Path: blob/master/test/jdk/sun/security/ssl/CipherSuite/RestrictNamedGroup.java
41152 views
/*1* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 8226374 824292926* @library /javax/net/ssl/templates27* @summary Restrict signature algorithms and named groups28* @run main/othervm RestrictNamedGroup x2551929* @run main/othervm RestrictNamedGroup X44830* @run main/othervm RestrictNamedGroup secP256r131* @run main/othervm RestrictNamedGroup SECP384r132* @run main/othervm RestrictNamedGroup SECP521R133* @run main/othervm RestrictNamedGroup ffDhe204834* @run main/othervm RestrictNamedGroup FFDHE307235* @run main/othervm RestrictNamedGroup ffdhe409636* @run main/othervm RestrictNamedGroup ffdhe614437* @run main/othervm RestrictNamedGroup ffdhe819238*/3940import java.security.Security;41import java.util.Arrays;42import javax.net.ssl.SSLSocket;43import javax.net.ssl.SSLServerSocket;44import javax.net.ssl.SSLException;4546public class RestrictNamedGroup extends SSLSocketTemplate {4748private static volatile int index;49private static final String[][][] protocols = {50{{"TLSv1.3"}, {"TLSv1.3"}},51{{"TLSv1.3", "TLSv1.2"}, {"TLSv1.2"}},52{{"TLSv1.3", "TLSv1.2"}, {"TLSv1.2"}},53{{"TLSv1.2"}, {"TLSv1.3", "TLSv1.2"}},54{{"TLSv1.2"}, {"TLSv1.2"}}55};5657// Servers are configured before clients, increment test case after.58@Override59protected void configureClientSocket(SSLSocket socket) {60String[] ps = protocols[index][0];6162System.out.print("Setting client protocol(s): ");63Arrays.stream(ps).forEachOrdered(System.out::print);64System.out.println();6566socket.setEnabledProtocols(ps);67socket.setEnabledCipherSuites(new String[] {68"TLS_AES_128_GCM_SHA256",69"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});70}7172@Override73protected void configureServerSocket(SSLServerSocket serverSocket) {74String[] ps = protocols[index][1];7576System.out.print("Setting server protocol(s): ");77Arrays.stream(ps).forEachOrdered(System.out::print);78System.out.println();7980serverSocket.setEnabledProtocols(ps);81serverSocket.setEnabledCipherSuites(new String[] {82"TLS_AES_128_GCM_SHA256",83"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});84}8586/*87* Run the test case.88*/89public static void main(String[] args) throws Exception {90// Named group is set as per run argument with no change in it's alphabet91Security.setProperty("jdk.tls.disabledAlgorithms", args[0]);92System.setProperty("jdk.tls.namedGroups", args[0]);9394for (index = 0; index < protocols.length; index++) {95try {96(new RestrictNamedGroup()).run();97} catch (SSLException | IllegalStateException ssle) {98// The named group should be restricted.99continue;100}101102throw new Exception("The test case should be disabled");103}104}105}106107108