feat: mux与tunnel对错误密钥连接进行断开

meethigher · meethigher · commit e02d6c975de9 · 2025-08-03T21:02:59.000+08:00
diff --git a/src/main/java/top/meethigher/proxy/tcp/mux/Mux.java b/src/main/java/top/meethigher/proxy/tcp/mux/Mux.java
@@ -49,23 +49,33 @@ public Mux(Vertx vertx, String secret) {
      * @return 返回configuration加密后的base64串(无换行)
      */
     public Buffer aesBase64Encode(MuxConfiguration configuration) {
-        String addr = configuration.toString();
-        SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
-        String encryptedAddr = encryptToBase64(addr.getBytes(StandardCharsets.UTF_8), key);
-        return TunnelMessageCodec.encode(type, encryptedAddr.getBytes(StandardCharsets.UTF_8));
+        try {
+            String addr = configuration.toString();
+            SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
+            String encryptedAddr = encryptToBase64(addr.getBytes(StandardCharsets.UTF_8), key);
+            return TunnelMessageCodec.encode(type, encryptedAddr.getBytes(StandardCharsets.UTF_8));
+        } catch (Exception e) {
+            log.error("aes base64 encode occurred exception", e);
+            return Buffer.buffer();
+        }
     }
 
     /**
      * @param buffer 加密内容
      * @return buffer解密后的内容
      */
     public MuxConfiguration aesBase64Decode(Buffer buffer) {
-        TunnelMessageCodec.DecodedMessage decode = TunnelMessageCodec.decode(buffer);
-        String encryptedAddr = new String(decode.body, StandardCharsets.UTF_8);
-        SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
-        String addr = new String(decryptFromBase64(encryptedAddr, key),
-                StandardCharsets.UTF_8);
-        return MuxConfiguration.parse(addr);
+        try {
+            TunnelMessageCodec.DecodedMessage decode = TunnelMessageCodec.decode(buffer);
+            String encryptedAddr = new String(decode.body, StandardCharsets.UTF_8);
+            SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
+            String addr = new String(decryptFromBase64(encryptedAddr, key),
+                    StandardCharsets.UTF_8);
+            return MuxConfiguration.parse(addr);
+        } catch (Exception e) {
+            log.error("aes base 64 decode occurred exception", e);
+            return null;
+        }
     }
 
 
diff --git a/src/main/java/top/meethigher/proxy/tcp/tunnel/ReverseTcpProxyTunnelServer.java b/src/main/java/top/meethigher/proxy/tcp/tunnel/ReverseTcpProxyTunnelServer.java
@@ -439,11 +439,18 @@ protected boolean doHandle(Vertx vertx, NetSocket netSocket, TunnelMessageType t
             protected boolean doHandle(Vertx vertx, NetSocket netSocket, TunnelMessageType type, byte[] bodyBytes) {
                 // 如果授权通过，并且成功开通端口。则返回成功；否则则返回失败，并关闭连接
                 boolean result = false;
+                TunnelMessage.OpenDataPortAck.Builder builder = TunnelMessage.OpenDataPortAck
+                        .newBuilder();
+                builder.setHeartbeatDelay(heartbeatDelay);
                 try {
-                    TunnelMessage.OpenDataPort parsed = TunnelMessage.OpenDataPort.parseFrom(aesBase64Decode(bodyBytes));
-                    TunnelMessage.OpenDataPortAck.Builder builder = TunnelMessage.OpenDataPortAck
-                            .newBuilder();
-                    builder.setHeartbeatDelay(heartbeatDelay);
+                    byte[] data = aesBase64Decode(bodyBytes);
+                    if (data == null) {
+                        builder.setSuccess(result).setMessage("your secret is incorrect!");
+                        netSocket.write(encode(TunnelMessageType.OPEN_DATA_PORT_ACK,
+                                builder.build().toByteArray())).onComplete(ar -> netSocket.close());
+                        return result;
+                    }
+                    TunnelMessage.OpenDataPort parsed = TunnelMessage.OpenDataPort.parseFrom(data);
                     if (secret.equals(parsed.getSecret())) {
                         synchronized (ReverseTcpProxyTunnelServer.class) {
                             // 判断dataProxyName是否唯一
@@ -481,17 +488,16 @@ protected boolean doHandle(Vertx vertx, NetSocket netSocket, TunnelMessageType t
                                         builder.build().toByteArray())).onComplete(ar -> netSocket.close());
                             }
                         }
-
                     } else {
-                        TunnelMessage.OpenDataPortAck ack = TunnelMessage.OpenDataPortAck
-                                .newBuilder()
-                                .setSuccess(result)
-                                .setMessage("your secret is incorrect!")
-                                .build();
+                        builder.setSuccess(result).setMessage("your secret is incorrect!");
                         netSocket.write(encode(TunnelMessageType.OPEN_DATA_PORT_ACK,
-                                ack.toByteArray())).onComplete(ar -> netSocket.close());
+                                builder.build().toByteArray())).onComplete(ar -> netSocket.close());
                     }
-                } catch (Exception ignore) {
+                } catch (Exception e) {
+                    log.error("open data port doHandle occurred exception", e);
+                    builder.setSuccess(result).setMessage("exception");
+                    netSocket.write(encode(TunnelMessageType.OPEN_DATA_PORT_ACK,
+                            builder.build().toByteArray())).onComplete(ar -> netSocket.close());
                 }
                 return result;
             }
diff --git a/src/main/java/top/meethigher/proxy/tcp/tunnel/Tunnel.java b/src/main/java/top/meethigher/proxy/tcp/tunnel/Tunnel.java
@@ -71,12 +71,18 @@ public void on(TunnelMessageType type, TunnelHandler tunnelHandler) {
 
     /**
      * 返回加密base64串(无换行)
+     *
      * @param bodyBytes 原文
      * @return 密文
      */
     public byte[] aesBase64Encode(byte[] bodyBytes) {
-        SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
-        return encrypt(bodyBytes, key);
+        try {
+            SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
+            return encrypt(bodyBytes, key);
+        } catch (Exception e) {
+            log.error("aes base64 encode occurred exception", e);
+            return null;
+        }
     }
 
     /**
@@ -86,8 +92,13 @@ public byte[] aesBase64Encode(byte[] bodyBytes) {
      * @return 原文
      */
     public byte[] aesBase64Decode(byte[] bodyBytes) {
-        SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
-        return decrypt(bodyBytes, key);
+        try {
+            SecretKey key = restoreKey(secret.getBytes(StandardCharsets.UTF_8));
+            return decrypt(bodyBytes, key);
+        } catch (Exception e) {
+            log.error("aes base64 decode occurred exception", e);
+            return null;
+        }
     }
 
     /**
