GHzGlass
/
GHZLangChao


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308
							#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)

namespace Org.BouncyCastle.Crypto.Tls
{
    /// <summary>
    /// RFC 5246 7.2
    /// </summary>
    public abstract class AlertDescription
    {
        /**
         * This message notifies the recipient that the sender will not send any more messages on this
         * connection. Note that as of TLS 1.1, failure to properly close a connection no longer
         * requires that a session not be resumed. This is a change from TLS 1.0 ("The session becomes
         * unresumable if any connection is terminated without proper close_notify messages with level
         * equal to warning.") to conform with widespread implementation practice.
         */
        public const byte close_notify = 0;

        /**
         * An inappropriate message was received. This alert is always fatal and should never be
         * observed in communication between proper implementations.
         */
        public const byte unexpected_message = 10;

        /**
         * This alert is returned if a record is received with an incorrect MAC. This alert also MUST be
         * returned if an alert is sent because a TLSCiphertext decrypted in an invalid way: either it
         * wasn't an even multiple of the block length, or its padding values, when checked, weren't
         * correct. This message is always fatal and should never be observed in communication between
         * proper implementations (except when messages were corrupted in the network).
         */
        public const byte bad_record_mac = 20;

        /**
         * This alert was used in some earlier versions of TLS, and may have permitted certain attacks
         * against the CBC mode [CBCATT]. It MUST NOT be sent by compliant implementations.
         */
        public const byte decryption_failed = 21;

        /**
         * A TLSCiphertext record was received that had a length more than 2^14+2048 bytes, or a record
         * decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always
         * fatal and should never be observed in communication between proper implementations (except
         * when messages were corrupted in the network).
         */
        public const byte record_overflow = 22;

        /**
         * The decompression function received improper input (e.g., data that would expand to excessive
         * length). This message is always fatal and should never be observed in communication between
         * proper implementations.
         */
        public const byte decompression_failure = 30;

        /**
         * Reception of a handshake_failure alert message indicates that the sender was unable to
         * negotiate an acceptable set of security parameters given the options available. This is a
         * fatal error.
         */
        public const byte handshake_failure = 40;

        /**
         * This alert was used in SSLv3 but not any version of TLS. It MUST NOT be sent by compliant
         * implementations.
         */
        public const byte no_certificate = 41;

        /**
         * A certificate was corrupt, contained signatures that did not verify correctly, etc.
         */
        public const byte bad_certificate = 42;

        /**
         * A certificate was of an unsupported type.
         */
        public const byte unsupported_certificate = 43;

        /**
         * A certificate was revoked by its signer.
         */
        public const byte certificate_revoked = 44;

        /**
         * A certificate has expired or is not currently valid.
         */
        public const byte certificate_expired = 45;

        /**
         * Some other (unspecified) issue arose in processing the certificate, rendering it
         * unacceptable.
         */
        public const byte certificate_unknown = 46;

        /**
         * A field in the handshake was out of range or inconsistent with other fields. This message is
         * always fatal.
         */
        public const byte illegal_parameter = 47;

        /**
         * A valid certificate chain or partial chain was received, but the certificate was not accepted
         * because the CA certificate could not be located or couldn't be matched with a known, trusted
         * CA. This message is always fatal.
         */
        public const byte unknown_ca = 48;

        /**
         * A valid certificate was received, but when access control was applied, the sender decided not
         * to proceed with negotiation. This message is always fatal.
         */
        public const byte access_denied = 49;

        /**
         * A message could not be decoded because some field was out of the specified range or the
         * length of the message was incorrect. This message is always fatal and should never be
         * observed in communication between proper implementations (except when messages were corrupted
         * in the network).
         */
        public const byte decode_error = 50;

        /**
         * A handshake cryptographic operation failed, including being unable to correctly verify a
         * signature or validate a Finished message. This message is always fatal.
         */
        public const byte decrypt_error = 51;

        /**
         * This alert was used in some earlier versions of TLS. It MUST NOT be sent by compliant
         * implementations.
         */
        public const byte export_restriction = 60;

        /**
         * The protocol version the client has attempted to negotiate is recognized but not supported.
         * (For example, old protocol versions might be avoided for security reasons.) This message is
         * always fatal.
         */
        public const byte protocol_version = 70;

        /**
         * Returned instead of handshake_failure when a negotiation has failed specifically because the
         * server requires ciphers more secure than those supported by the client. This message is
         * always fatal.
         */
        public const byte insufficient_security = 71;

        /**
         * An internal error unrelated to the peer or the correctness of the protocol (such as a memory
         * allocation failure) makes it impossible to continue. This message is always fatal.
         */
        public const byte internal_error = 80;

        /**
         * This handshake is being canceled for some reason unrelated to a protocol failure. If the user
         * cancels an operation after the handshake is complete, just closing the connection by sending
         * a close_notify is more appropriate. This alert should be followed by a close_notify. This
         * message is generally a warning.
         */
        public const byte user_canceled = 90;

        /**
         * Sent by the client in response to a hello request or by the server in response to a client
         * hello after initial handshaking. Either of these would normally lead to renegotiation; when
         * that is not appropriate, the recipient should respond with this alert. At that point, the
         * original requester can decide whether to proceed with the connection. One case where this
         * would be appropriate is where a server has spawned a process to satisfy a request; the
         * process might receive security parameters (key length, authentication, etc.) at startup, and
         * it might be difficult to communicate changes to these parameters after that point. This
         * message is always a warning.
         */
        public const byte no_renegotiation = 100;

        /**
         * Sent by clients that receive an extended server hello containing an extension that they did
         * not put in the corresponding client hello. This message is always fatal.
         */
        public const byte unsupported_extension = 110;

        /*
         * RFC 3546
         */

        /**
         * This alert is sent by servers who are unable to retrieve a certificate chain from the URL
         * supplied by the client (see Section 3.3). This message MAY be fatal - for example if client
         * authentication is required by the server for the handshake to continue and the server is
         * unable to retrieve the certificate chain, it may send a fatal alert.
         */
        public const byte certificate_unobtainable = 111;

        /**
         * This alert is sent by servers that receive a server_name extension request, but do not
         * recognize the server name. This message MAY be fatal.
         */
        public const byte unrecognized_name = 112;

        /**
         * This alert is sent by clients that receive an invalid certificate status response (see
         * Section 3.6). This message is always fatal.
         */
        public const byte bad_certificate_status_response = 113;

        /**
         * This alert is sent by servers when a certificate hash does not match a client provided
         * certificate_hash. This message is always fatal.
         */
        public const byte bad_certificate_hash_value = 114;

        /*
         * RFC 4279
         */

        /**
         * If the server does not recognize the PSK identity, it MAY respond with an
         * "unknown_psk_identity" alert message.
         */
        public const byte unknown_psk_identity = 115;

        /*
         * RFC 7507
         */

        /**
         * If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version
         * supported by the server is higher than the version indicated in ClientHello.client_version,
         * the server MUST respond with a fatal inappropriate_fallback alert [..].
         */
        public const byte inappropriate_fallback = 86;

        public static string GetName(byte alertDescription)
        {
            switch (alertDescription)
            {
            case close_notify:
                return "close_notify";
            case unexpected_message:
                return "unexpected_message";
            case bad_record_mac:
                return "bad_record_mac";
            case decryption_failed:
                return "decryption_failed";
            case record_overflow:
                return "record_overflow";
            case decompression_failure:
                return "decompression_failure";
            case handshake_failure:
                return "handshake_failure";
            case no_certificate:
                return "no_certificate";
            case bad_certificate:
                return "bad_certificate";
            case unsupported_certificate:
                return "unsupported_certificate";
            case certificate_revoked:
                return "certificate_revoked";
            case certificate_expired:
                return "certificate_expired";
            case certificate_unknown:
                return "certificate_unknown";
            case illegal_parameter:
                return "illegal_parameter";
            case unknown_ca:
                return "unknown_ca";
            case access_denied:
                return "access_denied";
            case decode_error:
                return "decode_error";
            case decrypt_error:
                return "decrypt_error";
            case export_restriction:
                return "export_restriction";
            case protocol_version:
                return "protocol_version";
            case insufficient_security:
                return "insufficient_security";
            case internal_error:
                return "internal_error";
            case user_canceled:
                return "user_canceled";
            case no_renegotiation:
                return "no_renegotiation";
            case unsupported_extension:
                return "unsupported_extension";
            case certificate_unobtainable:
                return "certificate_unobtainable";
            case unrecognized_name:
                return "unrecognized_name";
            case bad_certificate_status_response:
                return "bad_certificate_status_response";
            case bad_certificate_hash_value:
                return "bad_certificate_hash_value";
            case unknown_psk_identity:
                return "unknown_psk_identity";
            case inappropriate_fallback:
                return "inappropriate_fallback";
            default:
                return "UNKNOWN";
            }
        }

        public static string GetText(byte alertDescription)
        {
            return GetName(alertDescription) + "(" + alertDescription + ")";
        }
    }
}

#endif