1 /*
2 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import javax.net.ssl.*;
29
30 /*
31 * A simple class to congregate alerts, their definitions, and common
32 * support methods.
33 */
34
35 final class Alerts {
36
37 /*
38 * Alerts are always a fixed two byte format (level/description).
39 */
40
41 // warnings and fatal errors are package private facilities/constants
42
43 // Alert levels (enum AlertLevel)
44 static final byte alert_warning = 1;
45 static final byte alert_fatal = 2;
46
47 /*
48 * Alert descriptions (enum AlertDescription)
49 *
50 * We may not use them all in our processing, but if someone
51 * sends us one, we can at least convert it to a string for the
52 * user.
53 */
54 static final byte alert_close_notify = 0;
55 static final byte alert_unexpected_message = 10;
56 static final byte alert_bad_record_mac = 20;
57 static final byte alert_decryption_failed = 21;
58 static final byte alert_record_overflow = 22;
59 static final byte alert_decompression_failure = 30;
60 static final byte alert_handshake_failure = 40;
61 static final byte alert_no_certificate = 41;
62 static final byte alert_bad_certificate = 42;
63 static final byte alert_unsupported_certificate = 43;
64 static final byte alert_certificate_revoked = 44;
65 static final byte alert_certificate_expired = 45;
66 static final byte alert_certificate_unknown = 46;
67 static final byte alert_illegal_parameter = 47;
68 static final byte alert_unknown_ca = 48;
69 static final byte alert_access_denied = 49;
70 static final byte alert_decode_error = 50;
71 static final byte alert_decrypt_error = 51;
72 static final byte alert_export_restriction = 60;
73 static final byte alert_protocol_version = 70;
74 static final byte alert_insufficient_security = 71;
75 static final byte alert_internal_error = 80;
76 static final byte alert_user_canceled = 90;
77 static final byte alert_no_renegotiation = 100;
78
79 // from RFC 3546 (TLS Extensions)
80 static final byte alert_unsupported_extension = 110;
81 static final byte alert_certificate_unobtainable = 111;
82 static final byte alert_unrecognized_name = 112;
83 static final byte alert_bad_certificate_status_response = 113;
84 static final byte alert_bad_certificate_hash_value = 114;
85
86 static String alertDescription(byte code) {
87 switch (code) {
88
89 case alert_close_notify:
90 return "close_notify";
91 case alert_unexpected_message:
92 return "unexpected_message";
93 case alert_bad_record_mac:
94 return "bad_record_mac";
95 case alert_decryption_failed:
96 return "decryption_failed";
97 case alert_record_overflow:
98 return "record_overflow";
99 case alert_decompression_failure:
100 return "decompression_failure";
101 case alert_handshake_failure:
102 return "handshake_failure";
103 case alert_no_certificate:
104 return "no_certificate";
105 case alert_bad_certificate:
106 return "bad_certificate";
107 case alert_unsupported_certificate:
108 return "unsupported_certificate";
109 case alert_certificate_revoked:
110 return "certificate_revoked";
111 case alert_certificate_expired:
112 return "certificate_expired";
113 case alert_certificate_unknown:
114 return "certificate_unknown";
115 case alert_illegal_parameter:
116 return "illegal_parameter";
117 case alert_unknown_ca:
118 return "unknown_ca";
119 case alert_access_denied:
120 return "access_denied";
121 case alert_decode_error:
122 return "decode_error";
123 case alert_decrypt_error:
124 return "decrypt_error";
125 case alert_export_restriction:
126 return "export_restriction";
127 case alert_protocol_version:
128 return "protocol_version";
129 case alert_insufficient_security:
130 return "insufficient_security";
131 case alert_internal_error:
132 return "internal_error";
133 case alert_user_canceled:
134 return "user_canceled";
135 case alert_no_renegotiation:
136 return "no_renegotiation";
137 case alert_unsupported_extension:
138 return "unsupported_extension";
139 case alert_certificate_unobtainable:
140 return "certificate_unobtainable";
141 case alert_unrecognized_name:
142 return "unrecognized_name";
143 case alert_bad_certificate_status_response:
144 return "bad_certificate_status_response";
145 case alert_bad_certificate_hash_value:
146 return "bad_certificate_hash_value";
147
148 default:
149 return "<UNKNOWN ALERT: " + (code & 0x0ff) + ">";
150 }
151 }
152
153 static SSLException getSSLException(byte description, String reason) {
154 return getSSLException(description, null, reason);
155 }
156
157 /*
158 * Try to be a little more specific in our choice of
159 * exceptions to throw.
160 */
161 static SSLException getSSLException(byte description, Throwable cause,
162 String reason) {
163
164 SSLException e;
165 // the SSLException classes do not have a no-args constructor
166 // make up a message if there is none
167 if (reason == null) {
168 if (cause != null) {
169 reason = cause.toString();
170 } else {
171 reason = "";
172 }
173 }
174 switch (description) {
175 case alert_handshake_failure:
176 case alert_no_certificate:
177 case alert_bad_certificate:
178 case alert_unsupported_certificate:
179 case alert_certificate_revoked:
180 case alert_certificate_expired:
181 case alert_certificate_unknown:
182 case alert_unknown_ca:
183 case alert_access_denied:
184 case alert_decrypt_error:
185 case alert_export_restriction:
186 case alert_insufficient_security:
187 case alert_unsupported_extension:
188 case alert_certificate_unobtainable:
189 case alert_unrecognized_name:
190 case alert_bad_certificate_status_response:
191 case alert_bad_certificate_hash_value:
192 e = new SSLHandshakeException(reason);
193 break;
194
195 case alert_close_notify:
196 case alert_unexpected_message:
197 case alert_bad_record_mac:
198 case alert_decryption_failed:
199 case alert_record_overflow:
200 case alert_decompression_failure:
201 case alert_illegal_parameter:
202 case alert_decode_error:
203 case alert_protocol_version:
204 case alert_internal_error:
205 case alert_user_canceled:
206 case alert_no_renegotiation:
207 default:
208 e = new SSLException(reason);
209 break;
210 }
211
212 if (cause != null) {
213 e.initCause(cause);
214 }
215 return e;
216 }
217 }