ItsSecurity_TestCases.ttcn3

/**
 *  @author   ETSI / STF481
 *  @version  $URL$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @see      Draft ETSI TS 103 097 V1.1.15
 */
module ItsSecurity_TestCases {
    
    // Libcommon
    import from LibCommon_Time all;
    import from LibCommon_VerdictControl all;
    import from LibCommon_Sync all;
    import from LibCommon_BasicTypesAndValues all;
    
    // LibIts
    import from DENM_PDU_Descriptions language "ASN.1:1997" all;
    import from ITS_Container language "ASN.1:1997" all;
    
    // LibItsCommon
    import from LibItsCommon_Functions all;
    
    // LibItsGeoNetworking
    import from LibItsGeoNetworking_TestSystem all;
    import from LibItsGeoNetworking_Functions all;
    import from LibItsGeoNetworking_Templates all;
    import from LibItsGeoNetworking_TypesAndValues all;
    import from LibItsGeoNetworking_Pics all;
    import from LibItsGeoNetworking_Pixits all;

    // LibItsBtp
    import from LibItsBtp_TypesAndValues all;
    import from LibItsBtp_Templates all;

    // LibItsCam
    import from LibItsCam_Templates all;
    import from LibItsCam_Functions all;
    import from LibItsCam_Templates all;
    import from LibItsCam_Functions all;
    import from LibItsCam_TestSystem all;
    
    // LibItsDenm
    import from LibItsDenm_TypesAndValues all;
    import from LibItsDenm_Templates all;
    import from LibItsDenm_TestSystem all;
    
    // LibItsSecurity
    import from LibItsSecurity_TypesAndValues all;
    import from LibItsSecurity_Templates all;
    import from LibItsSecurity_Functions all;
    import from LibItsSecurity_Pixits all;
    import from LibItsSecurity_Pics all;
    
    // AtsSecurity
    import from AtsSecurity_TestSystem all;
    import from AtsSecurity_Functions all;
    import from AtsSecurity_Templates all;
    import from ItsSecurity_Pics all;
    
    /**
     * @desc Sending behaviour test cases
     * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2 Sending behaviour
     */
    group sendingBehavior {

        /**
         * @desc    Check that ITS-S sends a SecuredMessage containing protocol version set to 2
         * <pre>
         * Pics Selection: PICS_GN_SECURITY
         * Config Id: CF01
         * Initial conditions:
         *  with {
         *      the IUT being in the 'authorized' state
         *  }
         * Expected behaviour:
         * ensure that {
         *     when { 
         *         the IUT is requested to send a SecuredMessage
         *     } then {
         *         the IUT sends a SecuredMessage
         *             containing protocol_version 
         *                 indicating value '2'
         *     }
         * }
         * </pre>
         *
         * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_01_01_BV
         * @reference   ETSI TS 103 097 [1], clause 5.1
         */
        testcase TC_SEC_ITSS_SND_MSG_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
            // Local variables
            var LongPosVector v_longPosVectorIut;
                
            // Test control
            if (not(PICS_GN_SECURITY)) {
                log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                stop;
            }
            
            // Test component configuration
            f_cf01Up();
            v_longPosVectorIut := f_getPosition(c_compIut);
                
            // Test adapter configuration
            
            // Preamble
            f_prNeighbour();
            f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            
            // Test Body
            tc_ac.start;
            alt {
                [] geoNetworkingPort.receive(mw_geoNwInd(mw_geoNwSecPdu(mdw_securedMessage_dummy))) {
                    tc_ac.stop;
                    log("*** " & testcasename() & ": PASS: Security protocol version set to 2 ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                [] tc_ac.timeout {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                }
            } // End of 'alt' statement
            
            // Postamble
            f_acTriggerEvent(m_stopPassBeaconing);
            f_poNeighbour();
            f_cf01Down();
            
        } // End of testcase TC_SEC_ITSS_SND_MSG_01_01_BV
        
        /**
         * @desc    Check that when IUT sends the message signed with the digest, then this digest points to the AT certificate 
         * <pre>
         * Pics Selection: PICS_GN_SECURITY
         * Config Id: CF01
         * Initial conditions:
         *    with {
         *        the IUT being in the 'authorized' state
         *        and the IUT is configured to send more than one CAM per second
         *        and the IUT having sent last CAM
         *            containing header_fields['signer_info'].signer.type
         *                indicating 'certificate'
         *   }
         * Expected behaviour:
         *   ensure that {
         *       when {
         *           the IUT is requested to send next CAM
         *       } then {
         *           the IUT sends a SecuredMessage
         *               containing header_fields ['signer_info']
         *                  containing signer
         *                      containing type
         *                          indicating 'certificate_digest_with_sha256'
         *                      and containing digest
         *                          referencing the certificate
         *                              containing subject_info.subject_type
         *                                  indicating 'authorization_ticket'
         *     }
         *   } 
         * </pre>
         *
         * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_04_01_BV
         * @reference   ETSI TS 103 097 [1], clause 6.3
         */
        testcase TC_SEC_ITSS_SND_MSG_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
            
            // Local variables
            var SecuredMessage v_recv;
            var Certificate v_cert;
            var LongPosVector v_longPosVectorIut;
            var ItsCam v_component;
            
            // Test control
            if (not(PICS_GN_SECURITY)) {
                log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                stop;
            }
            
            // Test component configuration
            f_cf01Up();
            v_longPosVectorIut := f_getPosition(c_compIut);
                
            // Test adapter configuration
                
            // Preamble
            f_prNeighbour();
            v_component := f_setCamFrequencyGreatherThan1Hz();
            // execution will be stopped if cert is not received during tc_ac 
            log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
            tc_ac.start;
            f_waitForCertificate(v_cert);
            tc_ac.stop;
            if (v_cert.subject_info.subject_type != e_authorization_ticket) {
                log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate  ***");
                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_error);
            }
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            
            // Test Body
            tc_ac.start;
            alt {
                [] a_securedMessageWithDigest (v_recv) {
                    var SignerInfo v_si;
                    tc_ac.stop;
                    if (f_getMsgSignerInfo(v_recv, v_si) == true) {
                        if (v_si.signerInfo.digest == f_calculateDigestFromCertificate(v_cert)) {
                            log("*** " & testcasename() & ": PASS: Digest corresponds to the AT certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        } else {
                            log("*** " & testcasename() & ": FAIL: Digest corresponds to unknown certificate ***");
                            log("f_calculateDigestFromCertificate(v_cert)=", f_calculateDigestFromCertificate(v_cert));
                            log("v_si.signerInfo.digest=", v_si.signerInfo.digest);
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    } else {
                        log("*** " & testcasename() & ": FAIL: Received message is not signed well ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                }
                [] tc_ac.timeout {
                    log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                } 
            } // End of 'alt' statement
            
            // Postamble
            f_terminateCam(v_component);
            f_poNeighbour();
            f_cf01Down();
            
        } // End of testcase TC_SEC_ITSS_SND_MSG_04_01_BV
        
        /**
         * @desc    Check that IUT uses the AT certificate to sign messages
         * <pre>
         * Pics Selection: PICS_GN_SECURITY
         * Config Id: CF01
         * Initial conditions:
         *   with {
         *       the IUT being in the 'authorized' state
         *       the IUT being requested to include certificate in the next CAM
         *   }
         *   ensure that {
         *     when {
         *         the IUT is requested to send a next CAM
         *     } then {
         *         the IUT sends a SecuredMessage
         *             containing header_fields ['signer_info']
         *                 containing signer
         *                     containing type
         *                         indicating 'certificate'
         *                     containing certificate
         *                         containing subject_info.subject_type
         *                             indicating 'authorization_ticket'
         *       }
         *   }
         * </pre>
         *
         * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_04_02_BV
         * @reference   ETSI TS 103 097 [1], clause 6.3
         */
        testcase TC_SEC_ITSS_SND_MSG_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
            
            // Local variables
            var SecuredMessage v_recv;
            var Certificate v_cert;
            var LongPosVector v_longPosVectorIut;
            
            // Test control
            if (not(PICS_GN_SECURITY)) {
                log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                stop;
            }
            
            // Test component configuration
            f_cf01Up();
            v_longPosVectorIut := f_getPosition(c_compIut);
                
            // Test adapter configuration
            
            // Preamble
            f_prNeighbour();
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            
            // Test Body
            tc_ac.start;
            alt {
                [] a_securedMessageWithCertificate(v_recv) {
                    var SignerInfo v_si;
                    if (f_getMsgSignerInfo(v_recv, v_si)) {  
                        v_cert :=  v_si.signerInfo.certificate;
                        if (v_cert.subject_info.subject_type != e_authorization_ticket ) {
                            log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate  ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        log("*** " & testcasename() & ": PASS: message signed with AT certificate");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    } else {
                        log("*** " & testcasename() & ": FAIL: received message is not signed well  ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                }
                [] tc_ac.timeout {
                    log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                } 
            } // End of 'alt' statement
            
            // Postamble
            f_poNeighbour();
            f_cf01Down();
        } // End of testcase TC_SEC_ITSS_SND_MSG_04_02_BV
        
        /**
         * @desc    Check that the SecuredMessage signature containes the ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only
         * <pre>
         * Pics Selection: PICS_GN_SECURITY
         * Config Id: CF01
         * Initial conditions:
         *   with {
         *       the IUT being in the 'authorized' state
         *   }
         *   ensure that {
         *     when {
         *         the IUT is requested to send a next CAM
         *     } then {
         *         the IUT sends a SecuredMessage 
         *             containing header_fields ['its_aid']
         *                 containing its_aid
         *                     indicating 'AID_CAM'
         *             and containing trailer_fields['signature']
         *                 containing signature.ecdsa_signature
         *                     containing R.type
         *                         indicating compressed_lsb_y_0
         *                         or indicating compressed_lsb_y_1 
         *                         or indicating x_coordinate_only
         *     }
         *  }
         * </pre>
         *
         * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_MSG_05_01_BV
         * @reference   ETSI TS 103 097 [1], clause 4.2.9
         */
        testcase TC_SEC_ITSS_SND_MSG_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
            
            // Local variables
            var LongPosVector v_longPosVectorIut;
            
            // Test control
            if (not(PICS_GN_SECURITY)) {
                log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                stop;
            }
            
            // Test component configuration
            f_cf01Up();
            v_longPosVectorIut := f_getPosition(c_compIut);
                
            // Test adapter configuration
            
            // Preamble
            f_prNeighbour();
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            
            // Test Body
            tc_ac.start;
            alt {
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mdw_securedMessage_CAMs(
                                ?,
                                ?,
                                {
                                    mw_trailer_field_signature(
                                        mw_signature(
                                            mw_ecdsaSignature(
                                                mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only,
                                                ?
                                            )
                                        )
                                    )
                                }
                            ),
                            ?
                ))) {
                    tc_ac.stop;
                    log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_0 received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mdw_securedMessage_CAMs(
                                ?,
                                ?,
                                {
                                    mw_trailer_field_signature(
                                        mw_signature(
                                            mw_ecdsaSignature(
                                                mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only,
                                                ?
                                            )
                                        )
                                    )
                                }
                            ),
                            ?
                ))) {
                    tc_ac.stop;
                    log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_1 received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mdw_securedMessage_CAMs(
                                ?,
                                ?,
                                {
                                    mw_trailer_field_signature(
                                        mw_signature(
                                            mw_ecdsaSignature(
                                                mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only
                                            )
                                        )
                                    )
                                }
                            ),
                            ?
                ))) {
                    tc_ac.stop;
                    log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to x_coordinate_only received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mdw_securedMessage_CAMs
                ))) {
                    tc_ac.stop;
                    log("*** " & testcasename() & ": Failed: Expected CAM message received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                [] tc_ac.timeout {
                    log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                } 
            } // End of 'alt' statement
            
            // Postamble
            f_poNeighbour();
            f_cf01Down();
        } // End of testcase TC_SEC_ITSS_SND_MSG_05_01_BV
        
        /**
         * @desc Sending behaviour test cases for CAM profile
         * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.4 CAM profile
         */
        group sendCAMProfile {
            
            /**
             * @desc    Check that the sent Secured CAM contains a HeaderField its_aid that is set to 'AID_CAM' 
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *     the IUT being in the 'authorized' state
             * }
             * ensure that {
             *     when {
             *         the IUT is requested to send a CAM
             *     } then {
             *         the IUT sends a SecuredMessage
             *             and containing header_fields['its_aid']
             *                 indicating 'AID_CAM'
             *     }
             * }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TC_SEC_ITSS_SND_CAM_01_01_BV
             * @reference    ETSI TS 103 097 [1], clause 5.4 and 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var HeaderFields v_headersFields;
                var integer v_previousHeaderType;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        ?, 
                                        ?, 
                                        mw_header_field_its_aid_CAM
                                    )
                                ), 
                                ?
                    ))) -> value v_geoNwInd {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: 'its_aid' is set to 'AID_CAM'");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    } 
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_01_01_BV
            
            /**
             * @desc    Check that the secured CAM contains exactly one element of these header fields: signer_info, generation_time, its_aid.
                        Check that the header fields are in the ascending order according to the numbering of the enumeration except of the signer_info, which is encoded first.
                        Check that generation_time_standard_deviation, expiration, encryption_parameters, recipient_info are not used
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *     the IUT being in the 'authorized' state
             * }
             * ensure that {
             *     when {
             *         the IUT is requested to send a CAM
             *     } then {
             *         the IUT sends a SecuredMessage  {
             *             containing header_fields[0]
             *                 containing type 
             *                     indicating 'signer_info'
             *             and containing header_fields [n].type
             *                 indicating value < header_fields [n+1].type
             *             and containing header_fields ['generation_time']
             *             and containing header_fields['its_aid']
             *                 indicating 'AID_CAM'
             *             and not containing header_fields['generation_time_standard_deviation']
             *             and not containing header_fields['expiration']
             *             and not containing header_fields['encryption_parameters']
             *             and not containing header_fields['recipient_info']
             *         }
             *     }
             * }
             * </pre>
             *
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_02_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var HeaderFields v_headersFields;
                var integer v_previousHeaderType;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field(
                                            e_signer_info
                                        ), 
                                        mw_header_field(e_generation_time), 
                                        mw_header_field_its_aid_CAM
                                    )
                                ), 
                                mw_geoNwPduWithPayload(
                                    ?,
                                    ?,
                                    mw_secCamPayload).packet
                    ))) -> value v_geoNwInd {
                        tc_ac.stop;
                        
                        // Process header fields manually
                        v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
                        
                        // Check that signerInfo is first header
                        if ((lengthof(v_headersFields) < 1) or not match(v_headersFields[0].type_, e_signer_info)) {
                            log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                       
                        for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
                            // Check forbidden header
                            if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) {
                                log("*** " & testcasename() & ": FAIL: Forbidden header present");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            } 
                            if (match(v_headersFields[v_counter].type_, e_signer_info)) {
                                log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            } 
                            
                            if (v_counter > 1 ) {
                                // Check that headers are ordered
                                if (match(v_headersFields[v_counter].type_, integer:(0..v_previousHeaderType))) {
                                    // Check that header is duplicated
                                    if (match(v_headersFields[v_counter].type_, v_previousHeaderType)) {
                                        log("*** " & testcasename() & ": FAIL: multiple instances of same header");
                                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                    }else{
                                        log("*** " & testcasename() & ": FAIL: headers not in correct order");
                                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                    }
                                }
                            }
                            v_previousHeaderType := enum2int(v_headersFields[v_counter].type_);
                        } // End of 'for' statement
                        
                        log("*** " & testcasename() & ": PASS: correct secured packet received");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    } 
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_02_01_BV
            
            /**
             * @desc    Check that the secured CAM contains the signer_info field of certificate when over the time of one 
             *          second no other SecuredMessage contained a signer_info of type certificate.
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             * with {
             *     the IUT being in the 'authorized' state
             *     and the IUT is configured to send more then one CAM per second
             *     and the IUT having sent a CAM
             *         containing header_fields['signer_info'].signer.type
             *             indicating 'certificate'
             *         contains header_fields['generation_time']
             *             indicating TIME_LAST
             *     }
             * ensure that {
             *     when {
             *         the IUT is sending CAM
             *             containing header_fields['signer_info']
             *                 containing signer
             *                     containing type
             *                         indicating 'certificate'
             *     } then {
             *         this message
             *             contains header_fields['generation_time']
             *                 indicating TIME (TIME >= TIME_LAST + 1sec)
             *     }
             * }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_05_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                const integer c_cntTimeLimit := 10;
                const float c_certificateGenerationTime := 1.0;
                
                timer t_minTransInterval := c_certificateGenerationTime * 0.8;
                var integer v_cntTime := 0;
                var GeoNetworkingInd v_geoNwInd;
                var ItsCam v_component;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                geoNetworkingPort.clear;
                v_component := f_setCamFrequencyGreatherThan1Hz();
                tc_ac.start;
                alt {
                     [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                     )))) { 
                        tc_ac.stop;
                        t_minTransInterval.start;
                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
                    }
                } // End of 'alt' statement
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                    )))) {
                        if(t_minTransInterval.running){
                            t_minTransInterval.stop;
                            log("*** " & testcasename() & ": FAIL: CAM with certificate has been received inside 1 sec after previous one ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        v_cntTime := v_cntTime + 1;
                        if (v_cntTime == c_cntTimeLimit) { // Exit message loop
                            log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                            // end of alt
                        }
                        else {
                            log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
                            t_minTransInterval.start;
                            repeat;
                        }
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_digest
                    )))) {
                        log("*** " & testcasename() & ": INFO: CAM retransmission with digest ***"); 
                        repeat;
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs
                    ))) {
                        log("*** " & testcasename() & ": FAIL: Neither Certificate not Digest in received CAM ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] t_minTransInterval.timeout {
                        log("*** " & testcasename() & ": INFO: One of next CAMS must have a certificate ***");
                        repeat;
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_terminateCam(v_component);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_05_01_BV
            
            /**
             * @desc    Check that the secured CAM contains the signer_info field of certificate when the timeout of 1 second 
             *          has been expired after the previous CAM containing the certificate.
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *      and the IUT is configured to send more than one CAM per second
             *      and the IUT having sent a CAM
             *          containing header_fields['signer_info'].signer.type
             *              indicating 'certificate'
             *          at TIME_LAST 
             *  }
             *  ensure that {
             *      when {
             *          the IUT is sending a CAM
             *              containing header_fields['generation_time']
             *                  indicating TIME >= TIME_LAST + 1sec
             *      } then {
             *          this message is
             *              containing header_fields ['signer_info']
             *                  containing signer
             *                      containing type
             *                          indicating 'certificate'
             *      }
             *  }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_05_02_BV
             * @reference    ETSI TS 103 097 [1], clause 4.2.9
             */
            testcase TC_SEC_ITSS_SND_CAM_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                const integer c_cntTimeLimit := 10;
                const float c_certificateGenerationTime := 1.0;
                
                timer t_maxTransInterval := c_certificateGenerationTime * 1.15;
                var integer v_cntTime := 0;
                var GeoNetworkingInd v_geoNwInd;
                var ItsCam v_component;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                geoNetworkingPort.clear;
                v_component := f_setCamFrequencyGreatherThan1Hz();
                tc_ac.start;
                alt {
                     [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                     )))) { 
                        t_maxTransInterval.start;
                        tc_ac.stop;
                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
                    }
                } // End of 'alt' statement
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                    )))) {
                        t_maxTransInterval.stop;
                        v_cntTime := v_cntTime + 1;
                        if (v_cntTime == c_cntTimeLimit) { // Exit message loop
                            log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                            // end of alt
                        }
                        else {
                            t_maxTransInterval.start;
                            log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
                            repeat;
                        }
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_digest
                    )))) {
                        log("*** " & testcasename() & ": INFO: CAM retransmission with digest ***"); 
                        repeat;
                    }
                    [] t_maxTransInterval.timeout {
                        log("*** " & testcasename() & ": FAIL: CAM with certificate was not received in 1 sec after previous one ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_terminateCam(v_component);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_05_02_BV
            
            /**
             * @desc    Check that ITS-S sends a Secured CAM containing the signer_info of type certificate 
             *          when the ITS-S received a CAM from an unknown ITS-S 
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *      and the IUT is configured to send more than one CAM per second
             *      and the IUT having already sent CAM at TIME_1
             *          containing header_fields['signer_info'].signer.type
             *              indicating 'certificate'
             *      and the IUT having received a SecuredMessage at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec)
             *          containing header_fields['signer_info']
             *              containing signer
             *                  containing type
             *                      indicating 'certificate_digest_with_sha256'
             *                  containing digest
             *                      indicating HashedId3 value
             *                          referenced to unknown certificate
             *  }
             *  ensure that {
             *      when {
             *          the IUT is requested to send CAM at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec)
             *      } then {
             *          the IUT sends a SecuredMessage
             *              containing header_fields[0]
             *                  containing type 
             *                      indicating 'signer_info'
             *                  and containing signer
             *                      containing type
             *                          indicating 'certificate'
             *                      and containing certificate
             *      }
             *  }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_06_01_BV
             * @reference    ETSI TS 103 097 [1], clauses 5.4 and 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var ItsCam v_component;
                timer t_maxTransInterval := 0.3;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                v_component := f_setCamFrequencyGreatherThan1Hz();
                tc_ac.start;
                alt {
                     [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                     )))) { 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
                        
                        // Send secured message from unknown ITS-S
                        geoNetworkingPort.clear;
                        f_sendSecuredCam(cc_taCert_F, omit, e_certificate_digest_with_sha256);
                        
                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
                    }
                }
                
                // Test Body
                t_maxTransInterval.start;
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                    )))) {
                        tc_ac.stop; 
                        t_maxTransInterval.stop;
                        log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs
                    ))) {
                        repeat;
                    }
                    [] t_maxTransInterval.timeout {
                        log("*** " & testcasename() & ": FAIL: CAM was transmited w/o unrecognized request header ***"); 
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_terminateCam(v_component);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_06_01_BV
            
            /**
             * @desc    Check that IUT restart the certificate sending timer when the certificate has been sent
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *      and the IUT is configured to send more then one CAM per second
             *      and the IUT having already sent CAM at TIME_1
             *          containing header_fields['signer_info'].signer.type
             *              indicating 'certificate'
             *      and the IUT having received a CAM at TIME_2 (TIME_1 +0.3sec)
             *          containing header_fields['request_unrecognized_certificate']
             *              containing digests
             *                  containing HashedId3 value
             *                      referencing to the the IUT certificate
             *      and the IUT having sent CAM at TIME_3 (TIME_3 > TIME_2)
             *          containing header_fields['signer_info'].signer.type
             *              indicating 'certificate'
             *  }
             *  ensure that {
             *      when {
             *          the IUT is sending the next CAM at TIME_4
             *              containing header_fields['signer_info'].signer.type
             *                  indicating 'certificate'
             *      } then {
             *          the difference between TIME_4 and TIME_3 is about of 1sec
             *      }
             *  }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_07_01_TI
             * @reference    ETSI TS 103 097 [1], clause 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_07_01_TI() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                const float c_certificateGenerationTime := 1.0;
                
                timer t_maxTransInterval := c_certificateGenerationTime * 0.9;
                var GeoNetworkingInd v_geoNwInd;
                var SignerInfo v_signerInfo;
                var ItsCam v_component;
                var boolean v_firstCertReceived := false;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                v_component := f_setCamFrequencyGreatherThan1Hz();
                tc_ac.start;
                alt {
                    [v_firstCertReceived == false] geoNetworkingPort.receive(
                                                    mw_geoNwInd(
                                                        mw_geoNwSecPdu(
                                                            mdw_securedMessage_CAMs(
                                                                mw_header_field_signer_info_certificate
                    )))) -> value v_geoNwInd {
                        log("*** " & testcasename() & ": INFO: Initial conditions: The first CAM with certificate is received ***");
                        v_firstCertReceived := true;
                        f_sleep(0.3);
                        // Send secured message with request for unrecognized certificate
                        f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerInfo);
                        f_sendSecuredCam(
                            cc_taCert_F,
                            {
                                m_header_field_unrecognised_certificate(
                                    f_HashedId3FromHashedId8(
                                       f_calculateDigestFromCertificate(
                                           v_signerInfo.signerInfo.certificate
                                       )
                                    )
                                )
                            },
                            e_certificate_digest_with_sha256
                        );
                        repeat;
                    }
                    [v_firstCertReceived == true] geoNetworkingPort.receive(
                                                    mw_geoNwInd(
                                                        mw_geoNwSecPdu(
                                                            mdw_securedMessage_CAMs(
                                                                mw_header_field_signer_info_certificate
                    )))) {
                        tc_ac.stop;
                        // start a timeout of one second to check
                        // that the next cert will be received after this timeout
                        t_maxTransInterval.start;
                        log("*** " & testcasename() & ": INFO: Initial conditions: The requested CAM with certificate is received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
                    }
                } // End of 'alt' statement
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                    )))) {
                        tc_ac.stop;
                        t_maxTransInterval.stop;
                        log("*** " & testcasename() & ": FAIL: CAM certificate inclusion time wasn't restarted ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs
                    ))) {
                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
                        repeat;
                    }
                    [] t_maxTransInterval.timeout {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: The CAM certificate inclusion timer has been restarted ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_terminateCam(v_component);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_07_01_TI
            
            /**
             * @desc    Check that the IUT sends the Secured CAM containing the signer_info of type certificate 
             *          when it received a CAM containing a request of unrecognized certificate that matches 
             *          with the currently used AT certificate ID of the IUT 
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *      and the IUT is configured to send more than one CAM per second
             *      and the IUT having already sent CAM at TIME_1
             *          containing header_fields['signer_info'].signer.type
             *              indicating 'certificate' 
             *      and the IUT having received a SecuredMessage at TIME_2 (TIME_1 < TIME_2 < TIME_1 + 1sec)
             *          containing header_fields['request_unrecognized_certificate']
             *              containing digests {
             *                  containing HashedId3 value
             *                      referencing to the AT certificate
             *                  and not containing HashedId3 value
             *                      referencing to the AA certificate
             *              }
             *  }
             *  ensure that {
             *      when {
             *          the IUT is requested to send a CAM at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec)
             *      } then {
             *          the IUT sends a SecuredMessage
             *              containing header_fields['signer_info']
             *                  containing signer
             *                      containing type
             *                          indicating 'certificate'
             *                      containing certificate
             *                          referenced by the requested digest 
             *      }
             *  }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_08_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                const float c_certificateGenerationTime := 1.0;
                
                timer t_maxTransInterval := c_certificateGenerationTime * 0.9;
                var GeoNetworkingInd v_geoNwInd;
                var ItsCam v_component;
                var SignerInfo v_si;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();

                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                geoNetworkingPort.clear;
                v_component := f_setCamFrequencyGreatherThan1Hz();
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                    )))) -> value v_geoNwInd {
                        tc_ac.stop;
                        t_maxTransInterval.start;
                        
                        f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si);
                        
                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
                        
                        // Send secured message with request for unrecognized certificate
                        f_sendSecuredCam(
                            cc_taCert_A,
                            {
                                m_header_field_unrecognised_certificate(                // containing digests
                                    f_HashedId3FromHashedId8(                           // containing HashedId3 value
                                        f_calculateDigestFromCertificate(
                                            v_si.signerInfo.certificate                 //     referencing to the AT certificate
                                        )
                                    )    
                                                                                        // and not containing HashedId3 value referencing to the AA certificate
                                )
                            },
                            e_certificate
                        );
                        
                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
                    }
                } // End of 'alt' statement
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate(
                                        v_si.signerInfo.certificate
                                    )
                    )))) {
                        tc_ac.stop; 
                        t_maxTransInterval.stop;
                        log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs
                    ))) {
                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
                        repeat;
                    }
                    [] t_maxTransInterval.timeout {
                        tc_ac.stop; 
                        log("*** " & testcasename() & ": FAIL: Requested certificate was not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_terminateCam(v_component);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_08_01_BV
            
            /**
             * @desc    Check that the sent secured CAM contains the signer_info of type certificate_chain 
             *          when the ITS-S has received a CAM containing a request of unrecognized certificate that matches 
             *          with the AA certificate ID that issued its currently used AT certificate ID of the IUT
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *      and the IUT is configured to send more than one CAM per second
             *      and the IUT having already sent a CAM
             *          containing header_fields['signer_info'].signer.type
             *              indicating 'certificate'
             *          at TIME_1
             *      and the IUT having received a SecuredMessage
             *          containing header_fields['request_unrecognized_certificate'] {
             *              containing digests {
             *                  containing HashedId3 value
             *                      referencing to the AA certificate
             *              }
             *          }
             *          at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec)
             *  }
             *  ensure that {
             *      when {
             *          the IUT is requested to send a CAM
             *              at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1+ 1sec)
             *      } then {
             *          the IUT sends a SecuredMessage
             *              containing header_fields['signer_info']
             *                  containing signer
             *                      containing type
             *                          indicating 'certificate_chain'
             *                      containing certificates[last]
             *                          indicating the AT certificate
             *                      containing certificates[last-1]
             *                          indicating the AA certificate
             *      }
             *  }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_09_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                const float c_certificateGenerationTime := 1.0;
                
                timer t_maxTransInterval := c_certificateGenerationTime * 0.9;
                var GeoNetworkingInd v_geoNwInd;
                var ItsCam v_component;
                var SignerInfo v_si;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                geoNetworkingPort.clear;
                v_component := f_setCamFrequencyGreatherThan1Hz();
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                    ))))  -> value v_geoNwInd { 
                        tc_ac.stop;
                        t_maxTransInterval.start;
                        
                        f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn),v_si);
                        f_getCertificateSignerInfo(v_si.signerInfo.certificate, v_si);
                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
                                                
                        // Send secured message with request for unrecognized certificate
                        f_sendSecuredCam(
                            cc_taCert_A,
                            {
                                m_header_field_unrecognised_certificate(                    // containing digests
                                    f_HashedId3FromHashedId8(                               //     containing HashedId3 value
                                        v_si.signerInfo.digest                              //         referencing to the AA certificate
                                    )
                                )
                            });
                        
                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
                    }
                } // End of 'alt' statement
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate_chain
                    )))) -> value v_geoNwInd {
                        var SignerInfo v_signerInfo;
                        var CertificateChain v_certificates;
                        var integer v_certificateChainLength;
                        
                        tc_ac.stop; 
                        t_maxTransInterval.stop;
                        // Extract certificate chain
                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
                        v_certificates := v_signerInfo.signerInfo.certificates;
                        v_certificateChainLength := lengthof(v_certificates);
                        if (v_certificateChainLength >= 2) { // Check length
                            if ( // Check Content
                                not(
                                    (v_certificates[0].subject_info.subject_type == e_authorization_authority) and 
                                        // Check the certificate chain contains certificates[last] indicating the AT certificate
                                    (v_certificates[1].subject_info.subject_type == e_authorization_ticket)
                                        // Check the certificate chain contains certificates[last-1] indicating the AA certificate
                            )) {
                                log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); 
                            } else {
                                log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate chain was successful ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                            } 
                        } else {
                            log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content length ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); 
                        }
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs
                    ))) {
                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate chain ***"); 
                        repeat;
                    }
                    [] t_maxTransInterval.timeout {
                        tc_ac.stop; 
                        log("*** " & testcasename() & ": FAIL: The certificate chain has not been received during 1 sec ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_terminateCam(v_component);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_09_01_BV
            
