ItsSecurity_TestCases.ttcn3 1.4 MB
Newer Older
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_01_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
garciay's avatar
garciay committed
                var Certificate         v_cert;
                var ValidityRestriction v_vr;
                var integer             v_counter;
garciay's avatar
garciay committed
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
garciay's avatar
garciay committed
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_C;
garciay's avatar
garciay committed
                    
                // Test adapter configuration
garciay's avatar
garciay committed
                    
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
garciay's avatar
garciay committed
                // Test body
                tc_ac.start;
                if (not f_waitForCertificate(v_cert)) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
garciay's avatar
garciay committed
                tc_ac.stop;
                if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
                    if (v_vr.validity.region.region_type == e_rectangle) {
                        var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
                        if (lengthof(v_rects) > 6) {
                            log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
garciay's avatar
garciay committed
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        for (v_counter := 0; v_counter<lengthof(v_rects); v_counter := v_counter + 1) {
                            var RectangularRegion v_rect := v_rects[v_counter];
                            if (true != f_isValidTwoDLocation(v_rect.northwest)) {
                                log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (true != f_isValidTwoDLocation(v_rect.southeast)) {
                                log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            // Check normality of the rectangle
                            if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
                                log("*** " & testcasename() & ": FAIL: Rectangular region " & int2str(v_counter) & " is not normalized ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        } // End of 'for' statement
                        
                        // Check for continuous rectangles
                        if (lengthof(v_rects) > 1) { 
                            if (true !=  f_isContinuousRectangularRegions(v_rects)) { // FIXME Not implemented
garciay's avatar
garciay committed
                                log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            } else {
                                log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
garciay's avatar
garciay committed
                            }
                        }
                    } else {
                        log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
                    }
                } else {
                    log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_04_01_BV
garciay's avatar
garciay committed
             * @desc Check that the rectangular region validity restriction of all certificates contains not more than 
             *       six valid rectangles; 
             *       Check that the rectangular region validity restriction of the AT certificate is continuous and 
             *       does not contain any holes 
             *       Check that the rectangular certificate validity region of the subordinate certificate is well formed and 
             *       inside the validity region of the issuing certificate 
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
             * Config Id: CF01
garciay's avatar
garciay committed
             * with {
             *     the IUT being in the 'authorized' state
             *     the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *   when {
             *     the IUT is requested to send a CAM
             * } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             containing certificates
             *                indicating length N > 0
             *                and containing certificates [n] 0..n
             *                    containing validity_restrictions['region']
             *                        containing region_type
             *                            indicating 'rectangle'
             *                        and containing rectangular_region
             *                            indicating length <= 6
garciay's avatar
garciay committed
             *                            and containing elements of type RectangularRegion
             *                                containing northwest and southeast
             *                                    indicating northwest  on the north from southeast
             *                                and indicating continuous region without holes
garciay's avatar
garciay committed
             *    }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_02_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
garciay's avatar
garciay committed
                var CertificateChain    v_chain;
                var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown);  // current and issuing cert validity restrictions
garciay's avatar
garciay committed
                var boolean             f_vr := false, f_vri := false;
garciay's avatar
garciay committed
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
garciay's avatar
garciay committed
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_C;
garciay's avatar
garciay committed
                    
                // Test adapter configuration
garciay's avatar
garciay committed
                    
                // Preamble
                f_prNeighbour();
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
garciay's avatar
garciay committed
                tc_ac.stop;
                for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
                    v_vri := v_vr;
                    f_vri := f_vr;
                    f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
                    log("v_chain[v_counter]=", v_chain[v_counter]);
                    if (f_vr) {
                        var RectangularRegions v_rects;
                        if (v_vr.validity.region.region_type != e_rectangle) {
                            log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        v_rects := v_vr.validity.region.region.rectangular_region;
                        log("v_rects=", v_rects);
                        if (lengthof(v_rects) > 6) {
                            log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
garciay's avatar
garciay committed
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        for (var integer j:=0; j<lengthof(v_rects); j:=j + 1) {
                            var RectangularRegion v_rect := v_rects[j];
                            if (true != f_isValidTwoDLocation(v_rect.northwest)) {
                                log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (true != f_isValidTwoDLocation(v_rect.southeast)) {
                                log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            // Check normality of the rectangle
                            if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
                                log("*** " & testcasename() & ": FAIL: Rectangle " & int2str(v_counter) & " is not normalized ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        if (f_vri) {
                            // current restrictions must be inside of the parent one
                            if (not f_isRectangularRegionsInside(v_vri.validity.region.region.rectangular_region, v_rects)) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction region is not inside the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                    } else {
                        // Region validity restriction is not exist
                        if (f_vri) {
                            log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set if thi restriction exists in the issuing certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                } // End of 'for' statement
garciay's avatar
garciay committed
                // FIXME Check holes
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: All certificates has a valid rectangular region restrictions ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_04_02_BV
garciay's avatar
garciay committed
             * @desc Check that the polygonal certificate validity region contains at least three and no more than 12 points
             *       Check that the polygonal certificate validity region does not contain intersections and holes 
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
             * Config Id: CF01
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate'
             *             containing certificate
             *                 containing validity_restrictions['region']
             *                 and containing region_type
             *                     indicating 'polygon'
             *                 and containing polygonal_region 
             *                     indicating length >=3 and <=12
             *                     and indicating continuous region without holes and intersections
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_01_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clause 4.2.24
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                var Certificate         v_cert;
                var ValidityRestriction v_vr;
                var integer             v_counter;
garciay's avatar
garciay committed
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
garciay's avatar
garciay committed
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_D;
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
garciay's avatar
garciay committed
                // Test body
                tc_ac.start;
                if (not f_waitForCertificate(v_cert)) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
garciay's avatar
garciay committed
                tc_ac.stop;
                if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) { 
                    if (v_vr.validity.region.region_type == e_polygon) {
                        var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region;
                        var integer v_length := lengthof(v_pr);
                        if (v_length < 3) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        if (v_length > 12) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        if (true != f_isValidPolygonalRegion(v_pr)) {
                            log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
garciay's avatar
garciay committed
                        // FIXME Check holes
garciay's avatar
garciay committed
                    } else {
                        log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
                    }
                } else {
                    log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_05_01_BV
garciay's avatar
garciay committed
             * @desc Check that the polygonal certificate validity region is inside the validity region of the issuing certificate
             *       Check that the issuing polygonal certificate validity region contains at least three and no more than 12 points 
             *       Check that the issuing polygonal certificate validity region does not contain intersections and holes 
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
             * Config Id: CF01
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificates
             *                 indicating length > 0
             *             and containing certificates [n] (0..n)
             *                 containing validity_restrictions['region']
             *                     containing region_type
             *                         indicating 'polygon'
             *                     and containing polygonal_region
             *                         indicating length >=3 and <=12
garciay's avatar
garciay committed
             *                         and indicating continuous region without holes and intersections
garciay's avatar
garciay committed
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_02_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clause 4.2.24
             */
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                // Local declarations
                var CertificateChain    v_chain;
                var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown);  // current and issuing cert validity restrictions
                var boolean f_vr := false, f_vri := false;
                
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
garciay's avatar
garciay committed
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_D;
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
garciay's avatar
garciay committed
                f_vr := false;
                tc_ac.stop;
                for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
                    v_vri := v_vr;
                    f_vri := f_vr;
                    f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
                    if (f_vr) {
                        var PolygonalRegion v_pr;
                        var integer v_length;
                        
                        if (v_vr.validity.region.region_type != e_polygon) {
                            log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        v_pr := v_vr.validity.region.region.polygonal_region;
                        v_length := lengthof(v_pr);
                        
