1 /*
2 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import javax.net.ssl.*;
29
30 /*
31 * A simple class to congregate alerts, their definitions, and common
32 * support methods.
33 */
34
35 final class Alerts {
36
37 /*
38 * Alerts are always a fixed two byte format (level/description).
39 */
40
41 // warnings and fatal errors are package private facilities/constants
42
43 // Alert levels (enum AlertLevel)
44 static final byte alert_warning = 1;
45 static final byte alert_fatal = 2;
46
47 /*
48 * Alert descriptions (enum AlertDescription)
49 *
50 * We may not use them all in our processing, but if someone
51 * sends us one, we can at least convert it to a string for the
52 * user.
53 */
54 static final byte alert_close_notify = 0;
55 static final byte alert_unexpected_message = 10;
56 static final byte alert_bad_record_mac = 20;
57 static final byte alert_decryption_failed = 21;
58 static final byte alert_record_overflow = 22;
59 static final byte alert_decompression_failure = 30;
60 static final byte alert_handshake_failure = 40;
61 static final byte alert_no_certificate = 41;
62 static final byte alert_bad_certificate = 42;
63 static final byte alert_unsupported_certificate = 43;
64 static final byte alert_certificate_revoked = 44;
65 static final byte alert_certificate_expired = 45;
66 static final byte alert_certificate_unknown = 46;
67 static final byte alert_illegal_parameter = 47;
68 static final byte alert_unknown_ca = 48;
69 static final byte alert_access_denied = 49;
70 static final byte alert_decode_error = 50;
71 static final byte alert_decrypt_error = 51;
72 static final byte alert_export_restriction = 60;
73 static final byte alert_protocol_version = 70;
74 static final byte alert_insufficient_security = 71;
75 static final byte alert_internal_error = 80;
76 static final byte alert_user_canceled = 90;
77 static final byte alert_no_renegotiation = 100;
78
79 // from RFC 3546 (TLS Extensions)
80 static final byte alert_unsupported_extension = 110;
81 static final byte alert_certificate_unobtainable = 111;
82 static final byte alert_unrecognized_name = 112;
83 static final byte alert_bad_certificate_status_response = 113;
84 static final byte alert_bad_certificate_hash_value = 114;
85
86 // Sent in response to a TLS_FALLBACK_SCSV-induced handshake failure.
87 static final byte alert_inappropriate_fallback = 86;
88
89 static String alertDescription(byte code) {
90 switch (code) {
91
92 case alert_close_notify:
93 return "close_notify";
94 case alert_unexpected_message:
95 return "unexpected_message";
96 case alert_bad_record_mac:
97 return "bad_record_mac";
98 case alert_decryption_failed:
99 return "decryption_failed";
100 case alert_record_overflow:
101 return "record_overflow";
102 case alert_decompression_failure:
103 return "decompression_failure";
104 case alert_handshake_failure:
105 return "handshake_failure";
106 case alert_no_certificate:
107 return "no_certificate";
108 case alert_bad_certificate:
109 return "bad_certificate";
110 case alert_unsupported_certificate:
111 return "unsupported_certificate";
112 case alert_certificate_revoked:
113 return "certificate_revoked";
114 case alert_certificate_expired:
115 return "certificate_expired";
116 case alert_certificate_unknown:
117 return "certificate_unknown";
118 case alert_illegal_parameter:
119 return "illegal_parameter";
120 case alert_unknown_ca:
121 return "unknown_ca";
122 case alert_access_denied:
123 return "access_denied";
124 case alert_decode_error:
125 return "decode_error";
126 case alert_decrypt_error:
127 return "decrypt_error";
128 case alert_export_restriction:
129 return "export_restriction";
130 case alert_protocol_version:
131 return "protocol_version";
132 case alert_insufficient_security:
133 return "insufficient_security";
134 case alert_internal_error:
135 return "internal_error";
136 case alert_user_canceled:
137 return "user_canceled";
138 case alert_no_renegotiation:
139 return "no_renegotiation";
140 case alert_unsupported_extension:
141 return "unsupported_extension";
142 case alert_certificate_unobtainable:
143 return "certificate_unobtainable";
144 case alert_unrecognized_name:
145 return "unrecognized_name";
146 case alert_bad_certificate_status_response:
147 return "bad_certificate_status_response";
148 case alert_bad_certificate_hash_value:
149 return "bad_certificate_hash_value";
150 case alert_inappropriate_fallback:
151 return "inappropriate_fallback";
152
153 default:
154 return "<UNKNOWN ALERT: " + (code & 0x0ff) + ">";
155 }
156 }
157
158 static SSLException getSSLException(byte description, String reason) {
159 return getSSLException(description, null, reason);
160 }
161
162 /*
163 * Try to be a little more specific in our choice of
164 * exceptions to throw.
165 */
166 static SSLException getSSLException(byte description, Throwable cause,
167 String reason) {
168
169 SSLException e;
170 // the SSLException classes do not have a no-args constructor
171 // make up a message if there is none
172 if (reason == null) {
173 if (cause != null) {
174 reason = cause.toString();
175 } else {
176 reason = "";
177 }
178 }
179 switch (description) {
180 case alert_handshake_failure:
181 case alert_no_certificate:
182 case alert_bad_certificate:
183 case alert_unsupported_certificate:
184 case alert_certificate_revoked:
185 case alert_certificate_expired:
186 case alert_certificate_unknown:
187 case alert_unknown_ca:
188 case alert_access_denied:
189 case alert_decrypt_error:
190 case alert_export_restriction:
191 case alert_insufficient_security:
192 case alert_unsupported_extension:
193 case alert_certificate_unobtainable:
194 case alert_unrecognized_name:
195 case alert_bad_certificate_status_response:
196 case alert_bad_certificate_hash_value:
197 case alert_inappropriate_fallback:
198 e = new SSLHandshakeException(reason);
199 break;
200
201 case alert_close_notify:
202 case alert_unexpected_message:
203 case alert_bad_record_mac:
204 case alert_decryption_failed:
205 case alert_record_overflow:
206 case alert_decompression_failure:
207 case alert_illegal_parameter:
208 case alert_decode_error:
209 case alert_protocol_version:
210 case alert_internal_error:
211 case alert_user_canceled:
212 case alert_no_renegotiation:
213 default:
214 e = new SSLException(reason);
215 break;
216 }
217
218 if (cause != null) {
219 e.initCause(cause);
220 }
221 return e;
222 }
223 }