mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Alert.cs

   1 // Transport Security Layer (TLS)
   2 // Copyright (c) 2003-2004 Carlos Guzman Alvarez
   3
   4 //
   5 // Permission is hereby granted, free of charge, to any person obtaining
   6 // a copy of this software and associated documentation files (the
   7 // "Software"), to deal in the Software without restriction, including
   8 // without limitation the rights to use, copy, modify, merge, publish,
   9 // distribute, sublicense, and/or sell copies of the Software, and to
  10 // permit persons to whom the Software is furnished to do so, subject to
  11 // the following conditions:
  12 //
  13 // The above copyright notice and this permission notice shall be
  14 // included in all copies or substantial portions of the Software.
  15 //
  16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  17 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  18 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  19 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  20 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  21 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  23 //
  24
  25 using System;
  26
  27 namespace Mono.Security.Protocol.Tls
  28 {
  29         #region Enumerations
  30
  31         [Serializable]
  32         internal enum AlertLevel : byte
  33         {
  34                 Warning = 1,
  35                 Fatal   = 2
  36         }
  37
  38         [Serializable]
  39         internal enum AlertDescription : byte
  40         {
  41                 CloseNotify                             = 0,
  42                 UnexpectedMessage               = 10,
  43                 BadRecordMAC                    = 20,
  44                 DecryptionFailed                = 21,
  45                 RecordOverflow                  = 22,
  46                 DecompressionFailiure   = 30,
  47                 HandshakeFailiure               = 40,
  48                 NoCertificate                   = 41,   // should be used in SSL3
  49                 BadCertificate                  = 42,
  50                 UnsupportedCertificate  = 43,
  51                 CertificateRevoked              = 44,
  52                 CertificateExpired              = 45,
  53                 CertificateUnknown              = 46,
  54                 IlegalParameter                 = 47,
  55                 UnknownCA                               = 48,
  56                 AccessDenied                    = 49,
  57                 DecodeError                             = 50,
  58                 DecryptError                    = 51,
  59                 ExportRestriction               = 60,
  60                 ProtocolVersion                 = 70,
  61                 InsuficientSecurity             = 71,
  62                 InternalError                   = 80,
  63                 UserCancelled                   = 90,
  64                 NoRenegotiation                 = 100
  65         }
  66
  67         #endregion
  68
  69         internal class Alert
  70         {
  71                 #region Fields
  72
  73                 private AlertLevel                      level;
  74                 private AlertDescription        description;
  75
  76                 #endregion
  77
  78                 #region Properties
  79
  80                 public AlertLevel Level
  81                 {
  82                         get { return this.level; }
  83                 }
  84
  85                 public AlertDescription Description
  86                 {
  87                         get { return this.description; }
  88                 }
  89
  90                 public string Message
  91                 {
  92                         get { return Alert.GetAlertMessage(this.description); }
  93                 }
  94
  95                 public bool IsWarning
  96                 {
  97                         get { return this.level == AlertLevel.Warning ? true : false; }
  98                 }
  99
 100                 /*
 101                 public bool IsFatal
 102                 {
 103                         get { return this.level == AlertLevel.Fatal ? true : false; }
 104                 }
 105                 */
 106
 107                 public bool IsCloseNotify
 108                 {
 109                         get
 110                         {
 111                                 if (this.IsWarning &&
 112                                         this.description == AlertDescription.CloseNotify)
 113                                 {
 114                                         return true;
 115                                 }
 116
 117                                 return false;
 118                         }
 119                 }
 120
 121                 #endregion
 122
 123                 #region Constructors
 124
 125                 public Alert(AlertDescription description)
 126                 {
 127                         this.description = description;
 128                         this.level = inferAlertLevel(description);
 129                 }
 130
 131                 public Alert(
 132                         AlertLevel                      level,
 133                         AlertDescription        description)
 134                 {
 135                         this.level                      = level;
 136                         this.description        = description;
 137                 }
 138
 139                 #endregion
 140
 141                 #region Private Methods
 142
 143                 private static AlertLevel inferAlertLevel(AlertDescription description)
 144                 {
 145                         switch (description)
 146                         {
 147                                 case AlertDescription.CloseNotify:
 148                                 case AlertDescription.NoRenegotiation:
 149                                 case AlertDescription.UserCancelled:
 150                                         return AlertLevel.Warning;
 151
 152                                 case AlertDescription.AccessDenied:
 153                                 case AlertDescription.BadCertificate:
 154                                 case AlertDescription.BadRecordMAC:
