Skip to content
ItsSecurity_TestCases.ttcn3 631 KiB
Newer Older
garciay's avatar
garciay committed
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                // Check that the signature is valid
                                if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_chain[v_counter], v_chain[v_counter - 1])) {
                                    log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                            } // End of 'for' statement
                            
                            log("*** " & testcasename() & ": PASS: All certificates in the chain signed by it's issuing certs ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        } else {
                            log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_SND_CERT_11_02_BV
garciay's avatar
garciay committed
             * @desc Sending behaviour test cases for AA certificate profil
             * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.7 AA certificate profile
             */
            group AA_Certificates {
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that the subject_type of the AA certificate is set to authorization_authority
garciay's avatar
garciay committed
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
garciay's avatar
garciay committed
                 *           indicating 'certificate_chain'
garciay's avatar
garciay committed
                 *         containing certificates[last-1] {
                 *           containing subject_info.subject_type
                 *             indicating 'authorization_authority' (2)
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_01_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 7.4.3
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AA_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var CertificateChain         v_chain;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) {
                        log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
garciay's avatar
garciay committed
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AA_01_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc The AA certificsate subject_name variable-length vector shall have a maximum length of 32 bytes
garciay's avatar
garciay committed
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating certificate_chain
garciay's avatar
garciay committed
                 *         containing certificates[last-1]
garciay's avatar
garciay committed
                 *           containing subject_info.subject_name
                 *             indicating length <= 32 bytes
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_02_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 6.2
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AA_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var CertificateChain         v_chain;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    // Verified automatically on decoding
                    if (lengthof(v_chain[lengthof(v_chain) - 2].subject_info.subject_name) > 32 ) {
                        log("*** " & testcasename() & ": FAIL: Subject name of the AA certificate is too long ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: Subject name of the AA certificate is good ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AA_02_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that signer_info type of AA certificates is set to 'certificate_digest_with_sha256'
garciay's avatar
garciay committed
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating certificate_chain
garciay's avatar
garciay committed
                 *         containing certificates[last-1]
                 *           containing signer_info
garciay's avatar
garciay committed
                 *             containing type
                 *               indicating 'certificate_digest_with_sha256'
                 *             containing digest
                 *   }
                 * }
                 * </pre>
garciay's avatar
garciay committed
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_03_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 7.4.4
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AA_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var CertificateChain         v_chain;
                    var Certificate              v_aa_cert;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
                    if (not match(v_aa_cert, mw_aa_certificate(mw_signerInfo_digest))) {
                        log("*** " & testcasename() & ": FAIL: AA certificate not signed by digest ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: AA certificate is signed by digest ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AA_03_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that all neccesary subject attributes are present and arranged in accesing order
garciay's avatar
garciay committed
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating certificate_chain
garciay's avatar
garciay committed
                 *         containing certificates[last-1]
                 *           containing subject_attributes [0..N]
garciay's avatar
garciay committed
                 *             indicating subject_attributes[n].type < subject_attributes[n+ 1].type
                 *             containing subject_attributes['verification_key']
                 *             containing subject_attributes['assurance_level']
                 *             containing subject_attributes['its_aid_list']
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_05_01_BV
garciay's avatar
garciay committed
                 * @reference   ETSI TS 103 097 [1], clauses 6.1, 7.4.1 and 7.4.3
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AA_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var CertificateChain         v_chain;
                    var SubjectAttributes        v_attrs;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    if (not match(v_chain[lengthof(v_chain) - 2], 
                                 mw_aa_certificate(?,
                                        superset(mw_subject_attribute_verification_key,
                                                 mw_subject_attribute_assurance_level,
                                                 mw_subject_attribute_its_aid_list)))
                     ) {
                        log("*** " & testcasename() & ": FAIL: Required subject attribute of AA certificate is not found ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    v_attrs := v_chain[lengthof(v_chain) - 2].subject_attributes;
                    for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
                        if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
                            log("*** " & testcasename() & ": FAIL: AA certificate subject attributes are not arranged in accening order ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    
                    log("*** " & testcasename() & ": PASS: All required AA certificate subject attributes are presents ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AA_05_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that all AIDs containing in the in the its_aid_list in AA certificate are unique
                 *       Check that AID list contains not more then 31 items       
garciay's avatar
garciay committed
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating certificate_chain
garciay's avatar
garciay committed
                 *         containing certificates[last-1]
                 *           containing subject_attributes['its_aid_list']
                 *             containing its_aid_list[0..N]
                 *               containing no more then 31 unique item
garciay's avatar
garciay committed
                 *   }
                 * }
                 * </pre>
garciay's avatar
garciay committed
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_08_01_BV
                 * @reference   ETSI TS 103 097 [1], clauses 6.9 and 7.4.3
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AA_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var CertificateChain         v_chain;
                    var Certificate              v_aa_cert;
garciay's avatar
garciay committed
                    var SubjectAttribute         v_sa;
garciay's avatar
garciay committed
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
garciay's avatar
garciay committed
                    if (f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
                        
                        if (lengthof(v_sa.attribute.its_aid_list) > 31) {
                            log("*** " & testcasename() & ": FAIL: ITS-AID list contains " & int2str(lengthof(v_sa.attribute.its_aid_list)) & " items (>31) ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        for (var integer v_counter :=0; v_counter < lengthof(v_sa.attribute.its_aid_list); v_counter := v_counter + 1) {
                            for (var integer j :=0; j < lengthof(v_sa.attribute.its_aid_list); j := j + 1) {
                                if (v_counter != j and v_sa.attribute.its_aid_list[v_counter] == v_sa.attribute.its_aid_list[j]) {
                                    log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_sa.attribute.its_aid_list[j]) & " is duplicated in AA certificate ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                            }
                        } // End of 'for' statement
                    } else {
                        log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
garciay's avatar
garciay committed
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AA_08_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that all mandatory validity restrictions are present and arranged in ascending order
garciay's avatar
garciay committed
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
                 *           containing type
                 *               indicating 'certificate_chain'
                 *           and containing certificates
                 *               containing certificates[last-1]
                 *                   containing validity_restrictions[0..N]
                 *                       indicating validity_restrictions[n].type
                 *                               < validity_restrictions[n+1].type
                 *                       and containing validity_restrictions['time_start_and_end']
                 *                       and not containing validity_restrictions['time_end']
                 *                       and not containing validity_restrictions['time_start_and_duration']
garciay's avatar
garciay committed
                 *   }
                 * }
                 * </pre>
garciay's avatar
garciay committed
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_10_01_BV
                 * @reference   ETSI TS 103 097 [1], clauses 6.7, 6.74 and 7.4.1
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AA_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                    // Local variables
                    var GeoNetworkingInd v_geoNwInd;
                    var HeaderFields v_headersFields;
                    var integer v_previousHeaderType;
garciay's avatar
garciay committed
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    tc_ac.start;
garciay's avatar
garciay committed
                    alt {
                        [] geoNetworkingPort.receive(
                            mw_geoNwInd(
                                mw_geoNwSecPdu(
                                    mdw_securedMessage(
                                        superset(
                                            ?, 
                                            mw_header_field(e_generation_time), 
                                            ?
                                        )
                                    ), 
                                    ?
                        ))) -> value v_geoNwInd {
                            tc_ac.stop;
garciay's avatar
garciay committed
                        
garciay's avatar
garciay committed
                            // Process header fields manually
                            v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
                            
                            // Check that signerInfo is first header
                            if ((lengthof(v_headersFields) < 1) or not match(v_headersFields[0].type_, e_signer_info)) {
                                log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            
                            for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
                                // Check forbidden header
                                if (not match(v_headersFields[v_counter].type_, e_time_start_and_end)) { // FIXME To be reviewed
                                    log("*** " & testcasename() & ": FAIL: Forbidden header present");
garciay's avatar
garciay committed
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
                                } 
                                
                                if (v_counter > 1 ) {
                                    // Check that headers are ordered
                                    if (match(v_headersFields[v_counter].type_, integer:(0..v_previousHeaderType))) {
                                        // Check that header is duplicated
                                        if (match(v_headersFields[v_counter].type_, v_previousHeaderType)) {
                                            log("*** " & testcasename() & ": FAIL: multiple instances of same header");
                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                        }else{
                                            log("*** " & testcasename() & ": FAIL: headers not in correct order");
                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                        }
                                    }
garciay's avatar
garciay committed
                                }
garciay's avatar
garciay committed
                                v_previousHeaderType := enum2int(v_headersFields[v_counter].type_);
                            } // End of 'for' statement
                            
