Newer
Older
12001
12002
12003
12004
12005
12006
12007
12008
12009
12010
12011
12012
12013
12014
12015
12016
12017
12018
12019
12020
12021
12022
12023
12024
12025
12026
12027
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
12044
12045
12046
12047
12048
12049
12050
12051
12052
12053
12054
12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
12070
12071
12072
12073
12074
12075
12076
12077
12078
12079
12080
12081
12082
12083
12084
12085
12086
12087
12088
12089
12090
12091
12092
12093
12094
12095
12096
12097
12098
12099
12100
12101
12102
12103
12104
12105
12106
12107
12108
12109
12110
12111
12112
12113
12114
12115
12116
12117
12118
12119
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129
12130
12131
12132
12133
12134
12135
12136
12137
12138
12139
12140
12141
12142
12143
12144
12145
12146
12147
12148
12149
12150
12151
12152
12153
12154
12155
12156
12157
12158
12159
12160
12161
12162
12163
12164
12165
12166
12167
12168
12169
12170
12171
12172
12173
12174
12175
12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
12229
12230
12231
12232
12233
12234
12235
12236
12237
12238
12239
12240
12241
12242
12243
12244
12245
12246
12247
12248
12249
12250
12251
12252
12253
12254
12255
12256
12257
12258
12259
12260
12261
12262
12263
12264
12265
12266
12267
12268
12269
12270
12271
12272
12273
12274
12275
12276
12277
12278
12279
12280
12281
12282
12283
12284
12285
12286
12287
12288
12289
12290
12291
12292
12293
12294
12295
12296
12297
12298
12299
12300
12301
12302
12303
12304
12305
12306
12307
12308
12309
12310
12311
12312
12313
12314
12315
12316
12317
12318
12319
12320
12321
12322
12323
12324
12325
12326
12327
12328
12329
12330
12331
12332
12333
12334
12335
12336
12337
12338
12339
12340
12341
12342
12343
12344
12345
12346
12347
12348
12349
12350
12351
12352
12353
12354
12355
12356
12357
12358
12359
12360
12361
12362
12363
12364
12365
12366
12367
12368
12369
12370
12371
12372
12373
12374
12375
12376
12377
12378
12379
12380
12381
12382
12383
12384
12385
12386
12387
12388
12389
12390
12391
12392
12393
12394
12395
12396
12397
12398
12399
12400
12401
12402
12403
12404
12405
12406
12407
12408
12409
12410
12411
12412
12413
12414
12415
12416
12417
12418
12419
12420
12421
12422
12423
12424
12425
12426
12427
12428
12429
12430
12431
12432
12433
12434
12435
12436
12437
12438
12439
12440
12441
12442
12443
12444
12445
12446
12447
12448
12449
12450
12451
12452
12453
12454
12455
12456
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468
12469
12470
12471
12472
12473
12474
12475
12476
12477
12478
12479
12480
12481
12482
12483
12484
12485
12486
12487
12488
12489
12490
12491
12492
12493
12494
12495
12496
12497
12498
12499
12500
12501
12502
12503
12504
12505
12506
12507
12508
12509
12510
12511
12512
12513
12514
12515
12516
12517
12518
12519
12520
12521
12522
12523
12524
12525
12526
12527
12528
12529
12530
12531
12532
12533
12534
12535
12536
12537
12538
12539
12540
12541
12542
12543
12544
12545
12546
12547
12548
12549
12550
12551
12552
12553
12554
12555
12556
12557
12558
12559
12560
12561
12562
12563
12564
12565
12566
12567
12568
12569
12570
12571
12572
12573
12574
12575
12576
12577
12578
12579
12580
12581
12582
12583
12584
12585
12586
12587
12588
12589
12590
12591
12592
12593
12594
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605
12606
12607
12608
12609
12610
12611
12612
12613
12614
12615
12616
12617
12618
12619
12620
12621
12622
12623
12624
12625
12626
12627
12628
12629
12630
12631
12632
12633
12634
12635
12636
12637
12638
12639
12640
12641
12642
12643
12644
12645
12646
12647
12648
12649
12650
12651
12652
12653
12654
12655
12656
12657
12658
12659
12660
12661
12662
12663
12664
12665
12666
12667
12668
12669
12670
12671
12672
12673
12674
12675
12676
12677
12678
12679
12680
12681
12682
12683
12684
12685
12686
12687
12688
12689
12690
12691
12692
12693
12694
12695
12696
12697
12698
12699
12700
12701
12702
12703
12704
12705
12706
12707
12708
12709
12710
12711
12712
12713
12714
12715
12716
12717
12718
12719
12720
12721
12722
12723
12724
12725
12726
12727
12728
12729
12730
12731
12732
12733
12734
12735
12736
12737
12738
12739
12740
12741
12742
12743
12744
12745
12746
12747
12748
12749
12750
12751
12752
12753
12754
12755
12756
12757
12758
12759
12760
12761
12762
12763
12764
12765
12766
12767
12768
12769
12770
12771
12772
12773
12774
12775
12776
12777
12778
12779
12780
12781
12782
12783
12784
12785
12786
12787
12788
12789
12790
12791
12792
12793
12794
12795
12796
12797
12798
12799
12800
12801
12802
12803
12804
12805
12806
12807
12808
12809
12810
12811
12812
12813
12814
12815
12816
12817
12818
12819
12820
12821
12822
12823
12824
12825
12826
12827
12828
12829
12830
12831
12832
12833
12834
12835
12836
12837
12838
12839
12840
12841
12842
12843
12844
12845
12846
12847
12848
12849
12850
12851
12852
12853
12854
12855
12856
12857
12858
12859
12860
12861
12862
12863
12864
12865
12866
12867
12868
12869
12870
12871
12872
12873
12874
12875
12876
12877
12878
12879
12880
12881
12882
12883
12884
12885
12886
12887
12888
12889
12890
12891
12892
12893
12894
12895
12896
12897
12898
12899
12900
12901
12902
12903
12904
12905
12906
12907
12908
12909
12910
12911
12912
12913
12914
12915
12916
12917
12918
12919
12920
12921
12922
12923
12924
12925
12926
12927
12928
12929
12930
12931
12932
12933
12934
12935
12936
12937
12938
12939
12940
12941
12942
12943
12944
12945
12946
12947
12948
12949
12950
12951
12952
12953
12954
12955
12956
12957
12958
12959
12960
12961
12962
12963
12964
12965
12966
12967
12968
12969
12970
12971
12972
12973
12974
12975
12976
12977
12978
12979
12980
12981
12982
12983
12984
12985
12986
12987
12988
12989
12990
12991
12992
12993
12994
12995
12996
12997
12998
12999
13000
+
+ /**
+ * @desc Check that the secured message contains of type signed, signed_external or signed_and_encrypted
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
+ * Config Id: CF01
+ * Initial conditions:
+ * with {
+ * the IUT being in the 'authorized' state
+ * }
+ * Expected results:
+ * ensure that {
+ * when {
+ * the IUT is requested to send a Beacon
+ * } then {
+ * the IUT sends a SecuredMessage {
+ * containing payload_fields
+ * containing exactly one element of type Payload
+ * containing type
+ * indicating 'signed' or 'signed_external' or 'signed_and_encrypted'
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_06_01_BV
+ * @reference ETSI TS 103 097 [1], clause 7.3
+ */
+ testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+
+ // Local variables
+ var LongPosVector v_longPosVectorIut;
+
+ // Test adapter configuration
+ if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf01Up();
+ v_longPosVectorIut := f_getPosition(c_compIut);
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test Body
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_Others(
+ ?,
+ mw_payload(
+ e_signed
+ )
+ ),
+ mw_geoNwBeaconPacket(
+ ?
+ )))) {
+ log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_Others(
+ ?,
+ mw_payload(
+ e_signed_external
+ )
+ ),
+ mw_geoNwBeaconPacket(
+ ?
+ )))) {
+ log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_external'");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_Others(
+ ?,
+ mw_payload(
+ e_signed_and_encrypted
+ )
+ ),
+ mw_geoNwBeaconPacket(
+ ?
+ )))) {
+ log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_and_encrypted'");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_Others(
+ ?,
+ mw_payload
+ ),
+ mw_geoNwBeaconPacket(
+ ?
+ )))) {
+ log("*** " & testcasename() & ": FAIL: Beacon payload is not signed, signed_external or signed_and_encrypted");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Expected Message not received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+ }
+ } // End of 'alt' statement
+
+ // Postamble
+ f_acTriggerEvent(m_stopPassBeaconing);
+ f_poNeighbour();
+ f_cf01Down();
+ } // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV
+
+ /**
+ * @desc Check that the secured GN Message contains only one TrailerField of type signature ;
+ * Check that the signature contained in the SecuredMessage is calculated over the right fields by
+ * cryptographically verifying the signature
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE
+ * Config Id: CF01
+ * Initial conditions:
+ * with {
+ * the IUT being in the 'authorized' state
+ * }
+ * ensure that {
+ * when {
+ * the IUT is requested to send Beacon
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields ['signer_info']
+ * containing signer
+ * containing type
+ * indicating 'certificate'
+ * and containing certificate
+ * indicating CERT
+ * and containing trailer_fields['signature']
+ * containing signature
+ * verifiable using CERT.subject_attributes['verification_key']
+ * }
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_GENMSG_07_01_BV
+ * @reference ETSI TS 103 097 [1], clause 7.3
+ */
+ testcase TC_SEC_ITSS_SND_GENMSG_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+
+ // Local variables
+ var LongPosVector v_longPosVectorIut;
+ var GeoNetworkingInd v_geoNwInd;
+ var SignerInfo v_signerInfo;
+
+ // Test adapter configuration
+ if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf01Up();
+ v_longPosVectorIut := f_getPosition(c_compIut);
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test Body
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_Others(
+ mw_header_field_signer_info_certificate
+ )))) -> value v_geoNwInd {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***");
+ f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
+
+ if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
+ log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage_Others
+ ))) {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": FAIL: Beacon message without certificate received");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Expected GN Message not received");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+ }
+ } // End of 'alt' statement
+ log("*** " & testcasename() & ": PASS: GN Message received with correct signature");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+
+ // Postamble
+ f_acTriggerEvent(m_stopPassBeaconing);
+ f_poNeighbour();
+ f_cf01Down();
+ } // End of testcase TC_SEC_ITSS_SND_DENM_07_01_BV
+
+ } // End of group sendOtherProfile
+
+ /**
+ * @desc Sending behaviour test cases for certificates profile
+ * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7 Profiles for certificates
+ */
+ group sendCertificatesProfile {
+
+ /**
+ * @desc Check that AT certificate has version 2
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY
+ * Config Id: CF01
+ * Initial conditions:
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate in the next CAM
+ * }
+ * Expected Behaviour:
+ * ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating certificate
+ * containing certificate
+ * containing version
+ * indicating '2'
+ * }
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_01_BV
+ * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
+ */
+ testcase TC_SEC_ITSS_SND_CERT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ // Local variables
+
+ // Test control
+ if (not(PICS_GN_SECURITY)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test Body
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage(
+ superset(
+ mw_header_field_signer_info_certificate(
+ mw_certificate(
+ ))))))) {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage(
+ superset(
+ mw_header_field_signer_info_certificate(
+ ?
+ )))))) {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+ }
+ } // End of 'alt' statement
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+ } // End of testcase TC_SEC_ITSS_SND_CERT_01_01_BV
+
+ /**
+ * @desc Check that AA certificate has version 2
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY
+ * Config Id: CF01
+ * Initial conditions:
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate chain in the next CAM
+ * }
+ * Expected Behaviour:
+ * ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating 'certificate_chain'
+ * and containing certificates
+ * indicating length > 0
+ * and containing certificates[n] (0..N)
+ * containing version
+ * indicating '2'
+ * }
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_02_BV
+ * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
+ */
+ testcase TC_SEC_ITSS_SND_CERT_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ // Local variables
+ var SecuredMessage v_recv;
+ var Certificate v_cert;
+ var SignerInfo v_si;
+ var HashedId8 v_digest;
+
+ // Test control
+ if (not(PICS_GN_SECURITY)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+
+ // Wait for the message with the certificate to retrieve the AA digest.
