Skip to content
titanization.patch 1.83 MiB
Newer Older
15001 15002 15003 15004 15005 15006 15007 15008 15009 15010 15011 15012 15013 15014 15015 15016 15017 15018 15019 15020 15021 15022 15023 15024 15025 15026 15027 15028 15029 15030 15031 15032 15033 15034 15035 15036 15037 15038 15039 15040 15041 15042 15043 15044 15045 15046 15047 15048 15049 15050 15051 15052 15053 15054 15055 15056 15057 15058 15059 15060 15061 15062 15063 15064 15065 15066 15067 15068 15069 15070 15071 15072 15073 15074 15075 15076 15077 15078 15079 15080 15081 15082 15083 15084 15085 15086 15087 15088 15089 15090 15091 15092 15093 15094 15095 15096 15097 15098 15099 15100 15101 15102 15103 15104 15105 15106 15107 15108 15109 15110 15111 15112 15113 15114 15115 15116 15117 15118 15119 15120 15121 15122 15123 15124 15125 15126 15127 15128 15129 15130 15131 15132 15133 15134 15135 15136 15137 15138 15139 15140 15141 15142 15143 15144 15145 15146 15147 15148 15149 15150 15151 15152 15153 15154 15155 15156 15157 15158 15159 15160 15161 15162 15163 15164 15165 15166 15167 15168 15169 15170 15171 15172 15173 15174 15175 15176 15177 15178 15179 15180 15181 15182 15183 15184 15185 15186 15187 15188 15189 15190 15191 15192 15193 15194 15195 15196 15197 15198 15199 15200 15201 15202 15203 15204 15205 15206 15207 15208 15209 15210 15211 15212 15213 15214 15215 15216 15217 15218 15219 15220 15221 15222 15223 15224 15225 15226 15227 15228 15229 15230 15231 15232 15233 15234 15235 15236 15237 15238 15239 15240 15241 15242 15243 15244 15245 15246 15247 15248 15249 15250 15251 15252 15253 15254 15255 15256 15257 15258 15259 15260 15261 15262 15263 15264 15265 15266 15267 15268 15269 15270 15271 15272 15273 15274 15275 15276 15277 15278 15279 15280 15281 15282 15283 15284 15285 15286 15287 15288 15289 15290 15291 15292 15293 15294 15295 15296 15297 15298 15299 15300 15301 15302 15303 15304 15305 15306 15307 15308 15309 15310 15311 15312 15313 15314 15315 15316 15317 15318 15319 15320 15321 15322 15323 15324 15325 15326 15327 15328 15329 15330 15331 15332 15333 15334 15335 15336 15337 15338 15339 15340 15341 15342 15343 15344 15345 15346 15347 15348 15349 15350 15351 15352 15353 15354 15355 15356 15357 15358 15359 15360 15361 15362 15363 15364 15365 15366 15367 15368 15369 15370 15371 15372 15373 15374 15375 15376 15377 15378 15379 15380 15381 15382 15383 15384 15385 15386 15387 15388 15389 15390 15391 15392 15393 15394 15395 15396 15397 15398 15399 15400 15401 15402 15403 15404 15405 15406 15407 15408 15409 15410 15411 15412 15413 15414 15415 15416 15417 15418 15419 15420 15421 15422 15423 15424 15425 15426 15427 15428 15429 15430 15431 15432 15433 15434 15435 15436 15437 15438 15439 15440 15441 15442 15443 15444 15445 15446 15447 15448 15449 15450 15451 15452 15453 15454 15455 15456 15457 15458 15459 15460 15461 15462 15463 15464 15465 15466 15467 15468 15469 15470 15471 15472 15473 15474 15475 15476 15477 15478 15479 15480 15481 15482 15483 15484 15485 15486 15487 15488 15489 15490 15491 15492 15493 15494 15495 15496 15497 15498 15499 15500 15501 15502 15503 15504 15505 15506 15507 15508 15509 15510 15511 15512 15513 15514 15515 15516 15517 15518 15519 15520 15521 15522 15523 15524 15525 15526 15527 15528 15529 15530 15531 15532 15533 15534 15535 15536 15537 15538 15539 15540 15541 15542 15543 15544 15545 15546 15547 15548 15549 15550 15551 15552 15553 15554 15555 15556 15557 15558 15559 15560 15561 15562 15563 15564 15565 15566 15567 15568 15569 15570 15571 15572 15573 15574 15575 15576 15577 15578 15579 15580 15581 15582 15583 15584 15585 15586 15587 15588 15589 15590 15591 15592 15593 15594 15595 15596 15597 15598 15599 15600 15601 15602 15603 15604 15605 15606 15607 15608 15609 15610 15611 15612 15613 15614 15615 15616 15617 15618 15619 15620 15621 15622 15623 15624 15625 15626 15627 15628 15629 15630 15631 15632 15633 15634 15635 15636 15637 15638 15639 15640 15641 15642 15643 15644 15645 15646 15647 15648 15649 15650 15651 15652 15653 15654 15655 15656 15657 15658 15659 15660 15661 15662 15663 15664 15665 15666 15667 15668 15669 15670 15671 15672 15673 15674 15675 15676 15677 15678 15679 15680 15681 15682 15683 15684 15685 15686 15687 15688 15689 15690 15691 15692 15693 15694 15695 15696 15697 15698 15699 15700 15701 15702 15703 15704 15705 15706 15707 15708 15709 15710 15711 15712 15713 15714 15715 15716 15717 15718 15719 15720 15721 15722 15723 15724 15725 15726 15727 15728 15729 15730 15731 15732 15733 15734 15735 15736 15737 15738 15739 15740 15741 15742 15743 15744 15745 15746 15747 15748 15749 15750 15751 15752 15753 15754 15755 15756 15757 15758 15759 15760 15761 15762 15763 15764 15765 15766 15767 15768 15769 15770 15771 15772 15773 15774 15775 15776 15777 15778 15779 15780 15781 15782 15783 15784 15785 15786 15787 15788 15789 15790 15791 15792 15793 15794 15795 15796 15797 15798 15799 15800 15801 15802 15803 15804 15805 15806 15807 15808 15809 15810 15811 15812 15813 15814 15815 15816 15817 15818 15819 15820 15821 15822 15823 15824 15825 15826 15827 15828 15829 15830 15831 15832 15833 15834 15835 15836 15837 15838 15839 15840 15841 15842 15843 15844 15845 15846 15847 15848 15849 15850 15851 15852 15853 15854 15855 15856 15857 15858 15859 15860 15861 15862 15863 15864 15865 15866 15867 15868 15869 15870 15871 15872 15873 15874 15875 15876 15877 15878 15879 15880 15881 15882 15883 15884 15885 15886 15887 15888 15889 15890 15891 15892 15893 15894 15895 15896 15897 15898 15899 15900 15901 15902 15903 15904 15905 15906 15907 15908 15909 15910 15911 15912 15913 15914 15915 15916 15917 15918 15919 15920 15921 15922 15923 15924 15925 15926 15927 15928 15929 15930 15931 15932 15933 15934 15935 15936 15937 15938 15939 15940 15941 15942 15943 15944 15945 15946 15947 15948 15949 15950 15951 15952 15953 15954 15955 15956 15957 15958 15959 15960 15961 15962 15963 15964 15965 15966 15967 15968 15969 15970 15971 15972 15973 15974 15975 15976 15977 15978 15979 15980 15981 15982 15983 15984 15985 15986 15987 15988 15989 15990 15991 15992 15993 15994 15995 15996 15997 15998 15999 16000
+                            log("*** " & testcasename() & ": FAIL: Forbidden header present");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        } 
+                        
+                        if (v_counter > 1 ) {
+                            // Check that headers are ordered
+                            if (enum2int(v_cert.validity_restrictions[v_counter].type_) <= v_previousValidityRestrictionType) {
+                                // Check that header is duplicated
+                                if (enum2int(v_cert.validity_restrictions[v_counter].type_) == v_previousValidityRestrictionType) {
+                                    log("*** " & testcasename() & ": FAIL: multiple instances of same header");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                } else {
+                                    log("*** " & testcasename() & ": FAIL: headers not in correct order");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                }
+                            }
+                        }
+                        v_previousValidityRestrictionType := enum2int(v_cert.validity_restrictions[v_counter].type_);
+                    } // End of 'for' statement
+                    
+                    log("*** " & testcasename() & ": PASS: Time validity restriction of the certificate[last-2] is good ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AA_10_01_BV
+                
+                /**
+                 * @desc Check that time_start_and_end is included in the AA certificate validation restrictions;
+                 *       Check that end_validity is greater than start_validity
+                 *       Check that validity restriction of AA certificate is inside the validity restriction of its issuing certificate
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *   the IUT being in the 'authorized' state
+                 *   the IUT being requested to include certificate chain in the next CAM
+                 * } ensure that {
+                 *    when {
+                 *     the IUT is requested to send a CAM
+                 *   } then {
+                 *     the IUT sends a SecuredMessage
+                 *       containing header_fields['signer_info'].signer
+                 *         containing type
+                 *           indicating 'certificate_chain'
+                 *         containing certificates[last-1] {
+                 *           containing validity_restrictions
+                 *             containing validity_restrictions['time_start_and_end']
+                 *               containing start_validity
+                 *                 indicating START_AA_VALIDITY
+                 *               containing end_validity
+                 *                 indicating END_AA_VALIDITY >=START_AA_VALIDITY
+                 *             and containing signer_info
+                 *               containing digest
+                 *                 referenced to the trusted certificate
+                 *                   containing validity_restrictions['time_end']
+                 *                     containing end_validity
+                 *                       indicating value > AA_END_VALIDITY
+                 *                   or containing validity_restrictions['time_start_and_end']
+                 *                     containing start_validity
+                 *                       indicating value <= AA_START_VALIDITY
+                 *                     and containing end_validity
+                 *                       indicating value > AA_END_VALIDITY
+                 *                   or containing validity_restrictions['time_start_and_duration']
+                 *                     containing start_validity
+                 *                       indicating X_START_VALIDITY <= AA_START_VALIDITY
+                 *                     and containing duration
+                 *                       indicating value > AA_END_VALIDITY - X_START_VALIDITY
+                 *   }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_11_01_BV
+                 * @reference   ETSI TS 103 097 [1], clauses 7.4.4
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AA_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var CertificateChain         v_chain;
+                    var Certificate              v_aa_cert;
+                    var ValidityRestriction      v_vr;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
+                    tc_ac.start;
+                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (lengthof(v_chain) < 2) {
+                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
+                    }
+                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
+                    if (match (v_aa_cert.validity_restrictions, superset(mw_validity_restriction_time_end,
+                                                                          mw_validity_restriction_time_start_and_duration))
+                    ) {
+                        log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) {
+                        log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
+                        log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AA_11_01_BV
+                
+            } // End of group AA_Certificates 
+            
+            /**
+             * @desc Sending behaviour test cases for AT certificate profil
+             * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.8 AT certificate profile
+             */
+            group AT_Certificates {
+                
+                /**
+                 * @desc Check that the subject_type of the AT certificate is set to 'authorization_ticket'
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *     the IUT being in the 'authorized' state
+                 *     the IUT being requested to include certificate in the next CAM
+                 * } ensure that {
+                 *      when {
+                 *          the IUT is requested to send a CAM
+                 *     } then {
+                 *         the IUT sends a SecuredMessage
+                 *             containing header_fields['signer_info'].signer
+                 *                 containing type
+                 *                     indicating 'certificate'
+                 *                 and containing certificate
+                 *                     containing subject_info.subject_type
+                 *                         indicating 'authorization_ticket' (1)
+                 *     }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_01_01_BV
+                 * @reference   ETSI TS 103 097 [1], clause 7.4.2
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var Certificate         v_at_cert;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
+                    tc_ac.start;
+                    if (not f_waitForCertificate(v_at_cert)) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (not match(v_at_cert, mw_at_certificate)) {
+                        log("*** " & testcasename() & ": FAIL: Message wasn't signed by AT certificate ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    log("*** " & testcasename() & ": PASS: AT certificate has the 'authorization_ticket' subject_type  ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_01_01_BV
+                
+                /**
+                 * @desc Check that the subject_name variable-length vector is empty for AT certificates
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *     the IUT being in the 'authorized' state
+                 *     the IUT being requested to include certificate in the next CAM
+                 * } ensure that {
+                 *      when {
+                 *          the IUT is requested to send a CAM
+                 *      } then {
+                 *          the IUT sends a SecuredMessage
+                 *              containing header_fields['signer_info'].signer
+                 *                  containing type
+                 *                      indicating 'certificate'
+                 *                  and containing certificates
+                 *                      containing subject_info.subject_name
+                 *                          indicating length = 0
+                 *     }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_02_01_BV
+                 * @reference   ETSI TS 103 097 [1], clause 7.4.2
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var Certificate         v_at_cert;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
+                    tc_ac.start;
+                    if (not f_waitForCertificate(v_at_cert)) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (0 != lengthof(v_at_cert.subject_info.subject_name)) {
+                        log("*** " & testcasename() & ": FAIL: Subject name of the AT certificate is not empty ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    log("*** " & testcasename() & ": PASS: Subject name of the AT certificate is empty ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_02_01_BV
+                
+                /**
+                 * @desc Check that signer_info type of AT certificates is set to 'certificate_digest_with_sha256' 
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *     the IUT being in the 'authorized' state
+                 *     the IUT being requested to include certificate in the next CAM
+                 * } ensure that {
+                 *      when {
+                 *          the IUT is requested to send a CAM
+                 *      } then {
+                 *          the IUT sends a SecuredMessage
+                 *              containing header_fields['signer_info'].signer
+                 *                  containing type
+                 *                      indicating 'certificate'
+                 *                  and containing certificate
+                 *                      containing signer_info
+                 *                          containing type
+                 *                              indicating 'certificate_digest_with_sha256'
+                 *      }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_03_01_BV
+                 * @reference   ETSI TS 103 097 [1], clauses 7.4.2
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var Certificate         v_at_cert;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
+                    tc_ac.start;
+                    if (not f_waitForCertificate(v_at_cert)) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (
+                        not match(v_at_cert, mw_certificate(mw_signerInfo_digest))
+                    ) {
+                        log("*** " & testcasename() & ": FAIL: AT certificate doesn't contain a digest of issuing cert ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    log("*** " & testcasename() & ": PASS: The signer info of AT certificate is a digest ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_03_01_BV
+                
+                /**
+                 * @desc Check that subject attributes are present and arranged in ascending order
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *     the IUT being in the 'authorized' state
+                 *     the IUT being requested to include certificate in the next CAM
+                 * } ensure that {
+                 *     when {
+                 *         the IUT is requested to send a CAM
+                 *     } then {
+                 *         the IUT sends a SecuredMessage
+                 *             containing header_fields['signer_info'].signer
+                 *                 containing type
+                 *                     indicating 'certificate'
+                 *             containing certificate
+                 *                 containing subject_attributes [0..N]
+                 *                     indicating subject_attributes[n].type < subject_attributes[n+ 1].type
+                 *                 containing subject_attributes['verification_key']
+                 *                 containing subject_attributes['assurance_level']
+                 *                 containing subject_attributes['its_aid_ssp_list']
+                 *     }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_04_01_BV
+                 * @reference   ETSI TS 103 097 [1], clauses 7.4.1 and 7.4.2
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var Certificate         v_at_cert;
+                    var SubjectAttributes   v_attrs;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
+                    tc_ac.start;
+                    if (not f_waitForCertificate(v_at_cert)) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (not match(
+                        v_at_cert, 
+                            mw_at_certificate(
+                                ?,
+                                superset(
+                                    mw_subject_attribute_verification_key,
+                                    mw_subject_attribute_assurance_level,
+                                    mw_subject_attribute_its_aid_ssp_list
+                     )))) {
+                        log("*** " & testcasename() & ": FAIL: Required subject attribute of AT certificate is not found ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    v_attrs := v_at_cert.subject_attributes;
+                    for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
+                        if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
+                            log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    } // End of 'for' statement
+                    
+                    log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_04_01_BV
+                
+                /**
+                 * @desc Check that time_start_and_end is included in the AT certificate validation restrictions
+                 *       Check that time_start_and_end is inside the AA certificate time restrictions
+                 *       Check that validity restriction of AT certificate is inside the validity restriction of its issuing certificate 
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *   the IUT being in the 'authorized' state
+                 *   the IUT being requested to include certificate chain in the next CAM
+                 * } ensure that {
+                 *    when {
+                 *     the IUT is requested to send a CAM
+                 *   } then {
+                 *     the IUT sends a SecuredMessage
+                 *       containing header_fields['signer_info'].signer
+                 *         containing type
+                 *           indicating 'certificate_chain'
+                 *         containing certificates[last] 
+                 *           containing subject_info.subject_type
+                 *             indicating 'authorization_ticket' (1)
+                 *           not containing validity_restrictions['time_end']
+                 *           and not containing validity_restrictions['time_start_and_duration']
+                 *           and containing validity_restrictions['time_start_and_end'] 
+                 *             containing start_validity
+                 *               indicating START_AT_VALIDITY
+                 *             and containing end_validity
+                 *               indicating END_AT_VALIDITY
+                 *         and containing certificates[last-1] 
+                 *           containing validity_restrictions['time_end']
+                 *             containing end_validity
+                 *               indicating value > AT_END_VALIDITY
+                 *           or containing validity_restrictions['time_start_and_end']
+                 *             containing start_validity
+                 *               indicating value <= AT_START_VALIDITY
+                 *             containing end_validity
+                 *               indicating value > AT_END_VALIDITY
+                 *           or containing validity_restrictions['time_start_and_duration']
+                 *             containing start_validity
+                 *               indicating X_START_VALIDITY <= AT_START_VALIDITY
+                 *             and containing duration
+                 *               indicating value > AT_END_VALIDITY - X_START_VALIDITY
+                 *   }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_05_01_BV
+                 * @reference   ETSI TS 103 097 [1], clause 7.4.2
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var CertificateChain         v_chain;
+                    var Certificate              v_aa_cert, v_at_cert;
+                    var ValidityRestriction      v_vr, v_aa_vr;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
+                    tc_ac.start;
+                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (lengthof(v_chain) < 2) {
+                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
+                    }
+                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
+                    v_at_cert := v_chain[lengthof(v_chain) - 1];
+                    if (match (
+                        v_at_cert.validity_restrictions, 
+
+                            superset(
+                                mw_validity_restriction_time_end,
+                                mw_validity_restriction_time_start_and_duration
+                            )
+                    )) {
+                        log("*** " & testcasename() & ": FAIL: AT certificate must not contain time_end and time_start_and_duration restrictions ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    if ( true != f_getCertificateValidityRestriction(v_at_cert, e_time_start_and_end, v_vr)) {
+                        log("*** " & testcasename() & ": FAIL: AT certificate must contain time_start_and_end restrictions ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
+                        log("*** " & testcasename() & ": FAIL: start validity must not be greater then end validity in the validity restrictions of AT certificate ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_aa_vr)) {
+                        if (
+                            (v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_end.start_validity) or 
+                            (v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.time_start_and_end.end_validity)
+                        ) {
+                            log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***"); 
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    } else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_end, v_aa_vr)) {
+                        if (v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.end_validity) {
+                            log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***"); 
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    } else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_duration, v_aa_vr)) {
+                        var Time64 v_end := v_aa_vr.validity.time_start_and_duration.start_validity + f_duration2time(v_aa_vr.validity.time_start_and_duration.duration_);
+                        if (
+                            (v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_duration.start_validity) or 
+                            (v_vr.validity.time_start_and_end.end_validity > v_end)
+                        ) {
+                            log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***"); 
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    } else {
+                        log("*** " & testcasename() & ": FAIL: Wrong AA certificate time restrictions ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    log("*** " & testcasename() & ": PASS: Time validity restriction of the AT certificate is good ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_05_01_BV
+                
+                /**
+                 * @desc Check that all AIDs containing in the its_aid_ssp_list in AT certificate are unique 
+                 *       Check that all AIDs containing in the its_aid_ssp_list in AT certificate are also containing in the 
+                 *       its_aid_list in the correspondent AA certificate
+                 *       Check that the length of SSP of each AID is 31 octet maximum
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *   the IUT being in the 'authorized' state
+                 *   the IUT being requested to include certificate chain in the next CAM
+                 * } ensure that {
+                 *    when {
+                 *     the IUT is requested to send a CAM
+                 *   } then {
+                 *     the IUT sends a SecuredMessage
+                 *       containing header_fields['signer_info'].signer
+                 *         containing type
+                 *           indicating 'certificate_chain'
+                 *         containing certificates[last-1] 
+                 *           containing subject_info.subject_type
+                 *             indicating 'authorization_authority' (2)
+                 *           containing subject_attributes['its_aid_list']
+                 *             containing its_aid_list[0..N]
+                 *               indicating ITS_AID_LIST_AA
+                 *         containing certificates[last] 
+                 *           containing subject_info.subject_type
+                 *             indicating 'authorization_ticket' (1)
+                 *           containing subject_attributes['its_aid_ssp_list']
+                 *             containing its_aid_ssp_list[0..N] 
+                 *               containing its_aid_ssp_list[n]
+                 *                 containing its_aid
+                 *                   indicating unique value containing in the  ITS_AID_LIST_AA
+                 *                 containing service_specific_permissions
+                 *                   indicating length <= 31 octet
+                 *   }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_07_01_BV
+                 * @reference   ETSI TS 103 097 [1], clauses 6.9 and 7.4.2
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var CertificateChain         v_chain;
+                    var Certificate              v_aa_cert, v_at_cert;
+                    var SubjectAttribute         v_sa;
+                    var IntXs                    v_aid_list;
+                    var ItsAidSsps               v_aid_ssp_list;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
+                    tc_ac.start;
+                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (lengthof(v_chain) < 2) {
+                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
+                    }
+                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
+                    v_at_cert := v_chain[lengthof(v_chain) - 1];
+                    if (not f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
+                        log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    v_aid_list := v_sa.attribute.its_aid_list;
+                    
+                    if (not f_getCertificateSubjectAttribute(v_at_cert, e_its_aid_ssp_list, v_sa)) {
+                        log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    v_aid_ssp_list := v_sa.attribute.its_aid_ssp_list;
+                    
+                    for (var integer v_counter :=0; v_counter < lengthof(v_aid_ssp_list); v_counter := v_counter + 1) {
+                        // Check unique
+                        for (var integer j :=0; j < lengthof(v_aid_ssp_list); j := j + 1) {
+                            if (v_counter != j and v_aid_ssp_list[v_counter].its_aid == v_aid_ssp_list[j].its_aid) {
+                                log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is duplicated in AT certificate ***");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                        } // End of 'for' statement
+//                        if (not match(v_aid_ssp_list[v_counter], (all from v_aid_list))) {
+//                            log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is not exist in AA certificate ***");
+//                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+//                        }
+                        // TODO Not possible due to typing To be removed
+//                        if (lengthof(v_aid_ssp_list[v_counter].service_specific_permissions.sspContainer) > 31) {
+//                            log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " has too long service_specific_permissions ***");
+//                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+//                        }
+                    } // End of 'for' statement
+                    
+                    log("*** " & testcasename() & ": PASS: The ITS_AID_SSP list of the AT certificate is good ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_07_01_BV
+                
+                /**
+                 * @desc Check that AT certificate is signed by AA cert
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *   the IUT being in the 'authorized' state
+                 *   the IUT being requested to include certificate chain in the next CAM
+                 * } ensure that {
+                 *    when {
+                 *     the IUT is requested to send a CAM
+                 *   } then {
+                 *     the IUT sends a SecuredMessage
+                 *       containing header_fields['signer_info'].signer
+                 *         containing type
+                 *           indicating 'certificate_chain'
+                 *         containing certificates[last-1] (CERT_AA)
+                 *           containing subject_info.subject_type
+                 *             indicating 'authorization_authority' (2)
+                 *           and containing subject_attributes['verification key'] (KEY)
+                 *         containing certificates[last] 
+                 *           containing subject_info.subject_type
+                 *             indicating 'authorization_ticket' (1)
+                 *           and containing signer_info[0]
+                 *             containing type
+                 *               indicating 'certificate_digest_with_sha256'
+                 *             containing digest
+                 *               referencing to CERT_AA
+                 *           and containing signature
+                 *             verifiable using KEY
+                 *   }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_08_01_BV
+                 * @reference   ETSI TS 103 097 [1], clause 6.3
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var CertificateChain         v_chain;
