From fba1fdcc34c6634c291719f38f1ab2bad0c00d9a Mon Sep 17 00:00:00 2001
From: Mathias Petermann <mathias.petermann@projektfokus.ch>
Date: Tue, 10 Nov 2020 18:05:06 +0100
Subject: [PATCH] Improve exception handling during http challenge

---
 lemur/plugins/lemur_acme/challenge_types.py | 24 ++++++++++++++++-----
 lemur/plugins/lemur_sftp/plugin.py          |  4 ++++
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/lemur/plugins/lemur_acme/challenge_types.py b/lemur/plugins/lemur_acme/challenge_types.py
index e774a02d..e95e10d1 100644
--- a/lemur/plugins/lemur_acme/challenge_types.py
+++ b/lemur/plugins/lemur_acme/challenge_types.py
@@ -12,7 +12,7 @@ import json
 
 import OpenSSL
 from acme import challenges
-from acme.messages import STATUS_VALID
+from acme.messages import errors, STATUS_VALID, ERROR_CODES
 from flask import current_app
 
 from lemur.authorizations import service as authorization_service
@@ -109,13 +109,27 @@ class AcmeHttpChallenge(AcmeChallenge):
                 raise Exception('No token_destination configured for this authority. Cant complete HTTP-01 challenge')
 
             for challenge in chall:
-                response, validation = self.deploy(challenge, acme_client, validation_target)
-                validations[challenge.chall.path] = validation
-                acme_client.answer_challenge(challenge, response)
+                try:
+                    response, validation = self.deploy(challenge, acme_client, validation_target)
+                    validations[challenge.chall.path] = validation
+                    acme_client.answer_challenge(challenge, response)
+                except Exception as e:
+                    current_app.logger.error(e)
+                    raise Exception('Failure while trying to deploy token to configure destination. See logs for more information')
 
             current_app.logger.info("Uploaded HTTP-01 challenge tokens, trying to poll and finalize the order")
 
-        finalized_orderr = acme_client.poll_and_finalize(orderr, datetime.datetime.now() + datetime.timedelta(seconds=90))
+        try:
+            finalized_orderr = acme_client.poll_and_finalize(orderr,
+                                                             datetime.datetime.now() + datetime.timedelta(seconds=90))
+        except errors.ValidationError as validationError:
+            for authz in validationError.failed_authzrs:
+                for chall in authz.body.challenges:
+                    if chall.error:
+                        current_app.logger.error(
+                            "ValidationError occured of type {}, with message {}".format(chall.error.typ,
+                                                                                         ERROR_CODES[chall.error.code]))
+            raise Exception('Validation error occured, can\'t complete challenges. See logs for more information.')
 
         pem_certificate = OpenSSL.crypto.dump_certificate(
             OpenSSL.crypto.FILETYPE_PEM,
diff --git a/lemur/plugins/lemur_sftp/plugin.py b/lemur/plugins/lemur_sftp/plugin.py
index 8d76b879..f0a63b70 100644
--- a/lemur/plugins/lemur_sftp/plugin.py
+++ b/lemur/plugins/lemur_sftp/plugin.py
@@ -306,3 +306,7 @@ class SFTPDestinationPlugin(DestinationPlugin):
                 ssh.close()
             except BaseException:
                 pass
+            message = ''
+            for _, error in e.errors.items():
+                message = error.strerror
+            raise Exception('Couldn\'t upload file to {}, error message: {}'.format(host, message))