Browse Source

Refactor exception handling

master
Nicolas Vinot 4 years ago
parent
commit
1994fdc87f
3 changed files with 31 additions and 10 deletions
  1. 1
    1
      lib/cryptcheck/tls.rb
  2. 28
    7
      lib/cryptcheck/tls/server.rb
  3. 2
    2
      lib/cryptcheck/tls/xmpp.rb

+ 1
- 1
lib/cryptcheck/tls.rb View File

@@ -39,7 +39,7 @@ module CryptCheck
grade_class.new server_class.new hostname, port
end
rescue ::Exception => e
@Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
end


+ 28
- 7
lib/cryptcheck/tls/server.rb View File

@@ -21,6 +21,8 @@ module CryptCheck
end
class TLSNotAvailableException < TLSException
end
class MethodNotAvailable < TLSException
end
class CipherNotAvailable < TLSException
end
class Timeout < TLSException
@@ -160,6 +162,12 @@ module CryptCheck
Logger.trace { "Waiting for write to #{host}:#{port}" }
raise Timeout unless IO.select nil, [socket], nil, TCP_TIMEOUT
retry
rescue => e
case e.message
when /^Connection refused/
raise TLSNotAvailableException, e
end
raise
ensure
socket.close
end
@@ -181,8 +189,22 @@ module CryptCheck
Logger.trace { "Waiting for SSL write to #{@hostname}:#{@port}" }
raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT
retry
rescue ::OpenSSL::SSL::SSLError => e
case e.message
when /state=SSLv2 read server hello A$/,
/state=SSLv3 read server hello A: wrong version number$/
raise MethodNotAvailable, e
when /state=error: no ciphers available$/,
/state=SSLv3 read server hello A: sslv3 alert handshake failure$/
raise CipherNotAvailable, e
end
raise TLSException, e
rescue => e
raise TLSNotAvailableException, e
case e.message
when /^Connection reset by peer$/
raise MethodNotAvailable, e
end
raise TLSException, e
ensure
ssl_socket.close
end
@@ -222,8 +244,7 @@ module CryptCheck
@cert, @chain = ssl_client(method) { |s| [s.peer_cert, s.peer_cert_chain] }
Logger.debug { "Certificate #{@cert.subject}" }
break
rescue TLSException => e
Logger.trace { "Method #{Tls.colorize method} not supported : #{e}" }
rescue TLSException
end
end
raise TLSNotAvailableException unless @cert
@@ -235,8 +256,8 @@ module CryptCheck
cipher = ssl_client(method, 'ALL:COMPLEMENTOFALL') { |s| s.cipher }
Logger.info { "Prefered cipher for #{Tls.colorize method} : #{Tls.colorize cipher.first}" }
cipher
rescue Exception
Logger.debug { "Method #{Tls.colorize method} not supported" }
rescue TLSException => e
Logger.debug { "Method #{Tls.colorize method} not supported : #{e}" }
nil
end

@@ -247,7 +268,7 @@ module CryptCheck
next unless SUPPORTED_METHODS.include? method
@prefered_ciphers[method] = prefered_cipher method
end
raise TLSNotAvailableException.new unless @prefered_ciphers.any? { |_, c| !c.nil? }
raise TLSNotAvailableException unless @prefered_ciphers.any? { |_, c| !c.nil? }
end

def available_ciphers(method)
@@ -261,7 +282,7 @@ module CryptCheck
Logger.info { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Supported" }
true
rescue TLSException => e
Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported" }
Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported (#{e})" }
false
end


+ 2
- 2
lib/cryptcheck/tls/xmpp.rb View File

@@ -7,14 +7,14 @@ module CryptCheck
module Xmpp
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@Logger = ::Logging.logger[Xmpp]
Logger = ::Logging.logger[Xmpp]

def self.grade(hostname, type=:s2s)
timeout MAX_ANALYSIS_DURATION do
Grade.new Server.new hostname, type
end
rescue ::Exception => e
@Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, type
end


Loading…
Cancel
Save