Newer
Older
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}*/
log("*** " & testcasename() & ": PASS: Psid are unique in certificates ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": FAIL: Wrong PsidGroupPermissions in AA certificate ***");
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_20_BV
* @desc Check that SSP field in each entry of the appPermissions component of the AT certificate is
* equal to or a subset of the SSP Range in the corresponding issuing entry.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* } then {
* this certificate is of type EtsiTs103097Certificate
10078
10079
10080
10081
10082
10083
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
* containing issuer
* referenced to the certificate
* containing toBeSigned
* containing certIssuePermissions
* containing items of type PsidGroupPermissions
* containing eeType
* indicating app(0)
* and containing explicit
* containing psid
* indicating X_PSID_AA
* and containing sspRange
* indicating X_SSP_AA [ X_PSID_AA ]
* or containing all
* and containing toBeSigned
* containing appPermissions
* containing items of type PsidSsp
* containing psid
* indicating value equal to X_PSID_AA
* and containing ssp
* indicating value permitted by X_SSP_AA [ X_PSID_AA ]
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_21_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.28 & 5.1.2.4
testcase TC_SEC_ITSS_SND_CERT_21_BV() runs on ItsGeoNetworking system ItsSecSystem {
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate( // Get the AT certificate
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at
))))))) -> value v_geoNwInd {
tc_ac.stop;
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
10163
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
// Check in AA certificate
if (not(ispresent(v_aa_certificate[0].toBeSigned.certIssuePermissions))) {
log("*** " & testcasename() & ": FAIL: PsidGroupPermissions required in AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else { // Parse AT SSP and compared it in AA
for (var integer v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate[0].toBeSigned.appPermissions); v_counter := v_counter + 1) {
var Psid v_psid := v_signerIdentifier.certificate[0].toBeSigned.appPermissions[v_counter].psid;
var ServiceSpecificPermissions v_ssp := v_signerIdentifier.certificate[0].toBeSigned.appPermissions[v_counter].ssp;
for (var integer v_counter1 := 0; v_counter1 < lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions); v_counter1 := v_counter1 + 1) {
var SequenceOfPsidSspRange v_psidSsps;
var integer v_counter2;
if (match(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter], mw_psidGroupPermissions(mw_subjectPermissions_explicit)) == false){
log("*** " & testcasename() & ": FAIL: AA certificate field certIssuePermissions does not match ***");
f_setVerdict(e_error);
break;
}
v_psidSsps := v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter1].subjectPermissions.explicit;
for (v_counter2 := 0; v_counter2 < lengthof(v_psidSsps); v_counter2 := v_counter2 + 1) {
if (v_psidSsps[v_counter2].psid == v_psid) {
if (ispresent(v_psidSsps[v_counter2].sspRange)) {
var SspRange v_sspRange := v_psidSsps[v_counter2].sspRange;
// Compare SSps
log(" Compare '", v_sspRange, "' with '", v_ssp, "'");
if (not(ischosen(v_sspRange.all_))) {
if (ischosen(v_sspRange.opaque) and ischosen(v_ssp.opaque)) {
// TODO How to compare values?
} else if (ischosen(v_sspRange.bitmapSspRange) and ischosen(v_ssp.bitmapSsp)) {
// TODO How to compare values?
} else {
log("*** " & testcasename() & ": FAIL: SSPs do not match ***");
f_setVerdict(e_error);
break;
}
} // else All rights are sey, nothing to check
} else {
log("*** " & testcasename() & ": FAIL: AA certificate field SspRange field is missging ***");
f_setVerdict(e_error);
break;
}
break;
}
} // End of 'for' statement
if (v_counter2 == lengthof(v_psidSsps)) { // Psid not found
log("*** " & testcasename() & ": FAIL: psid ", v_psid, " not found in AT certificate ***");
f_setVerdict(e_error);
break;
}
} // End of 'for' statement
} // End of 'for' statement
if (getverdict == fail) {
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: SSP rage are well configured ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
10210
10211
10212
10213
10214
10215
10216
10217
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_21_BV
// /**
// * @desc Sending behaviour test cases for AA certificate profil
// * @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.7.7 AA certificate profile
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
// */
// group AA_Certificates {
//
// /**
// * @desc Check that the subject_type of the AA certificate is set to authorization_authority
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_info.subject_type
// * indicating 'authorization_authority' (2)
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_01_01_BV
// * @reference ETSI TS 103 097 [1] Clause 7.4.4
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
10300
10301
10302
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
// }
// if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) {
// log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV
//
// /**
// * @desc Check that the AA certificsate subject_name variable-length vector contains 32 bytes maximum
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_info.subject_name
// * indicating length <= 32 bytes
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_02_01_BV
// * @reference ETSI TS 103 097 [1] Clause 6.2
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
// }
// // Verified automatically on decoding
// if (lengthof(v_chain[lengthof(v_chain) - 2].subject_info.subject_name) > 32 ) {
// log("*** " & testcasename() & ": FAIL: Subject name of the AA certificate is too long ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// log("*** " & testcasename() & ": PASS: Subject name of the AA certificate is good ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_02_01_BV
//
// /**
// * @desc Check that signer_info type of AA certificates is set to 'certificate_digest_with_sha256'
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing signer_info
// * containing type
// * indicating 'certificate_digest_with_sha256'
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_03_01_BV
// * @reference ETSI TS 103 097 [1] Clause 7.4.4
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
10422
10423
10424
10425
10426
10427
10428
10429
10430
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
10466
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
// }
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// if (not match(v_aa_cert, mw_aa_certificate(mw_signerIdentifier_digest))) {
// log("*** " & testcasename() & ": FAIL: AA certificate not signed by digest ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// log("*** " & testcasename() & ": PASS: AA certificate is signed by digest ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_03_01_BV
//
// /**
// * @desc Check that AA certificate is signed by Root CA or other authority
// * @remark There is no clear specification that AA cert shall be signed by the Root CA only
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates
// * containing certificates[last-1]
// * containing signer_info
// * containing type
// * indicating 'certificate_digest_with_ecdsap256'
// * and containing digest
// * referencing to the trusted certificate
// * containing subject_info.subject_type
// * indicating 'root_ca'
// * or indicating 'authorisation_authority'
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_04_01_BV
// * @reference ETSI TS 103 097 [1] Clauses 6.3
10483
10484
10485
10486
10487
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert, v_ca_cert;
// var SignerInfo v_si;
// var HashedId8 v_ca_digest;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
10546
10547
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
// }
// tc_ac.stop;
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// // Process signerInfo field
// if ( true != f_getCertificateSignerInfo(v_aa_cert, v_si)) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo fields ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if (v_si.type_ == e_certificate_digest_with_sha256) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo field containing a certificate_digest_with_ecdsap256 ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// f_readCertificate(cc_taCert_CA, v_ca_cert);
// v_ca_digest := f_calculateDigestFromCertificate(v_ca_cert);
//
// if (not match(v_aa_cert, mw_aa_certificate(mw_signerIdentifier_digest(v_ca_digest)))) {
// log("*** " & testcasename() & ": FAIL: AA certificate signer info doesn't reference the CA certificate from the chain ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (not f_verifyCertificateSignatureWithIssuingCertificate(v_aa_cert, v_ca_cert)) {
// log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// log("*** " & testcasename() & ": PASS: AA certificate was signed by the CA certificate from the given chain ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_04_01_BV
//
// /**
// * @desc Check that all neccesary subject attributes are present and arranged in accesing order
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_attributes [0..N]
// * indicating subject_attributes[n].type < subject_attributes[n+ 1].type
// * containing subject_attributes['verification_key']
// * containing subject_attributes['assurance_level']
// * containing subject_attributes['its_aid_list']
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_05_01_BV
// * @reference ETSI TS 103 097 [1] Clauses 6.1, 7.4.1 and 7.4.4
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var SubjectAttributes v_attrs;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
10621
10622
10623
10624
10625
10626
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
10653
// }
// if (not match(v_chain[lengthof(v_chain) - 2],
// mw_aa_certificate(?,
// superset(mw_subject_attribute_verification_key,
// mw_subject_attribute_assurance_level,
// mw_subject_attribute_its_aid_list)))
// ) {
// log("*** " & testcasename() & ": FAIL: Required subject attribute of AA certificate is not found ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// v_attrs := v_chain[lengthof(v_chain) - 2].subject_attributes;
// for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
// if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
// log("*** " & testcasename() & ": FAIL: AA certificate subject attributes are not arranged in accening order ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
//
// log("*** " & testcasename() & ": PASS: All required AA certificate subject attributes are presents ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_05_01_BV
//
// /**
// * @desc Check that all AIDs containing in the its_aid_list in AA certificate are unique
// * Check that AID list contains not more then 31 items
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_attributes['its_aid_list']
// * containing its_aid_list[0..N]
// * containing no more then 31 unique item
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_08_01_BV
// * @reference ETSI TS 103 097 [1] Clauses 7.4.4
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert;
// var SubjectAttribute v_sa;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
10688
10689
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
10712
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
10737
10738
10739
10740
10741
10742
10743
// }
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// if (f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
//
// if (lengthof(v_sa.attribute.its_aid_list) > 31) {
// log("*** " & testcasename() & ": FAIL: ITS-AID list contains " & int2str(lengthof(v_sa.attribute.its_aid_list)) & " items (>31) ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// for (var integer v_counter :=0; v_counter < lengthof(v_sa.attribute.its_aid_list); v_counter := v_counter + 1) {
// for (var integer j :=0; j < lengthof(v_sa.attribute.its_aid_list); j := j + 1) {
// if (v_counter != j and v_sa.attribute.its_aid_list[v_counter] == v_sa.attribute.its_aid_list[j]) {
// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_sa.attribute.its_aid_list[j]) & " is duplicated in AA certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
