Merge branch 'STF525' of https://forge.etsi.org/gitlab/ITS/ITS into STF525

data/v3/profiles/CERT_IUT_A_RCA.xml

@@ -28,7 +28,7 @@
 			<aid value="100"/>  <!-- not allocated -->
 			<aid value="101"/>  <!-- not allocated -->
 			<aid value="102"/>  <!-- not allocated -->
-			<aid value="CRT-REQ">01 FE</aid> <!-- Cert request: any -->
+			<aid value="CRT-REQ">01 FE/FF 01</aid> <!-- Cert request: any -->
 		</attribute>
 		<attribute type="its_aid_ssp_list">
 			<ssp aid="CRL">01</ssp> <!-- CRL  -->

data/v3/profiles/CERT_IUT_C_RCA.xml

@@ -27,7 +27,7 @@
 			<aid value="IVI"/> <!-- IVI -->
 			<aid value="TLC"/> <!-- TLC -->
 			<aid value="GN-MGMT"/> <!-- GN-MGMT -->
-			<aid value="CRT-REQ">01 FE</aid> <!-- Cert request: any -->
+			<aid value="CRT-REQ">01 FE/FF 01</aid> <!-- Cert request: any -->
 		</attribute>
 		<attribute type="its_aid_ssp_list">
 			<ssp aid="CRL">01</ssp> <!-- CRL  -->

data/v3/profiles/CERT_TS_A_EA.xml

+<!-- Authorization authority certificate without any region restriction -->
+<certificate>
+	<version>3</version>
+	<signer type="digest" name="CERT_IUT_A_RCA"/>
+	<subject type="EA" name="">
+		<!-- verification_key -->
+		<attribute type="verification_key">
+			<public_key algorithm="ecdsa_nistp256_with_sha256">
+				<ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- encryption_key -->
+		<attribute type="encryption_key">
+			<public_key sym_alg="0" algorithm="0">
+				><ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- assurance_level -->
+		<attribute type="assurance_level">
+			<assurance level="4" confidence="0"/>
+		</attribute>
+		<!-- its_aid_list -->
+		<attribute type="its_aid_list" eeType="04"> <!-- issue permissions -->
+			<aid value="CAM"/>  <!--CAM-->
+			<aid value="DENM"/>  <!--DENM-->
+			<aid value="SPAT"/> <!-- TLM / SPAT -->
+			<aid value="MAP"/> <!-- RLT / MAP-->
+			<aid value="IVI"/> <!-- IVI -->
+			<aid value="TLC"/> <!-- TLC -->
+			<aid value="GN-MGMT"/> <!-- GN-MGMT -->
+			<aid value="CRT-REQ">01 C0</aid> <!-- Cert request:  -->
+		</attribute>
+		<attribute type="its_aid_ssp_list"> <!-- app permissions -->
+			<ssp aid="CRT-REQ">01 0E</ssp> <!-- Cert request:  -->
+		</attribute>
+	</subject>
+	<validity>
+		<restriction type="time" start="-365d" end="+730d"/>
+		<restriction type="region">
+			<none/>
+		</restriction>
+	</validity>
+	<signature algorithm="0"/>
+</certificate>

data/v3/profiles/CERT_TS_A_EC.xml

+<!-- General authorization ticket certificate without any region restriction -->
+<certificate>
+	<version>3</version>
+	<signer type="digest" name="CERT_TS_A_EA"/>
+	<subject type="EC" name="">
+		<!-- verification_key -->
+		<attribute type="verification_key">
+			<public_key algorithm="0">
+				<ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- encryption_key -->
+		<attribute type="encryption_key">
+			<public_key sym_alg="0" algorithm="0">
+				><ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- assurance_level -->
+		<attribute type="assurance_level">
+			<assurance level="3"/>
+		</attribute>
+		<!-- its_aid_ssp_list -->
+		<attribute type="its_aid_ssp_list">
+			<ssp aid="CRT-REQ">01 C0</ssp> <!-- Cert request  -->
+		</attribute>
+	</subject>
+	<validity>
+		<restriction type="time" start="+0d" end="+365d"/>
+		<restriction type="region">
+			<none/>
+		</restriction>
+	</validity>
+	<signature algorithm="0"/>
+</certificate>

data/v3/profiles/CERT_TS_EC_ENR_RCV_02_BI_01.xml

+<!-- Enrolment certificate without CRT-REQ PSID  -->
+<certificate>
+	<version>3</version>
+	<signer type="digest" name="CERT_TS_A_EA"/>
+	<subject type="EC" name="">
+		<!-- verification_key -->
+		<attribute type="verification_key">
+			<public_key algorithm="0">
+				<ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- encryption_key -->
+		<attribute type="encryption_key">
+			<public_key sym_alg="0" algorithm="0">
+				><ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- assurance_level -->
+		<attribute type="assurance_level">
+			<assurance level="3"/>
+		</attribute>
+		<!-- its_aid_ssp_list -->
+		<attribute type="its_aid_ssp_list">
+			<ssp aid="CAM"></ssp> <!-- Cert request  -->
+		</attribute>
+	</subject>
+	<validity>
+		<restriction type="time" start="+0d" end="+365d"/>
+		<restriction type="region">
+			<none/>
+		</restriction>
+	</validity>
+	<signature algorithm="0"/>
+</certificate>

data/v3/profiles/CERT_TS_EC_ENR_RCV_02_BI_02.xml

+<!-- Enrolment certificate containing CRT-REQ PSID with SSP version 0 -->
+<certificate>
+	<version>3</version>
+	<signer type="digest" name="CERT_TS_A_EA"/>
+	<subject type="EC" name="">
+		<!-- verification_key -->
+		<attribute type="verification_key">
+			<public_key algorithm="0">
+				<ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- encryption_key -->
+		<attribute type="encryption_key">
+			<public_key sym_alg="0" algorithm="0">
+				><ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- assurance_level -->
+		<attribute type="assurance_level">
+			<assurance level="3"/>
+		</attribute>
+		<!-- its_aid_ssp_list -->
+		<attribute type="its_aid_ssp_list">
+			<ssp aid="CRT-REQ">00 C0</ssp> <!-- Cert request  -->
+		</attribute>
+	</subject>
+	<validity>
+		<restriction type="time" start="+0d" end="+365d"/>
+		<restriction type="region">
+			<none/>
+		</restriction>
+	</validity>
+	<signature algorithm="0"/>
+</certificate>

data/v3/profiles/CERT_TS_EC_ENR_RCV_02_BI_03.xml

+<!-- Enrolment certificate containing CRT-REQ PSID with SSP version 1 and without enrolment request permissions -->
+<certificate>
+	<version>3</version>
+	<signer type="digest" name="CERT_TS_A_EA"/>
+	<subject type="EC" name="">
+		<!-- verification_key -->
+		<attribute type="verification_key">
+			<public_key algorithm="0">
+				<ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- encryption_key -->
+		<attribute type="encryption_key">
+			<public_key sym_alg="0" algorithm="0">
+				><ecc_point type="compressed"/>
+			</public_key>
+		</attribute>
+		<!-- assurance_level -->
+		<attribute type="assurance_level">
+			<assurance level="3"/>
+		</attribute>
+		<!-- its_aid_ssp_list -->
+		<attribute type="its_aid_ssp_list">
+			<ssp aid="CRT-REQ">01 00</ssp> <!-- Cert request  -->
+		</attribute>
+	</subject>
+	<validity>
+		<restriction type="time" start="+0d" end="+365d"/>
+		<restriction type="region">
+			<none/>
+		</restriction>
+	</validity>
+	<signature algorithm="0"/>
+</certificate>

tools/itscertgen/asn1certgen/asn1certgen.xslt

@@ -201,13 +201,22 @@
   <xsl:param name="certType"/>
   <xsl:variable name="SSPValue">
    <xsl:choose>
-    <xsl:when test="normalize-space(.) != ''"><xsl:value-of select="normalize-space(.)"/></xsl:when>
-    <xsl:when test="@value = 'CAM' or @value=$AID-CAM">01 FF FF</xsl:when>
+    <xsl:when test="normalize-space(.) != ''">
+     <xsl:choose>
+      <xsl:when test="contains(normalize-space(.), '/')">
+        <xsl:value-of select="substring-before(normalize-space(.),'/')"/>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:value-of select="normalize-space(.)"/>
+      </xsl:otherwise>
+     </xsl:choose>
+    </xsl:when>
+    <xsl:when test="@value = 'CAM' or @value=$AID-CAM">01 FF FC</xsl:when>
     <xsl:when test="@value = 'DENM' or @value=$AID-DENM">01 FF FF</xsl:when>
-    <xsl:when test="@value = 'TLM' or @value = 'SPAT' or @value=$AID-SPAT">01 FF FF FF</xsl:when>
-    <xsl:when test="@value = 'RLT' or @value = 'MAP' or @value=$AID-MAP">01 FF FF FF</xsl:when>
-    <xsl:when test="@value = 'IVI' or @value=$AID-IVI">01 FF FF FF</xsl:when>
-    <xsl:when test="@value = 'TLC' or @value=$AID-TLC">01 FF FF FF</xsl:when>
+    <xsl:when test="@value = 'TLM' or @value = 'SPAT' or @value=$AID-SPAT">01 E0</xsl:when>
+    <xsl:when test="@value = 'RLT' or @value = 'MAP' or @value=$AID-MAP">01 C0</xsl:when>
+    <xsl:when test="@value = 'IVI' or @value=$AID-IVI">01 00 00 00 FF F8</xsl:when>
+    <xsl:when test="@value = 'TLC' or @value=$AID-TLC">01 FF FF E0</xsl:when>
     <xsl:when test="@value = 'CRT-REQ' or @value = $AID-CRT-REQ">
      <xsl:choose>
       <xsl:when test="$certType = 'ROOT'">01 FE</xsl:when>
@@ -217,6 +226,33 @@
     </xsl:when>
    </xsl:choose>
   </xsl:variable>
+  <xsl:variable name="SSPBitmask">
+   <xsl:choose>
+    <xsl:when test="normalize-space(.) != ''">
+     <xsl:choose>
+      <xsl:when test="contains(normalize-space(.), '/')">
+        <xsl:value-of select="substring-after(normalize-space(.),'/')"/>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:value-of select="translate(normalize-space(.),'0123456789ABCDEF','FFFFFFFFFFFFFFFF')"/>
+      </xsl:otherwise>
+     </xsl:choose>
+    </xsl:when>
+    <xsl:when test="@value = 'CAM' or @value=$AID-CAM">FF 00 03</xsl:when>
+    <xsl:when test="@value = 'DENM' or @value=$AID-DENM">FF 00 00 00</xsl:when>
+    <xsl:when test="@value = 'TLM' or @value = 'SPAT' or @value=$AID-SPAT">FF 1F</xsl:when>
+    <xsl:when test="@value = 'RLT' or @value = 'MAP' or @value=$AID-MAP">FF 3F</xsl:when>
+    <xsl:when test="@value = 'IVI' or @value=$AID-IVI">FF 00 00 00 00 07</xsl:when>
+    <xsl:when test="@value = 'TLC' or @value=$AID-TLC">FF 00 00 1F</xsl:when>
+    <xsl:when test="@value = 'CRT-REQ' or @value = $AID-CRT-REQ">
+     <xsl:choose>
+      <xsl:when test="$certType = 'ROOT'">FF 01</xsl:when>
+      <xsl:when test="$certType = 'EA'">FF FF</xsl:when>
+      <xsl:otherwise>01 FF</xsl:otherwise>
+     </xsl:choose>
+    </xsl:when>
+   </xsl:choose>
+  </xsl:variable>
   <PsidSspRange>
    <xsl:comment><xsl:value-of select="@value"/></xsl:comment>
    <psid>
@@ -238,7 +274,7 @@
     <sspRange>
      <bitmapSspRange>
       <sspValue><xsl:value-of select="$SSPValue"/></sspValue>
-      <sspBitmask><xsl:value-of select="$SSPValue"/></sspBitmask>
+      <sspBitmask><xsl:value-of select="$SSPBitmask"/></sspBitmask>
      </bitmapSspRange>
     </sspRange>
    </xsl:if>