+ // Ask for the chain, containing AT and AA certificate
+ // Check AA Certificate
+ log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain ***");
+ tc_ac.start;
+ f_askForCertificateChain(f_generateDefaultCam());
+ tc_ac.stop;
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test Body
+ tc_ac.start;
+ alt {
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage(
+ superset(
+ mw_header_field_signer_info_certificate_chain(
+ superset(
+ mw_aa_certificate
+ ))))))) {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+ [] geoNetworkingPort.receive(
+ mw_geoNwInd(
+ mw_geoNwSecPdu(
+ mdw_securedMessage(
+ superset(
+ mw_header_field_signer_info_certificate_chain
+ ))))) {
+ tc_ac.stop;
+ log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ [] tc_ac.timeout {
+ log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+ }
+ } // End of 'alt' statement
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+
+ } // End of testcase TC_SEC_ITSS_SND_CERT_01_02_BV
+
+ /**
+ * @desc Check that the references in the certificate chain are valid
+ * Check that signer_info type of all certificates in the chain are 'certificate_digest_with_sha256',
+ * 'certificate_digest_with_other_algorithm' or 'self'
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY
+ * Config Id: CF01
+ * Initial conditions:
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate chain in the next CAM
+ * } ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating 'certificate_chain'
+ * and containing certificates
+ * indicating length > 0
+ * and containing certificates[0]
+ * containing signer_info
+ * containing type
+ * indicating 'certificate_digest_with_sha256'
+ * or indicating 'certificate_digest_with_other_algorythm'
+ * and containing digest
+ * referenced to the trusted certificate
+ * or containing signer_info
+ * containing type
+ * indicating 'self'
+ * and containing certificates[n] (1..N)
+ * containing signer_info
+ * containing type
+ * indicating 'certificate_digest_with_sha256'
+ * or indicating 'certificate_digest_with_other_algorythm'
+ * and containing digest
+ * referenced to the certificates[n-1]
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_02_01_BV
+ * @reference ETSI TS 103 097 [1], clause 4.2.10, 6.1 and 7.4.1
+ */
+ testcase TC_SEC_ITSS_SND_CERT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ // Local declarations
+ var CertificateChain v_chain;
+ var SignerInfo v_si;
+ var HashedId8 v_digest;
+
+ // Test control
+ if (not(PICS_GN_SECURITY)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
+ tc_ac.start;
+ if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+ log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+ f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+ }
+ tc_ac.stop;
+
+ // Test Body
+ for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 1; v_counter := v_counter - 1) { // Loop on []N-1..1]
+ if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
+ log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ if (v_si.type_ != e_certificate_digest_with_sha256) {
+ if (v_si.type_ != e_certificate_digest_with_other_algorithm or PICS_PLUGTEST_VERSION) {
+ log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ }
+ // signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm'
+
+ v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
+ if (not match (v_si.signerInfo.digest, v_digest)) {
+ log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ } // End of 'for' statement
+ // Process certificate[0]
+ if (not f_getCertificateSignerInfo(v_chain[0], v_si)) {
+ log("*** " & testcasename() & ": FAIL: Certificate[0] doesn't contain signer info ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ // Process certificate[0]
+ if (v_si.type_ != e_certificate_digest_with_sha256) {
+ log("*** " & testcasename() & ": FAIL: Certificate[0] is not signed with digest ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ // signer_info.type indicates 'certificate_digest_with_sha256' only
+ log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+
+ } // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV
+
+ /**
+ * @desc Check that the rectangular region validity restriction of the message signing certificate
+ * contains not more than six valid rectangles;
+ * Check that the rectangular region validity restriction of the message signing certificate is
+ * continuous and does not contain any holes
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
+ * Config Id: CF01
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate in the next CAM
+ * } ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating 'certificate'
+ * containing certificate
+ * containing validity_restrictions['region']
+ * containing region_type
+ * indicating 'rectangle'
+ * and containing rectangular_region
+ * indicating length <= 6
+ * and containing elements of type RectangularRegion
+ * indicating continuous region without holes
+ * and containing northwest and southeast
+ * indicating northwest is on the north from southeast
+ * }
+ * }
+ * @remark Certificate: cc_taCert_C
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_01_BV
+ * @reference ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
+ */
+ testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ // Local variables
+ var Certificate v_cert;
+ var ValidityRestriction v_vr;
+ var integer v_counter;
+
+ // Test control
+ if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ vc_hashedId8ToBeUsed := cc_iutCert_C;
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test body
+ tc_ac.start;
+ if (not f_waitForCertificate(v_cert)) {
+ log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+ f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+ }
+ tc_ac.stop;
+ if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
+ if (v_vr.validity.region.region_type == e_rectangle) {
+ var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
+ if (lengthof(v_rects) > 6) {
+ log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ for (v_counter := 0; v_counter<lengthof(v_rects); v_counter := v_counter + 1) {
+ var RectangularRegion v_rect := v_rects[v_counter];
+ if (true != f_isValidTwoDLocation(v_rect.northwest)) {
+ log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ if (true != f_isValidTwoDLocation(v_rect.southeast)) {
+ log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ // Check normality of the rectangle
+ if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
+ log("*** " & testcasename() & ": FAIL: Rectangular region " & int2str(v_counter) & " is not normalized ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ } // End of 'for' statement
+
+ // Check for continuous rectangles
+ if (lengthof(v_rects) > 1) {
+ if (true != f_isContinuousRectangularRegions(v_rects)) { // FIXME Not implemented
+ log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ } else {
+ log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+ }
+ } else {
+ log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
+ }
+ } else {
+ log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+
+ } // End of testcase TC_SEC_ITSS_SND_CERT_04_01_BV
+
+ /**
+ * @desc Check that the rectangular region validity restriction of all certificates contains not more than
+ * six valid rectangles;
+ * Check that the rectangular region validity restriction of the AT certificate is continuous and
+ * does not contain any holes
+ * Check that the rectangular certificate validity region of the subordinate certificate is well formed and
+ * inside the validity region of the issuing certificate
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
+ * Config Id: CF01
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate chain in the next CAM
+ * } ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating 'certificate_chain'
+ * containing certificates
+ * indicating length N > 0
+ * and containing certificates [n] 0..n
+ * containing validity_restrictions['region']
+ * containing region_type
+ * indicating 'rectangle'
+ * and containing rectangular_region
+ * indicating length <= 6
+ * and containing elements of type RectangularRegion
+ * containing northwest and southeast
+ * indicating northwest on the north from southeast
+ * and indicating continuous region without holes
+ * }
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_02_BV
+ * @reference ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
+ */
+ testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ // Local variables
+ var CertificateChain v_chain;
+ var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
+ var boolean f_vr := false, f_vri := false;
+
+ // Test control
+ if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ vc_hashedId8ToBeUsed := cc_iutCert_C;
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
+ tc_ac.start;
+ if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+ log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+ f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+ } else {
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+ }
+
+ // Test Body
+ tc_ac.stop;
+ for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
+ v_vri := v_vr;
+ f_vri := f_vr;
+ f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
+ log("v_chain[v_counter]=", v_chain[v_counter]);
+ if (f_vr) {
+ var RectangularRegions v_rects;
+ if (v_vr.validity.region.region_type != e_rectangle) {
+ log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ v_rects := v_vr.validity.region.region.rectangular_region;
+ log("v_rects=", v_rects);
+ if (lengthof(v_rects) > 6) {
+ log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ for (var integer j:=0; j<lengthof(v_rects); j:=j + 1) {
+ var RectangularRegion v_rect := v_rects[j];
+ if (true != f_isValidTwoDLocation(v_rect.northwest)) {
+ log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ if (true != f_isValidTwoDLocation(v_rect.southeast)) {
+ log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ // Check normality of the rectangle
+ if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
+ log("*** " & testcasename() & ": FAIL: Rectangle " & int2str(v_counter) & " is not normalized ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ }
+ if (f_vri) {
+ // current restrictions must be inside of the parent one
+ if (not f_isRectangularRegionsInside(v_vri.validity.region.region.rectangular_region, v_rects)) {
+ log("*** " & testcasename() & ": FAIL: Certificate validity restriction region is not inside the issuing one ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ }
+ } else {
+ // Region validity restriction is not exist
+ if (f_vri) {
+ log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set if thi restriction exists in the issuing certificate ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ }
+ } // End of 'for' statement
+ // FIXME Check holes
+ log("*** " & testcasename() & ": PASS: All certificates has a valid rectangular region restrictions ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+
+ } // End of testcase TC_SEC_ITSS_SND_CERT_04_02_BV
+
+ /**
+ * @desc Check that the polygonal certificate validity region contains at least three and no more than 12 points
+ * Check that the polygonal certificate validity region does not contain intersections and holes
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
+ * Config Id: CF01
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate in the next CAM
+ * } ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating 'certificate'
+ * containing certificate
+ * containing validity_restrictions['region']
+ * and containing region_type
+ * indicating 'polygon'
+ * and containing polygonal_region
