Newer
Older
superset(
mw_header_field(e_generation_location),
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
superset(
mw_validity_restriction_region(
p_region
))))))))) -> value v_geoNwInd {
var ValidityRestriction v_vr;
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location
if (
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and
f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
) {
if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("v_vr.validity.region=", v_vr.validity.region);
log("v_hf.headerField.generation_location=", v_hf.headerField.generation_location);
log("*** " & testcasename() & ": FAIL: Invalid location");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN message doesn't contain generation location
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) -> value v_geoNwInd {
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location is not present
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf);
if (not isbound(v_hf)) {
log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN signing certificate doesn't contains region restriction
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
{ } // GN signing certificate doesn't contains region restriction
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
} // End of function f_TC_SEC_ITSS_SND_GENMSG_05_BV
} // End of group f_TC_SEC_ITSS_SND_GENMSG_05_xx
/**
* @desc Check that the secured message contains of type signed, signed_external or signed_and_encrypted
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected results:
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing payload_fields
* containing exactly one element of type Payload
* containing type
* indicating 'signed' or 'signed_external' or 'signed_and_encrypted'
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_06_01_BV
testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_external'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed_and_encrypted
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_and_encrypted'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": FAIL: Beacon payload is not signed, signed_external or signed_and_encrypted");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected Message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV
* @desc Check that the secured GN Message contains only one TrailerField of type signature ;
* Check that the signature contained in the SecuredMessage is calculated over the right fields by
* cryptographically verifying the signature
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send Beacon
* } then {
* the IUT sends a SecuredMessage
* containing header_fields ['signer_info']
* containing signer
* containing type
* indicating 'certificate'
* and containing certificate
* indicating CERT
* and containing trailer_fields['signature']
* containing signature
* verifiable using CERT.subject_attributes['verification_key']
* }
* }
* </pre>
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_07_01_BV
testcase TC_SEC_ITSS_SND_GENMSG_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***");
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Beacon message without certificate received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected GN Message not received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: GN Message received with correct signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_07_01_BV
/**
* @desc Sending behaviour test cases for certificates profile
* @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7 Profiles for certificates
*/
group sendCertificatesProfile {
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating certificate
* containing certificate
* containing version
* indicating '2'
* }
* }
testcase TC_SEC_ITSS_SND_CERT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_certificate(
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
?
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* and containing certificates
* indicating length > 0
* and containing certificates[n] (0..N)
* containing version
* indicating '2'
* }
* }
testcase TC_SEC_ITSS_SND_CERT_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
var SecuredMessage v_recv;
var Certificate v_cert;
var SignerInfo v_si;
var HashedId8 v_digest;
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Wait for the message with the certificate to retrieve the AA digest.
// Ask for the chain, containing AT and AA certificate
// Check AA Certificate
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain ***");
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the references in the certificate chain are valid
* Check that signer_info type of all certificates in the chain are 'certificate_digest_with_sha256',
* 'certificate_digest_with_other_algorithm' or 'self'
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* and containing certificates
* indicating length > 0
* and containing certificates[0]
* containing signer_info
* containing type
* indicating 'certificate_digest_with_sha256'
* or indicating 'certificate_digest_with_other_algorythm'
* and containing digest
* referenced to the trusted certificate
* or containing signer_info
* containing type
* indicating 'self'
* and containing certificates[n] (1..N)
* containing signer_info
* containing type
* indicating 'certificate_digest_with_sha256'
* or indicating 'certificate_digest_with_other_algorythm'
* and containing digest
* referenced to the certificates[n-1]
* }
* @reference ETSI TS 103 097 [1], clause 4.2.10, 6.1 and 7.4.1
testcase TC_SEC_ITSS_SND_CERT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var SignerInfo v_si;
var HashedId8 v_digest;
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
tc_ac.stop;
// Test Body
for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 1; v_counter := v_counter - 1) { // Loop on []N-1..1]
if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not match(v_si.type_, e_certificate_digest_with_sha256) and not match(v_si.type_, e_certificate_digest_with_other_algorithm)) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm'
v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
if (not match (v_si.signerInfo.digest, v_digest)) {
log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// Process certificate[0]
if (not f_getCertificateSignerInfo(v_chain[0], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate[0] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// Process certificate[0]
if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
log("*** " & testcasename() & ": FAIL: Certificate[0] is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// signer_info.type indicates 'certificate_digest_with_sha256' only
log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the rectangular region validity restriction of the message signing certificate
* contains not more than six valid rectangles;
* Check that the rectangular region validity restriction of the message signing certificate is
* continuous and does not contain any holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate'
* containing certificate
* containing validity_restrictions['region']
* containing region_type
* indicating 'rectangle'
* and containing rectangular_region
* indicating length <= 6
* and containing elements of type RectangularRegion
* indicating continuous region without holes
* and containing northwest and southeast
* indicating northwest is on the north from southeast
* }
* }
* @remark Certificate: cc_taCert_C
testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
// Test body
tc_ac.start;
f_waitForCertificate(v_cert);
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_rectangle) {
var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is more then 6 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (v_counter := 0; v_counter<lengthof(v_rects); v_counter := v_counter + 1) {
var RectangularRegion v_rect := v_rects[v_counter];
if (true != f_isValidTwoDLocation(v_rect.northwest)) {
log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidTwoDLocation(v_rect.southeast)) {
log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check normality of the rectangle
if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
log("*** " & testcasename() & ": FAIL: Rectangular region " & int2str(v_counter) & " is not normalized ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// Check for continuous rectangles
if (lengthof(v_rects) > 1) {
if (true != f_isContinuousRectangularRegions(v_rects)) {
log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the rectangular region validity restriction of all certificates contains not more than
* six valid rectangles;
* Check that the rectangular region validity restriction of the AT certificate is continuous and
* does not contain any holes
* Check that the rectangular certificate validity region of the subordinate certificate is well formed and
* inside the validity region of the issuing certificate
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating length N > 0
* and containing certificates [n] 0..n
* containing validity_restrictions['region']
* containing region_type
* indicating 'rectangle'
* and containing rectangular_region
* indicating length <= 6
* and containing elements of type RectangularRegion
* containing northwest and southeast
* indicating northwest on the north from southeast
* and indicating continuous region without holes
testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
log("v_chain[v_counter]=", v_chain[v_counter]);
if (f_vr) {
var RectangularRegions v_rects;
if (v_vr.validity.region.region_type != e_rectangle) {
log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_rects := v_vr.validity.region.region.rectangular_region;
log("v_rects=", v_rects);
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is more then 6 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (var integer j:=0; j<lengthof(v_rects); j:=j + 1) {
var RectangularRegion v_rect := v_rects[j];
if (true != f_isValidTwoDLocation(v_rect.northwest)) {
log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidTwoDLocation(v_rect.southeast)) {
log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check normality of the rectangle
if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
log("*** " & testcasename() & ": FAIL: Rectangle " & int2str(v_counter) & " is not normalized ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (f_vri) {
// current restrictions must be inside of the parent one
if (not f_isRectangularRegionsInside(v_vri.validity.region.region.rectangular_region, v_rects)) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region is not inside the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set if thi restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All certificates has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the polygonal certificate validity region contains at least three and no more than 12 points
* Check that the polygonal certificate validity region does not contain intersections and holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate'
* containing certificate
* containing validity_restrictions['region']
* and containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating length >=3 and <=12
* and indicating continuous region without holes and intersections
* }
* }
testcase TC_SEC_ITSS_SND_CERT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
// Test body
tc_ac.start;
f_waitForCertificate(v_cert);
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_polygon) {
var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region;
var integer v_length := lengthof(v_pr);
if (v_length < 3) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_length > 12) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidPolygonalRegion(v_pr)) {
log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the polygonal certificate validity region is inside the validity region of the issuing certificate
* Check that the issuing polygonal certificate validity region contains at least three and no more than 12 points
* Check that the issuing polygonal certificate validity region does not contain intersections and holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificates
* indicating length > 0
* and containing certificates [n] (0..n)
* containing validity_restrictions['region']
* containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating length >=3 and <=12
* and indicating continuous region without holes and intersections
testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
f_vr := false;
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
if (f_vr) {
var PolygonalRegion v_pr;
var integer v_length;
if (v_vr.validity.region.region_type != e_polygon) {
log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_pr := v_vr.validity.region.region.polygonal_region;
v_length := lengthof(v_pr);
if (v_length < 3) {