Newer
Older
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV
group f_TC_SEC_ITSS_SND_GENMSG_05_xx {
function f_TC_SEC_ITSS_SND_GENMSG_05_BV(
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
) runs on ItsGeoNetworking {
// Local variables
var GeoNetworkingInd v_geoNwInd;
tc_ac.start;
alt {
// GN message must contain generation location and the certificate with region restrictions
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(e_generation_location),
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
superset(
mw_validity_restriction_region(
p_region
))))))))) -> value v_geoNwInd {
var ValidityRestriction v_vr;
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location
if (
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and
f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
) {
if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("v_vr.validity.region=", v_vr.validity.region);
log("v_hf.headerField.generation_location=", v_hf.headerField.generation_location);
log("*** " & testcasename() & ": FAIL: Invalid location");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN message doesn't contain generation location
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) -> value v_geoNwInd {
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location is not present
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf);
if (not isbound(v_hf)) {
log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN signing certificate doesn't contains region restriction
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
{ } // GN signing certificate doesn't contains region restriction
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
} // End of function f_TC_SEC_ITSS_SND_GENMSG_05_BV
} // End of group f_TC_SEC_ITSS_SND_GENMSG_05_xx
/**
* @desc Check that the secured message contains of type signed, signed_external or signed_and_encrypted
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected results:
* ensure that {
* when {
* the IUT is requested to send a Beacon
* } then {
* the IUT sends a SecuredMessage {
* containing payload_fields
* containing exactly one element of type Payload
* containing type
* indicating 'signed' or 'signed_external' or 'signed_and_encrypted'
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_06_01_BV
testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_external'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed_and_encrypted
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_and_encrypted'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": FAIL: Beacon payload is not signed, signed_external or signed_and_encrypted");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected Message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV
* @desc Check that the secured GN Message contains only one TrailerField of type signature ;
* Check that the signature contained in the SecuredMessage is calculated over the right fields by
* cryptographically verifying the signature
* Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is requested to send Beacon
* } then {
* the IUT sends a SecuredMessage
* containing header_fields ['signer_info']
* containing signer
* containing type
* indicating 'certificate'
* and containing certificate
* indicating CERT
* and containing trailer_fields['signature']
* containing signature
* verifiable using CERT.subject_attributes['verification_key']
* }
* }
* </pre>
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_07_01_BV
testcase TC_SEC_ITSS_SND_GENMSG_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***");
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Beacon message without certificate received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected GN Message not received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: GN Message received with correct signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_07_01_BV
/**
* @desc Sending behaviour test cases for certificates profile
* @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7 Profiles for certificates
*/
group sendCertificatesProfile {
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating certificate
* containing certificate
* containing version
* indicating '2'
* }
* }
testcase TC_SEC_ITSS_SND_CERT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_certificate(
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
?
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* }
* Expected Behaviour:
* ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* and containing certificates
* indicating length > 0
* and containing certificates[n] (0..N)
* containing version
* indicating '2'
* }
* }
testcase TC_SEC_ITSS_SND_CERT_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
var SecuredMessage v_recv;
var Certificate v_cert;
var SignerInfo v_si;
var HashedId8 v_digest;
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
// Wait for the message with the certificate to retrieve the AA digest.
