Raise TlsError that inherits from Riak::Error in tls init

bkerley · bkerley · commit dae0f99969fe · 2014-03-25T12:03:11.000-04:00
diff --git a/lib/riak/client/beefcake/socket.rb b/lib/riak/client/beefcake/socket.rb
@@ -1,6 +1,7 @@
 require 'openssl'
 require 'r509/cert/validator'
 require 'riak/client/beefcake/messages'
+require 'riak/errors/connection_error'
 
 module Riak
   class Client
@@ -90,17 +91,17 @@ def start_tls
             def validate_session
               if @auth[:verify_hostname] &&
                   !OpenSSL::SSL::verify_certificate_identity(riak_cert.cert, @host)
-                raise t("ssl.cert_host_mismatch")
+                raise TlsError.new t("ssl.cert_host_mismatch")
               end
 
               unless riak_cert.valid?
-                raise t("ssl.cert_not_valid")
+                raise TlsError.new t("ssl.cert_not_valid")
               end
 
               validator = R509::Cert::Validator.new riak_cert
 
               unless validator.validate(ocsp: !!@auth[:ocsp], crl: !!@auth[:crl])
-                raise t("ssl.cert_revoked")
+                raise TlsError.new t("ssl.cert_revoked")
               end
             end
 
@@ -131,7 +132,7 @@ def write_message(code, message='')
 
             def read_message
               header = @sock.read 5
-              raise SocketError, "Unexpected EOF during TLS init" if header.nil?
+              raise TlsError.new(t('ssl.eof_during_init')) if header.nil?
               len, code = header.unpack 'NC'
               decode = BeefcakeMessageCodes[code]
               return decode, '' if len == 1
@@ -148,7 +149,12 @@ def expect_message(expected_code)
               candidate_code, message = read_message
               return message if expected_code == candidate_code
 
-              raise "Wanted #{expected_code.inspect}, got #{candidate_code.inspect} and #{message.inspect}"
+              raise TlsError.new(t('ssl.unexpected_during_init',
+                                   expected: expected_code.inspect,
+                                   actual: candidate_code.inspect,
+                                   body: message.inspect
+                                   ))
+              
             end
           end
         end
diff --git a/lib/riak/locale/en.yml b/lib/riak/locale/en.yml
@@ -71,6 +71,8 @@ en:
       cert_host_mismatch: "The presented SSL/TLS certificate did not match the hostname."
       cert_not_in_valid_range: "The presented SSL/TLS certificate is either expired or premature."
       cert_revoked: "The presented SSL/TLS certificate has been revoked."
+      eof_during_init: "Unexpected EOF during SSL/TLS initialization."
+      unexpected_during_init: "Expected %{expected}, got %{actual} with body %{body} during SSL/TLS initialization."
     stale_write_prevented: "Stale write prevented by client."
     stored_function_invalid: "function must have :bucket and :key when a hash"
     streaming_bucket_list_without_block: "Streaming bucket list was requested but no block was given."
