Newer
Older
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
// Generate EC certificate
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate)
// Send AuthorizationRequest
f_http_build_authorization_request(v_ec_certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_request_from_iut( // Wait for authorizationValidation Request from IUT to EA
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo, * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
var integer v_result;
tc_ac.stop;
f_verify_http_at_request_from_iut_atv(v_request.request, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_request, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": INFO: IUT has sent AuthorizationValidation request ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
log("*** " & testcasename() & ": FAIL: Failed to verify AuthorizationValidation request ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
// Test Body
// Send AuthorizationValidationResponse
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_response(v_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
tc_ac.stop;
// Verify IUT response
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: IUT has sent AuthorizationValidation response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify AuthorizationValidation response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
f_cfHttpDown();
} // End of testcase TC_SECPKI_AA_AUTHVAL_RCV_01_BV
/**
* @desc Check that AA doesn't accept Authorization Validation Response message when this message is
* signed with certificate without appropriate permissions
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the ITSS in "enrolled" state
* the EA in "operational" state
* and the IUT(AA) in "operational" state
* and the IUT had received the AuthorizationRequest from the ITSS
* and the IUT sent the AuthorizationValidationRequest
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives the AuthorizationValidationResponseMessage
* containing signer
* containing digest
* indicating HashedId8 of the certificate
* containing appPermissions
* not containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* or containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* and containing ssp
* containing opaque[0] (version)
* indicating other value than 1
* or containing opaque[1] (value)
* indicating "AuthorizationValidationResponse" (bit 4) set to 0
* }
* then {
* the IUT answers with an AuthorisationValidationResponseMessage
* containing responseCode
* indicating non-zero value
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v0.0.10 SECPKI_AA_AUTHVAL_RCV_02_BI
* @reference ETSI TS 102 941, clause 6.2.3.3.2
*/
testcase TC_SECPKI_AA_AUTHVAL_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {} // End of testcase TC_SECPKI_AA_AUTHVAL_RCV_02_BI
} // End of group authorization_validation_response
} // End of group aa_beavior
} // End of module ItsPki_TestCases