Skip to content
GitLab
Switch branch/tag
Find file Normal viewHistoryPermalink
ItsSecurity_TestCases.ttcn3 1.4 MB
Newer Older
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5001 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5002 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_01_BV
garciay's avatar
STF507: Week #1    
garciay committed
5003 
             * @reference   ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5004 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5005 
            testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5006 
                // Local variables
garciay's avatar
STF507: Week #1    
garciay committed
5007
5008
5009 
                var Certificate         v_cert;
                var ValidityRestriction v_vr;
                var integer             v_counter;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5010
garciay's avatar
STF507: Week #1    
garciay committed
5011 
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5012
5013 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5014
5015 
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
5016
5017
5018 
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_C;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5019 
                f_cf01Up();
garciay's avatar
STF507: Week #1    
garciay committed
5020
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5021 
                // Test adapter configuration
garciay's avatar
STF507: Week #1    
garciay committed
5022
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5023
5024
5025
5026 
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
STF507: Week #1    
garciay committed
5027
5028 
                // Test body
                tc_ac.start;
garciay's avatar
STF507 week#11: Enforce f_waitForCertificate    
garciay committed
5029
5030
5031
5032 
                if (not f_waitForCertificate(v_cert)) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
garciay's avatar
STF507: Week #1    
garciay committed
5033
5034
5035
5036
5037 
                tc_ac.stop;
                if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
                    if (v_vr.validity.region.region_type == e_rectangle) {
                        var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
                        if (lengthof(v_rects) > 6) {
garciay's avatar
STF507: Bug fixed in mw_secCamPayload    
garciay committed
5038 
                            log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
garciay's avatar
STF507: Week #1    
garciay committed
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059 
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        for (v_counter := 0; v_counter<lengthof(v_rects); v_counter := v_counter + 1) {
                            var RectangularRegion v_rect := v_rects[v_counter];
                            if (true != f_isValidTwoDLocation(v_rect.northwest)) {
                                log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (true != f_isValidTwoDLocation(v_rect.southeast)) {
                                log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            // Check normality of the rectangle
                            if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
                                log("*** " & testcasename() & ": FAIL: Rectangular region " & int2str(v_counter) & " is not normalized ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        } // End of 'for' statement
                        
                        // Check for continuous rectangles
                        if (lengthof(v_rects) > 1) {
garciay's avatar
STF507: Bug fixed in mw_secCamPayload    
garciay committed
5060 
                            if (true !=  f_isContinuousRectangularRegions(v_rects)) { // FIXME Not implemented
garciay's avatar
STF507: Week #1    
garciay committed
5061
5062 
                                log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
STF507: Bug fixed in mw_secCamPayload    
garciay committed
5063
5064
5065 
                            } else {
                                log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
garciay's avatar
STF507: Week #1    
garciay committed
5066
5067
5068
5069
5070
5071
5072
5073 
                            }
                        }
                    } else {
                        log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
                    }
                } else {
                    log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5074
5075
5076
5077
5078
5079 
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
5080
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5081 
            } // End of testcase TC_SEC_ITSS_SND_CERT_04_01_BV
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5082
5083 
            
            /**
garciay's avatar
STF507: Week #1    
garciay committed
5084
5085
5086
5087
5088
5089 
             * @desc Check that the rectangular region validity restriction of all certificates contains not more than 
             *       six valid rectangles; 
             *       Check that the rectangular region validity restriction of the AT certificate is continuous and 
             *       does not contain any holes 
             *       Check that the rectangular certificate validity region of the subordinate certificate is well formed and 
             *       inside the validity region of the issuing certificate
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5090 
             * <pre>
garciay's avatar
STF507 week#9:    
garciay committed
5091 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5092 
             * Config Id: CF01
garciay's avatar
STF507: Week #1    
garciay committed
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111 
             * with {
             *     the IUT being in the 'authorized' state
             *     the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *   when {
             *     the IUT is requested to send a CAM
             * } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             containing certificates
             *                indicating length N > 0
             *                and containing certificates [n] 0..n
             *                    containing validity_restrictions['region']
             *                        containing region_type
             *                            indicating 'rectangle'
             *                        and containing rectangular_region
             *                            indicating length <= 6
garciay's avatar
STF507 week#9:    
garciay committed
5112
5113
5114
5115 
             *                            and containing elements of type RectangularRegion
             *                                containing northwest and southeast
             *                                    indicating northwest  on the north from southeast
             *                                and indicating continuous region without holes
garciay's avatar
STF507: Week #1    
garciay committed
5116
5117 
             *    }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5118 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5119 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_02_BV
garciay's avatar
STF507: Week #1    
garciay committed
5120 
             * @reference   ETSI TS 103 097 [1], clauses 4.2.20 and 4.2.23
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5121 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5122 
            testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5123 
                // Local variables
garciay's avatar
STF507: Week #1    
garciay committed
5124
5125 
                var CertificateChain    v_chain;
                var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown);  // current and issuing cert validity restrictions
garciay's avatar
STF507 week#9:    
garciay committed
5126 
                var boolean             f_vr := false, f_vri := false;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5127
garciay's avatar
STF507: Week #1    
garciay committed
5128 
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5129
5130 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5131
5132 
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
5133
5134
5135 
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_C;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5136 
                f_cf01Up();
garciay's avatar
STF507: Week #1    
garciay committed
5137
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5138 
                // Test adapter configuration
garciay's avatar
STF507: Week #1    
garciay committed
5139
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5140
5141 
                // Preamble
                f_prNeighbour();
garciay's avatar
STF507: Week #1    
garciay committed
5142
5143
5144
5145
5146
5147
5148
5149 
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5150
5151 
                
                // Test Body
garciay's avatar
STF507: Week #1    
garciay committed
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166 
                tc_ac.stop;
                for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
                    v_vri := v_vr;
                    f_vri := f_vr;
                    f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
                    log("v_chain[v_counter]=", v_chain[v_counter]);
                    if (f_vr) {
                        var RectangularRegions v_rects;
                        if (v_vr.validity.region.region_type != e_rectangle) {
                            log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        v_rects := v_vr.validity.region.region.rectangular_region;
                        log("v_rects=", v_rects);
                        if (lengthof(v_rects) > 6) {
garciay's avatar
STF507: Bug fixed in mw_secCamPayload    
garciay committed
5167 
                            log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
garciay's avatar
STF507: Week #1    
garciay committed
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200 
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        for (var integer j:=0; j<lengthof(v_rects); j:=j + 1) {
                            var RectangularRegion v_rect := v_rects[j];
                            if (true != f_isValidTwoDLocation(v_rect.northwest)) {
                                log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (true != f_isValidTwoDLocation(v_rect.southeast)) {
                                log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            // Check normality of the rectangle
                            if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
                                log("*** " & testcasename() & ": FAIL: Rectangle " & int2str(v_counter) & " is not normalized ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        if (f_vri) {
                            // current restrictions must be inside of the parent one
                            if (not f_isRectangularRegionsInside(v_vri.validity.region.region.rectangular_region, v_rects)) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction region is not inside the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                    } else {
                        // Region validity restriction is not exist
                        if (f_vri) {
                            log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set if thi restriction exists in the issuing certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                } // End of 'for' statement
garciay's avatar
STF507 week#9:    
garciay committed
5201 
                // FIXME Check holes
garciay's avatar
STF507: Week #1    
garciay committed
5202
5203 
                log("*** " & testcasename() & ": PASS: All certificates has a valid rectangular region restrictions ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5204
5205
5206
5207 
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
5208
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5209 
            } // End of testcase TC_SEC_ITSS_SND_CERT_04_02_BV
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5210
5211 
            
            /**
garciay's avatar
STF507: Week #1    
garciay committed
5212
5213 
             * @desc Check that the polygonal certificate validity region contains at least three and no more than 12 points
             *       Check that the polygonal certificate validity region does not contain intersections and holes
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5214 
             * <pre>
garciay's avatar
STF507 week#9:    
garciay committed
5215 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5216 
             * Config Id: CF01
garciay's avatar
STF507: Week #1    
garciay committed
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236 
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate'
             *             containing certificate
             *                 containing validity_restrictions['region']
             *                 and containing region_type
             *                     indicating 'polygon'
             *                 and containing polygonal_region 
             *                     indicating length >=3 and <=12
             *                     and indicating continuous region without holes and intersections
             *   }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5237 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5238 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_01_BV
garciay's avatar
STF507: Week #1    
garciay committed
5239 
             * @reference   ETSI TS 103 097 [1], clause 4.2.24
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5240 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5241 
            testcase TC_SEC_ITSS_SND_CERT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
5242
5243
5244 
                var Certificate         v_cert;
                var ValidityRestriction v_vr;
                var integer             v_counter;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5245
garciay's avatar
STF507: Week #1    
garciay committed
5246 
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5247
5248 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5249
5250 
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
5251
5252
5253 
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_D;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5254
5255 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5256
5257 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5258
5259
5260
5261 
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
STF507: Week #1    
garciay committed
5262
5263 
                // Test body
                tc_ac.start;
garciay's avatar
STF507 week#11: Enforce f_waitForCertificate    
garciay committed
5264
5265
5266
5267 
                if (not f_waitForCertificate(v_cert)) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
garciay's avatar
STF507: Week #1    
garciay committed
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286 
                tc_ac.stop;
                if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) { 
                    if (v_vr.validity.region.region_type == e_polygon) {
                        var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region;
                        var integer v_length := lengthof(v_pr);
                        if (v_length < 3) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        if (v_length > 12) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        if (true != f_isValidPolygonalRegion(v_pr)) {
                            log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
garciay's avatar
STF507 week#9:    
garciay committed
5287 
                        // FIXME Check holes
garciay's avatar
STF507: Week #1    
garciay committed
5288
5289
5290
5291
5292
5293 
                    } else {
                        log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
                    }
                } else {
                    log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5294
5295
5296
5297
5298
5299 
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
5300
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5301 
            } // End of testcase TC_SEC_ITSS_SND_CERT_05_01_BV
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5302
5303 
            
            /**
garciay's avatar
STF507: Week #1    
garciay committed
5304
5305
5306 
             * @desc Check that the polygonal certificate validity region is inside the validity region of the issuing certificate
             *       Check that the issuing polygonal certificate validity region contains at least three and no more than 12 points 
             *       Check that the issuing polygonal certificate validity region does not contain intersections and holes
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5307 
             * <pre>
garciay's avatar
STF507 week#9:    
garciay committed
5308 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5309 
             * Config Id: CF01
garciay's avatar
STF507: Week #1    
garciay committed
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328 
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificates
             *                 indicating length > 0
             *             and containing certificates [n] (0..n)
             *                 containing validity_restrictions['region']
             *                     containing region_type
             *                         indicating 'polygon'
             *                     and containing polygonal_region
             *                         indicating length >=3 and <=12
garciay's avatar
STF507 week#9:    
garciay committed
5329 
             *                         and indicating continuous region without holes and intersections
garciay's avatar
STF507: Week #1    
garciay committed
5330
5331
5332 
             *   }
             * }
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5333 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_02_BV
garciay's avatar
STF507: Week #1    
garciay committed
5334
5335 
             * @reference   ETSI TS 103 097 [1], clause 4.2.24
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5336 
            testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
5337
5338
5339
5340
5341
5342 
                // Local declarations
                var CertificateChain    v_chain;
                var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown);  // current and issuing cert validity restrictions
                var boolean f_vr := false, f_vri := false;
                
