Refactor exception handling

lib/cryptcheck/tls.rb

@@ -39,7 +39,7 @@ module CryptCheck
 				grade_class.new server_class.new hostname, port
 			end
 		rescue ::Exception => e
-			@Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
+			Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
 			TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
 		end
 

lib/cryptcheck/tls/server.rb

@@ -21,6 +21,8 @@ module CryptCheck
 			end
 			class TLSNotAvailableException < TLSException
 			end
+			class MethodNotAvailable < TLSException
+			end
 			class CipherNotAvailable < TLSException
 			end
 			class Timeout < TLSException
@@ -160,6 +162,12 @@ module CryptCheck
 					Logger.trace { "Waiting for write to #{host}:#{port}" }
 					raise Timeout unless IO.select nil, [socket], nil, TCP_TIMEOUT
 					retry
+				rescue => e
+					case e.message
+						when /^Connection refused/
+							raise TLSNotAvailableException, e
+					end
+					raise
 				ensure
 					socket.close
 				end
@@ -181,8 +189,22 @@ module CryptCheck
 					Logger.trace { "Waiting for SSL write to #{@hostname}:#{@port}" }
 					raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT
 					retry
+				rescue ::OpenSSL::SSL::SSLError => e
+					case e.message
+						when /state=SSLv2 read server hello A$/,
+								/state=SSLv3 read server hello A: wrong version number$/
+							raise MethodNotAvailable, e
+						when /state=error: no ciphers available$/,
+								/state=SSLv3 read server hello A: sslv3 alert handshake failure$/
+							raise CipherNotAvailable, e
+					end
+					raise TLSException, e
 				rescue => e
-					raise TLSNotAvailableException, e
+					case e.message
+						when /^Connection reset by peer$/
+							raise MethodNotAvailable, e
+					end
+					raise TLSException, e
 				ensure
 					ssl_socket.close
 				end
@@ -222,8 +244,7 @@ module CryptCheck
 						@cert, @chain = ssl_client(method) { |s| [s.peer_cert, s.peer_cert_chain] }
 						Logger.debug { "Certificate #{@cert.subject}" }
 						break
-					rescue TLSException => e
-						Logger.trace { "Method #{Tls.colorize method} not supported : #{e}" }
+					rescue TLSException
 					end
 				end
 				raise TLSNotAvailableException unless @cert
@@ -235,8 +256,8 @@ module CryptCheck
 				cipher = ssl_client(method, 'ALL:COMPLEMENTOFALL') { |s| s.cipher }
 				Logger.info { "Prefered cipher for #{Tls.colorize method} : #{Tls.colorize cipher.first}" }
 				cipher
-			rescue Exception
-				Logger.debug { "Method #{Tls.colorize method} not supported" }
+			rescue TLSException => e
+				Logger.debug { "Method #{Tls.colorize method} not supported : #{e}" }
 				nil
 			end
 
@@ -247,7 +268,7 @@ module CryptCheck
 					next unless SUPPORTED_METHODS.include? method
 					@prefered_ciphers[method] = prefered_cipher method
 				end
-				raise TLSNotAvailableException.new unless @prefered_ciphers.any? { |_, c| !c.nil? }
+				raise TLSNotAvailableException unless @prefered_ciphers.any? { |_, c| !c.nil? }
 			end
 
 			def available_ciphers(method)
@@ -261,7 +282,7 @@ module CryptCheck
 				Logger.info { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Supported" }
 				true
 			rescue TLSException => e
-				Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported" }
+				Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported (#{e})" }
 				false
 			end
 

lib/cryptcheck/tls/xmpp.rb

@@ -7,14 +7,14 @@ module CryptCheck
 		module Xmpp
 			MAX_ANALYSIS_DURATION = 600
 			PARALLEL_ANALYSIS = 10
-			@Logger = ::Logging.logger[Xmpp]
+			Logger = ::Logging.logger[Xmpp]
 
 			def self.grade(hostname, type=:s2s)
 				timeout MAX_ANALYSIS_DURATION do
 					Grade.new Server.new hostname, type
 				end
 			rescue ::Exception => e
-				@Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
+				Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
 				TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, type
 			end