5 // Martin Baulig <martin.baulig@xamarin.com>
7 // Copyright (c) 2015 Xamarin, Inc.
9 // Permission is hereby granted, free of charge, to any person obtaining a copy
10 // of this software and associated documentation files (the "Software"), to deal
11 // in the Software without restriction, including without limitation the rights
12 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13 // copies of the Software, and to permit persons to whom the Software is
14 // furnished to do so, subject to the following conditions:
16 // The above copyright notice and this permission notice shall be included in
17 // all copies or substantial portions of the Software.
19 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 namespace Mono
.Security
.Interface
33 public enum AlertLevel
: byte
39 public enum AlertDescription
: byte
42 UnexpectedMessage
= 10,
44 DecryptionFailed_RESERVED
= 21,
46 DecompressionFailure
= 30,
47 HandshakeFailure
= 40,
48 NoCertificate_RESERVED
= 41, // should be used in SSL3
50 UnsupportedCertificate
= 43,
51 CertificateRevoked
= 44,
52 CertificateExpired
= 45,
53 CertificateUnknown
= 46,
59 ExportRestriction
= 60,
61 InsuficientSecurity
= 71,
64 NoRenegotiation
= 100,
65 UnsupportedExtension
= 110
74 private AlertLevel level
;
75 private AlertDescription description
;
81 public AlertLevel Level
83 get { return this.level; }
86 public AlertDescription Description
88 get { return this.description; }
93 get { return Alert.GetAlertMessage(this.description); }
98 get { return this.level == AlertLevel.Warning ? true : false; }
104 get { return this.level == AlertLevel.Fatal ? true : false; }
108 public bool IsCloseNotify
112 if (this.IsWarning
&&
113 this.description
== AlertDescription
.CloseNotify
)
126 public Alert(AlertDescription description
)
128 this.description
= description
;
129 this.inferAlertLevel();
134 AlertDescription description
)
137 this.description
= description
;
142 #region Private Methods
144 private void inferAlertLevel()
148 case AlertDescription
.CloseNotify
:
149 case AlertDescription
.NoRenegotiation
:
150 case AlertDescription
.UserCancelled
:
151 this.level
= AlertLevel
.Warning
;
154 case AlertDescription
.AccessDenied
:
155 case AlertDescription
.BadCertificate
:
156 case AlertDescription
.BadRecordMAC
:
157 case AlertDescription
.CertificateExpired
:
158 case AlertDescription
.CertificateRevoked
:
159 case AlertDescription
.CertificateUnknown
:
160 case AlertDescription
.DecodeError
:
161 case AlertDescription
.DecompressionFailure
:
162 case AlertDescription
.DecryptError
:
163 case AlertDescription
.DecryptionFailed_RESERVED
:
164 case AlertDescription
.ExportRestriction
:
165 case AlertDescription
.HandshakeFailure
:
166 case AlertDescription
.IlegalParameter
:
167 case AlertDescription
.InsuficientSecurity
:
168 case AlertDescription
.InternalError
:
169 case AlertDescription
.ProtocolVersion
:
170 case AlertDescription
.RecordOverflow
:
171 case AlertDescription
.UnexpectedMessage
:
172 case AlertDescription
.UnknownCA
:
173 case AlertDescription
.UnsupportedCertificate
:
174 case AlertDescription
.UnsupportedExtension
:
176 this.level
= AlertLevel
.Fatal
;
183 public override string ToString ()
185 return string.Format ("[Alert: {0}:{1}]", Level
, Description
);
188 #region Static Methods
190 public static string GetAlertMessage(AlertDescription description
)
195 case AlertDescription
.AccessDenied
:
196 return "An inappropriate message was received.";
198 case AlertDescription
.BadCertificate
:
199 return "TLSCiphertext decrypted in an invalid way.";
201 case AlertDescription
.BadRecordMAC
:
202 return "Record with an incorrect MAC.";
204 case AlertDescription
.CertificateExpired
:
205 return "Certificate has expired or is not currently valid";
207 case AlertDescription
.CertificateRevoked
:
208 return "Certificate was revoked by its signer.";
210 case AlertDescription
.CertificateUnknown
:
211 return "Certificate Unknown.";
213 case AlertDescription
.CloseNotify
:
214 return "Connection closed";
216 case AlertDescription
.DecodeError
:
217 return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";
219 case AlertDescription
.DecompressionFailure
:
220 return "The decompression function received improper input (e.g. data that would expand to excessive length).";
222 case AlertDescription
.DecryptError
:
223 return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";
225 case AlertDescription
.DecryptionFailed_RESERVED
:
226 return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";
228 case AlertDescription
.ExportRestriction
:
229 return "Negotiation not in compliance with export restrictions was detected.";
231 case AlertDescription
.HandshakeFailure
:
232 return "Unable to negotiate an acceptable set of security parameters given the options available.";
234 case AlertDescription
.IlegalParameter
:
235 return "A field in the handshake was out of range or inconsistent with other fields.";
237 case AlertDescription
.InsuficientSecurity
:
238 return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";
240 case AlertDescription
.InternalError
:
241 return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";
243 case AlertDescription
.NoRenegotiation
:
244 return "Invalid renegotiation.";
246 case AlertDescription
.ProtocolVersion
:
247 return "Unsupported protocol version.";
249 case AlertDescription
.RecordOverflow
:
250 return "Invalid length on TLSCiphertext record or TLSCompressed record.";
252 case AlertDescription
.UnexpectedMessage
:
253 return "Invalid message received.";
255 case AlertDescription
.UnknownCA
:
256 return "CA can't be identified as a trusted CA.";
258 case AlertDescription
.UnsupportedCertificate
:
259 return "Certificate was of an unsupported type.";
261 case AlertDescription
.UserCancelled
:
262 return "Handshake cancelled by user.";
264 case AlertDescription
.UnsupportedExtension
:
265 return "Unsupported extension.";
271 return "The authentication or decryption has failed.";