--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/CipherSuite/RestrictNamedGroup.java Mon Aug 12 21:36:29 2019 -0700
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8226374
+ * @library /javax/net/ssl/templates
+ * @summary Restrict signature algorithms and named groups
+ * @run main/othervm RestrictNamedGroup x25519
+ * @run main/othervm RestrictNamedGroup x448
+ * @run main/othervm RestrictNamedGroup secp256r1
+ * @run main/othervm RestrictNamedGroup secp384r1
+ * @run main/othervm RestrictNamedGroup secp521r1
+ * @run main/othervm RestrictNamedGroup ffdhe2048
+ * @run main/othervm RestrictNamedGroup ffdhe3072
+ * @run main/othervm RestrictNamedGroup ffdhe4096
+ * @run main/othervm RestrictNamedGroup ffdhe6144
+ * @run main/othervm RestrictNamedGroup ffdhe8192
+ */
+
+import java.security.Security;
+import java.util.Arrays;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLException;
+
+public class RestrictNamedGroup extends SSLSocketTemplate {
+
+ private static volatile int index;
+ private static final String[][][] protocols = {
+ {{"TLSv1.3"}, {"TLSv1.3"}},
+ {{"TLSv1.3", "TLSv1.2"}, {"TLSv1.2"}},
+ {{"TLSv1.3", "TLSv1.2"}, {"TLSv1.2"}},
+ {{"TLSv1.2"}, {"TLSv1.3", "TLSv1.2"}},
+ {{"TLSv1.2"}, {"TLSv1.2"}}
+ };
+
+ // Servers are configured before clients, increment test case after.
+ @Override
+ protected void configureClientSocket(SSLSocket socket) {
+ String[] ps = protocols[index][0];
+
+ System.out.print("Setting client protocol(s): ");
+ Arrays.stream(ps).forEachOrdered(System.out::print);
+ System.out.println();
+
+ socket.setEnabledProtocols(ps);
+ socket.setEnabledCipherSuites(new String[] {
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
+ }
+
+ @Override
+ protected void configureServerSocket(SSLServerSocket serverSocket) {
+ String[] ps = protocols[index][1];
+
+ System.out.print("Setting server protocol(s): ");
+ Arrays.stream(ps).forEachOrdered(System.out::print);
+ System.out.println();
+
+ serverSocket.setEnabledProtocols(ps);
+ serverSocket.setEnabledCipherSuites(new String[] {
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
+ }
+
+ /*
+ * Run the test case.
+ */
+ public static void main(String[] args) throws Exception {
+ Security.setProperty("jdk.tls.disabledAlgorithms", args[0]);
+ System.setProperty("jdk.tls.namedGroups", args[0]);
+
+ for (index = 0; index < protocols.length; index++) {
+ try {
+ (new RestrictNamedGroup()).run();
+ } catch (SSLException | IllegalStateException ssle) {
+ // The named group should be restricted.
+ continue;
+ }
+
+ throw new Exception("The test case should be disabled");
+ }
+ }
+}