Skip to content
ItsSecurity_TestCases.ttcn3 539 KiB
Newer Older
garciay's avatar
garciay committed
             * @desc    Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *      the IUT being requested to include certificate in the next CAM
             * }
             * Expected Behaviour:
             * ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *       containing header_fields['signer_info'].signer {
             *         containing type
             *           indicating certificate
             *         containing certificate {
             *             containing subject_attributes['verification_key']
             *                 containing key.public_key.type
             *                    indicating compressed_lsb_y_0
             *                    or indicating compressed_lsb_y_1 
             *         }
garciay's avatar
garciay committed
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_08_01_BV
             * @reference   ETSI TS 103 097 [1], clause 4.2.4
garciay's avatar
garciay committed
            testcase TC_SEC_SND_CERT_08_01() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
garciay committed
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
garciay's avatar
garciay committed
                // Test component configuration
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
garciay's avatar
garciay committed
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                superset(
                                                    mw_subject_attribute_verification_key(
                                                        mw_publicKey_eccPoint_compressed_lsb_y_0
                                                    )
                                                ),
                                                ?,
                                                ?
                    ))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_0 received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                superset(
                                                    mw_subject_attribute_verification_key(
                                                        mw_publicKey_eccPoint_compressed_lsb_y_1
                                                    )
                                                ),
                                                ?,
                                                ?
                    ))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_1 received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                superset(
                                                    mw_subject_attribute_verification_key(
                                                        mw_publicKey_eccPoint_uncompressed
                                                    )
                                                ),
                                                ?,
                                                ?
                    ))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to uncompressed received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate
                    )))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
                
            } // End of testcase TC_SEC_SND_CERT_08_01
            
            /**
             * @desc Check the certificate signature 
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *       containing header_fields['signer_info'].signer {
             *         containing type
             *           indicating 'certificate'
             *         containing certificate {
             *           containing signer_info[0] {
             *             containing type
             *               indicating 'certificate_digest_with_sha256'
             *             containing digest
             *               referenced to the certificate CERT
             *           }
             *           containing signature
             *             verifiable using CERT.subject_attributes['verification_key'].key
             *         }
garciay's avatar
garciay committed
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_09_01_BV
             * @reference   ETSI TS 103 097 [1], clauses 6.1 and 7.4
garciay's avatar
garciay committed
            testcase TC_SEC_SND_CERT_09_01() runs on ItsGeoNetworking system ItsSecSystem {
                // Local declarations
                var GeoNetworkingInd v_geoNwInd;
                var Certificate      v_at_cert;
                var Certificate      v_aa_cert;
                var HashedId8        v_aa_digest;
                var SignerInfo       v_si;
                var integer          v_counter;
garciay's avatar
garciay committed
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
garciay's avatar
garciay committed
                    
                // Test component configuration
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
garciay's avatar
garciay committed
                // Wait for the message with the certificate to get the AA cert digest.
                // Ask for the chain, containing AT and AA certificate
                // Check that the AT cert in the first message is signed with the AA cert
                log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
                tc_ac.start;
                f_waitForCertificate(v_at_cert);
                tc_ac.stop;
garciay's avatar
garciay committed
                if (true != f_getCertificateSignerInfo(v_at_cert, v_si)) {
                    log("*** " & testcasename() & ": FAIL: AT Certificate signer info is unknown ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
garciay's avatar
garciay committed
                if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                    log("*** " & testcasename() & ": FAIL: AT Certificate is not signed well ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
garciay's avatar
garciay committed
                v_aa_digest := v_si.signerInfo.digest;
                
                // Send a certificate request to the IUT 
                f_sendCertificateRequest(v_aa_digest, f_generateDefaultCam());
                    
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate_chain
                    ))))) -> value v_geoNwInd {
                        var SecuredMessage v_secMsg;
                        var integer v_chainLength;
                        tc_ac.stop;
                        // Check certificate chain
                        
                        if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
                            v_chainLength := lengthof(v_si.signerInfo.certificates);
                            if (v_chainLength < 2 ) {
                                log("*** " & testcasename() & ": FAIL: Certificate chain doesn't contain the AA cert ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            // get aa cert
                            v_aa_cert := v_si.signerInfo.certificates[v_chainLength-2];
                            if (not match (v_aa_digest, f_calculateDigestFromCertificate(v_aa_cert))) {
                                log("*** " & testcasename() & ": FAIL: AT certificate was not signed with the given AA cert ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            
                            // Check that at cert is signed with aa cert
                            if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
                                log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            
                            log("*** " & testcasename() & ": PASS: AT certificate was well signed with AA certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        } else {
                            log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
            } // End of testcase TC_SEC_SND_CERT_09_01
garciay's avatar
garciay committed
             * @desc Check the signatures of the certificates in the chain 
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
garciay committed
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *       containing header_fields['signer_info'].signer {
             *         containing type
             *           indicating 'certificate_chain'
             *         containing certificates
             *           indicating CERTIFICATES {
             *             containing CERTIFICATES[N] {
             *               containing signer_info[0] {
             *                 containing type
             *                   indicating 'certificate_digest_with_sha256'
             *                 containing digest
             *                   referenced to the certificate CERTIFICATES[N-1]
             *               }
             *               containing signature
             *                 verifiable using CERTIFICATES[N-1].subject_attributes['verification_key'].key
             *             }
             *         }
             *       }
             *   }
             * }
garciay's avatar
garciay committed
             * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_09_02_BV
             * @reference   ETSI TS 103 097 [1], clauses 6.1 and 7.4
garciay's avatar
garciay committed
            testcase TC_SEC_SND_CERT_09_02() runs on ItsGeoNetworking system ItsSecSystem {
                // Local declarations
                var GeoNetworkingInd v_geoNwInd;
                var Certificate      v_cert;
                var CertificateChain v_chain;
                var SignerInfo       v_si;
                var HashedId8        v_digest;
                var integer          v_counter;
garciay's avatar
garciay committed
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
garciay's avatar
garciay committed
                // Test component configuration
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
garciay's avatar
garciay committed
                // Wait for the message with the certificate to get the AA cert digest.
                // Ask for the chain, containing AT and AA certificate
                // Check that the AT cert in the first message is signed with the AA cert
                log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate and ask for a certificate chain ***");
                tc_ac.start;
                f_askForCertificateChain(f_generateDefaultCam());
                tc_ac.stop;
                    
garciay's avatar
garciay committed
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate_chain
                    ))))) -> value v_geoNwInd {
                        var SecuredMessage v_secMsg;
                        var integer v_chainLength;
                        tc_ac.stop;
                        // Check certificate chain
                        if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
                            v_chain  :=  v_si.signerInfo.certificates;
                            for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
                                if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
                                    log("*** " & testcasename() & ": FAIL: Certificate "&int2str(v_counter) & " doesn't have a signer info ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                                    log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                // Check that cert is signed by issuing cert
                                v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
                                if (not match (v_si.signerInfo.digest, v_digest)) {
                                    log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                // Check that the signature is valid
                                if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_chain[v_counter], v_chain[v_counter - 1])) {
                                    log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                            } // End of 'for' statement
                            
                            log("*** " & testcasename() & ": PASS: All certificates in the chain signed by it's issuing certs ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        } else {
                            log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
                
            } // End of testcase TC_SEC_SND_CERT_09_02
garciay's avatar
garciay committed
             * @desc Sending behaviour test cases for AA certificate profil
             * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.7 AA certificate profile
             */
            group AA_Certificates {
                
                /**
                 * @desc Check that the subject_type of the AA certificate is set to authorization_authority   
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing subject_info.subject_type
                 *             indicating 'authorization_authority' (2)
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_01_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 7.4.3
                 */
                testcase TC_SEC_SND_CERT_AA_01_01() runs on ItsGeoNetworking system ItsSecSystem {
                    var CertificateChain         v_chain;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) {
                        log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
garciay's avatar
garciay committed
6465 6466 6467 6468 6469 6470 6471 6472 6473 6474 6475 6476 6477 6478 6479 6480 6481 6482 6483 6484 6485 6486 6487 6488 6489 6490 6491 6492 6493 6494 6495 6496 6497 6498 6499 6500 6501 6502 6503 6504 6505 6506 6507 6508 6509 6510 6511 6512 6513 6514 6515 6516 6517 6518 6519 6520 6521 6522 6523 6524 6525 6526 6527 6528 6529 6530 6531 6532 6533 6534 6535 6536 6537 6538 6539 6540 6541 6542 6543 6544 6545 6546 6547 6548 6549 6550 6551 6552 6553 6554 6555 6556 6557 6558 6559 6560 6561 6562 6563 6564 6565 6566 6567 6568 6569 6570 6571 6572 6573 6574 6575 6576 6577 6578 6579 6580 6581 6582 6583 6584 6585 6586 6587 6588 6589 6590 6591 6592 6593 6594 6595 6596 6597 6598 6599 6600 6601 6602 6603 6604 6605 6606 6607 6608 6609 6610 6611 6612 6613 6614 6615 6616 6617 6618 6619 6620 6621 6622 6623 6624 6625 6626 6627 6628 6629 6630 6631 6632 6633 6634 6635 6636 6637 6638 6639 6640 6641 6642 6643 6644 6645 6646 6647 6648 6649 6650 6651 6652 6653 6654 6655 6656 6657 6658 6659 6660 6661 6662 6663 6664 6665 6666 6667 6668 6669 6670 6671 6672 6673 6674 6675 6676 6677 6678 6679 6680 6681 6682 6683 6684 6685 6686 6687 6688 6689 6690 6691 6692 6693 6694 6695 6696 6697 6698 6699 6700 6701 6702 6703 6704 6705 6706 6707 6708 6709 6710 6711 6712 6713 6714 6715 6716 6717 6718 6719 6720 6721 6722 6723 6724 6725 6726 6727 6728 6729 6730 6731 6732 6733 6734 6735 6736 6737 6738 6739 6740 6741 6742 6743 6744 6745 6746 6747 6748 6749 6750 6751 6752 6753 6754 6755 6756 6757 6758 6759 6760 6761 6762 6763 6764 6765 6766 6767 6768 6769 6770 6771 6772 6773 6774 6775 6776 6777 6778 6779 6780 6781 6782 6783 6784 6785 6786 6787 6788 6789 6790 6791 6792 6793 6794 6795 6796 6797 6798 6799 6800 6801 6802 6803 6804 6805 6806 6807 6808 6809 6810 6811 6812 6813 6814 6815 6816 6817 6818 6819 6820 6821 6822 6823 6824 6825 6826 6827 6828 6829 6830 6831 6832 6833 6834 6835 6836 6837 6838 6839 6840 6841 6842 6843 6844 6845 6846 6847 6848 6849 6850 6851 6852 6853 6854 6855 6856 6857 6858 6859 6860 6861 6862 6863 6864 6865 6866 6867 6868 6869 6870 6871 6872 6873 6874 6875 6876 6877 6878 6879 6880 6881 6882 6883 6884 6885 6886 6887 6888 6889 6890 6891 6892 6893 6894 6895 6896 6897 6898 6899 6900 6901 6902 6903 6904 6905 6906 6907 6908 6909 6910 6911 6912 6913 6914 6915 6916 6917 6918 6919
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AA_01_01
                
                /**
                 * @desc Check that the subject_name variable-length vector shall have a maximum length of 32 bytes.    
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing subject_info.subject_name
                 *             indicating length <= 32 bytes
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_02_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 6.2
                 */
                testcase TC_SEC_SND_CERT_AA_02_01() runs on ItsGeoNetworking system ItsSecSystem {
                    var CertificateChain         v_chain;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    // Verified automatically on decoding
                    if (lengthof(v_chain[lengthof(v_chain) - 2].subject_info.subject_name) > 32 ) {
                        log("*** " & testcasename() & ": FAIL: Subject name of the AA certificate is too long ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: Subject name of the AA certificate is good ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AA_02_01
                
                /**
                 * @desc Check that signer info of the AA certificate is a digest     
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing signer_info {
                 *             containing type
                 *               indicating 'certificate_digest_with_sha256'
                 *             containing digest
                 *           }
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_04_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 7.4.3
                 */
                testcase TC_SEC_SND_CERT_AA_04_01() runs on ItsGeoNetworking system ItsSecSystem {
                    var CertificateChain         v_chain;
                    var Certificate              v_aa_cert;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
                    if (not match(v_aa_cert, mw_aa_certificate(mw_signerInfo_digest))) {
                        log("*** " & testcasename() & ": FAIL: AA certificate not signed by digest ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: AA certificate is signed by digest ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AA_04_01
                
                /**
                 * @desc Check that all neccesary subject attributes are present and arranged in accesing order     
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing subject_attributes [0..N] {
                 *             indicating subject_attributes[n].type < subject_attributes[n+ 1].type
                 *             containing subject_attributes['verification_key']
                 *             containing subject_attributes['assurance_level']
                 *             containing subject_attributes['its_aid_list']
                 *           }
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_05_01_BV
                 * @reference   ETSI TS 103 097 [1], clauses 6.1, 7.4 and 7.4.3
                 */
                testcase TC_SEC_SND_CERT_AA_05_01() runs on ItsGeoNetworking system ItsSecSystem {
                    var CertificateChain         v_chain;
                    var SubjectAttributes        v_attrs;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    if (not match(v_chain[lengthof(v_chain) - 2], 
                                 mw_aa_certificate(?,
                                        superset(mw_subject_attribute_verification_key,
                                                 mw_subject_attribute_assurance_level,
                                                 mw_subject_attribute_its_aid_list)))
                     ) {
                        log("*** " & testcasename() & ": FAIL: Required subject attribute of AA certificate is not found ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    v_attrs := v_chain[lengthof(v_chain) - 2].subject_attributes;
                    for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
                        if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
                            log("*** " & testcasename() & ": FAIL: AA certificate subject attributes are not arranged in accening order ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    
                    log("*** " & testcasename() & ": PASS: All required AA certificate subject attributes are presents ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AA_05_01
                
                /**
                 * @desc Check that time_start_and_end is included in the AA certificate validation restrictions
                 *       Check that end_validity is later then start_validity      
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing validity_restrictions [0..N] {
                 *             not containing validity_restrictions['time_end']
                 *             and not containing validity_restrictions['time_start_and_duration']
                 *             and containing validity_restrictions['time_start_and_end']
                 *               containing start_validity
                 *                 indicating START_AA_VALIDITY
                 *               containing end_validity
                 *                 indicating END_AA_VALIDITY >=START_AA_VALIDITY
                 *           }
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_06_01_BV
                 * @reference   ETSI TS 103 097 [1], clauses 6.7, 7.4 and 7.4.3
                 */
                testcase TC_SEC_SND_CERT_AA_06_01() runs on ItsGeoNetworking system ItsSecSystem {
                    var CertificateChain         v_chain;
                    var Certificate              v_aa_cert;
                    var ValidityRestriction      v_vr;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
                    if (match (v_aa_cert.validity_restrictions, (superset(mw_validity_restriction_time_end,
                                                                          mw_validity_restriction_time_start_and_duration)))
                    ) {
                        log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) {
                        log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
                        log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AA_06_01
                
                /**
                 * @desc Check that all AIDs containing in the in the its_aid_list in AA certificate are unique
                 *       Check that AID list contains not more then 31 items       
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing subject_attributes['its_aid_list']
                 *             containing its_aid_list[0..N]
                 *               containing no more then 31 unique item
                 *           }
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_08_01_BV
                 * @reference   ETSI TS 103 097 [1], clauses 6.9 and 7.4.3
                 */
                testcase TC_SEC_SND_CERT_AA_08_01() runs on ItsGeoNetworking system ItsSecSystem {
                    var CertificateChain         v_chain;
                    var Certificate              v_aa_cert;
                    var SubjectAttribute         v_sa;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    v_aa_cert := v_chain[lengthof(v_chain) - 2];
                    if (f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
                        
                        if (lengthof(v_sa.attribute.its_aid_list) > 31) {
                            log("*** " & testcasename() & ": FAIL: ITS-AID list contains " & int2str(lengthof(v_sa.attribute.its_aid_list)) & " items (>31) ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        for (var integer v_counter :=0; v_counter < lengthof(v_sa.attribute.its_aid_list); v_counter := v_counter + 1) {
                            for (var integer j :=0; j < lengthof(v_sa.attribute.its_aid_list); j := j + 1) {
                                if (v_counter != j and v_sa.attribute.its_aid_list[v_counter] == v_sa.attribute.its_aid_list[j]) {
                                    log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_sa.attribute.its_aid_list[j]) & " is duplicated in AA certificate ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                            }
                        } // End of 'for' statement
                    } else {
                        log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    
                    log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AA_08_01
                
                /**
                 * @desc Check that all mandatory validity restrictions are present and arranged in ascending order
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating certificate_chain
                 *         containing certificates[last-1] {
                 *           containing validity_restrictions
                 *             indicating validity_restrictions[n].type < validity_restrictions[n+1].type
                 *           }
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AA_10_01_BV
                 * @reference   ETSI TS 103 097 [1], clauses 6.1
                 */
                testcase TC_SEC_SND_CERT_AA_08_01() runs on ItsGeoNetworking system ItsSecSystem {
                    // TODO
                } // End of testcase TC_SEC_SND_CERT_AA_08_01
                
            } // End of group AA_Certificates 
garciay's avatar
garciay committed
             * @desc Sending behaviour test cases for AT certificate profil
             * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.8 AT certificate profile
             */
            group AT_Certificates {
                
                /**
                 * @desc Check that the subject_type of the AT certificate is set to 'authorization_ticket'   
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
                 *       containing header_fields['signer_info'].signer {
                 *         containing type
                 *           indicating 'certificate'
                 *         containing certificate {
                 *           containing subject_info.subject_type
                 *             indicating 'authorization_ticket' (1)
                 *         }
                 *       }
                 *   }
                 * }
                 * </pre>
                 * @see         ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_01_01_BV
                 * @reference   ETSI TS 103 097 [1], clause 7.4.1
                 */
                testcase TC_SEC_SND_CERT_AT_01_01() runs on ItsGeoNetworking system ItsSecSystem {
                    var Certificate         v_at_cert;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
                    tc_ac.start;
                    if (not f_waitForCertificate(v_at_cert)) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (not match(v_at_cert, mw_at_certificate)) {
                        log("*** " & testcasename() & ": FAIL: Message wasn't signed by AT certificate ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: AT certificate has the 'authorization_ticket' subject_type  ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
                } // End of testcase TC_SEC_SND_CERT_AT_01_01
                
                /**
                 * @desc Check that signer info of the AA certificate is a digest    
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate in the next CAM
                 * } ensure that {