1 package org.bouncycastle.tls;
2 
3 /**
4  * RFC 5246 7.2.
5  */
6 public class AlertDescription
7 {
8     /**
9      * This message notifies the recipient that the sender will not send any more messages on this
10      * connection. Note that as of TLS 1.1, failure to properly close a connection no longer
11      * requires that a session not be resumed. This is a change from TLS 1.0 ("The session becomes
12      * unresumable if any connection is terminated without proper close_notify messages with level
13      * equal to warning.") to conform with widespread implementation practice.
14      */
15     public static final short close_notify = 0;
16 
17     /**
18      * An inappropriate message was received. This alert is always fatal and should never be
19      * observed in communication between proper implementations.
20      */
21     public static final short unexpected_message = 10;
22 
23     /**
24      * This alert is returned if a record is received with an incorrect MAC. This alert also MUST be
25      * returned if an alert is sent because a TLSCiphertext decrypted in an invalid way: either it
26      * wasn't an even multiple of the block length, or its padding values, when checked, weren't
27      * correct. This message is always fatal and should never be observed in communication between
28      * proper implementations (except when messages were corrupted in the network).
29      */
30     public static final short bad_record_mac = 20;
31 
32     /**
33      * This alert was used in some earlier versions of TLS, and may have permitted certain attacks
34      * against the CBC mode [CBCATT]. It MUST NOT be sent by compliant implementations.
35      */
36     public static final short decryption_failed = 21;
37 
38     /**
39      * A TLSCiphertext record was received that had a length more than 2^14+2048 bytes, or a record
40      * decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always
41      * fatal and should never be observed in communication between proper implementations (except
42      * when messages were corrupted in the network).
43      */
44     public static final short record_overflow = 22;
45 
46     /**
47      * The decompression function received improper input (e.g., data that would expand to excessive
48      * length). This message is always fatal and should never be observed in communication between
49      * proper implementations.
50      */
51     public static final short decompression_failure = 30;
52 
53     /**
54      * Reception of a handshake_failure alert message indicates that the sender was unable to
55      * negotiate an acceptable set of security parameters given the options available. This is a
56      * fatal error.
57      */
58     public static final short handshake_failure = 40;
59 
60     /**
61      * This alert was used in SSLv3 but not any version of TLS. It MUST NOT be sent by compliant
62      * implementations.
63      */
64     public static final short no_certificate = 41;
65 
66     /**
67      * A certificate was corrupt, contained signatures that did not verify correctly, etc.
68      */
69     public static final short bad_certificate = 42;
70 
71     /**
72      * A certificate was of an unsupported type.
73      */
74     public static final short unsupported_certificate = 43;
75 
76     /**
77      * A certificate was revoked by its signer.
78      */
79     public static final short certificate_revoked = 44;
80 
81     /**
82      * A certificate has expired or is not currently valid.
83      */
84     public static final short certificate_expired = 45;
85 
86     /**
87      * Some other (unspecified) issue arose in processing the certificate, rendering it
88      * unacceptable.
89      */
90     public static final short certificate_unknown = 46;
91 
92     /**
93      * A field in the handshake was out of range or inconsistent with other fields. This message is
94      * always fatal.
95      */
96     public static final short illegal_parameter = 47;
97 
98     /**
99      * A valid certificate chain or partial chain was received, but the certificate was not accepted
100      * because the CA certificate could not be located or couldn't be matched with a known, trusted
101      * CA. This message is always fatal.
102      */
103     public static final short unknown_ca = 48;
104 
105     /**
106      * A valid certificate was received, but when access control was applied, the sender decided not
107      * to proceed with negotiation. This message is always fatal.
108      */
109     public static final short access_denied = 49;
110 
111     /**
112      * A message could not be decoded because some field was out of the specified range or the
113      * length of the message was incorrect. This message is always fatal and should never be
114      * observed in communication between proper implementations (except when messages were corrupted
115      * in the network).
116      */
117     public static final short decode_error = 50;
118 
119     /**
120      * A handshake cryptographic operation failed, including being unable to correctly verify a
121      * signature or validate a Finished message. This message is always fatal.
122      */
123     public static final short decrypt_error = 51;
124 
125     /**
126      * This alert was used in some earlier versions of TLS. It MUST NOT be sent by compliant
127      * implementations.
128      */
129     public static final short export_restriction = 60;
130 
131     /**
132      * The protocol version the client has attempted to negotiate is recognized but not supported.
133      * (For example, old protocol versions might be avoided for security reasons.) This message is
134      * always fatal.
135      */
136     public static final short protocol_version = 70;
137 
138     /**
139      * Returned instead of handshake_failure when a negotiation has failed specifically because the
140      * server requires ciphers more secure than those supported by the client. This message is
141      * always fatal.
142      */
143     public static final short insufficient_security = 71;
144 
145     /**
146      * An internal error unrelated to the peer or the correctness of the protocol (such as a memory
147      * allocation failure) makes it impossible to continue. This message is always fatal.
148      */
149     public static final short internal_error = 80;
150 
151     /**
152      * This handshake is being canceled for some reason unrelated to a protocol failure. If the user
153      * cancels an operation after the handshake is complete, just closing the connection by sending
154      * a close_notify is more appropriate. This alert should be followed by a close_notify. This
155      * message is generally a warning.
