1 package org.bouncycastle.tls; 2 3 /** 4 * RFC 5246 7.2. 5 */ 6 public class AlertDescription 7 { 8 /** 9 * This message notifies the recipient that the sender will not send any more messages on this 10 * connection. Note that as of TLS 1.1, failure to properly close a connection no longer 11 * requires that a session not be resumed. This is a change from TLS 1.0 ("The session becomes 12 * unresumable if any connection is terminated without proper close_notify messages with level 13 * equal to warning.") to conform with widespread implementation practice. 14 */ 15 public static final short close_notify = 0; 16 17 /** 18 * An inappropriate message was received. This alert is always fatal and should never be 19 * observed in communication between proper implementations. 20 */ 21 public static final short unexpected_message = 10; 22 23 /** 24 * This alert is returned if a record is received with an incorrect MAC. This alert also MUST be 25 * returned if an alert is sent because a TLSCiphertext decrypted in an invalid way: either it 26 * wasn't an even multiple of the block length, or its padding values, when checked, weren't 27 * correct. This message is always fatal and should never be observed in communication between 28 * proper implementations (except when messages were corrupted in the network). 29 */ 30 public static final short bad_record_mac = 20; 31 32 /** 33 * This alert was used in some earlier versions of TLS, and may have permitted certain attacks 34 * against the CBC mode [CBCATT]. It MUST NOT be sent by compliant implementations. 35 */ 36 public static final short decryption_failed = 21; 37 38 /** 39 * A TLSCiphertext record was received that had a length more than 2^14+2048 bytes, or a record 40 * decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always 41 * fatal and should never be observed in communication between proper implementations (except 42 * when messages were corrupted in the network). 43 */ 44 public static final short record_overflow = 22; 45 46 /** 47 * The decompression function received improper input (e.g., data that would expand to excessive 48 * length). This message is always fatal and should never be observed in communication between 49 * proper implementations. 50 */ 51 public static final short decompression_failure = 30; 52 53 /** 54 * Reception of a handshake_failure alert message indicates that the sender was unable to 55 * negotiate an acceptable set of security parameters given the options available. This is a 56 * fatal error. 57 */ 58 public static final short handshake_failure = 40; 59 60 /** 61 * This alert was used in SSLv3 but not any version of TLS. It MUST NOT be sent by compliant 62 * implementations. 63 */ 64 public static final short no_certificate = 41; 65 66 /** 67 * A certificate was corrupt, contained signatures that did not verify correctly, etc. 68 */ 69 public static final short bad_certificate = 42; 70 71 /** 72 * A certificate was of an unsupported type. 73 */ 74 public static final short unsupported_certificate = 43; 75 76 /** 77 * A certificate was revoked by its signer. 78 */ 79 public static final short certificate_revoked = 44; 80 81 /** 82 * A certificate has expired or is not currently valid. 83 */ 84 public static final short certificate_expired = 45; 85 86 /** 87 * Some other (unspecified) issue arose in processing the certificate, rendering it 88 * unacceptable. 89 */ 90 public static final short certificate_unknown = 46; 91 92 /** 93 * A field in the handshake was out of range or inconsistent with other fields. This message is 94 * always fatal. 95 */ 96 public static final short illegal_parameter = 47; 97 98 /** 99 * A valid certificate chain or partial chain was received, but the certificate was not accepted 100 * because the CA certificate could not be located or couldn't be matched with a known, trusted 101 * CA. This message is always fatal. 102 */ 103 public static final short unknown_ca = 48; 104 105 /** 106 * A valid certificate was received, but when access control was applied, the sender decided not 107 * to proceed with negotiation. This message is always fatal. 108 */ 109 public static final short access_denied = 49; 110 111 /** 112 * A message could not be decoded because some field was out of the specified range or the 113 * length of the message was incorrect. This message is always fatal and should never be 114 * observed in communication between proper implementations (except when messages were corrupted 115 * in the network). 116 */ 117 public static final short decode_error = 50; 118 119 /** 120 * A handshake cryptographic operation failed, including being unable to correctly verify a 121 * signature or validate a Finished message. This message is always fatal. 122 */ 123 public static final short decrypt_error = 51; 124 125 /** 126 * This alert was used in some earlier versions of TLS. It MUST NOT be sent by compliant 127 * implementations. 128 */ 129 public static final short export_restriction = 60; 130 131 /** 132 * The protocol version the client has attempted to negotiate is recognized but not supported. 133 * (For example, old protocol versions might be avoided for security reasons.) This message is 134 * always fatal. 135 */ 136 public static final short protocol_version = 70; 137 138 /** 139 * Returned instead of handshake_failure when a negotiation has failed specifically because the 140 * server requires ciphers more secure than those supported by the client. This message is 141 * always fatal. 142 */ 143 public static final short insufficient_security = 71; 144 145 /** 146 * An internal error unrelated to the peer or the correctness of the protocol (such as a memory 147 * allocation failure) makes it impossible to continue. This message is always fatal. 148 */ 149 public static final short internal_error = 80; 150 151 /** 152 * This handshake is being canceled for some reason unrelated to a protocol failure. If the user 153 * cancels an operation after the handshake is complete, just closing the connection by sending 154 * a close_notify is more appropriate. This alert should be followed by a close_notify. This 155 * message is generally a warning. 156 */ 157 public static final short user_canceled = 90; 158 159 /** 160 * Sent by the client in response to a hello request or by the server in response to a client 161 * hello after initial handshaking. Either of these would normally lead to renegotiation; when 162 * that is not appropriate, the recipient should respond with this alert. At that point, the 163 * original requester can decide whether to proceed with the connection. One case where this 164 * would be appropriate is where a server has spawned a process to satisfy a request; the 165 * process might receive security parameters (key length, authentication, etc.) at startup, and 166 * it might be difficult to communicate changes to these parameters after that point. This 167 * message is always a warning. 168 */ 169 public static final short no_renegotiation = 100; 170 171 /** 172 * Sent by clients that receive an extended server hello containing an extension that they did 173 * not put in the corresponding client hello. This message is always fatal. 174 */ 175 public static final short unsupported_extension = 110; 176 177 /* 178 * RFC 3546 179 */ 180 181 /** 182 * This alert is sent by servers who are unable to retrieve a certificate chain from the URL 183 * supplied by the client (see Section 3.3). This message MAY be fatal - for example if client 184 * authentication is required by the server for the handshake to continue and the server is 185 * unable to retrieve the certificate chain, it may send a fatal alert. 186 */ 187 public static final short certificate_unobtainable = 111; 188 189 /** 190 * This alert is sent by servers that receive a server_name extension request, but do not 191 * recognize the server name. This message MAY be fatal. 192 */ 193 public static final short unrecognized_name = 112; 194 195 /** 196 * This alert is sent by clients that receive an invalid certificate status response (see 197 * Section 3.6). This message is always fatal. 198 */ 199 public static final short bad_certificate_status_response = 113; 200 201 /** 202 * This alert is sent by servers when a certificate hash does not match a client provided 203 * certificate_hash. This message is always fatal. 204 */ 205 public static final short bad_certificate_hash_value = 114; 206 207 /* 208 * RFC 4279 209 */ 210 211 /** 212 * If the server does not recognize the PSK identity, it MAY respond with an 213 * "unknown_psk_identity" alert message. 214 */ 215 public static final short unknown_psk_identity = 115; 216 217 /* 218 * RFC 7301 219 */ 220 221 /** 222 * In the event that the server supports no protocols that the client advertises, then the 223 * server SHALL respond with a fatal "no_application_protocol" alert. 224 */ 225 public static final short no_application_protocol = 120; 226 227 /* 228 * RFC 7507 229 */ 230 231 /** 232 * If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version 233 * supported by the server is higher than the version indicated in ClientHello.client_version, 234 * the server MUST respond with a fatal inappropriate_fallback alert [..]. 235 */ 236 public static final short inappropriate_fallback = 86; 237 238 /* 239 * RFC 8446 240 */ 241 242 /** 243 * Sent by endpoints that receive a handshake message not containing an extension that is 244 * mandatory to send for the offered TLS version or other negotiated parameters. 245 */ 246 public static final short missing_extension = 109; 247 248 /** 249 * Sent by servers when a client certificate is desired but none was provided by the client. 250 */ 251 public static final short certificate_required = 116; 252 getName(short alertDescription)253 public static String getName(short alertDescription) 254 { 255 switch (alertDescription) 256 { 257 case close_notify: 258 return "close_notify"; 259 case unexpected_message: 260 return "unexpected_message"; 261 case bad_record_mac: 262 return "bad_record_mac"; 263 case decryption_failed: 264 return "decryption_failed"; 265 case record_overflow: 266 return "record_overflow"; 267 case decompression_failure: 268 return "decompression_failure"; 269 case handshake_failure: 270 return "handshake_failure"; 271 case no_certificate: 272 return "no_certificate"; 273 case bad_certificate: 274 return "bad_certificate"; 275 case unsupported_certificate: 276 return "unsupported_certificate"; 277 case certificate_revoked: 278 return "certificate_revoked"; 279 case certificate_expired: 280 return "certificate_expired"; 281 case certificate_unknown: 282 return "certificate_unknown"; 283 case illegal_parameter: 284 return "illegal_parameter"; 285 case unknown_ca: 286 return "unknown_ca"; 287 case access_denied: 288 return "access_denied"; 289 case decode_error: 290 return "decode_error"; 291 case decrypt_error: 292 return "decrypt_error"; 293 case export_restriction: 294 return "export_restriction"; 295 case protocol_version: 296 return "protocol_version"; 297 case insufficient_security: 298 return "insufficient_security"; 299 case internal_error: 300 return "internal_error"; 301 case user_canceled: 302 return "user_canceled"; 303 case no_renegotiation: 304 return "no_renegotiation"; 305 case unsupported_extension: 306 return "unsupported_extension"; 307 case certificate_unobtainable: 308 return "certificate_unobtainable"; 309 case unrecognized_name: 310 return "unrecognized_name"; 311 case bad_certificate_status_response: 312 return "bad_certificate_status_response"; 313 case bad_certificate_hash_value: 314 return "bad_certificate_hash_value"; 315 case unknown_psk_identity: 316 return "unknown_psk_identity"; 317 case no_application_protocol: 318 return "no_application_protocol"; 319 case inappropriate_fallback: 320 return "inappropriate_fallback"; 321 case missing_extension: 322 return "missing_extension"; 323 case certificate_required: 324 return "certificate_required"; 325 default: 326 return "UNKNOWN"; 327 } 328 } 329 getText(short alertDescription)330 public static String getText(short alertDescription) 331 { 332 return getName(alertDescription) + "(" + alertDescription + ")"; 333 } 334 } 335