3 // Permission is hereby granted, free of charge, to any person obtaining
4 // a copy of this software and associated documentation files (the
5 // "Software"), to deal in the Software without restriction, including
6 // without limitation the rights to use, copy, modify, merge, publish,
7 // distribute, sublicense, and/or sell copies of the Software, and to
8 // permit persons to whom the Software is furnished to do so, subject to
9 // the following conditions:
11 // The above copyright notice and this permission notice shall be
12 // included in all copies or substantial portions of the Software.
14 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22 /* Transport Security Layer (TLS)
23 * Copyright (c) 2003-2004 Carlos Guzman Alvarez
25 * Permission is hereby granted, free of charge, to any person
26 * obtaining a copy of this software and associated documentation
27 * files (the "Software"), to deal in the Software without restriction,
28 * including without limitation the rights to use, copy, modify, merge,
29 * publish, distribute, sublicense, and/or sell copies of the Software,
30 * and to permit persons to whom the Software is furnished to do so,
31 * subject to the following conditions:
33 * The above copyright notice and this permission notice shall be included
34 * in all copies or substantial portions of the Software.
36 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
37 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
38 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
39 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
40 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
41 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
42 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
43 * DEALINGS IN THE SOFTWARE.
47 using Mono.Security.Protocol.Tls;
49 namespace Mono.Security.Protocol.Tls
54 internal enum AlertLevel : byte
61 internal enum AlertDescription : byte
64 UnexpectedMessage = 10,
66 DecryptionFailed = 21,
68 DecompressionFailiure = 30,
69 HandshakeFailiure = 40,
71 UnsupportedCertificate = 43,
72 CertificateRevoked = 44,
73 CertificateExpired = 45,
74 CertificateUnknown = 46,
80 ExportRestriction = 60,
82 InsuficientSecurity = 71,
94 private AlertLevel level;
95 private AlertDescription description;
101 public AlertLevel Level
103 get { return this.level; }
106 public AlertDescription Description
108 get { return this.description; }
111 public string Message
113 get { return Alert.GetAlertMessage(this.description); }
116 public bool IsWarning
118 get { return this.level == AlertLevel.Warning ? true : false; }
124 get { return this.level == AlertLevel.Fatal ? true : false; }
128 public bool IsCloseNotify
132 if (this.IsWarning &&
133 this.description == AlertDescription.CloseNotify)
146 public Alert(AlertDescription description)
148 this.inferAlertLevel();
149 this.description = description;
154 AlertDescription description)
157 this.description = description;
162 #region Private Methods
164 private void inferAlertLevel()
168 case AlertDescription.CloseNotify:
169 case AlertDescription.NoRenegotiation:
170 case AlertDescription.UserCancelled:
171 this.level = AlertLevel.Warning;
174 case AlertDescription.AccessDenied:
175 case AlertDescription.BadCertificate:
176 case AlertDescription.BadRecordMAC:
177 case AlertDescription.CertificateExpired:
178 case AlertDescription.CertificateRevoked:
179 case AlertDescription.CertificateUnknown:
180 case AlertDescription.DecodeError:
181 case AlertDescription.DecompressionFailiure:
182 case AlertDescription.DecryptError:
183 case AlertDescription.DecryptionFailed:
184 case AlertDescription.ExportRestriction:
185 case AlertDescription.HandshakeFailiure:
186 case AlertDescription.IlegalParameter:
187 case AlertDescription.InsuficientSecurity:
188 case AlertDescription.InternalError:
189 case AlertDescription.ProtocolVersion:
190 case AlertDescription.RecordOverflow:
191 case AlertDescription.UnexpectedMessage:
192 case AlertDescription.UnknownCA:
193 case AlertDescription.UnsupportedCertificate:
195 this.level = AlertLevel.Fatal;
202 #region Static Methods
204 public static string GetAlertMessage(AlertDescription description)
209 case AlertDescription.AccessDenied:
210 return "An inappropriate message was received.";
212 case AlertDescription.BadCertificate:
213 return "TLSCiphertext decrypted in an invalid way.";
215 case AlertDescription.BadRecordMAC:
216 return "Record with an incorrect MAC.";
218 case AlertDescription.CertificateExpired:
219 return "Certificate has expired or is not currently valid";
221 case AlertDescription.CertificateRevoked:
222 return "Certificate was revoked by its signer.";
224 case AlertDescription.CertificateUnknown:
225 return "Certificate Unknown.";
227 case AlertDescription.CloseNotify:
228 return "Connection closed";
230 case AlertDescription.DecodeError:
231 return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";
233 case AlertDescription.DecompressionFailiure:
234 return "The decompression function received improper input (e.g. data that would expand to excessive length).";
236 case AlertDescription.DecryptError:
237 return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";
239 case AlertDescription.DecryptionFailed:
240 return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";
242 case AlertDescription.ExportRestriction:
243 return "Negotiation not in compliance with export restrictions was detected.";
245 case AlertDescription.HandshakeFailiure:
246 return "Unable to negotiate an acceptable set of security parameters given the options available.";
248 case AlertDescription.IlegalParameter:
249 return "A field in the handshake was out of range or inconsistent with other fields.";
251 case AlertDescription.InsuficientSecurity:
252 return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";
254 case AlertDescription.InternalError:
255 return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";
257 case AlertDescription.NoRenegotiation:
258 return "Invalid renegotiation.";
260 case AlertDescription.ProtocolVersion:
261 return "Unsupported protocol version.";
263 case AlertDescription.RecordOverflow:
264 return "Invalid length on TLSCiphertext record or TLSCompressed record.";
266 case AlertDescription.UnexpectedMessage:
267 return "Invalid message received.";
269 case AlertDescription.UnknownCA:
270 return "CA can't be identified as a trusted CA.";
272 case AlertDescription.UnsupportedCertificate:
273 return "Certificate was of an unsupported type.";
275 case AlertDescription.UserCancelled:
276 return "Handshake cancelled by user.";
282 return "The authentication or decryption has failed.";