// } // End of 'for' statement
// } else {
// log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_08_01_BV
//
// /**
// * @desc Check that all mandatory validity restrictions are present and arranged in ascending order
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * and containing certificates
// * containing certificates[last-1]
// * containing validity_restrictions[0..N]
// * indicating validity_restrictions[n].type < validity_restrictions[n+1].type
// * and containing validity_restrictions['time_start_and_end']
// * and not containing validity_restrictions['time_end']
// * and not containing validity_restrictions['time_start_and_duration']
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_10_01_BV
// * @reference ETSI TS 103 097 [1] Clauses 6.1, 6.7 and 7.4.1
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
//
// // Local variables
// var SequenceOfCertificate v_chain;
// var Certificate v_cert;
// var integer v_previousValidityRestrictionType;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
10774
10775
10776
10777
10778
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
// }
// tc_ac.stop;
//
// // Test Body
// // Process certificate[last - 1]
// v_cert := v_chain[lengthof(v_chain) - 2];
// if (match(
// v_cert.validity_restrictions,
// superset(
// mw_validity_restriction_time_end,
// mw_validity_restriction_time_start_and_duration
// )
// )) {
// log("*** " & testcasename() & ": FAIL: certificate[last-2] must not contain time_end and time_start_and_duration restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// for (var integer v_counter := 1; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
// // Check forbidden header
// if (v_cert.validity_restrictions[v_counter].type_ != e_time_start_and_end) { // FIXME To be reviewed
// log("*** " & testcasename() & ": FAIL: Forbidden header present");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (v_counter > 1 ) {
// // Check that headers are ordered
// if (enum2int(v_cert.validity_restrictions[v_counter].type_) <= v_previousValidityRestrictionType) {
// // Check that header is duplicated
// if (enum2int(v_cert.validity_restrictions[v_counter].type_) == v_previousValidityRestrictionType) {
// log("*** " & testcasename() & ": FAIL: multiple instances of same header");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// } else {
// log("*** " & testcasename() & ": FAIL: headers not in correct order");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
// }
// v_previousValidityRestrictionType := enum2int(v_cert.validity_restrictions[v_counter].type_);
// } // End of 'for' statement
//
// log("*** " & testcasename() & ": PASS: Time validity restriction of the certificate[last-2] is good ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_10_01_BV
//
// /**
// * @desc Check that time_start_and_end is included in the AA certificate validation restrictions;
// * Check that end_validity is greater than start_validity
// * Check that validity restriction of AA certificate is inside the validity restriction of its issuing certificate
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1] {
// * containing validity_restrictions
// * containing validity_restrictions['time_start_and_end']
// * containing start_validity
// * indicating START_AA_VALIDITY
// * containing end_validity
// * indicating END_AA_VALIDITY >=START_AA_VALIDITY
// * and containing signer_info
// * containing digest
// * referenced to the trusted certificate
// * containing validity_restrictions['time_end']
// * containing end_validity
// * indicating value > AA_END_VALIDITY
// * or containing validity_restrictions['time_start_and_end']
// * containing start_validity
// * indicating value <= AA_START_VALIDITY
// * and containing end_validity
// * indicating value > AA_END_VALIDITY
// * or containing validity_restrictions['time_start_and_duration']
// * containing start_validity
// * indicating X_START_VALIDITY <= AA_START_VALIDITY
// * and containing duration
// * indicating value > AA_END_VALIDITY - X_START_VALIDITY
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_11_01_BV
// * @reference ETSI TS 103 097 [1] Clauses 7.4.4
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert;
// var ValidityRestriction v_vr;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
// }
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// if (match (v_aa_cert.validity_restrictions, superset(mw_validity_restriction_time_end,
// mw_validity_restriction_time_start_and_duration))
// ) {
// log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
// log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_11_01_BV
//
// } // End of group AA_Certificates
//
// /**
// * @desc Sending behaviour test cases for AT certificate profil
// * @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.7.8 AT certificate profile
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
// */
// group AT_Certificates {
//
// /**
// * @desc Check that the subject_type of the AT certificate is set to 'authorization_ticket'
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * and containing certificate
// * containing subject_info.subject_type
// * indicating 'authorization_ticket' (1)
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AT_01_01_BV
// * @reference ETSI TS 103 097 [1] Clause 7.4.2
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
// */
// testcase TC_SEC_ITSS_SND_CERT_AT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var Certificate v_at_cert;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
// tc_ac.start;
// if (not f_waitForCertificate(v_at_cert)) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
// }
// tc_ac.stop;
// if (not match(v_at_cert, mw_at_certificate)) {
// log("*** " & testcasename() & ": FAIL: Message wasn't signed by AT certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// log("*** " & testcasename() & ": PASS: AT certificate has the 'authorization_ticket' subject_type ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AT_01_01_BV
//
// /**
// * @desc Check that the subject_name variable-length vector is empty for AT certificates
// * <pre>