Refactor exception handling

v1
Nicolas Vinot 2015-08-16 13:12:08 +02:00
parent 4fa9497a0d
commit 1994fdc87f
3 changed files with 31 additions and 10 deletions

View File

@ -39,7 +39,7 @@ module CryptCheck
grade_class.new server_class.new hostname, port
end
rescue ::Exception => e
@Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
end

View File

@ -21,6 +21,8 @@ module CryptCheck
end
class TLSNotAvailableException < TLSException
end
class MethodNotAvailable < TLSException
end
class CipherNotAvailable < TLSException
end
class Timeout < TLSException
@ -160,6 +162,12 @@ module CryptCheck
Logger.trace { "Waiting for write to #{host}:#{port}" }
raise Timeout unless IO.select nil, [socket], nil, TCP_TIMEOUT
retry
rescue => e
case e.message
when /^Connection refused/
raise TLSNotAvailableException, e
end
raise
ensure
socket.close
end
@ -181,8 +189,22 @@ module CryptCheck
Logger.trace { "Waiting for SSL write to #{@hostname}:#{@port}" }
raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT
retry
rescue ::OpenSSL::SSL::SSLError => e
case e.message
when /state=SSLv2 read server hello A$/,
/state=SSLv3 read server hello A: wrong version number$/
raise MethodNotAvailable, e
when /state=error: no ciphers available$/,
/state=SSLv3 read server hello A: sslv3 alert handshake failure$/
raise CipherNotAvailable, e
end
raise TLSException, e
rescue => e
raise TLSNotAvailableException, e
case e.message
when /^Connection reset by peer$/
raise MethodNotAvailable, e
end
raise TLSException, e
ensure
ssl_socket.close
end
@ -222,8 +244,7 @@ module CryptCheck
@cert, @chain = ssl_client(method) { |s| [s.peer_cert, s.peer_cert_chain] }
Logger.debug { "Certificate #{@cert.subject}" }
break
rescue TLSException => e
Logger.trace { "Method #{Tls.colorize method} not supported : #{e}" }
rescue TLSException
end
end
raise TLSNotAvailableException unless @cert
@ -235,8 +256,8 @@ module CryptCheck
cipher = ssl_client(method, 'ALL:COMPLEMENTOFALL') { |s| s.cipher }
Logger.info { "Prefered cipher for #{Tls.colorize method} : #{Tls.colorize cipher.first}" }
cipher
rescue Exception
Logger.debug { "Method #{Tls.colorize method} not supported" }
rescue TLSException => e
Logger.debug { "Method #{Tls.colorize method} not supported : #{e}" }
nil
end
@ -247,7 +268,7 @@ module CryptCheck
next unless SUPPORTED_METHODS.include? method
@prefered_ciphers[method] = prefered_cipher method
end
raise TLSNotAvailableException.new unless @prefered_ciphers.any? { |_, c| !c.nil? }
raise TLSNotAvailableException unless @prefered_ciphers.any? { |_, c| !c.nil? }
end
def available_ciphers(method)
@ -261,7 +282,7 @@ module CryptCheck
Logger.info { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Supported" }
true
rescue TLSException => e
Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported" }
Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported (#{e})" }
false
end

View File

@ -7,14 +7,14 @@ module CryptCheck
module Xmpp
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@Logger = ::Logging.logger[Xmpp]
Logger = ::Logging.logger[Xmpp]
def self.grade(hostname, type=:s2s)
timeout MAX_ANALYSIS_DURATION do
Grade.new Server.new hostname, type
end
rescue ::Exception => e
@Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, type
end