Merge branch 'STF525' of https://forge.etsi.org/gitlab/ITS/ITS into STF525 (bd92233e) · Commits · ITS - Intelligent Transport Systems / ITS

etc/AtsPki/AtsPki_Idnomic.cfg_

+19 −5

Original line number	Diff line number	Diff line
		@@ -8,16 +8,24 @@ LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
		# Configuration sub-directory to access certificate stored in files
		LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"

		# Use this certificate if the RSU simulator act as IUT
		LibItsCommon_Pixits.PX_CERT_FOR_TS := "CERT_IUT_A_AT"

		LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
		LibItsHttp_Pics.PICS_HEADER_CTL_CONTENT_TYPE := "application/x-its-crl"

		LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
		LibItsPki_Pics.PICS_HEADER_HOST_EC := "ea.utopia.plugtests2019.innovation.keynectis.net"
		LibItsPki_Pics.PICS_HEADER_HOST_ATV := "ea.utopia.plugtests2019.innovation.keynectis.net"
		LibItsPki_Pics.PICS_HEADER_HOST_AT := "aa.utopia.plugtests2019.innovation.keynectis.net"
		LibItsPki_Pics.PICS_HEADER_HOST_CA := "dc.plugtests2019.innovation.keynectis.net"

		LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/"
		LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/"
		LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/"
		LibItsPki_Pics.PICS_HTTP_GET_URI_CTL := "/getctl/1D3C7B499A054F8C";
		LibItsPki_Pics.PICS_HTTP_GET_URI_CRL := "/getcrl/1D3C7B499A054F8C";

		LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
		LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '455453492D4954532D303031'O
		@@ -63,6 +71,7 @@ system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
		system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.utopia.plugtests2019.innovation.keynectis.net)"
		#system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.1.41,local_port=80)" # Multiple HTTP component ports specific to TC_SECPKI_AA_AUTHVAL_xx
		system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=aa.utopia.plugtests2019.innovation.keynectis.net)"
		system.httpCaPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=dc.plugtests2019.innovation.keynectis.net)"


		[EXECUTE]
		@@ -70,7 +79,7 @@ system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV

		# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (not containing an item of type PsidSsp)
		ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
		# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (containing opaque[0] (version) indicating other value than 1)
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_02
		# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (containing opaque[1] (value) indicating "Enrolment Request" (bit 1) set to 0)
		@@ -174,6 +183,11 @@ ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
		# Check that the AA sends AuthorizationValidationRequest after receiving of the AuthorizationRequest
		#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV

		# Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
		ItsPki_TestCases.TC_RCA_CTLGEN_01_BV
		# Check that the RootCA generates the CRL when CA certificate is about to be revoked
		ItsPki_TestCases.TC_RCA_CRLGEN_02_BV

		[MAIN_CONTROLLER]
		# The options herein control the behavior of MC.
		KillTimer := 10.0

ttcn/AtsPki/ItsPki_TestCases.ttcn

+103 −1

Original line number	Diff line number	Diff line
		@@ -8901,6 +8901,8 @@ module ItsPki_TestCases {

		group ca_behavior {

		group ctl {

		/**
		* @desc Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
		* <pre>
		@@ -8976,7 +8978,7 @@ module ItsPki_TestCases {

		tc_ac.stop;

		if (f_verify_rca_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
		if (f_verify_rca_ctl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
		log("* " & testcasename() & ": FAIL: Failed to verify RCA message *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		} else {
		@@ -9000,6 +9002,106 @@ module ItsPki_TestCases {

		} // End of testcase TC_RCA_CTLGEN_01_BV

		} // End of group ctl

		group crl {

		/**
		* @desc Check that the RootCA generates the CRL when CA certificate is about to be revoked
		* <pre>
		* Pics Selection: PICS_IUT_CA_ROLE
		* Initial conditions:
		* }
		* Expected behaviour:
		* ensure that {
		* when {
		* the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list
		* }
		* then {
		* the IUT issue a new CRL of type ToBeSignedCrl
		* containing emtries
		* containing item of type CrlEntry
		* indicating HashedId8 of CERT_CA
		* }
		* }
		* </pre>
		*
		* @see ETSI TS 103 525-2 TP RCA_CRLGEN_01_BV
		* @reference ETSI TS 102 941, clause 6.3.3
		*/
		testcase TC_RCA_CRLGEN_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
		// Local variables
		var HeaderLines v_headers;
		var HttpMessage v_response;

		// Test control
		if (not PICS_IUT_CA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC *");
		setverdict(inconc);
		stop;
		}

		// Test component configuration
		f_cfHttpUp_ca();

		// Test adapter configuration

		// Preamble
		f_init_default_headers_list(-, "ca_request", v_headers);
		action("the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list");
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);

		// Test Body
		f_http_send(
		v_headers,
		m_http_request(
		m_http_request_get(
		PICS_HTTP_GET_URI_CRL,
		v_headers
		)));
		tc_ac.start;
		alt {
		[] httpCaPort.receive(
		mw_http_response(
		mw_http_response_ok(
		mw_http_message_body_binary(
		mw_binary_body_ieee1609dot2_data(
		mw_etsiTs103097Data_signed(
		mw_signedData(
		-,
		mw_toBeSignedData( mw_signedDataPayload ),
		mw_signerIdentifier_digest
		))))))) -> value v_response {
		var ToBeSignedCrl v_to_be_signed_crl;

		tc_ac.stop;

		if (f_verify_rca_crl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_crl) == false) {
		log("* " & testcasename() & ": FAIL: Failed to verify RCA message *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		} else {
		if (f_verify_full_crl(v_to_be_signed_crl) == true) {
		log("* " & testcasename() & ": PASS: ToBeSignedCrl received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		} else {
		log("* " & testcasename() & ": FAIL: Receive unexpected message *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
		}
		}
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected message not received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
		}
		} // End of 'alt' statement

		// Postamble
		f_cfHttpDown_ca();

		} // End of testcase TC_RCA_CRLGEN_02_BV

		} // End of group crl

		} // End of group ca_behavior

		} // End of module ItsPki_TestCases

ttcn/AtsPki/ItsPki_TestControl.ttcn

+9 −3

Original line number	Diff line number	Diff line
		@@ -88,6 +88,12 @@ module ItsPki_TestControl {
		execute(TC_SECPKI_AA_AUTHVAL_01_BV());
		}

		if (PICS_IUT_CA_ROLE) {
		execute(TC_RCA_CTLGEN_01_BV());

		execute(TC_RCA_CRLGEN_02_BV());
		}

		} // End of 'control' statement

		} // End of module module ItsPki_TestControl

LibIts @ 956ea968

Original line number	Diff line number	Diff line
		Subproject commit 6e0111d02cdab632db6ac26074214f15b57e395b
		Subproject commit 956ea968e8a7b3701c6fbb1386c3aac2e98c4d46

Admin message