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5343
5344 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5345
5346 
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
5347
5348
5349 
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_D;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5350
5351 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5352
5353 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5354
5355 
                // Preamble
                f_prNeighbour();
garciay's avatar
STF507: Week #1    
garciay committed
5356
5357
5358
5359
5360
5361
5362
5363 
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5364
5365 
                
                // Test Body
garciay's avatar
STF507: Week #1    
garciay committed
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404 
                f_vr := false;
                tc_ac.stop;
                for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
                    v_vri := v_vr;
                    f_vri := f_vr;
                    f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
                    if (f_vr) {
                        var PolygonalRegion v_pr;
                        var integer v_length;
                        
                        if (v_vr.validity.region.region_type != e_polygon) {
                            log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        v_pr := v_vr.validity.region.region.polygonal_region;
                        v_length := lengthof(v_pr);
                        
                        if (v_length < 3) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        if (v_length > 12) {
                            log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big  in cert " & int2str(v_counter) & "***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        if (true != f_isValidPolygonalRegion(v_pr)) {
                            log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        if (f_vri) {
                            // current restrictions must be inside of the parent one
                            if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
garciay's avatar
STF507 week#9:    
garciay committed
5405 
                            // FIXME Check holes
garciay's avatar
STF507: Week #1    
garciay committed
5406
5407
5408
5409
5410
5411
5412
5413
5414 
                        }
                    } else {
                        // Region validity restriction is not exist
                        if (f_vri) {
                            log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate "  & int2str(v_counter) &
                                                                  "because this restriction exists in the issuing certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5415 
                } // End of 'for' statement
garciay's avatar
STF507: Week #1    
garciay committed
5416
5417 
                log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5418
5419
5420
5421 
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
5422
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5423 
            } // End of testcase TC_SEC_ITSS_SND_CERT_05_02_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5424
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5425 
            /**
garciay's avatar
STF507: Week #1    
garciay committed
5426
5427 
             * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes 
             *       as defined in ISO 3166-1 or defined by United Nations Statistics Division
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5428 
             * <pre>
garciay's avatar
STF507 week#9:    
garciay committed
5429 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5430 
             * Config Id: CF01
garciay's avatar
STF507: Week #1    
garciay committed
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461 
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate'
             *             and containing certificate 
             *                 containing validity_restrictions['region']
             *                     containing region
             *                         containing region_type
             *                             indicating 'id'
             *                         and containing id_region
             *                             containing region_dictionary
             *                                 indicating 'iso_3166_1' (0)
             *                             and containing region_identifier
             *                                 indicating valid value according to 'iso_3166_1'
             *                         and containing local_region
             *                     or containing region
             *                         containing id_region
             *                             containing region_dictionary
             *                                  indicating 'un_stats'
             *                             and containing region_identifier
             *                                 indicating valid value according to UN STATS
             *                             and containing local_region
             *   }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5462 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5463 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_01_BV
garciay's avatar
STF507: Week #6    
garciay committed
5464 
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5465 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5466 
            testcase TC_SEC_ITSS_SND_CERT_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
5467
5468
5469 
                var Certificate         v_cert;
                var ValidityRestriction v_vr;
                var integer             v_counter;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5470
garciay's avatar
STF507: Week #1    
garciay committed
5471 
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5472
5473 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5474
5475 
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
5476
5477
5478 
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_E;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5479
5480 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5481
5482 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5483
5484
5485
5486 
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
STF507: Week #1    
garciay committed
5487
5488 
                // Test body
                tc_ac.start;
garciay's avatar
STF507 week#11: Enforce f_waitForCertificate    
garciay committed
5489
5490
5491
5492 
                if (not f_waitForCertificate(v_cert)) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
garciay's avatar
STF507: Week #1    
garciay committed
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507 
                tc_ac.stop;
                if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
                    if (v_vr.validity.region.region_type == e_id) {
                        if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
                            log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        } else if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
                            log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    log("*** " & testcasename() & ": PASS: Certificate has a valid  region ID restrictions ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                } else {
                    log("*** " & testcasename() & ": FAIL: Certificate doesn't have any location restrictions ***");
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5508
5509
5510
5511
5512
5513 
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
5514
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5515 
            } // End of testcase TC_SEC_ITSS_SND_CERT_06_01_BV
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5516
5517 
            
