Newer
Older
testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
if (not f_waitForCertificate(v_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_rectangle) {
var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (v_counter := 0; v_counter<lengthof(v_rects); v_counter := v_counter + 1) {
var RectangularRegion v_rect := v_rects[v_counter];
if (true != f_isValidTwoDLocation(v_rect.northwest)) {
log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidTwoDLocation(v_rect.southeast)) {
log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check normality of the rectangle
if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
log("*** " & testcasename() & ": FAIL: Rectangular region " & int2str(v_counter) & " is not normalized ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// Check for continuous rectangles
if (lengthof(v_rects) > 1) {
if (true != f_isContinuousRectangularRegions(v_rects)) { // FIXME Not implemented
log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the rectangular region validity restriction of all certificates contains not more than
* six valid rectangles;
* Check that the rectangular region validity restriction of the AT certificate is continuous and
* does not contain any holes
* Check that the rectangular certificate validity region of the subordinate certificate is well formed and
* inside the validity region of the issuing certificate
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating length N > 0
* and containing certificates [n] 0..n
* containing validity_restrictions['region']
* containing region_type
* indicating 'rectangle'
* and containing rectangular_region
* indicating length <= 6
* and containing elements of type RectangularRegion
* containing northwest and southeast
* indicating northwest on the north from southeast
* and indicating continuous region without holes
testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
log("v_chain[v_counter]=", v_chain[v_counter]);
if (f_vr) {
var RectangularRegions v_rects;
if (v_vr.validity.region.region_type != e_rectangle) {
log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_rects := v_vr.validity.region.region.rectangular_region;
log("v_rects=", v_rects);
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (var integer j:=0; j<lengthof(v_rects); j:=j + 1) {
var RectangularRegion v_rect := v_rects[j];
if (true != f_isValidTwoDLocation(v_rect.northwest)) {
log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidTwoDLocation(v_rect.southeast)) {
log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check normality of the rectangle
if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
log("*** " & testcasename() & ": FAIL: Rectangle " & int2str(v_counter) & " is not normalized ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (f_vri) {
// current restrictions must be inside of the parent one
if (not f_isRectangularRegionsInside(v_vri.validity.region.region.rectangular_region, v_rects)) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region is not inside the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set if thi restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All certificates has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the polygonal certificate validity region contains at least three and no more than 12 points
* Check that the polygonal certificate validity region does not contain intersections and holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate'
* containing certificate
* containing validity_restrictions['region']
* and containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating length >=3 and <=12
* and indicating continuous region without holes and intersections
* }
* }
testcase TC_SEC_ITSS_SND_CERT_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
if (not f_waitForCertificate(v_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_polygon) {
var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region;
var integer v_length := lengthof(v_pr);
if (v_length < 3) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_length > 12) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidPolygonalRegion(v_pr)) {
log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the polygonal certificate validity region is inside the validity region of the issuing certificate
* Check that the issuing polygonal certificate validity region contains at least three and no more than 12 points
* Check that the issuing polygonal certificate validity region does not contain intersections and holes
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificates
* indicating length > 0
* and containing certificates [n] (0..n)
* containing validity_restrictions['region']
* containing region_type
* indicating 'polygon'
* and containing polygonal_region
* indicating length >=3 and <=12
* and indicating continuous region without holes and intersections
testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D;
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
f_vr := false;
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
if (f_vr) {
var PolygonalRegion v_pr;
var integer v_length;
if (v_vr.validity.region.region_type != e_polygon) {
log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_pr := v_vr.validity.region.region.polygonal_region;
v_length := lengthof(v_pr);
if (v_length < 3) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_length > 12) {
log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big in cert " & int2str(v_counter) & "***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidPolygonalRegion(v_pr)) {
log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (f_vri) {
// current restrictions must be inside of the parent one
if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate " & int2str(v_counter) &
"because this restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the identified certificate validity region contains values that correspond to numeric country codes
* as defined in ISO 3166-1 or defined by United Nations Statistics Division
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate'
* and containing certificate
* containing validity_restrictions['region']
* containing region
* containing region_type
* indicating 'id'
* and containing id_region
* containing region_dictionary
* indicating 'iso_3166_1' (0)
* and containing region_identifier
* indicating valid value according to 'iso_3166_1'
* and containing local_region
* or containing region
* containing id_region
* containing region_dictionary
* indicating 'un_stats'
* and containing region_identifier
* indicating valid value according to UN STATS
* and containing local_region
* }
* }
testcase TC_SEC_ITSS_SND_CERT_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
if (not f_waitForCertificate(v_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_id) {
if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
log("*** " & testcasename() & ": PASS: Certificate has a valid region ID restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": FAIL: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the identified certificate validity region contains values that correspond to numeric country codes
* as defined in ISO 3166-1 or defined by United Nations Statistics Division
* Check that the identified certificate validity region contains values defining the region which is inside
* the validity region of the issuing certificate
* @remark The case when signing certificate and issuing certificate contain different type of region validity restriction is not supported by this test
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificate
* indicating length N > 1
* containing validity_restrictions['region']
* containing region
* containing region_type
* indicating 'id'
* and containing id_region
* containing region_dictionary
* indicating 'iso_3166_1' (0)
* and containing region_identifier
* indicating valid value according to 'iso_3166_1'
* and containing local_region
* or containing region
* containing id_region
* containing region_dictionary
* indicating 'un_stats'
* and containing region_identifier
* indicating valid value according to UN STATS
* and containing local_region
* }
* }
testcase TC_SEC_ITSS_SND_CERT_06_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E;
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
f_vr := false;
tc_ac.stop;
for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
v_vri := v_vr;
f_vri := f_vr;
f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
if (f_vr) {
if (v_vr.validity.region.region_type == e_id) {
if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
if (f_vri) {
// the region code must be the same
if (v_vr.validity.region.region.id_region.region_identifier !=
v_vri.validity.region.region.id_region.region_identifier) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( v_vri.validity.region.region.id_region.local_region != 0
and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region ) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
} else {
// Region validity restriction is not exist
if (f_vri) {
log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate " & int2str(v_counter) &
"because this restriction exists in the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
log("*** " & testcasename() & ": PASS: All certificates has a valid identified regionrestrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificates
* indicating length N > 1
* and containing certificates[n] (0..N)
* indicating certificate
* not containing validity_restrictions['region']
* and containing signer_info
* containing digest
* referenced to the certificate
* not containing validity_restrictions['region']
* or indicating certificate
* containing validity_restrictions['region']
* containing region.region_type
* indicating 'none'
* and containing signer_info
* containing digest
* referenced to the certificate
* not containing validity_restrictions['region']
* or containing validity_restrictions['region']
* containing region.region_type
* indicating 'none'
* or indicating certificate
* containing validity_restrictions['region']
* containing region.region_type
* indicated 'circle'
* or indicated 'rectangle'
* or indicated 'polygon'
* or indicated 'id'
* and containing region (X_CERT__REGION)
* and containing signer_info
* containing digest
* referenced to the certificate
* not containing validity_restrictions['region']
* or containing validity_restrictions['region']
* containing region.region_type
* indicating 'none'
* or containing validity_restrictions['region']
* containing region
* indicating region fully covering the X_CERT_REGION
* }
* }
* </pre>
testcase TC_SEC_ITSS_SND_CERT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_cert, v_cert_issuer;
var SignerInfo v_si;
var UInt8 v_counter;
var HashedId8 v_digest;
var CertificatesCaching v_certificatesCaching;
var FncRetCode v_result_status := e_success;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
stop;
}
// Test component configuration
// vc_hashedId8ToBeUsed := cc_iutCert_E;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
// Test Body
// 1. Create a cache of certificates
f_createCertificatesCaching(v_chain, v_certificatesCaching);
// 2. Process the certificates
v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
while (v_counter != 0) {
// Get the first certificate
if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
v_result_status := e_error;
break;
}
// Retrive SigneInfo field
if (not f_getCertificateSignerInfo(v_cert, v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
v_result_status := e_error;
break;
}
if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
v_result_status := e_error;
break;
}
// Get issuer
if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
v_result_status := e_error;
break;
}
// Check that cert is signed by issuing cert
v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
v_result_status := e_error;
break;
}
// Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
v_result_status := e_error;
break;
}
// Prepare next loop
v_counter := v_counter - 1;
} // End of 'while' statement
if (v_result_status == e_success) {
log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
}
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
// Postamble
f_poNeighbour();
f_cf01Down();
/**
* @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificates
* indicating length N > 1
* and containing certificates[n] (0..N)
* indicating certificate
* containing validity_restrictions['region']
* containing region.region_type
* indicated 'id'
* and containing id_region
* containing region_dictionary
* indicating 'iso_3166_1'
* or indicating 'un_stat'
* and containing region_identifier (X_CERT_REGION_ID)
* indicating valid value according to 'iso_3166_1' or 'un_stat'
* and containing local_region (X_CERT_LOCAL_REGION)
* and containing signer_info
* containing digest
* referenced to the certificate
* containing validity_restrictions['region']
* containing region
* indicated 'id'
* and containing id_region
* containing region_dictionary
* indicating 'iso_3166_1'
* or indicating 'un_stat'
* and containing region_identifier
* indicating value == X_CERT_REGION_ID
* and containing local_region
* indicating value == X_CERT_LOCAL_REGION
* or indicating 0
* or containing id_region
* containing region_dictionary
* indicating 'un_stats'
* and containing region_identifier
* indicating region fully covering the X_CERT_REGION
* }
* }
* </pre>
testcase TC_SEC_ITSS_SND_CERT_07_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_cert, v_cert_issuer;
var SignerInfo v_si;
var UInt8 v_counter;
var HashedId8 v_digest;
var CertificatesCaching v_certificatesCaching;
var FncRetCode v_result_status := e_success;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
stop;
}
// Test component configuration
// vc_hashedId8ToBeUsed := cc_iutCert_E;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
// Test Body
// 1. Create a cache of certificates
f_createCertificatesCaching(v_chain, v_certificatesCaching);
// 2. Process the certificates
v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
while (v_counter != 0) {
// Get the first certificate
if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
v_result_status := e_error;
break;
}
// Retrive SigneInfo field
if (not f_getCertificateSignerInfo(v_cert, v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
v_result_status := e_error;
break;
}
if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
v_result_status := e_error;
break;
}
// Get issuer
if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
v_result_status := e_error;
break;
}
// Check that cert is signed by issuing cert
v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
v_result_status := e_error;
break;
}
// Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
v_result_status := e_error;
break;
}
// Prepare next loop
v_counter := v_counter - 1;
} // End of 'while' statement
if (v_result_status == e_success) {
log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
}
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check the certificate chain to ensure that the time validity restriction of the subordinate certificate is inside the time validity restriction of the issuing certificate
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
* containing certificates
* containing certificates[last-1]
* containing validity_restrictions
* containing validity_restrictions['time_start_and_end']
* containing start_validity
* indicating START_AA_VALIDITY
* containing end_validity
* indicating END_AA_VALIDITY >= START_AA_VALIDITY
* and containing signer_info
* containing digest
* referenced to the trusted certificate
* containing validity_restrictions['time_end']
* containing end_validity
* indicating value > AA_END_VALIDITY
* or containing validity_restrictions['time_start_and_end']
* containing start_validity
* indicating value <= AA_START_VALIDITY
* and containing end_validity
* indicating value > AA_END_VALIDITY
* or containing validity_restrictions['time_start_and_duration']
* containing start_validity
* indicating X_START_VALIDITY <= AA_START_VALIDITY
* and containing duration
* indicating value > AA_END_VALIDITY - X_START_VALIDITY
* }
* }
* </pre>
testcase TC_SEC_ITSS_SND_CERT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
var CertificateChain v_chain;
var Certificate v_aa_cert;
var ValidityRestriction v_vr;
var SignerInfo v_si;
var Time64 v_generationTime;
var Time64 v_curTime;
var Time64 v_startTime, v_endTime, v_duration;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();