+                    var Certificate              v_aa_cert, v_at_cert;
+                    var HashedId8                v_aa_digest;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
+                    tc_ac.start;
+                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (lengthof(v_chain) < 2) {
+                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
+                    }
+                    v_at_cert := v_chain[lengthof(v_chain) - 1];
+                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
+                    v_aa_digest := f_calculateDigestFromCertificate(v_aa_cert); 
+                    
+                    if (not match(v_at_cert, mw_at_certificate(mw_signerInfo_digest(v_aa_digest)))) {
+                        log("*** " & testcasename() & ": FAIL: AT certificate signer info doesn't reference the  AA certificate from the chain ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    if (not f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
+                        log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    
+                    log("*** " & testcasename() & ": PASS: AT certificate was signed by the AA certificate from the given chain ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_08_01_BV
+                
+                /**
+                 * @desc Check that all necessary validity restrictions are present and arranged in ascending order 
+                 * <pre>
+                 * Pics Selection: PICS_GN_SECURITY
+                 * Config Id: CF01
+                 * with {
+                 *   the IUT being in the 'authorized' state
+                 *   the IUT being requested to include certificate in the next CAM
+                 * } ensure that {
+                 *    when {
+                 *     the IUT is requested to send a CAM
+                 *   } then {
+                 *     the IUT sends a SecuredMessage
+                 *       containing header_fields['signer_info'].signer
+                 *         containing type
+                 *           indicating 'certificate'
+                 *         containing certificate
+                 *           containing subject_attributes [0..N]
+                 *             indicating subject_attributes[n].type < subject_attributes[n+ 1].type
+                 *             containing subject_attributes['verification_key']
+                 *             containing subject_attributes['assurance_level']
+                 *             containing subject_attributes['its_aid_ssp_list']
+                 *   }
+                 * }
+                 * </pre>
+                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_10_01_BV
+                 * @reference   ETSI TS 103 097 [1], clauses 6.1
+                 */
+                testcase TC_SEC_ITSS_SND_CERT_AT_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                    var Certificate             v_at_cert;
+                    var ValidityRestriction     v_vr;
+                    var ValidityRestrictions    v_vrs;
+                    
+                    // Test control
+                    if (not(PICS_GN_SECURITY)) {
+                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                        stop;
+                    }
+                    
+                    // Test component configuration
+                    f_cf01Up();
+                    
+                    // Test adapter configuration
+                    
+                    // Preamble
+                    f_prNeighbour();
+                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                    // Test Body
+                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
+                    tc_ac.start;
+                    if (not f_waitForCertificate(v_at_cert)) {
+                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+                    }
+                    tc_ac.stop;
+                    if (not match(
+                        v_at_cert, 
+                            mw_at_certificate(
+                                mw_signerInfo_certificate
+                     ))) {
+                    }
+                    
+                    if (true != f_getCertificateValidityRestriction(v_at_cert.signer_info.signerInfo.certificate, e_time_start_and_end, v_vr)) {
+                        log("*** " & testcasename() & ": FAIL: Required 'time_start_and_end' validity_restriction attribute of AT certificate is not found ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    v_vrs := v_at_cert.signer_info.signerInfo.certificate.validity_restrictions;
+                    for (var integer v_counter := 1; v_counter < lengthof(v_vrs); v_counter := v_counter + 1 ) {
+                        if (v_vrs[v_counter].type_ <= v_vrs[v_counter-1].type_) {
+                            log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    } // End of 'for' statement
+                    
+                    log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    
+                    // Postamble
+                    f_poNeighbour();
+                    f_cf01Down();
+                } // End of testcase TC_SEC_ITSS_SND_CERT_AT_10_01_BV
+                
+            } // End of group AT_Certificates 
+            
+        } // End of group sendCertificatesProfile
+    
+    } // End of group sendingBehavior
+    
+    /**
+     * @desc Receiver behaviour test cases