 155                                 case AlertDescription.CertificateExpired:
 156                                 case AlertDescription.CertificateRevoked:
 157                                 case AlertDescription.CertificateUnknown:
 158                                 case AlertDescription.DecodeError:
 159                                 case AlertDescription.DecompressionFailiure:
 160                                 case AlertDescription.DecryptError:
 161                                 case AlertDescription.DecryptionFailed:
 162                                 case AlertDescription.ExportRestriction:
 163                                 case AlertDescription.HandshakeFailiure:
 164                                 case AlertDescription.IlegalParameter:
 165                                 case AlertDescription.InsuficientSecurity:
 166                                 case AlertDescription.InternalError:
 167                                 case AlertDescription.ProtocolVersion:
 168                                 case AlertDescription.RecordOverflow:
 169                                 case AlertDescription.UnexpectedMessage:
 170                                 case AlertDescription.UnknownCA:
 171                                 case AlertDescription.UnsupportedCertificate:
 172                                 default:
 173                                         return AlertLevel.Fatal;
 174                         }
 175                 }
 176
 177                 #endregion
 178
 179                 #region Static Methods
 180
 181                 public static string GetAlertMessage(AlertDescription description)
 182                 {
 183                         #if (DEBUG)
 184                         switch (description)
 185                         {
 186                                 case AlertDescription.AccessDenied:
 187                                         return "An inappropriate message was received.";
 188
 189                                 case AlertDescription.BadCertificate:
 190                                         return "TLSCiphertext decrypted in an invalid way.";
 191
 192                                 case AlertDescription.BadRecordMAC:
 193                                         return "Record with an incorrect MAC.";
 194
 195                                 case AlertDescription.CertificateExpired:
 196                                         return "Certificate has expired or is not currently valid";
 197
 198                                 case AlertDescription.CertificateRevoked:
 199                                         return "Certificate was revoked by its signer.";
 200
 201                                 case AlertDescription.CertificateUnknown:
 202                                         return "Certificate Unknown.";
 203
 204                                 case AlertDescription.CloseNotify:
 205                                         return "Connection closed";
 206
 207                                 case AlertDescription.DecodeError:
 208                                         return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";
 209
 210                                 case AlertDescription.DecompressionFailiure:
 211                                         return "The decompression function received improper input (e.g. data that would expand to excessive length).";
 212
 213                                 case AlertDescription.DecryptError:
 214                                         return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";
 215
 216                                 case AlertDescription.DecryptionFailed:
 217                                         return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";
 218
 219                                 case AlertDescription.ExportRestriction:
 220                                         return "Negotiation not in compliance with export restrictions was detected.";
 221
 222                                 case AlertDescription.HandshakeFailiure:
 223                                         return "Unable to negotiate an acceptable set of security parameters given the options available.";
 224
 225                                 case AlertDescription.IlegalParameter:
 226                                         return "A field in the handshake was out of range or inconsistent with other fields.";
 227
 228                                 case AlertDescription.InsuficientSecurity:
 229                                         return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";
 230
 231                                 case AlertDescription.InternalError:
 232                                         return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";
 233
 234                                 case AlertDescription.NoRenegotiation:
 235                                         return "Invalid renegotiation.";
 236
 237                                 case AlertDescription.ProtocolVersion:
 238                                         return "Unsupported protocol version.";
 239
 240                                 case AlertDescription.RecordOverflow:
 241                                         return "Invalid length on TLSCiphertext record or TLSCompressed record.";
 242
 243                                 case AlertDescription.UnexpectedMessage:
 244                                         return "Invalid message received.";
 245
 246                                 case AlertDescription.UnknownCA:
 247                                         return "CA can't be identified as a trusted CA.";
 248
 249                                 case AlertDescription.UnsupportedCertificate:
 250                                         return "Certificate was of an unsupported type.";
 251
 252                                 case AlertDescription.UserCancelled:
 253                                         return "Handshake cancelled by user.";
 254
 255                                 default:
 256                                         return "";
 257                         }
 258                         #else
 259                         return "The authentication or decryption has failed.";
 260                         #endif
 261                 }
 262
 263                 #endregion
 264         }
 265 }