// Ask for the chain, containing AT and AA certificate
// Check AA Certificate
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain ***");
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain(
superset(
mw_aa_certificate
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the references in the certificate chain are valid
* Check that signer_info type of all certificates in the chain are 'certificate_digest_with_sha256',
* 'certificate_digest_with_other_algorithm' or 'self'
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* and containing certificates
* indicating length > 0
* and containing certificates[0]
* containing signer_info
* containing type
* indicating 'certificate_digest_with_sha256'
* or indicating 'certificate_digest_with_other_algorythm'
* and containing digest
* referenced to the trusted certificate
* or containing signer_info
* containing type
* indicating 'self'
* and containing certificates[n] (1..N)
* containing signer_info
* containing type
* indicating 'certificate_digest_with_sha256'
* or indicating 'certificate_digest_with_other_algorythm'
* and containing digest
* referenced to the certificates[n-1]
* }
* @reference ETSI TS 103 097 [1], clause 4.2.10, 6.1 and 7.4.1
testcase TC_SEC_ITSS_SND_CERT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var SignerInfo v_si;
var HashedId8 v_digest;
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
tc_ac.stop;
// Test Body
for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 1; v_counter := v_counter - 1) { // Loop on []N-1..1]
if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not match(v_si.type_, e_certificate_digest_with_sha256) and not match(v_si.type_, e_certificate_digest_with_other_algorithm)) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm'
v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
if (not match (v_si.signerInfo.digest, v_digest)) {
log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// Process certificate[0]
if (not f_getCertificateSignerInfo(v_chain[0], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate[0] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// Process certificate[0]
if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
log("*** " & testcasename() & ": FAIL: Certificate[0] is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// signer_info.type indicates 'certificate_digest_with_sha256' only
log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the rectangular region validity restriction of the message signing certificate
* contains not more than six valid rectangles;
* Check that the rectangular region validity restriction of the message signing certificate is
* continuous and does not contain any holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate'
* containing certificate
* containing validity_restrictions['region']
* containing region_type
* indicating 'rectangle'
* and containing rectangular_region
* indicating length <= 6
* and containing elements of type RectangularRegion
* indicating continuous region without holes
* and containing northwest and southeast
* indicating northwest is on the north from southeast
* }
* }
* @remark Certificate: cc_taCert_C
testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
if (not f_waitForCertificate(v_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_rectangle) {
var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (v_counter := 0; v_counter<lengthof(v_rects); v_counter := v_counter + 1) {
var RectangularRegion v_rect := v_rects[v_counter];
if (true != f_isValidTwoDLocation(v_rect.northwest)) {
log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidTwoDLocation(v_rect.southeast)) {
log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check normality of the rectangle
if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
log("*** " & testcasename() & ": FAIL: Rectangular region " & int2str(v_counter) & " is not normalized ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// Check for continuous rectangles
if (lengthof(v_rects) > 1) {
if (true != f_isContinuousRectangularRegions(v_rects)) { // FIXME Not implemented
log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the rectangular region validity restriction of all certificates contains not more than
* six valid rectangles;
* Check that the rectangular region validity restriction of the AT certificate is continuous and
* does not contain any holes
* Check that the rectangular certificate validity region of the subordinate certificate is well formed and
* inside the validity region of the issuing certificate
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating length N > 0
* and containing certificates [n] 0..n
* containing validity_restrictions['region']
* containing region_type
* indicating 'rectangle'
* and containing rectangular_region
* indicating length <= 6
* and containing elements of type RectangularRegion
* containing northwest and southeast
* indicating northwest on the north from southeast
* and indicating continuous region without holes
testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
log("v_chain[v_counter]=", v_chain[v_counter]);
if (f_vr) {
var RectangularRegions v_rects;
if (v_vr.validity.region.region_type != e_rectangle) {
log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_rects := v_vr.validity.region.region.rectangular_region;
log("v_rects=", v_rects);
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (var integer j:=0; j<lengthof(v_rects); j:=j + 1) {
var RectangularRegion v_rect := v_rects[j];
if (true != f_isValidTwoDLocation(v_rect.northwest)) {
log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidTwoDLocation(v_rect.southeast)) {
log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check normality of the rectangle
if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
log("*** " & testcasename() & ": FAIL: Rectangle " & int2str(v_counter) & " is not normalized ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (f_vri) {
// current restrictions must be inside of the parent one
if (not f_isRectangularRegionsInside(v_vri.validity.region.region.rectangular_region, v_rects)) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region is not inside the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set if thi restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All certificates has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the polygonal certificate validity region contains at least three and no more than 12 points
* Check that the polygonal certificate validity region does not contain intersections and holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate'
* containing certificate
* containing validity_restrictions['region']
* and containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating length >=3 and <=12
* and indicating continuous region without holes and intersections
* }
* }
testcase TC_SEC_ITSS_SND_CERT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
if (not f_waitForCertificate(v_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_polygon) {
var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region;
var integer v_length := lengthof(v_pr);
if (v_length < 3) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_length > 12) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidPolygonalRegion(v_pr)) {
log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the polygonal certificate validity region is inside the validity region of the issuing certificate
* Check that the issuing polygonal certificate validity region contains at least three and no more than 12 points
* Check that the issuing polygonal certificate validity region does not contain intersections and holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificates
* indicating length > 0
* and containing certificates [n] (0..n)
* containing validity_restrictions['region']
* containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating length >=3 and <=12
* and indicating continuous region without holes and intersections
testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
// Test adapter configuration