                            log("*** " & testcasename() & ": PASS: correct secured packet received");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        }
                        [] tc_ac.timeout {
                            log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                        } 
                    } // End of 'alt' statement
garciay's avatar
garciay committed
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AA_10_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that time_start_and_end is included in the AA certificate validation restrictions;
                 *       Check that end_validity is greater than start_validity
                 *       Check that validity restriction of AA certificate is inside the validity restriction of its issuing certificate
garciay's avatar
garciay committed
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing validity_restrictions
garciay's avatar
garciay committed
                 *             containing validity_restrictions['time_start_and_end']
                 *               containing start_validity
                 *                 indicating START_AA_VALIDITY
                 *               containing end_validity
                 *                 indicating END_AA_VALIDITY >=START_AA_VALIDITY
                 *             and containing signer_info
                 *               containing digest
                 *                 referenced to the trusted certificate
                 *                   containing validity_restrictions['time_end']
                 *                     containing end_validity
                 *                       indicating value > AA_END_VALIDITY
                 *                   or containing validity_restrictions['time_start_and_end']
                 *                     containing start_validity
                 *                       indicating value <= AA_START_VALIDITY
                 *                     and containing end_validity
                 *                       indicating value > AA_END_VALIDITY
                 *                   or containing validity_restrictions['time_start_and_duration']
                 *                     containing start_validity
                 *                       indicating X_START_VALIDITY <= AA_START_VALIDITY
                 *                     and containing duration
                 *                       indicating value > AA_END_VALIDITY - X_START_VALIDITY
garciay's avatar
garciay committed
                 *   }
                 * }
                 * </pre>
garciay's avatar
garciay committed
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_11_01_BV
                 * @reference   ETSI TS 103 097 [1], clauses 7.4.4
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AA_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                    var CertificateChain         v_chain;
                    var Certificate              v_aa_cert;
                    var ValidityRestriction      v_vr;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
                    if (match (v_aa_cert.validity_restrictions, (superset(mw_validity_restriction_time_end,
                                                                          mw_validity_restriction_time_start_and_duration)))
                    ) {
                        log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) {
                        log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
                        log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AA_11_01_BV
garciay's avatar
garciay committed
                
            } // End of group AA_Certificates 
garciay's avatar
garciay committed
             * @desc Sending behaviour test cases for AT certificate profil
             * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.8 AT certificate profile
             */
            group AT_Certificates {
                
                /**
                 * @desc Check that the subject_type of the AT certificate is set to 'authorization_ticket'   
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating 'certificate'
garciay's avatar
garciay committed
                 *         containing certificate
garciay's avatar
garciay committed
                 *           containing subject_info.subject_type
                 *             indicating 'authorization_ticket' (1)
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_01_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 7.4.1
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var Certificate         v_at_cert;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
                    tc_ac.start;
                    if (not f_waitForCertificate(v_at_cert)) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (not match(v_at_cert, mw_at_certificate)) {
                        log("*** " & testcasename() & ": FAIL: Message wasn't signed by AT certificate ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: AT certificate has the 'authorization_ticket' subject_type  ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AT_01_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that the subject_name variable-length vector is empty for AT certificates
garciay's avatar
garciay committed
                 * <pre>
garciay's avatar
garciay committed
                 * Pics Selection: PICS_GN_SECURITY
garciay's avatar
garciay committed
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating 'certificate'
garciay's avatar
garciay committed
                 *         containing certificates
                 *           containing subject_info.subject_name
                 *             indicating length = 0
garciay's avatar
garciay committed
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_02_01_BV
garciay's avatar
garciay committed
                 * @reference   ETSI TS 103 097 [1], clause 7.4.2
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var Certificate         v_at_cert;
                    
                    // Test control
garciay's avatar
garciay committed
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
garciay's avatar
garciay committed
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
                    tc_ac.start;
                    if (not f_waitForCertificate(v_at_cert)) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
garciay's avatar
garciay committed
                    if (0 != lengthof(v_at_cert.subject_info.subject_name)) {
                        log("*** " & testcasename() & ": FAIL: Subject name of the AT certificate is not empty ***");
garciay's avatar
garciay committed
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ": PASS: Subject name of the AT certificate is empty ***");
garciay's avatar
garciay committed
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AT_02_01_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that signer_info type of AT certificates is set to 'certificate_digest_with_sha256' 
garciay's avatar
garciay committed
                 * <pre>
garciay's avatar
garciay committed
                 * Pics Selection: PICS_GN_SECURITY
garciay's avatar
garciay committed
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating 'certificate'
garciay's avatar
garciay committed
                 *         containing certificate
                 *           containing signer_info
                 *             containing type
                 *               indicating 'certificate_digest_with_sha256'
                 *             containing digest
garciay's avatar
garciay committed
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_03_01_BV
garciay's avatar
garciay committed
                 * @reference   ETSI TS 103 097 [1], clauses 6.1, 7.4 and 7.4.1
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AT_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var Certificate         v_at_cert;
                    
                    // Test control
garciay's avatar
garciay committed
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
garciay's avatar
garciay committed
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
                    tc_ac.start;
                    if (not f_waitForCertificate(v_at_cert)) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
garciay's avatar
garciay committed
                    if (
                        not match(v_at_cert, mw_certificate(mw_signerInfo_digest))
                    ) {
                        log("*** " & testcasename() & ": FAIL: AT certificate doesn't contain a digest of issuing cert ***");
garciay's avatar
garciay committed
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ": PASS: The signer info of AT certificate is a digest ***");
garciay's avatar
garciay committed
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AT_02_03_BV
garciay's avatar
garciay committed
                
                /**
garciay's avatar
garciay committed
                 * @desc Check that all neccesary subject attributes of AT certificate are present and arranged in accesing order
garciay's avatar
garciay committed
                 * <pre>
garciay's avatar
garciay committed
                 * Pics Selection: PICS_GN_SECURITY
garciay's avatar
garciay committed
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
garciay committed
                 *       containing header_fields['signer_info'].signer
garciay's avatar
garciay committed
                 *         containing type
                 *           indicating 'certificate'
garciay's avatar
garciay committed
                 *         containing certificate
                 *           containing subject_attributes [0..N]
garciay's avatar
garciay committed
                 *             indicating subject_attributes[n].type < subject_attributes[n+ 1].type
                 *             containing subject_attributes['verification_key']
                 *             containing subject_attributes['assurance_level']
                 *             containing subject_attributes['its_aid_ssp_list']
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_04_01_BV
garciay's avatar
garciay committed
                 * @reference   ETSI TS 103 097 [1], clauses 7.4.1 and 7.4.2
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var Certificate         v_at_cert;
                    var SubjectAttributes   v_attrs;
                    
                    // Test control
garciay's avatar
garciay committed
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
garciay's avatar
garciay committed
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
                    tc_ac.start;
                    if (not f_waitForCertificate(v_at_cert)) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (not match(
                        v_at_cert, 
                            mw_at_certificate(
                                ?,
                                superset(
                                    mw_subject_attribute_verification_key,
                                    mw_subject_attribute_assurance_level,
                                    mw_subject_attribute_its_aid_ssp_list
                     )))) {
                        log("*** " & testcasename() & ": FAIL: Required subject attribute of AT certificate is not found ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    v_attrs := v_at_cert.subject_attributes;
                    for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
                        if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
                            log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    } // End of 'for' statement
                    
                    log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
garciay committed
                } // End of testcase TC_SEC_SND_CERT_AT_04_01_BV
garciay's avatar
garciay committed
                
                /**
                 * @desc Check that time_start_and_end is included in the AT certificate validation restrictions
garciay's avatar
garciay committed
                 *       Check that time_start_and_end is inside the AA certificate time restrictions
                 *       Check that validity restriction of AT certificate is inside the validity restriction of its issuing certificate 
garciay's avatar
garciay committed
                 * <pre>
garciay's avatar
garciay committed
                 * Pics Selection: PICS_GN_SECURITY
garciay's avatar
garciay committed
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
garciay's avatar
garciay committed
                 *         containing certificates[last] 
garciay's avatar
garciay committed
                 *           containing subject_info.subject_type
                 *             indicating 'authorization_ticket' (1)
                 *           not containing validity_restrictions['time_end']
                 *           and not containing validity_restrictions['time_start_and_duration']
garciay's avatar
garciay committed
                 *           and containing validity_restrictions['time_start_and_end'] 
garciay's avatar
garciay committed
                 *             containing start_validity
garciay's avatar
garciay committed
                 *               indicating START_AT_VALIDITY >= START_AA_VALIDITY )
garciay's avatar
garciay committed
                 *             and containing end_validity
garciay's avatar
garciay committed
                 *               indicating END_AT_VALIDITY >= START_AT_VALIDITY <= END_AA_VALIDITY)
                 *         and containing certificates[last-1] 
                 *           containing validity_restrictions['time_end']
                 *             containing end_validity
                 *               indicating value > AT_END_VALIDITY
                 *           or containing validity_restrictions['time_start_and_end']
                 *             containing start_validity
                 *               indicating value <= AT_START_VALIDITY
                 *             containing end_validity
                 *               indicating value > AT_END_VALIDITY
                 *           or containing validity_restrictions['time_start_and_duration']
                 *             containing start_validity
                 *               indicating X_START_VALIDITY <= AT_START_VALIDITY
                 *             and containing duration
                 *               indicating value > AT_END_VALIDITY - X_START_VALIDITY
garciay's avatar
garciay committed
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_05_01_BV
garciay's avatar
garciay committed
                 * @reference   ETSI TS 103 097 [1], clause 7.4.2
garciay's avatar
garciay committed
                 */
garciay's avatar
garciay committed
                testcase TC_SEC_SND_CERT_AT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                    var CertificateChain         v_chain;
                    var Certificate              v_aa_cert, v_at_cert;
                    var ValidityRestriction      v_vr, v_aa_vr;
                    
                    // Test control
garciay's avatar
garciay committed
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
garciay's avatar
garciay committed
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }