Commit 494c7c43 authored by filatov's avatar filatov
Browse files

fix #0007308

Check start < end instead of start <= end
TP is modified to support all 3 types of time validity restrictions for future use of other certificates.
parent 493c57a4
......@@ -25,7 +25,7 @@
"key": "_name",
"origin": "22eeba9c-067c-4daa-9d92-6f08c15a58e5",
"type": "STRING",
"value": "08. Check the time_start_and_end"
"value": "08. Check time validity restriction in the chain"
},
"_transferStatus": {
"isGenerated": false,
......
......@@ -10,16 +10,16 @@
"_description": {
"isGenerated": false,
"key": "_description",
"origin": "e49378a2-f1a9-4b49-ad2e-5fd1e8340578",
"origin": "62f9166d-ebd7-482a-8d09-94303a071c03",
"type": "STRING",
"value": "Check that time_start_and_end is included in the AA certificate validation restrictions;\r\nCheck that end_validity is greater than start_validity;\r\nCheck that validity restriction of AA certificate is inside the validity restriction of its issuing certificate\r\n"
"value": "Check the certificate chain to ensure that the time validity restriction of the subordinate certificate is inside the time validity restriction of the issuing certificate"
},
"_expectedResults": {
"isGenerated": false,
"key": "_expectedResults",
"origin": "e49378a2-f1a9-4b49-ad2e-5fd1e8340578",
"origin": "62f9166d-ebd7-482a-8d09-94303a071c03",
"type": "STRING",
"value": "with {\r\n\tthe IUT being in the 'authorized' state\r\n\tthe IUT being requested to include certificate chain in the next CAM\r\n} ensure that {\r\n\t when {\r\n\t\tthe IUT is requested to send a CAM\r\n\t} then {\r\n\t\tthe IUT sends a SecuredMessage\r\n\t\t\tcontaining header_fields['signer_info'].signer\r\n\t\t\t\tcontaining type\r\n\t\t\t\t\tindicating 'certificate_chain'\r\n\t\t\t\tcontaining certificates\r\n\t\t\t\t\tcontaining certificates[last-1]\r\n\t\t\t\t\t\tcontaining validity_restrictions\r\n\t\t\t\t\t\t\tcontaining validity_restrictions['time_start_and_end']\r\n\t\t\t\t\t\t\t\tcontaining start_validity\r\n\t\t\t\t\t\t\t\t\tindicating AA_START_VALIDITY\r\n\t\t\t\t\t\t\t\tcontaining end_validity\r\n\t\t\t\t\t\t\t\t\tindicating AA_END_VALIDITY >=AA_START_VALIDITY\r\n\t\t\t\t\t\tand containing signer_info\r\n\t\t\t\t\t\t\tcontaining digest\r\n\t\t\t\t\t\t\t\treferenced to the trusted certificate\r\n\t\t\t\t\t\t\t\t\tcontaining validity_restrictions['time_end']\r\n\t\t\t\t\t\t\t\t\t\tcontaining end_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value > AA_END_VALIDITY\r\n\t\t\t\t\t\t\t\t\tor containing validity_restrictions['time_start_and_end']\r\n\t\t\t\t\t\t\t\t\t\tcontaining start_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value <= AA_START_VALIDITY\r\n\t\t\t\t\t\t\t\t\t\tand containing end_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value > AA_END_VALIDITY\r\n\t\t\t\t\t\t\t\t\tor containing validity_restrictions['time_start_and_duration']\r\n\t\t\t\t\t\t\t\t\t\tcontaining start_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating X_START_VALIDITY <= AA_START_VALIDITY\r\n\t\t\t\t\t\t\t\t\t\tand containing duration\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value > AA_END_VALIDITY - X_START_VALIDITY\r\n\t}\r\n}"
"value": "with {\r\n\tthe IUT being in the 'authorized' state\r\n\tthe IUT being requested to include certificate chain in the next CAM\r\n} ensure that {\r\n\t when {\r\n\t\tthe IUT is requested to send a CAM\r\n\t} then {\r\n\t\tthe IUT sends a SecuredMessage\r\n\t\t\tcontaining header_fields['signer_info'].signer\r\n\t\t\t\tcontaining type\r\n\t\t\t\t\tindicating 'certificate_chain'\r\n\t\t\t\tcontaining certificates\r\n\t\t\t\t\tindicating length N > 1\r\n\t\t\t\t\tand containing certificates[n] (0..N)\r\n\t\t\t\t\t\tcontaining validity_restrictions\r\n\t\t\t\t\t\t\tcontaining validity_restrictions['time_end']\r\n\t\t\t\t\t\t\t\tcontaining end_validity\r\n\t\t\t\t\t\t\t\t\tindicating CERT_END_VALIDITY\r\n\t\t\t\t\t\t\tor containing validity_restrictions['time_start_and_end']\r\n\t\t\t\t\t\t\t\tcontaining start_validity\r\n\t\t\t\t\t\t\t\t\tindicating CERT_START_VALIDITY\r\n\t\t\t\t\t\t\t\tand containing end_validity\r\n\t\t\t\t\t\t\t\t\tindicating CERT_END_VALIDITY >CERT_START_VALIDITY\r\n\t\t\t\t\t\t\tor containing validity_restrictions['time_start_and_duration']\r\n\t\t\t\t\t\t\t\tcontaining start_validity\r\n\t\t\t\t\t\t\t\t\tindicating CERT_START_VALIDITY\r\n\t\t\t\t\t\t\t\tand containing end_validity\r\n\t\t\t\t\t\t\t\t\tindicating CERT_DURATION > 0\r\n\t\t\t\t\t\tand containing signer_info\r\n\t\t\t\t\t\t\tcontaining digest\r\n\t\t\t\t\t\t\t\treferenced to the certificate\r\n\t\t\t\t\t\t\t\t\tcontaining validity_restrictions['time_end']\r\n\t\t\t\t\t\t\t\t\t\tcontaining end_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value >= CERT_END_VALIDITY if defined\r\n\t\t\t\t\t\t\t\t\t\t\tor indicating value >= CERT_START_VALIDITY + CERT_DURATION\r\n\t\t\t\t\t\t\t\t\tor containing validity_restrictions['time_start_and_end']\r\n\t\t\t\t\t\t\t\t\t\tcontaining start_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value <= CERT_START_VALIDITY if defined\r\n\t\t\t\t\t\t\t\t\t\t\tor indicating value <= CURRENT_TIME\r\n\t\t\t\t\t\t\t\t\t\tand containing end_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value >= CERT_END_VALIDITY if defined\r\n\t\t\t\t\t\t\t\t\t\t\tor indicating value >= CERT_START_VALIDITY + CERT_DURATION\r\n\t\t\t\t\t\t\t\t\tor containing validity_restrictions['time_start_and_duration']\r\n\t\t\t\t\t\t\t\t\t\tcontaining start_validity\r\n\t\t\t\t\t\t\t\t\t\t\tindicating SIGNER_START_VALIDITY <= CERT_START_VALIDITY if defined\r\n\t\t\t\t\t\t\t\t\t\t\tor indicating SIGNER_START_VALIDITY <= CURRENT_TIME\r\n\t\t\t\t\t\t\t\t\t\tand containing duration\r\n\t\t\t\t\t\t\t\t\t\t\tindicating value >= CERT_END_VALIDITY - SIGNER__START_VALIDITY if defined\r\n\t\t\t\t\t\t\t\t\t\t\tor indicating value >= CERT_START_VALIDITY + CERT_DURATION - SIGNER__START_VALIDITY\r\n\t}\r\n}"
},
"_status": {
"isGenerated": false,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment