Skip to content
GitLab
Commit ca7d1839 authored by Yann Garcia's avatar Yann Garcia
Browse files

Validate Authorization/AuthorizationValidation

parent 5a2f8d34
Hide whitespace changes
Inline Side-by-side
ccsrc/Protocols/Http/http_codec.cc
View file @ ca7d1839
......@@ -215,7 +215,7 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
if (_ec.is_content_length_present == 0x01) {
loggers::get_instance().log_msg("http_codec::encode_request: Add body ", os);
p_encoding_buffer.put_os(os);
//FIXME For test With GEMALTO, comment to be removed, p_encoding_buffer.put_cs("\r\n");
p_encoding_buffer.put_cs("\r\n");
}
loggers::get_instance().log_to_hexa("<<< http_codec::encode_request: ", p_encoding_buffer);
......
etc/AtsPki/AtsPki_Gemalto.cfg_
View file @ ca7d1839
......@@ -10,17 +10,23 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
# Gemalto
LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
LibItsPki_Pics.PICS_HEADER_HOST_EC := "etsi.enrolment.ea.msi-dev.acloud.gemalto.com"
LibItsPki_Pics.PICS_HEADER_HOST_ATV := "etsi.authvalidation.ea.msi-dev.acloud.gemalto.com"
LibItsPki_Pics.PICS_HEADER_HOST_AT := "etsi.authorization.aa.msi-dev.acloud.gemalto.com"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC :="/"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT :="/"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV :="/"
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O
LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_GEMALTO_EA"
LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_GEMALTO_AA"
LibItsPki_Pixits.PX_AUTHORIZATION_REQUEST_WITH_POP := false # Not private key available
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
# you want to log into the file or display on console (standard error).
......@@ -37,17 +43,19 @@ LogEventTypes:= Yes
[TESTPORT_PARAMETERS]
# Multiple HTTP component ports
system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.enrolment.ea.msi-dev.acloud.gemalto.com)"
system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.authvalidation.ea.msi-dev.acloud.gemalto.com)"
system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.authorization.aa.msi-dev.acloud.gemalto.com)"
system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.182.66)" #etsi.enrolment.ea.msi-dev.acloud.gemalto.com
system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.182.87)" #etsi.authvalidation.ea.msi-dev.acloud.gemalto.com
system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.182.235)" #etsi.authorization.aa.msi-dev.acloud.gemalto.com
[EXECUTE]
# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response to a received EnrolmentRequest message
ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response
# to a received EnrolmentRequest message
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be
#done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
......@@ -60,8 +68,12 @@ ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_09_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_10_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_11_BV
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_AA_BV_01
#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_01
# The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface at reference point S4
#in response to a received AuthorizationValidationRequest message
#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV
ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
......
etc/AtsPki/AtsPki_Idnomic.cfg_ 0 → 100644
View file @ ca7d1839
[MODULE_PARAMETERS]
# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
# Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
# Root path to access certificate stored in files, identified by certficate ID
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "test.bsi.v2x-pilot.escrypt.com"
LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
LibItsPki_Pics.PICS_HEADER_HOST_EC := "ea.utopia.plugtests2019.innovation.keynectis.net"
LibItsPki_Pics.PICS_HEADER_HOST_ATV := "ea.utopia.plugtests2019.innovation.keynectis.net"
LibItsPki_Pics.PICS_HEADER_HOST_AT := "aa.utopia.plugtests2019.innovation.keynectis.net"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorize"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorize"
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '45545349504C55470000000000000000'O
LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_IDNOMIC_EA"
LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_IDNOMIC_AA"
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
# you want to log into the file or display on console (standard error).
LogFile := "../logs/%e.%h-%r.%s"
FileMask := LOG_ALL | USER | DEBUG | MATCHING
ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
LogSourceInfo := Stack
LogEntityName:= Yes
LogEventTypes:= Yes
#TimeStampFormat := DateTime
[TESTPORT_PARAMETERS]
# Multiple HTTP component ports
system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.utopia.plugtests2019.innovation.keynectis.net)"
system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.utopia.plugtests2019.innovation.keynectis.net)"
system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=aa.utopia.plugtests2019.innovation.keynectis.net)"
[EXECUTE]
# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response to a received EnrolmentRequest message
ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI
# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_05_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_06_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_07_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_08_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_09_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_10_BV
#ItsPki_TestCases.TC_SECPKI_EA_ENR_11_BV
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_AA_BV_01
#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_01
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
KillTimer := 10.0
LocalAddress := 127.0.0.1
TCPPort := 12000
NumHCs := 1
ttcn/AtsPki/ItsPki_TestCases.ttcn
View file @ ca7d1839
......@@ -212,24 +212,27 @@ module ItsPki_TestCases {
if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) {
// Verify signature of mw_innerEcRequestSignedForPop
if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, v_inner_ec_request) == false) {
f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
log("*** " & testcasename() & ": FAIL: Failed to verify InnerEcResponseSignedForPop message ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": DEBUG: match ", match(v_inner_ec_request, mw_innerEcRequest), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_inner_ec_request, mw_innerEcRequest)) {
log("*** " & testcasename() & ": LOG: Receive ", v_inner_ec_request, " ***");
f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash,
'3E4CAB36D3BCB08A838CECBE0AACD1AE1EB2C4E60896AB23B88CE14568AE16EF'O,//TODO vc_eaPrivateKey, waiting for new certificates
'B8B3E88138D442B34CFC7F9C1DB5F825D372344931CBD67CE033CA4219D70BF6'O, //TODO vc_eaHash, waiting for new certificates
v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
} else {
f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
......@@ -3502,7 +3505,7 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp();
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
......@@ -3555,16 +3558,16 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[PICS_MULTIPLE_END_POINT] httpAtPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationValidationResponseMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response {
[PICS_MULTIPLE_END_POINT] httpAtVPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationValidationResponseMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response {
tc_ac.stop;
if (f_verify_pki_response_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
......@@ -3635,7 +3638,7 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp();
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
......@@ -3811,7 +3814,7 @@ module ItsPki_TestCases {
// Test Body
f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "authorization_request", v_headers);
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
......
LibIts @ 467ea0b7
Compare b1729a03...467ea0b7
Subproject commit b1729a03676613e0233209066db2209f1cfdf853
Subproject commit 467ea0b72dbef25dc1a8ce0c938f77442a7fdf4d
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment