278 lines
7.6 KiB
C#
278 lines
7.6 KiB
C#
|
//
|
||
|
// Alert.cs
|
||
|
//
|
||
|
// Author:
|
||
|
// Martin Baulig <martin.baulig@xamarin.com>
|
||
|
//
|
||
|
// Copyright (c) 2015 Xamarin, Inc.
|
||
|
//
|
||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||
|
// of this software and associated documentation files (the "Software"), to deal
|
||
|
// in the Software without restriction, including without limitation the rights
|
||
|
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||
|
// copies of the Software, and to permit persons to whom the Software is
|
||
|
// furnished to do so, subject to the following conditions:
|
||
|
//
|
||
|
// The above copyright notice and this permission notice shall be included in
|
||
|
// all copies or substantial portions of the Software.
|
||
|
//
|
||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||
|
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||
|
// THE SOFTWARE.
|
||
|
|
||
|
using System;
|
||
|
|
||
|
namespace Mono.Security.Interface
|
||
|
{
|
||
|
#region Enumerations
|
||
|
|
||
|
public enum AlertLevel : byte
|
||
|
{
|
||
|
Warning = 1,
|
||
|
Fatal = 2
|
||
|
}
|
||
|
|
||
|
public enum AlertDescription : byte
|
||
|
{
|
||
|
CloseNotify = 0,
|
||
|
UnexpectedMessage = 10,
|
||
|
BadRecordMAC = 20,
|
||
|
DecryptionFailed_RESERVED = 21,
|
||
|
RecordOverflow = 22,
|
||
|
DecompressionFailure = 30,
|
||
|
HandshakeFailure = 40,
|
||
|
NoCertificate_RESERVED = 41, // should be used in SSL3
|
||
|
BadCertificate = 42,
|
||
|
UnsupportedCertificate = 43,
|
||
|
CertificateRevoked = 44,
|
||
|
CertificateExpired = 45,
|
||
|
CertificateUnknown = 46,
|
||
|
IlegalParameter = 47,
|
||
|
UnknownCA = 48,
|
||
|
AccessDenied = 49,
|
||
|
DecodeError = 50,
|
||
|
DecryptError = 51,
|
||
|
ExportRestriction = 60,
|
||
|
ProtocolVersion = 70,
|
||
|
InsuficientSecurity = 71,
|
||
|
InternalError = 80,
|
||
|
UserCancelled = 90,
|
||
|
NoRenegotiation = 100,
|
||
|
UnsupportedExtension = 110
|
||
|
}
|
||
|
|
||
|
#endregion
|
||
|
|
||
|
public class Alert
|
||
|
{
|
||
|
#region Fields
|
||
|
|
||
|
private AlertLevel level;
|
||
|
private AlertDescription description;
|
||
|
|
||
|
#endregion
|
||
|
|
||
|
#region Properties
|
||
|
|
||
|
public AlertLevel Level
|
||
|
{
|
||
|
get { return this.level; }
|
||
|
}
|
||
|
|
||
|
public AlertDescription Description
|
||
|
{
|
||
|
get { return this.description; }
|
||
|
}
|
||
|
|
||
|
public string Message
|
||
|
{
|
||
|
get { return Alert.GetAlertMessage(this.description); }
|
||
|
}
|
||
|
|
||
|
public bool IsWarning
|
||
|
{
|
||
|
get { return this.level == AlertLevel.Warning ? true : false; }
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
public bool IsFatal
|
||
|
{
|
||
|
get { return this.level == AlertLevel.Fatal ? true : false; }
|
||
|
}
|
||
|
*/
|
||
|
|
||
|
public bool IsCloseNotify
|
||
|
{
|
||
|
get
|
||
|
{
|
||
|
if (this.IsWarning &&
|
||
|
this.description == AlertDescription.CloseNotify)
|
||
|
{
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
#endregion
|
||
|
|
||
|
#region Constructors
|
||
|
|
||
|
public Alert(AlertDescription description)
|
||
|
{
|
||
|
this.description = description;
|
||
|
this.inferAlertLevel();
|
||
|
}
|
||
|
|
||
|
public Alert(
|
||
|
AlertLevel level,
|
||
|
AlertDescription description)
|
||
|
{
|
||
|
this.level = level;
|
||
|
this.description = description;
|
||
|
}
|
||
|
|
||
|
#endregion
|
||
|
|
||
|
#region Private Methods
|
||
|
|
||
|
private void inferAlertLevel()
|
||
|
{
|
||
|
switch (description)
|
||
|
{
|
||
|
case AlertDescription.CloseNotify:
|
||
|
case AlertDescription.NoRenegotiation:
|
||
|
case AlertDescription.UserCancelled:
|
||
|
this.level = AlertLevel.Warning;
|
||
|
break;
|
||
|
|
||
|
case AlertDescription.AccessDenied:
|
||
|
case AlertDescription.BadCertificate:
|
||
|
case AlertDescription.BadRecordMAC:
|
||
|
case AlertDescription.CertificateExpired:
|
||
|
case AlertDescription.CertificateRevoked:
|
||
|
case AlertDescription.CertificateUnknown:
|
||
|
case AlertDescription.DecodeError:
|
||
|
case AlertDescription.DecompressionFailure:
|
||
|
case AlertDescription.DecryptError:
|
||
|
case AlertDescription.DecryptionFailed_RESERVED:
|
||
|
case AlertDescription.ExportRestriction:
|
||
|
case AlertDescription.HandshakeFailure:
|
||
|
case AlertDescription.IlegalParameter:
|
||
|
case AlertDescription.InsuficientSecurity:
|
||
|
case AlertDescription.InternalError:
|
||
|
case AlertDescription.ProtocolVersion:
|
||
|
case AlertDescription.RecordOverflow:
|
||
|
case AlertDescription.UnexpectedMessage:
|
||
|
case AlertDescription.UnknownCA:
|
||
|
case AlertDescription.UnsupportedCertificate:
|
||
|
case AlertDescription.UnsupportedExtension:
|
||
|
default:
|
||
|
this.level = AlertLevel.Fatal;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
#endregion
|
||
|
|
||
|
public override string ToString ()
|
||
|
{
|
||
|
return string.Format ("[Alert: {0}:{1}]", Level, Description);
|
||
|
}
|
||
|
|
||
|
#region Static Methods
|
||
|
|
||
|
public static string GetAlertMessage(AlertDescription description)
|
||
|
{
|
||
|
#if (DEBUG)
|
||
|
switch (description)
|
||
|
{
|
||
|
case AlertDescription.AccessDenied:
|
||
|
return "An inappropriate message was received.";
|
||
|
|
||
|
case AlertDescription.BadCertificate:
|
||
|
return "TLSCiphertext decrypted in an invalid way.";
|
||
|
|
||
|
case AlertDescription.BadRecordMAC:
|
||
|
return "Record with an incorrect MAC.";
|
||
|
|
||
|
case AlertDescription.CertificateExpired:
|
||
|
return "Certificate has expired or is not currently valid";
|
||
|
|
||
|
case AlertDescription.CertificateRevoked:
|
||
|
return "Certificate was revoked by its signer.";
|
||
|
|
||
|
case AlertDescription.CertificateUnknown:
|
||
|
return "Certificate Unknown.";
|
||
|
|
||
|
case AlertDescription.CloseNotify:
|
||
|
return "Connection closed";
|
||
|
|
||
|
case AlertDescription.DecodeError:
|
||
|
return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";
|
||
|
|
||
|
case AlertDescription.DecompressionFailure:
|
||
|
return "The decompression function received improper input (e.g. data that would expand to excessive length).";
|
||
|
|
||
|
case AlertDescription.DecryptError:
|
||
|
return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";
|
||
|
|
||
|
case AlertDescription.DecryptionFailed_RESERVED:
|
||
|
return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";
|
||
|
|
||
|
case AlertDescription.ExportRestriction:
|
||
|
return "Negotiation not in compliance with export restrictions was detected.";
|
||
|
|
||
|
case AlertDescription.HandshakeFailure:
|
||
|
return "Unable to negotiate an acceptable set of security parameters given the options available.";
|
||
|
|
||
|
case AlertDescription.IlegalParameter:
|
||
|
return "A field in the handshake was out of range or inconsistent with other fields.";
|
||
|
|
||
|
case AlertDescription.InsuficientSecurity:
|
||
|
return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";
|
||
|
|
||
|
case AlertDescription.InternalError:
|
||
|
return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";
|
||
|
|
||
|
case AlertDescription.NoRenegotiation:
|
||
|
return "Invalid renegotiation.";
|
||
|
|
||
|
case AlertDescription.ProtocolVersion:
|
||
|
return "Unsupported protocol version.";
|
||
|
|
||
|
case AlertDescription.RecordOverflow:
|
||
|
return "Invalid length on TLSCiphertext record or TLSCompressed record.";
|
||
|
|
||
|
case AlertDescription.UnexpectedMessage:
|
||
|
return "Invalid message received.";
|
||
|
|
||
|
case AlertDescription.UnknownCA:
|
||
|
return "CA can't be identified as a trusted CA.";
|
||
|
|
||
|
case AlertDescription.UnsupportedCertificate:
|
||
|
return "Certificate was of an unsupported type.";
|
||
|
|
||
|
case AlertDescription.UserCancelled:
|
||
|
return "Handshake cancelled by user.";
|
||
|
|
||
|
case AlertDescription.UnsupportedExtension:
|
||
|
return "Unsupported extension.";
|
||
|
|
||
|
default:
|
||
|
return "";
|
||
|
}
|
||
|
#else
|
||
|
return "The authentication or decryption has failed.";
|
||
|
#endif
|
||
|
}
|
||
|
|
||
|
#endregion
|
||
|
}
|
||
|
}
|