+ * indicating length >=3 and <=12
+ * and indicating continuous region without holes and intersections
+ * }
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_01_BV
+ * @reference ETSI TS 103 097 [1], clause 4.2.24
+ */
+ testcase TC_SEC_ITSS_SND_CERT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ var Certificate v_cert;
+ var ValidityRestriction v_vr;
+ var integer v_counter;
+
+ // Test control
+ if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ vc_hashedId8ToBeUsed := cc_iutCert_D;
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+
+ // Test body
+ tc_ac.start;
+ if (not f_waitForCertificate(v_cert)) {
+ log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+ f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+ }
+ tc_ac.stop;
+ if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
+ if (v_vr.validity.region.region_type == e_polygon) {
+ var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region;
+ var integer v_length := lengthof(v_pr);
+ if (v_length < 3) {
+ log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ if (v_length > 12) {
+ log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ if (true != f_isValidPolygonalRegion(v_pr)) {
+ log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ // FIXME Check holes
+ } else {
+ log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
+ }
+ } else {
+ log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+ }
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+
+ } // End of testcase TC_SEC_ITSS_SND_CERT_05_01_BV
+
+ /**
+ * @desc Check that the polygonal certificate validity region is inside the validity region of the issuing certificate
+ * Check that the issuing polygonal certificate validity region contains at least three and no more than 12 points
+ * Check that the issuing polygonal certificate validity region does not contain intersections and holes
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
+ * Config Id: CF01
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate chain in the next CAM
+ * } ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating 'certificate_chain'
+ * and containing certificates
+ * indicating length > 0
+ * and containing certificates [n] (0..n)
+ * containing validity_restrictions['region']
+ * containing region_type
+ * indicating 'polygon'
+ * and containing polygonal_region
+ * indicating length >=3 and <=12
+ * and indicating continuous region without holes and intersections
+ * }
+ * }
+ * </pre>
+ * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_02_BV
+ * @reference ETSI TS 103 097 [1], clause 4.2.24
+ */
+ testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
+ // Local declarations
+ var CertificateChain v_chain;
+ var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
+ var boolean f_vr := false, f_vri := false;
+
+ // Test control
+ if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
+ log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
+ stop;
+ }
+
+ // Test component configuration
+ vc_hashedId8ToBeUsed := cc_iutCert_D;
+ f_cf01Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ f_prNeighbour();
+ log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
+ tc_ac.start;
+ if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+ log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+ f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+ } else {
+ f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+ }
+
+ // Test Body
+ f_vr := false;
+ tc_ac.stop;
+ for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
+ v_vri := v_vr;
+ f_vri := f_vr;
+ f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
+ if (f_vr) {
+ var PolygonalRegion v_pr;
+ var integer v_length;
+
+ if (v_vr.validity.region.region_type != e_polygon) {
+ log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+
+ v_pr := v_vr.validity.region.region.polygonal_region;
+ v_length := lengthof(v_pr);
+
+ if (v_length < 3) {
+ log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+
+ if (v_length > 12) {
+ log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big in cert " & int2str(v_counter) & "***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+
+ if (true != f_isValidPolygonalRegion(v_pr)) {
+ log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+
+ if (f_vri) {
+ // current restrictions must be inside of the parent one
+ if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) {
+ log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ // FIXME Check holes
+ }
+ } else {
+ // Region validity restriction is not exist
+ if (f_vri) {
+ log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate " & int2str(v_counter) &
+ "because this restriction exists in the issuing certificate ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+ }
+ }
+ } // End of 'for' statement
+ log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***");
+ f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+
+ // Postamble
+ f_poNeighbour();
+ f_cf01Down();
+
+ } // End of testcase TC_SEC_ITSS_SND_CERT_05_02_BV
+
+ /**
+ * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes
+ * as defined in ISO 3166-1 or defined by United Nations Statistics Division
+ * <pre>
+ * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
+ * Config Id: CF01
+ * with {
+ * the IUT being in the 'authorized' state
+ * the IUT being requested to include certificate in the next CAM
+ * } ensure that {
+ * when {
+ * the IUT is requested to send a CAM
+ * } then {
+ * the IUT sends a SecuredMessage
+ * containing header_fields['signer_info'].signer
+ * containing type
+ * indicating 'certificate'
+ * and containing certificate
+ * containing validity_restrictions['region']
+ * containing region
+ * containing region_type
+ * indicating 'id'
+ * and containing id_region
+ * containing region_dictionary
+ * indicating 'iso_3166_1' (0)