                        if (v_length < 3) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        if (v_length > 12) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big  in cert " & int2str(v_counter) & "***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        if (true != f_isValidPolygonalRegion(v_pr)) {
                            log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        if (f_vri) {
                            // current restrictions must be inside of the parent one
                            if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
garciay's avatar
garciay committed
                            // FIXME Check holes
garciay's avatar
garciay committed
                        }
                    } else {
                        // Region validity restriction is not exist
                        if (f_vri) {
                            log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate "  & int2str(v_counter) &
                                                                  "because this restriction exists in the issuing certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                } // End of 'for' statement
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_05_02_BV
garciay's avatar
garciay committed
            
garciay's avatar
garciay committed
             * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes 
             *       as defined in ISO 3166-1 or defined by United Nations Statistics Division 
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
             * Config Id: CF01
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate'
             *             and containing certificate 
             *                 containing validity_restrictions['region']
             *                     containing region
             *                         containing region_type
             *                             indicating 'id'
             *                         and containing id_region
             *                             containing region_dictionary
             *                                 indicating 'iso_3166_1' (0)
             *                             and containing region_identifier
             *                                 indicating valid value according to 'iso_3166_1'
             *                         and containing local_region
             *                     or containing region
             *                         containing id_region
             *                             containing region_dictionary
             *                                  indicating 'un_stats'
             *                             and containing region_identifier
             *                                 indicating valid value according to UN STATS
             *                             and containing local_region
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_01_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                var Certificate         v_cert;
                var ValidityRestriction v_vr;
                var integer             v_counter;
garciay's avatar
garciay committed
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
garciay's avatar
garciay committed
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_E;
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
garciay's avatar
garciay committed
                // Test body
                tc_ac.start;
                if (not f_waitForCertificate(v_cert)) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
garciay's avatar
garciay committed
                tc_ac.stop;
                if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
                    if (v_vr.validity.region.region_type == e_id) {
                        if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
                            log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        } else if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
                            log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    log("*** " & testcasename() & ": PASS: Certificate has a valid  region ID restrictions ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                } else {
                    log("*** " & testcasename() & ": FAIL: Certificate doesn't have any location restrictions ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_06_01_BV
garciay's avatar
garciay committed
             * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes 
             *       as defined in ISO 3166-1 or defined by United Nations Statistics Division
             *       Check that the identified certificate validity region contains values defining the region which is inside 
             *       the validity region of the issuing certificate 
garciay's avatar
garciay committed
             * @remark The case when signing certificate and issuing certificate contain different type of region validity restriction is not supported by this test 
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
             * Config Id: CF01
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificate 
             *                 indicating length N > 1
garciay's avatar
garciay committed
             *                 and containing certificates[n] (0..N)
garciay's avatar
garciay committed
             *                     containing validity_restrictions['region']
             *                         containing region
             *                             containing region_type
             *                                 indicating 'id'
             *                             and containing id_region
             *                                     containing region_dictionary
             *                                     indicating 'iso_3166_1' (0)
             *                                 and containing region_identifier
             *                                     indicating valid value according to 'iso_3166_1'
             *                             and containing local_region
             *                         or containing region
             *                             containing id_region
             *                                 containing region_dictionary
             *                                     indicating 'un_stats'
             *                                 and containing region_identifier
             *                                     indicating valid value according to UN STATS
             *                                 and containing local_region
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_02_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_06_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                var CertificateChain         v_chain;
                var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown);  // current and issuing cert validity restrictions
                var boolean f_vr := false, f_vri := false;
garciay's avatar
garciay committed
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
garciay's avatar
garciay committed
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_E;
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
garciay's avatar
garciay committed
                f_vr := false;
                tc_ac.stop;
                for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
                    v_vri := v_vr;
                    f_vri := f_vr;
                    f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
                    
                    if (f_vr) {
                        if (v_vr.validity.region.region_type == e_id) {
                            if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
                                log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
                                log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        
                        if (f_vri) {
                            // the region code must be the same
                            if (v_vr.validity.region.region.id_region.region_identifier !=
                               v_vri.validity.region.region.id_region.region_identifier) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (    v_vri.validity.region.region.id_region.local_region != 0 
                               and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region ) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        
                    } else {
                        // Region validity restriction is not exist
                        if (f_vri) {
                            log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate "  & int2str(v_counter) &
                                                                  "because this restriction exists in the issuing certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: All certificates has a valid identified regionrestrictions ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_06_02_BV
garciay's avatar
garciay committed
            
garciay's avatar
garciay committed
             * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction 
             * <pre>
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
garciay's avatar
garciay committed
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificates 
             *                 indicating length N > 1
             *                 and containing certificates[n] (0..N)
             *                     indicating certificate
             *                         not containing validity_restrictions['region']
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     not containing validity_restrictions['region']
             *                     or indicating certificate
             *                         containing validity_restrictions['region']
             *                             containing region.region_type
             *                                 indicating 'none'
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     not containing validity_restrictions['region']
             *                                     or containing validity_restrictions['region']
             *                                         containing region.region_type
             *                                             indicating 'none'
             *                     or indicating certificate
             *                         containing validity_restrictions['region']
             *                             containing region.region_type
             *                                 indicated 'circle'
             *                                 or indicated 'rectangle'
             *                                 or indicated 'polygon'
             *                                 or indicated 'id'
             *                             and containing region (X_CERT__REGION)
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     not containing validity_restrictions['region']
             *                                     or containing validity_restrictions['region']
             *                                         containing region.region_type
             *                                             indicating 'none'
             *                                     or containing validity_restrictions['region']
             *                                         containing region
             *                                             indicating region fully covering the X_CERT_REGION
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_01_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
garciay's avatar
garciay committed
             */
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                var CertificateChain    v_chain;
                var Certificate         v_cert, v_cert_issuer;
                var SignerInfo          v_si;
                var UInt8               v_counter;
                var HashedId8           v_digest;
                var CertificatesCaching v_certificatesCaching;
                var FncRetCode          v_result_status := e_success;
                
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
garciay's avatar
garciay committed
                    stop;
                }
                    
                // Test component configuration
//                vc_hashedId8ToBeUsed := cc_iutCert_E;
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
                
                // Test Body
                // 1. Create a cache of certificates
                f_createCertificatesCaching(v_chain, v_certificatesCaching);
                // 2. Process the certificates
                v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
                while (v_counter != 0) {
                    // Get the first certificate
                    if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    // Retrive SigneInfo field
                    if (not f_getCertificateSignerInfo(v_cert, v_si)) {
                        log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
                        v_result_status := e_error;
                        break;
                    }
                    if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Get issuer
                    if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that cert is signed by issuing cert
                    v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
                    if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction 
                    if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    
                    // Prepare next loop
                    v_counter := v_counter - 1;
                    
                } // End of 'while' statement
                if (v_result_status == e_success) {
                    log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
                }
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_07_01_BV
garciay's avatar
garciay committed
            
            /**
             * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
             * <pre>
garciay's avatar
garciay committed
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
garciay's avatar
garciay committed
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificates 
             *                 indicating length N > 1
             *                 and containing certificates[n] (0..N)
             *                     indicating certificate
             *                         containing validity_restrictions['region']
             *                             containing region.region_type
             *                                 indicated 'id'
             *                             and containing id_region
             *                                 containing region_dictionary
             *                                     indicating 'iso_3166_1' 
             *                                     or indicating 'un_stat' 
             *                                 and containing region_identifier (X_CERT_REGION_ID)
             *                                     indicating valid value according to 'iso_3166_1' or 'un_stat' 
             *                                 and containing local_region (X_CERT_LOCAL_REGION)
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     containing validity_restrictions['region']
             *                                         containing region
             *                                             indicated 'id'
             *                                         and containing id_region
             *                                             containing region_dictionary
             *                                                 indicating 'iso_3166_1' 
             *                                                 or indicating 'un_stat' 
             *                                             and containing region_identifier
             *                                                 indicating value == X_CERT_REGION_ID
             *                                             and containing local_region
             *                                                 indicating value == X_CERT_LOCAL_REGION
             *                                                 or indicating 0
             *                                             or containing id_region
             *                                                 containing region_dictionary
             *                                                    indicating 'un_stats'
             *                                                 and containing region_identifier
             *                                                     indicating region fully covering the X_CERT_REGION
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_02_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
garciay's avatar
garciay committed
             */
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_07_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                var CertificateChain    v_chain;
                var Certificate         v_cert, v_cert_issuer;
                var SignerInfo          v_si;
                var UInt8               v_counter;
                var HashedId8           v_digest;
                var CertificatesCaching v_certificatesCaching;
                var FncRetCode          v_result_status := e_success;
                
                // Test control
garciay's avatar
garciay committed
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
garciay's avatar
garciay committed
                    stop;
                }
                    
                // Test component configuration
//                vc_hashedId8ToBeUsed := cc_iutCert_E;
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
                
                // Test Body
                // 1. Create a cache of certificates
                f_createCertificatesCaching(v_chain, v_certificatesCaching);
                // 2. Process the certificates
                v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
                while (v_counter != 0) {
                    // Get the first certificate
                    if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    // Retrive SigneInfo field
                    if (not f_getCertificateSignerInfo(v_cert, v_si)) {
                        log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
                        v_result_status := e_error;
                        break;
                    }
                    if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Get issuer
                    if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that cert is signed by issuing cert
                    v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
                    if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction 
                    if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    
                    // Prepare next loop
                    v_counter := v_counter - 1;
                    
                } // End of 'while' statement
                if (v_result_status == e_success) {
                    log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
                }
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV
garciay's avatar
garciay committed
            
            /**
garciay's avatar
garciay committed
             * @desc Check the certificate chain to ensure that the time validity restriction of the subordinate certificate is inside the time validity restriction of the issuing certificate
garciay's avatar
garciay committed
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
garciay's avatar
garciay committed
             *                 indicating 'certificate_chain'
garciay's avatar
garciay committed
             *             containing certificates
             *                 containing certificates[last-1]
             *                     containing validity_restrictions
             *                         containing validity_restrictions['time_start_and_end']
             *                             containing start_validity
             *                                 indicating START_AA_VALIDITY
             *                             containing end_validity
             *                                 indicating END_AA_VALIDITY >= START_AA_VALIDITY
             *                     and containing signer_info
             *                         containing digest
             *                             referenced to the trusted certificate
             *                                 containing validity_restrictions['time_end']
             *                                     containing end_validity
             *                                         indicating value > AA_END_VALIDITY
             *                                 or containing validity_restrictions['time_start_and_end']
             *                                     containing start_validity
             *                                         indicating value <= AA_START_VALIDITY
             *                                      and containing end_validity
             *                                         indicating value > AA_END_VALIDITY
             *                                 or containing validity_restrictions['time_start_and_duration']
             *                                     containing start_validity
             *                                         indicating X_START_VALIDITY <= AA_START_VALIDITY
             *                                     and containing duration
             *                                         indicating value > AA_END_VALIDITY - X_START_VALIDITY
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_08_01_BV
garciay's avatar
garciay committed
             * @reference   ETSI TS 103 097 [1], clauses 7.4.4
             */
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_CERT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                var CertificateChain         v_chain;
                var Certificate              v_aa_cert;
                var ValidityRestriction      v_vr;
                var SignerInfo               v_si;
                var Time64                   v_generationTime;
                var Time64                   v_curTime;
                var Time64                   v_startTime, v_endTime, v_duration;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();