+     * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3 Receiver behaviour
+     */
+    group receiverBehavior {
+        
+        /**
+         * @desc Receiving behaviour test cases for CAM profile
+         * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3.2 CAM Profile
+         */
+        group recvCamProfile {
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured CAM containing certificate in signer_info
+             * <pre>
+             * Pics Selection: PICS_GN_SECURITY
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT current time is inside the time validity period of CERT_TS_A_AT
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage
+             *              containing protocol_version 
+             *                  indicating value '2'
+             *              and containing header_fields[0]
+             *                  containing type 
+             *                      indicating 'signer_info'
+             *                  and containing signer 
+             *                      containing type
+             *                          indicating 'certificate'
+             *                      and containing certificate (CERT_TS_AT_A)
+             *                          containing subject_info.subject_type
+             *                              indicating 'authorization_ticket' (2)
+             *                          and containing subject_attributes['verification key'] (KEY)
+             *              and containing header_fields [1]
+             *                  containing type
+             *                      indicating 'generation_time'
+             *                  containing generation_time
+             *                      indicating CURRENT_TIME
+             *              and containing header_fields[2] 
+             *                  containing type
+             *                      indicating 'its_aid'
+             *                  containing its_aid
+             *                      indicating 'AID_CAM'
+             *              and not containing any other header fields
+             *              and containing payload_field 
+             *                  containing type
+             *                      indicating 'signed'
+             *                  containing data
+             *                      indicating length > 0
+             *                      containing CAM payload
+             *              and containing trailer_fields 
+             *                  containing single instance of type TrailerField
+             *                      containing type
+             *                          indicating 'signature'
+             *                      containing signature
+             *                          verifiable using KEY
+             *      } then {
+             *          the IUT accepts the message
+             *      }
+             *  }
+             * </pre>
+             *
+             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_RCV_CAM_01_01_BV
+             * @reference    ETSI TS 103 097 [1], clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                var GnRawPayload v_sentRawPayload;
+                
+                // Test adapter configuration
+                if (not(PICS_GN_SECURITY)) {
+                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
+                    stop;
+                }
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate);
+                
+                f_sleep(PX_TNOAC);
+                v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
+                    // Empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_01_01_BV
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured CAM containing certificate digest of the known certificate in signer_info
+             * <pre>
+             * Pics Selection: PICS_GN_SECURITY
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT current time is inside the time validity period of CERT_TS_A_AT
+             *      and the IUT already sent a Secured message containing certificate (CERT_TS_A_AT)
+             *          containing subject_info.subject_type
+             *              indicating 'authorization_ticket' (2)
+             *          and containing subject_attributes['verification key'] (KEY)
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage
+             *              containing protocol_version 
+             *                  indicating value '2'
+             *              and containing header_fields[0]
+             *                  containing type 
+             *                      indicating 'signer_info'
+             *                  and containing signer
+             *                      containing type
+             *                          indicating 'certificate_digest_with_sha256'
+             *                      and containing digest
+             *                          referencing to certificate (CERT_TS_A_AT)
+             *              and containing header_fields [1]
+             *                  containing type
+             *                      indicating 'generation_time'
+             *                  containing generation_time
+             *                      indicating CURRENT_TIME
+             *              and containing header_fields[2]
+             *                  containing type
+             *                      indicating 'its_aid'
+             *                  containing its_aid