("Web Server 1.0 is starting......\n\n");
    ServerSock = Server_Socket_Init();
    printf("\n-----------------------------------------------------------\n");

    while (OK) {
        /* 启动监听 */
        rval = listen(ServerSock, BACKLOG);
        if (rval == SOCKET_ERROR) {
            printf("Failed to listen socket!\n");
            system("pause");
            exit(1);
        }
        printf("Listening the socket ......\n");

        /* 接受客户端请求建立连接 */
        Length = sizeof(struct sockaddr);
        MessageSock = accept(ServerSock, (SOCKADDR*)&ClientAddr, &Length);
        if (MessageSock == INVALID_SOCKET) {
            printf("Failed to accept connection from client!\n");
            system("pause");
            exit(1);
        }
        printf("Succeed to accept connection from [%s:%d] !\n\n", inet_ntoa(ClientAddr.sin_addr), ntohs(ClientAddr.sin_port));

        /* 接收客户端请求数据 */
        memset(revbuf, 0, BUF_SIZE);    //每一个字节都用0来填充 
        rval = recv(MessageSock, revbuf, BUF_SIZE, 0);
        revbuf[rval] = 0x00;
        if (rval <= 0)
            printf("Failed to receive request message from client!\n");
        else {
            printf("%s\n", revbuf);    //输出请求数据内容
            rval = Handle_Request_Message(revbuf, MessageSock);
        }

        closesocket(MessageSock);
        printf("\n-----------------------------------------------------------\n");
    }

    closesocket(ServerSock);    //关闭套接字 
    WSACleanup();    //停止Winsock

    return OK;
}

七、测试网页代码

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>软件安全OpenSSL测试上传</title>
</head>
<body>
    <h1>CF上传图片测试
    <h2>仅仅只能上传图片而已
    <div class="upload">
        <img src="" alt="" style="width: 200px;height:200px;background:red;">
        <button>点击上传</button>
        <input type="file" style="display:none" class="fileDoms" onchange="changeFile()"/>
    </div>
</body>
<script>
    let btn  = document.querySelector(".upload button")
    let img = document.querySelector(".upload img")
    const fileInputs = document.querySelector('.fileDoms')
    btn.onclick = btnclick
    function btnclick(){
        fileInputs.click()
    }
    function changeFile(){
        console.log("上传")
        let reader = new FileReader();
        reader.readAsDataURL(fileInputs.files[0]);
        reader.onload = function(a){
            img.src = a.target.result; //等同于reader.result
            console.log(a,reader,reader.result);
        }
    }
    </script>
</html>
标签: 安全 前端

本文转载自: https://blog.csdn.net/m0_58138734/article/details/128512751
版权归原作者 王陈锋 所有, 如有侵权,请联系我们删除。

“基于OpenSSL的安全Web Server实现”的评论:

还没有评论