156      */
157     public static final short user_canceled = 90;
158 
159     /**
160      * Sent by the client in response to a hello request or by the server in response to a client
161      * hello after initial handshaking. Either of these would normally lead to renegotiation; when
162      * that is not appropriate, the recipient should respond with this alert. At that point, the
163      * original requester can decide whether to proceed with the connection. One case where this
164      * would be appropriate is where a server has spawned a process to satisfy a request; the
165      * process might receive security parameters (key length, authentication, etc.) at startup, and
166      * it might be difficult to communicate changes to these parameters after that point. This
167      * message is always a warning.
168      */
169     public static final short no_renegotiation = 100;
170 
171     /**
172      * Sent by clients that receive an extended server hello containing an extension that they did
173      * not put in the corresponding client hello. This message is always fatal.
174      */
175     public static final short unsupported_extension = 110;
176 
177     /*
178      * RFC 3546
179      */
180 
181     /**
182      * This alert is sent by servers who are unable to retrieve a certificate chain from the URL
183      * supplied by the client (see Section 3.3). This message MAY be fatal - for example if client
184      * authentication is required by the server for the handshake to continue and the server is
185      * unable to retrieve the certificate chain, it may send a fatal alert.
186      */
187     public static final short certificate_unobtainable = 111;
188 
189     /**
190      * This alert is sent by servers that receive a server_name extension request, but do not
191      * recognize the server name. This message MAY be fatal.
192      */
193     public static final short unrecognized_name = 112;
194 
195     /**
196      * This alert is sent by clients that receive an invalid certificate status response (see
197      * Section 3.6). This message is always fatal.
198      */
199     public static final short bad_certificate_status_response = 113;
200 
201     /**
202      * This alert is sent by servers when a certificate hash does not match a client provided
203      * certificate_hash. This message is always fatal.
204      */
205     public static final short bad_certificate_hash_value = 114;
206 
207     /*
208      * RFC 4279
209      */
210 
211     /**
212      * If the server does not recognize the PSK identity, it MAY respond with an
213      * "unknown_psk_identity" alert message.
214      */
215     public static final short unknown_psk_identity = 115;
216 
217     /*
218      * RFC 7301
219      */
220 
221     /**
222      * In the event that the server supports no protocols that the client advertises, then the
223      * server SHALL respond with a fatal "no_application_protocol" alert.
224      */
225     public static final short no_application_protocol = 120;
226 
227     /*
228      * RFC 7507
229      */
230 
231     /**
232      * If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version
233      * supported by the server is higher than the version indicated in ClientHello.client_version,
234      * the server MUST respond with a fatal inappropriate_fallback alert [..].
235      */
236     public static final short inappropriate_fallback = 86;
237 
238     /*
239      * RFC 8446
240      */
241 
242     /**
243      * Sent by endpoints that receive a handshake message not containing an extension that is
244      * mandatory to send for the offered TLS version or other negotiated parameters.
245      */
246     public static final short missing_extension = 109;
247 
248     /**
249      * Sent by servers when a client certificate is desired but none was provided by the client.
250      */
251     public static final short certificate_required = 116;
252 
getName(short alertDescription)253     public static String getName(short alertDescription)
254     {
255         switch (alertDescription)
256         {
257         case close_notify:
258             return "close_notify";
259         case unexpected_message:
260             return "unexpected_message";
261         case bad_record_mac:
262             return "bad_record_mac";
263         case decryption_failed:
264             return "decryption_failed";
265         case record_overflow:
266             return "record_overflow";
267         case decompression_failure:
268             return "decompression_failure";
269         case handshake_failure:
270             return "handshake_failure";
271         case no_certificate:
272             return "no_certificate";
273         case bad_certificate:
274             return "bad_certificate";
275         case unsupported_certificate:
276             return "unsupported_certificate";
277         case certificate_revoked:
278             return "certificate_revoked";
279         case certificate_expired:
280             return "certificate_expired";
281         case certificate_unknown:
282             return "certificate_unknown";
283         case illegal_parameter:
284             return "illegal_parameter";
285         case unknown_ca:
286             return "unknown_ca";
287         case access_denied:
288             return "access_denied";
289         case decode_error:
290             return "decode_error";
291         case decrypt_error:
292             return "decrypt_error";
293         case export_restriction:
294             return "export_restriction";
295         case protocol_version:
296             return "protocol_version";
297         case insufficient_security:
298             return "insufficient_security";
299         case internal_error:
300             return "internal_error";
301         case user_canceled:
302             return "user_canceled";
303         case no_renegotiation:
304             return "no_renegotiation";
305         case unsupported_extension:
306             return "unsupported_extension";
307         case certificate_unobtainable:
308             return "certificate_unobtainable";
309         case unrecognized_name:
310             return "unrecognized_name";
311         case bad_certificate_status_response:
312             return "bad_certificate_status_response";
313         case bad_certificate_hash_value:
314             return "bad_certificate_hash_value";
315         case unknown_psk_identity:
316             return "unknown_psk_identity";
317         case no_application_protocol:
318             return "no_application_protocol";
319         case inappropriate_fallback:
320             return "inappropriate_fallback";
321         case missing_extension:
322             return "missing_extension";
323         case certificate_required:
324             return "certificate_required";
325         default:
326             return "UNKNOWN";
327         }
328     }
329 
getText(short alertDescription)330     public static String getText(short alertDescription)
331     {
332         return getName(alertDescription) + "(" + alertDescription + ")";
333     }
334 }
335