            /**
garciay's avatar
STF507: Week #1    
garciay committed
5518
5519
5520
5521 
             * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes 
             *       as defined in ISO 3166-1 or defined by United Nations Statistics Division
             *       Check that the identified certificate validity region contains values defining the region which is inside 
             *       the validity region of the issuing certificate
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5522 
             * @remark The case when signing certificate and issuing certificate contain different type of region validity restriction is not supported by this test
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5523 
             * <pre>
garciay's avatar
STF507 week#9:    
garciay committed
5524 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5525 
             * Config Id: CF01
garciay's avatar
STF507: Week #1    
garciay committed
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538 
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificate 
             *                 indicating length N > 1
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5539 
             *                 and containing certificates[n] (0..N)
garciay's avatar
STF507: Week #1    
garciay committed
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558 
             *                     containing validity_restrictions['region']
             *                         containing region
             *                             containing region_type
             *                                 indicating 'id'
             *                             and containing id_region
             *                                     containing region_dictionary
             *                                     indicating 'iso_3166_1' (0)
             *                                 and containing region_identifier
             *                                     indicating valid value according to 'iso_3166_1'
             *                             and containing local_region
             *                         or containing region
             *                             containing id_region
             *                                 containing region_dictionary
             *                                     indicating 'un_stats'
             *                                 and containing region_identifier
             *                                     indicating valid value according to UN STATS
             *                                 and containing local_region
             *   }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5559 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5560 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_02_BV
garciay's avatar
STF507: Week #6    
garciay committed
5561 
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5562 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5563 
            testcase TC_SEC_ITSS_SND_CERT_06_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
5564
5565
5566 
                var CertificateChain         v_chain;
                var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown);  // current and issuing cert validity restrictions
                var boolean f_vr := false, f_vri := false;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5567
garciay's avatar
STF507: Week #1    
garciay committed
5568 
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5569
5570 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5571
5572 
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
5573
5574
5575 
                    
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_E;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5576
5577 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
5578
5579 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5580
5581 
                // Preamble
                f_prNeighbour();
garciay's avatar
STF507: Week #1    
garciay committed
5582
5583
5584
5585
5586
5587
5588
5589 
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5590
5591 
                
                // Test Body
garciay's avatar
STF507: Week #1    
garciay committed
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632 
                f_vr := false;
                tc_ac.stop;
                for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
                    v_vri := v_vr;
                    f_vri := f_vr;
                    f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
                    
                    if (f_vr) {
                        if (v_vr.validity.region.region_type == e_id) {
                            if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
                                log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
                                log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        
                        if (f_vri) {
                            // the region code must be the same
                            if (v_vr.validity.region.region.id_region.region_identifier !=
                               v_vri.validity.region.region.id_region.region_identifier) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (    v_vri.validity.region.region.id_region.local_region != 0 
                               and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region ) {
                                log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        }
                        
                    } else {
                        // Region validity restriction is not exist
                        if (f_vri) {
                            log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate "  & int2str(v_counter) &
                                                                  "because this restriction exists in the issuing certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5633 
                }
garciay's avatar
STF507: Week #1    
garciay committed
5634
5635 
                log("*** " & testcasename() & ": PASS: All certificates has a valid identified regionrestrictions ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5636
5637
5638
5639 
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5640 
            } // End of testcase TC_SEC_ITSS_SND_CERT_06_02_BV
garciay's avatar
STF507: Week #1    
garciay committed
5641
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
5642 
            /**
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5643
5644 
             * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction 
             * <pre>
garciay's avatar
STF507 week#9:    
garciay committed
5645 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698 
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificates 
             *                 indicating length N > 1
             *                 and containing certificates[n] (0..N)
             *                     indicating certificate
             *                         not containing validity_restrictions['region']
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     not containing validity_restrictions['region']
             *                     or indicating certificate
             *                         containing validity_restrictions['region']
             *                             containing region.region_type
             *                                 indicating 'none'
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     not containing validity_restrictions['region']
             *                                     or containing validity_restrictions['region']
             *                                         containing region.region_type
             *                                             indicating 'none'
             *                     or indicating certificate
             *                         containing validity_restrictions['region']
             *                             containing region.region_type
             *                                 indicated 'circle'
             *                                 or indicated 'rectangle'
             *                                 or indicated 'polygon'
             *                                 or indicated 'id'
             *                             and containing region (X_CERT__REGION)
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     not containing validity_restrictions['region']
             *                                     or containing validity_restrictions['region']
             *                                         containing region.region_type
             *                                             indicating 'none'
             *                                     or containing validity_restrictions['region']
             *                                         containing region
             *                                             indicating region fully covering the X_CERT_REGION
             *   }
             * }
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5699 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_01_BV
garciay's avatar
STF507: Week #6    
garciay committed
5700 
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5701 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5702 
            testcase TC_SEC_ITSS_SND_CERT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5703
5704
5705
5706
5707
5708
5709
5710
5711 
                var CertificateChain    v_chain;
                var Certificate         v_cert, v_cert_issuer;
                var SignerInfo          v_si;
                var UInt8               v_counter;
                var HashedId8           v_digest;
                var CertificatesCaching v_certificatesCaching;
                var FncRetCode          v_result_status := e_success;
                
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5712
5713 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786 
                    stop;
                }
                    
                // Test component configuration
//                vc_hashedId8ToBeUsed := cc_iutCert_E;
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
                
                // Test Body
                // 1. Create a cache of certificates
                f_createCertificatesCaching(v_chain, v_certificatesCaching);
                // 2. Process the certificates
                v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
                while (v_counter != 0) {
                    // Get the first certificate
                    if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    // Retrive SigneInfo field
                    if (not f_getCertificateSignerInfo(v_cert, v_si)) {
                        log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
                        v_result_status := e_error;
                        break;
                    }
                    if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Get issuer
                    if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that cert is signed by issuing cert
                    v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
                    if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction 
                    if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    
                    // Prepare next loop
                    v_counter := v_counter - 1;
                    
                } // End of 'while' statement
                if (v_result_status == e_success) {
                    log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
                }
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5787 
            } // End of testcase TC_SEC_ITSS_SND_CERT_07_01_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5788
5789
5790
5791 
            
            /**
             * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
             * <pre>
garciay's avatar
STF507 week#9:    
garciay committed
5792 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842 
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             and containing certificates 
             *                 indicating length N > 1
             *                 and containing certificates[n] (0..N)
             *                     indicating certificate
             *                         containing validity_restrictions['region']
             *                             containing region.region_type
             *                                 indicated 'id'
             *                             and containing id_region
             *                                 containing region_dictionary
             *                                     indicating 'iso_3166_1' 
             *                                     or indicating 'un_stat' 
             *                                 and containing region_identifier (X_CERT_REGION_ID)
             *                                     indicating valid value according to 'iso_3166_1' or 'un_stat' 
             *                                 and containing local_region (X_CERT_LOCAL_REGION)
             *                         and containing signer_info
             *                             containing digest
             *                                 referenced to the certificate
             *                                     containing validity_restrictions['region']
             *                                         containing region
             *                                             indicated 'id'
             *                                         and containing id_region
             *                                             containing region_dictionary
             *                                                 indicating 'iso_3166_1' 
             *                                                 or indicating 'un_stat' 
             *                                             and containing region_identifier
             *                                                 indicating value == X_CERT_REGION_ID
             *                                             and containing local_region
             *                                                 indicating value == X_CERT_LOCAL_REGION
             *                                                 or indicating 0
             *                                             or containing id_region
             *                                                 containing region_dictionary
             *                                                    indicating 'un_stats'
             *                                                 and containing region_identifier
             *                                                     indicating region fully covering the X_CERT_REGION
             *   }
             * }
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5843 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_02_BV
garciay's avatar
STF507: Week #6    
garciay committed
5844 
             * @reference   ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5845 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5846 
            testcase TC_SEC_ITSS_SND_CERT_07_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5847
5848
5849
5850
5851
5852
5853
5854
5855 
                var CertificateChain    v_chain;
                var Certificate         v_cert, v_cert_issuer;
                var SignerInfo          v_si;
                var UInt8               v_counter;
                var HashedId8           v_digest;
                var CertificatesCaching v_certificatesCaching;
                var FncRetCode          v_result_status := e_success;
                
                // Test control
garciay's avatar
STF507 week#9:    
garciay committed
5856
5857 
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930 
                    stop;
                }
                    
                // Test component configuration
//                vc_hashedId8ToBeUsed := cc_iutCert_E;
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                } else {
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
                
                // Test Body
                // 1. Create a cache of certificates
                f_createCertificatesCaching(v_chain, v_certificatesCaching);
                // 2. Process the certificates
                v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
                while (v_counter != 0) {
                    // Get the first certificate
                    if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    // Retrive SigneInfo field
                    if (not f_getCertificateSignerInfo(v_cert, v_si)) {
                        log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
                        v_result_status := e_error;
                        break;
                    }
                    if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Get issuer
                    if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
                        log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that cert is signed by issuing cert
                    v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
                    if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
                        v_result_status := e_error;
                        break;
                    }
                    // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction 
                    if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
                        v_result_status := e_error;
                        break;
                    }
                    
                    // Prepare next loop
                    v_counter := v_counter - 1;
                    
                } // End of 'while' statement
                if (v_result_status == e_success) {
                    log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
                }
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5931 
            } // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5932
5933 
            
            /**
garciay's avatar
STF507 week#9:    
garciay committed
5934 
             * @desc Check the certificate chain to ensure that the time validity restriction of the subordinate certificate is inside the time validity restriction of the issuing certificate
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947 
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
garciay's avatar
STF507: Week #6    
garciay committed
5948 
             *                 indicating 'certificate_chain'
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975 
             *             containing certificates
             *                 containing certificates[last-1]
             *                     containing validity_restrictions
             *                         containing validity_restrictions['time_start_and_end']
             *                             containing start_validity
             *                                 indicating START_AA_VALIDITY
             *                             containing end_validity
             *                                 indicating END_AA_VALIDITY >= START_AA_VALIDITY
             *                     and containing signer_info
             *                         containing digest
             *                             referenced to the trusted certificate
             *                                 containing validity_restrictions['time_end']
             *                                     containing end_validity
             *                                         indicating value > AA_END_VALIDITY
             *                                 or containing validity_restrictions['time_start_and_end']
             *                                     containing start_validity
             *                                         indicating value <= AA_START_VALIDITY
             *                                      and containing end_validity
             *                                         indicating value > AA_END_VALIDITY
             *                                 or containing validity_restrictions['time_start_and_duration']
             *                                     containing start_validity
             *                                         indicating X_START_VALIDITY <= AA_START_VALIDITY
             *                                     and containing duration
             *                                         indicating value > AA_END_VALIDITY - X_START_VALIDITY
             *   }
             * }
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
5976 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_08_01_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5977
5978 
             * @reference   ETSI TS 103 097 [1], clauses 7.4.4
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
5979 
            testcase TC_SEC_ITSS_SND_CERT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
WeekSTF507: Week #3    
garciay committed
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000 
                var CertificateChain         v_chain;
                var Certificate              v_aa_cert;
                var ValidityRestriction      v_vr;
                var SignerInfo               v_si;
                var Time64                   v_generationTime;
                var Time64                   v_curTime;
                var Time64                   v_startTime, v_endTime, v_duration;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
For faster browsing, not all history is shown. View entire blame