Refactor exception handling
parent
4fa9497a0d
commit
1994fdc87f
|
@ -39,7 +39,7 @@ module CryptCheck
|
|||
grade_class.new server_class.new hostname, port
|
||||
end
|
||||
rescue ::Exception => e
|
||||
@Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
|
||||
Logger.error { "Error during #{hostname}:#{port} analysis : #{e}" }
|
||||
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
|
||||
end
|
||||
|
||||
|
|
|
@ -21,6 +21,8 @@ module CryptCheck
|
|||
end
|
||||
class TLSNotAvailableException < TLSException
|
||||
end
|
||||
class MethodNotAvailable < TLSException
|
||||
end
|
||||
class CipherNotAvailable < TLSException
|
||||
end
|
||||
class Timeout < TLSException
|
||||
|
@ -160,6 +162,12 @@ module CryptCheck
|
|||
Logger.trace { "Waiting for write to #{host}:#{port}" }
|
||||
raise Timeout unless IO.select nil, [socket], nil, TCP_TIMEOUT
|
||||
retry
|
||||
rescue => e
|
||||
case e.message
|
||||
when /^Connection refused/
|
||||
raise TLSNotAvailableException, e
|
||||
end
|
||||
raise
|
||||
ensure
|
||||
socket.close
|
||||
end
|
||||
|
@ -181,8 +189,22 @@ module CryptCheck
|
|||
Logger.trace { "Waiting for SSL write to #{@hostname}:#{@port}" }
|
||||
raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT
|
||||
retry
|
||||
rescue ::OpenSSL::SSL::SSLError => e
|
||||
case e.message
|
||||
when /state=SSLv2 read server hello A$/,
|
||||
/state=SSLv3 read server hello A: wrong version number$/
|
||||
raise MethodNotAvailable, e
|
||||
when /state=error: no ciphers available$/,
|
||||
/state=SSLv3 read server hello A: sslv3 alert handshake failure$/
|
||||
raise CipherNotAvailable, e
|
||||
end
|
||||
raise TLSException, e
|
||||
rescue => e
|
||||
raise TLSNotAvailableException, e
|
||||
case e.message
|
||||
when /^Connection reset by peer$/
|
||||
raise MethodNotAvailable, e
|
||||
end
|
||||
raise TLSException, e
|
||||
ensure
|
||||
ssl_socket.close
|
||||
end
|
||||
|
@ -222,8 +244,7 @@ module CryptCheck
|
|||
@cert, @chain = ssl_client(method) { |s| [s.peer_cert, s.peer_cert_chain] }
|
||||
Logger.debug { "Certificate #{@cert.subject}" }
|
||||
break
|
||||
rescue TLSException => e
|
||||
Logger.trace { "Method #{Tls.colorize method} not supported : #{e}" }
|
||||
rescue TLSException
|
||||
end
|
||||
end
|
||||
raise TLSNotAvailableException unless @cert
|
||||
|
@ -235,8 +256,8 @@ module CryptCheck
|
|||
cipher = ssl_client(method, 'ALL:COMPLEMENTOFALL') { |s| s.cipher }
|
||||
Logger.info { "Prefered cipher for #{Tls.colorize method} : #{Tls.colorize cipher.first}" }
|
||||
cipher
|
||||
rescue Exception
|
||||
Logger.debug { "Method #{Tls.colorize method} not supported" }
|
||||
rescue TLSException => e
|
||||
Logger.debug { "Method #{Tls.colorize method} not supported : #{e}" }
|
||||
nil
|
||||
end
|
||||
|
||||
|
@ -247,7 +268,7 @@ module CryptCheck
|
|||
next unless SUPPORTED_METHODS.include? method
|
||||
@prefered_ciphers[method] = prefered_cipher method
|
||||
end
|
||||
raise TLSNotAvailableException.new unless @prefered_ciphers.any? { |_, c| !c.nil? }
|
||||
raise TLSNotAvailableException unless @prefered_ciphers.any? { |_, c| !c.nil? }
|
||||
end
|
||||
|
||||
def available_ciphers(method)
|
||||
|
@ -261,7 +282,7 @@ module CryptCheck
|
|||
Logger.info { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Supported" }
|
||||
true
|
||||
rescue TLSException => e
|
||||
Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported" }
|
||||
Logger.debug { "#{Tls.colorize method} / #{Tls.colorize cipher[0]} : Not supported (#{e})" }
|
||||
false
|
||||
end
|
||||
|
||||
|
|
|
@ -7,14 +7,14 @@ module CryptCheck
|
|||
module Xmpp
|
||||
MAX_ANALYSIS_DURATION = 600
|
||||
PARALLEL_ANALYSIS = 10
|
||||
@Logger = ::Logging.logger[Xmpp]
|
||||
Logger = ::Logging.logger[Xmpp]
|
||||
|
||||
def self.grade(hostname, type=:s2s)
|
||||
timeout MAX_ANALYSIS_DURATION do
|
||||
Grade.new Server.new hostname, type
|
||||
end
|
||||
rescue ::Exception => e
|
||||
@Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
|
||||
Logger.error { "Error during #{hostname}:#{type} analysis : #{e}" }
|
||||
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, type
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue