You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
327 lines
14 KiB
327 lines
14 KiB
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR) |
|
#pragma warning disable |
|
using System; |
|
|
|
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Tls |
|
{ |
|
/// <summary>RFC 5246 7.2.</summary> |
|
public abstract class AlertDescription |
|
{ |
|
/// <summary>This message notifies the recipient that the sender will not send any more messages on this |
|
/// connection.</summary> |
|
/// <remarks> |
|
/// Note that as of TLS 1.1, failure to properly close a connection no longer requires that a session not be |
|
/// resumed. This is a change from TLS 1.0 ("The session becomes unresumable if any connection is terminated |
|
/// without proper close_notify messages with level equal to warning.") to conform with widespread |
|
/// implementation practice. |
|
/// </remarks> |
|
public const short close_notify = 0; |
|
|
|
/// <summary>An inappropriate message was received.</summary> |
|
/// <remarks> |
|
/// This alert is always fatal and should never be observed in communication between proper implementations. |
|
/// </remarks> |
|
public const short unexpected_message = 10; |
|
|
|
/// <summary>This alert is returned if a record is received with an incorrect MAC.</summary> |
|
/// <remarks> |
|
/// This alert also MUST be returned if an alert is sent because a TLSCiphertext decrypted in an invalid way: |
|
/// either it wasn't an even multiple of the block length, or its padding values, when checked, weren't |
|
/// correct. This message is always fatal and should never be observed in communication between proper |
|
/// implementations (except when messages were corrupted in the network). |
|
/// </remarks> |
|
public const short bad_record_mac = 20; |
|
|
|
/// <remarks> |
|
/// This alert was used in some earlier versions of TLS, and may have permitted certain attacks against the CBC |
|
/// mode [CBCATT]. It MUST NOT be sent by compliant implementations. |
|
/// </remarks> |
|
public const short decryption_failed = 21; |
|
|
|
/// <summary>A TLSCiphertext record was received that had a length more than 2^14+2048 bytes, or a record |
|
/// decrypted to a TLSCompressed record with more than 2^14+1024 bytes.</summary> |
|
/// <remarks> |
|
/// This message is always fatal and should never be observed in communication between proper implementations |
|
/// (except when messages were corrupted in the network). |
|
/// </remarks> |
|
public const short record_overflow = 22; |
|
|
|
/// <summary>The decompression function received improper input (e.g., data that would expand to excessive |
|
/// length).</summary> |
|
/// <remarks> |
|
/// This message is always fatal and should never be observed in communication between proper implementations. |
|
/// </remarks> |
|
public const short decompression_failure = 30; |
|
|
|
/// <summary>Reception of a handshake_failure alert message indicates that the sender was unable to negotiate |
|
/// an acceptable set of security parameters given the options available.</summary> |
|
/// <remarks> |
|
/// This is a fatal error. |
|
/// </remarks> |
|
public const short handshake_failure = 40; |
|
|
|
/// <remarks> |
|
/// This alert was used in SSLv3 but not any version of TLS. It MUST NOT be sent by compliant implementations. |
|
/// </remarks> |
|
public const short no_certificate = 41; |
|
|
|
/// <summary>A certificate was corrupt, contained signatures that did not verify correctly, etc.</summary> |
|
public const short bad_certificate = 42; |
|
|
|
/// <summary>A certificate was of an unsupported type.</summary> |
|
public const short unsupported_certificate = 43; |
|
|
|
/// <summary>A certificate was revoked by its signer.</summary> |
|
public const short certificate_revoked = 44; |
|
|
|
/// <summary>A certificate has expired or is not currently valid.</summary> |
|
public const short certificate_expired = 45; |
|
|
|
/// <summary>Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. |
|
/// </summary> |
|
public const short certificate_unknown = 46; |
|
|
|
/// <summary>A field in the handshake was out of range or inconsistent with other fields.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short illegal_parameter = 47; |
|
|
|
/// <summary>A valid certificate chain or partial chain was received, but the certificate was not accepted |
|
/// because the CA certificate could not be located or couldn't be matched with a known, trusted CA.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short unknown_ca = 48; |
|
|
|
/// <summary>A valid certificate was received, but when access control was applied, the sender decided not to |
|
/// proceed with negotiation.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short access_denied = 49; |
|
|
|
/// <summary>A message could not be decoded because some field was out of the specified range or the length of |
|
/// the message was incorrect.</summary> |
|
/// <remarks> |
|
/// This message is always fatal and should never be observed in communication between proper |
|
/// implementations (except when messages were corrupted in the network). |
|
/// </remarks> |
|
public const short decode_error = 50; |
|
|
|
/// <summary>A handshake cryptographic operation failed, including being unable to correctly verify a signature |
|
/// or validate a Finished message.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short decrypt_error = 51; |
|
|
|
/// <remarks> |
|
/// This alert was used in some earlier versions of TLS. It MUST NOT be sent by compliant implementations. |
|
/// </remarks> |
|
public const short export_restriction = 60; |
|
|
|
/// <summary>The protocol version the client has attempted to negotiate is recognized but not supported. |
|
/// </summary> |
|
/// <remarks> |
|
/// (For example, old protocol versions might be avoided for security reasons.) This message is always fatal. |
|
/// </remarks> |
|
public const short protocol_version = 70; |
|
|
|
/// <summary>Returned instead of handshake_failure when a negotiation has failed specifically because the |
|
/// server requires ciphers more secure than those supported by the client.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short insufficient_security = 71; |
|
|
|
/// <summary>An internal error unrelated to the peer or the correctness of the protocol (such as a memory |
|
/// allocation failure) makes it impossible to continue.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short internal_error = 80; |
|
|
|
/// <summary>This handshake is being canceled for some reason unrelated to a protocol failure.</summary> |
|
/// <remarks> |
|
/// If the user cancels an operation after the handshake is complete, just closing the connection by sending a |
|
/// close_notify is more appropriate. This alert should be followed by a close_notify. This message is |
|
/// generally a warning. |
|
/// </remarks> |
|
public const short user_canceled = 90; |
|
|
|
/// <summary>Sent by the client in response to a hello request or by the server in response to a client hello |
|
/// after initial handshaking.</summary> |
|
/// <remarks> |
|
/// Either of these would normally lead to renegotiation; when that is not appropriate, the recipient should |
|
/// respond with this alert. At that point, the original requester can decide whether to proceed with the |
|
/// connection. One case where this would be appropriate is where a server has spawned a process to satisfy a |
|
/// request; the process might receive security parameters (key length, authentication, etc.) at startup, and |
|
/// it might be difficult to communicate changes to these parameters after that point. This message is always a |
|
/// warning. |
|
/// </remarks> |
|
public const short no_renegotiation = 100; |
|
|
|
/// <summary>Sent by clients that receive an extended server hello containing an extension that they did not |
|
/// put in the corresponding client hello.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short unsupported_extension = 110; |
|
|
|
/* |
|
* RFC 3546 |
|
*/ |
|
|
|
/// <summary>This alert is sent by servers who are unable to retrieve a certificate chain from the URL supplied |
|
/// by the client(see Section 3.3).</summary> |
|
/// <remarks> |
|
/// This message MAY be fatal - for example if client authentication is required by the server for the |
|
/// handshake to continue and the server is unable to retrieve the certificate chain, it may send a fatal |
|
/// alert. |
|
/// </remarks> |
|
public const short certificate_unobtainable = 111; |
|
|
|
/// <summary>This alert is sent by servers that receive a server_name extension request, but do not recognize |
|
/// the server name.</summary> |
|
/// <remarks> |
|
/// This message MAY be fatal. |
|
/// </remarks> |
|
public const short unrecognized_name = 112; |
|
|
|
/// <summary>This alert is sent by clients that receive an invalid certificate status response (see Section 3.6 |
|
/// ).</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short bad_certificate_status_response = 113; |
|
|
|
/// <summary>This alert is sent by servers when a certificate hash does not match a client provided |
|
/// certificate_hash.</summary> |
|
/// <remarks> |
|
/// This message is always fatal. |
|
/// </remarks> |
|
public const short bad_certificate_hash_value = 114; |
|
|
|
/* |
|
* RFC 4279 |
|
*/ |
|
|
|
/// <summary>If the server does not recognize the PSK identity, it MAY respond with an "unknown_psk_identity" |
|
/// alert message.</summary> |
|
public const short unknown_psk_identity = 115; |
|
|
|
/* |
|
* RFC 7301 |
|
*/ |
|
|
|
/// <summary>In the event that the server supports no protocols that the client advertises, then the server |
|
/// SHALL respond with a fatal "no_application_protocol" alert.</summary> |
|
public const short no_application_protocol = 120; |
|
|
|
/* |
|
* RFC 7507 |
|
*/ |
|
|
|
/// <summary>If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version |
|
/// supported by the server is higher than the version indicated in ClientHello.client_version, the server MUST |
|
/// respond with a fatal inappropriate_fallback alert[..].</summary> |
|
public const short inappropriate_fallback = 86; |
|
|
|
/* |
|
* RFC 8446 |
|
*/ |
|
|
|
/// <summary>Sent by endpoints that receive a handshake message not containing an extension that is mandatory |
|
/// to send for the offered TLS version or other negotiated parameters.</summary> |
|
public const short missing_extension = 109; |
|
|
|
/// <summary>Sent by servers when a client certificate is desired but none was provided by the client. |
|
/// </summary> |
|
public const short certificate_required = 116; |
|
|
|
public static string GetName(short alertDescription) |
|
{ |
|
switch (alertDescription) |
|
{ |
|
case close_notify: |
|
return "close_notify"; |
|
case unexpected_message: |
|
return "unexpected_message"; |
|
case bad_record_mac: |
|
return "bad_record_mac"; |
|
case decryption_failed: |
|
return "decryption_failed"; |
|
case record_overflow: |
|
return "record_overflow"; |
|
case decompression_failure: |
|
return "decompression_failure"; |
|
case handshake_failure: |
|
return "handshake_failure"; |
|
case no_certificate: |
|
return "no_certificate"; |
|
case bad_certificate: |
|
return "bad_certificate"; |
|
case unsupported_certificate: |
|
return "unsupported_certificate"; |
|
case certificate_revoked: |
|
return "certificate_revoked"; |
|
case certificate_expired: |
|
return "certificate_expired"; |
|
case certificate_unknown: |
|
return "certificate_unknown"; |
|
case illegal_parameter: |
|
return "illegal_parameter"; |
|
case unknown_ca: |
|
return "unknown_ca"; |
|
case access_denied: |
|
return "access_denied"; |
|
case decode_error: |
|
return "decode_error"; |
|
case decrypt_error: |
|
return "decrypt_error"; |
|
case export_restriction: |
|
return "export_restriction"; |
|
case protocol_version: |
|
return "protocol_version"; |
|
case insufficient_security: |
|
return "insufficient_security"; |
|
case internal_error: |
|
return "internal_error"; |
|
case user_canceled: |
|
return "user_canceled"; |
|
case no_renegotiation: |
|
return "no_renegotiation"; |
|
case unsupported_extension: |
|
return "unsupported_extension"; |
|
case certificate_unobtainable: |
|
return "certificate_unobtainable"; |
|
case unrecognized_name: |
|
return "unrecognized_name"; |
|
case bad_certificate_status_response: |
|
return "bad_certificate_status_response"; |
|
case bad_certificate_hash_value: |
|
return "bad_certificate_hash_value"; |
|
case unknown_psk_identity: |
|
return "unknown_psk_identity"; |
|
case no_application_protocol: |
|
return "no_application_protocol"; |
|
case inappropriate_fallback: |
|
return "inappropriate_fallback"; |
|
case missing_extension: |
|
return "missing_extension"; |
|
case certificate_required: |
|
return "certificate_required"; |
|
default: |
|
return "UNKNOWN"; |
|
} |
|
} |
|
|
|
public static string GetText(short alertDescription) |
|
{ |
|
return GetName(alertDescription) + "(" + alertDescription + ")"; |
|
} |
|
} |
|
} |
|
#pragma warning restore |
|
#endif
|
|
|