            /**
             * @desc    Check that the sent secured CAM contains exactly one HeaderField generation_time which is inside 
             *          the validity time of the certificate referenced by the signer_info
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *      the IUT being requested to include certificate in the next CAM 
             *  }
             *  ensure that {
             *      when {
             *          the IUT is requested to send CAM
             *      } then {
             *          the IUT sends a SecuredMessage 
             *              containing security_profile
             *                  indicating '1'
             *              containing header_fields ['generation_time'] 
             *                  containing generation_time
             *                      indicating TIME_1 (CUR_TIME - 5min <= TIME_1 <= CUR_TIME + 5min)
             *              containing header_fields ['signer_info'] 
             *                  containing signer 
             *                      containing type
             *                          indicating 'certificate'
             *                      and containing certificate 
             *                          containing validity_restrictions['time_end']
             *                              containing end_validity
             *                                  indicating value > GEN_TIME
             *                          or containing validity_restrictions['time_start_and_end']
             *                              containing start_validity
             *                                  indicating value <= GEN_TIME
             *                              and containing end_validity
             *                                  indicating value > GEN_TIME
             *                          or containing validity_restrictions['time_start_and_duration']
             *                              containing start_validity (X_START_VALIDITY)
             *                                  indicating value <= GEN_TIME
             *                              and containing duration
             *                                  indicating value > GEN_TIME - X_START_VALIDITY 
             *      }
             *  }
             * </pre>
             *
             * @see          ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CAM_10_01_BV
             * @reference    ETSI TS 103 097 [1], clauses 5.4 and 7.1
             */
            testcase TC_SEC_ITSS_SND_CAM_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                const integer c_timeThreshold := 1000 * 60; /** Time threshold in milliseconds */
                
                var GeoNetworkingInd v_geoNwInd;
                var SignerInfo v_signerInfo;
                var Certificate v_certificate;
                var HeaderField v_headerField;
                var Time64 v_generationTime;
                var ValidityRestriction v_validity;
                var integer v_currentTime, v_lowerBound, v_upperBound;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ": ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_generation_time, 
                                        mw_header_field_signer_info_certificate,
                                        mw_header_field_its_aid_CAM
                    ))))) -> value v_geoNwInd {
                        tc_ac.stop; 
                        log("*** " & testcasename() & ": INFO: CAM transmission with certificate ***");
                        
                        v_currentTime := f_getCurrentTime();
                        log("v_currentTime (us)=", v_currentTime * 1000);
                        v_lowerBound := (v_currentTime - c_timeThreshold) * 1000;
                        v_upperBound := (v_currentTime + c_timeThreshold) * 1000;
                        
                        // Extract generation_time
                        f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField);
                        v_generationTime := v_headerField.headerField.generation_time;
                        
                        // Extract certificate
                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
                        v_certificate := v_signerInfo.signerInfo.certificate;
                         
                        // Check current time 
                        if (match(v_generationTime, (v_lowerBound .. v_upperBound))) {
                            log("*** " & testcasename() & ": PASS: Generation time matches current time ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
                        } else {
                            log("*** " & testcasename() & ": FAIL: Generation time does not match current time " & int2str(v_currentTime) & " . ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }   
                        
                        // Check generation_time validity
                        if (
                            (f_getCertificateValidityRestriction(v_certificate, e_time_start_and_end, v_validity) == true) and 
                            (v_generationTime >= (v_validity.validity.time_start_and_end.start_validity * 1000000) and 
                            (v_generationTime < (v_validity.validity.time_start_and_end.end_validity * 1000000)))
                        ) {
                            log("*** " & testcasename() & ": PASS: Generation time within certificate validity/time_start_and_end ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
                        } else if (
                            (f_getCertificateValidityRestriction(v_certificate, e_time_end, v_validity) == true) and 
                            (v_generationTime < (v_validity.validity.end_validity * 1000000))
                        ) {
                            log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
                        } else if (
                            (f_getCertificateValidityRestriction(v_certificate, e_time_start_and_duration, v_validity) == true) and 
                            (v_generationTime >= (v_validity.validity.time_start_and_duration.start_validity * 1000000)) and 
                            (v_generationTime < (v_validity.validity.e_time_start_and_duration.duration_ * 1000000))
                        ) {
                            log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
                        } else {
                            log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs
                    ))) {
                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate  ***"); 
                        repeat;
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_10_01_BV
            
            /**
             * @desc    Check that the IUT sends certificate request when it receives a message from unknown station
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *      and the IUT has receiving a SecuredMessage
             *          containing header_fields['signer_info'].signer
             *              containing type
             *                  indicating 'certificate_digest_with_sha256'
             *              containing digest
             *                  indicating HashedId3 value DIGEST_A
             *                      referenced to unknown certificate
             *  }
             *  ensure that {
             *      when {
             *          the IUT is requested to send CAM
             *      } then {