ItsPki_TestCases.ttcn 470 KB
Newer Older
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EC certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_06_BV
       * @desc The EtsiTS102941Data shall contain the version set to v1 (integer value set to 1) 
       *       and the content set to InnerECResponse.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing version
       *                                 indicating v1 (integer value set to 1)
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_07_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
      testcase TC_SECPKI_EA_ENR_07_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_07_BV
      
      /**
       * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the 
       *       EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_08_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_08_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618 4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 4647 4648 4649 4650 4651 4652 4653 4654 4655 4656 4657 4658 4659 4660 4661 4662 4663 4664 4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 4760 4761 4762 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818 4819 4820 4821 4822 4823 4824 4825 4826 4827 4828 4829 4830 4831 4832 4833 4834 4835 4836 4837 4838 4839 4840 4841 4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 4855 4856 4857 4858 4859 4860 4861 4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873 4874 4875 4876 4877 4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888 4889 4890 4891 4892 4893 4894 4895 4896 4897 4898 4899 4900 4901 4902 4903 4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923 4924 4925 4926 4927 4928 4929 4930 4931 4932 4933 4934 4935 4936 4937 4938 4939 4940 4941 4942 4943 4944 4945 4946 4947 4948 4949 4950 4951 4952 4953 4954 4955 4956 4957 4958 4959 4960 4961 4962 4963 4964 4965 4966 4967 4968 4969 4970 4971 4972 4973 4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984 4985 4986 4987 4988 4989 4990 4991 4992 4993 4994 4995 4996 4997 4998 4999 5000
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_08_BV
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_09_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_09_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_09_BV
      
      /**
       * @desc If the responseCode is different than 0, the InnerECResponse shall not contain a certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 not containing a certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_10_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_10_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_invalid_enrolment_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_10_BV
      
      /**
       * @desc Check that signing of Enrolment response message is permitted by the EA certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                                 containing appPermissions
       *                                     containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version) 
       *                                                 indicating 1
       *                                             containing opaque[1] (value) 
       *                                                 indicating bit "Enrolment Response" (5) set to 1
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_11_BV
       * @reference ETSI TS 102 941, clause B[5]
       */
      testcase TC_SECPKI_EA_ENR_11_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_11_BV
      
      /**
       * @desc Check that generated EC certificate contains only allowed permissions.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the EC_CERT
       *                 containing appPermissions
       *                     containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CERT_REQ
       *                         and containing ssp
       *                             containing opaque[0] (version) 
       *                                 indicating 1
       *                             containing opaque[1] (value) 
       *                                 indicating "Enrolment Request" (bit 0) set to 1
       *                                 indicating "Authorization Request" (bit 1) set to 1
       *                                 indicating other bits set to 0
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CTL
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CRL
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_12_BV
       * @reference ETSI TS 102 941, clause B[5]
       */
      testcase TC_SECPKI_EA_ENR_12_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, -, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_12_BV
      
    } // End of group enrolment_response

    group authorization_validation_request {

      group atv_helpers {

        function f_verify_http_at_request_from_iut_atv(
                                                        in Request p_request,
                                                        out Oct16 p_aes_sym_key,
                                                        out Oct16 p_authentication_vector,
                                                        out Oct32 p_request_hash,
                                                        out InnerAtRequest p_inner_at_request,
                                                        out integer p_result
                                                        ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_request_hash;
          var Oct16 v_aes_enc_key;
          var InnerAtResponse v_inner_ec_request;
          
          log(">>> f_verify_http_at_request_from_iut_atv: p_request= ", p_request);
          
          p_result := 0;
          
          if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/*salt*/, vc_aaWholeHash, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_request_from_iut_atv: Receive ", v_etsi_ts_102941_data);
            /*log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationRequest(mw_authorizationValidationRequest_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod))))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationRequest(mw_authorizationValidationRequest_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod)))) == false) { 
              // Set verdict
              p_result := -2;
            } else {
              // TODO Refined expected mw_signature_ecdsaNistP256
              log("f_verify_http_at_request_from_iut_atv: Well-secured AT certificate received");
            }*/
          }
          
          log("<<< f_verify_http_at_request_from_iut_atv: p_inner_at_request= ", p_inner_at_request);
          log("<<< f_verify_http_at_request_from_iut_atv: p_aes_sym_key= ", p_aes_sym_key);
          log("<<< f_verify_http_at_request_from_iut_atv: p_authentication_vector= ", p_authentication_vector);
          log("<<< f_verify_http_at_request_from_iut_atv: p_request_hash= ", p_request_hash);
          log("<<< f_verify_http_at_request_from_iut_atv: p_result: ", p_result);
        } // End of function f_verify_http_at_request_from_iut_atv
        
        function f_verify_http_at_response_from_iut_atv(
                                                        in InnerAtRequest p_inner_at_request,
                                                        in Response p_response,
                                                        in octetstring p_private_key,
                                                        in Oct16 p_aes_sym_key,
                                                        in Oct16 p_authentication_vector,
                                                        in Oct32 p_request_hash,
                                                        out InnerAtResponse p_inner_at_response,
                                                        //TODO out EtsiTs103097Data p_authorization_validation_response,
                                                        out integer p_result
                                                        ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_aes_enc_key;
          var InnerEcResponse v_inner_ec_response;
          
          log(">>> f_verify_http_at_response_from_iut_atv: p_inner_at_request= ", p_inner_at_request);
          log(">>> f_verify_http_at_response_from_iut_atv: p_response= ", p_response);
          log(">>> f_verify_http_at_response_from_iut_atv: p_private_key= ", p_private_key);
          log(">>> f_verify_http_at_response_from_iut_atv: p_aes_sym_key= ", p_aes_sym_key);
          log(">>> f_verify_http_at_response_from_iut_atv: p_authentication_vector= ", p_authentication_vector);
          log(">>> f_verify_http_at_response_from_iut_atv: p_request_hash= ", p_request_hash);
          
          p_result := 0;
          
          if (f_verify_pki_response_message(p_private_key, p_aes_sym_key, p_authentication_vector, vc_eaWholeHash, p_response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_response_from_iut_atv: Receive ", v_etsi_ts_102941_data);
            log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod))))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod)))) == false) { 
              // Set verdict
              p_result := -2;
            } else {
              // TODO Refined expected mw_signature_ecdsaNistP256
              log("f_verify_http_at_response_from_iut_atv: Well-secured AT certificate received");
            }
          }
          
          log("<<< f_verify_http_at_response_from_iut_atv: p_result: ", p_result);
        } // End of function f_verify_http_at_response_from_iut_atv
        
        function f_verify_http_at_response_from_iut_atv_error(
                                                              in InnerAtRequest p_inner_at_request,
                                                              in Response p_response,
                                                              in octetstring p_private_key,
                                                              in Oct16 p_aes_sym_key,
                                                              in Oct16 p_authentication_vector,
                                                              in Oct32 p_request_hash,
                                                              out InnerAtResponse p_inner_at_response,
                                                              //TODO out EtsiTs103097Data p_authorization_validation_response,
                                                              out integer p_result
                                                              ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_aes_enc_key;
          var InnerEcResponse v_inner_ec_response;
          
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_inner_at_request= ", p_inner_at_request);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_response= ", p_response);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_private_key= ", p_private_key);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_aes_sym_key= ", p_aes_sym_key);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_authentication_vector= ", p_authentication_vector);
          log(">>> f_verify_http_at_response_from_iut_atv_error: p_request_hash= ", p_request_hash);
          
          p_result := 0;
          
          if (f_verify_pki_response_message(p_private_key, p_aes_sym_key, p_authentication_vector, vc_eaWholeHash, p_response.body.binary_body.ieee1609dot2_data, true, 1, v_etsi_ts_102941_data) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_response_from_iut_atv_error: Receive ", v_etsi_ts_102941_data);
            log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ko(substr(p_request_hash, 0, 16))))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ko(substr(p_request_hash, 0, 16)))) == false) { 
              // Set verdict
              p_result := -2;
            } else {
              // TODO Refined expected mw_signature_ecdsaNistP256
              log("f_verify_http_at_response_from_iut_atv_error: Well-formatted error response received");
            }
          }
          
          log("<<< f_verify_http_at_response_from_iut_atv_error: p_result: ", p_result);
        } // End of function f_verify_http_at_response_from_iut_atv_error
        
      } // End of group atv_helpers
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_RCV_01_BV
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV
      
      /**
       * @desc Check that EA doesn't accept Authorization Validation Request when 
       *       SharedAtRequest is signed with certificate without appropriate 
       *       permissions
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour: