Validate Authorization/AuthorizationValidation (ca7d1839) · Commits · ITS - Intelligent Transport Systems / ITS

ccsrc/Protocols/Http/http_codec.cc

+1 −1

Original line number	Diff line number	Diff line
		@@ -215,7 +215,7 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
		if (_ec.is_content_length_present == 0x01) {
		loggers::get_instance().log_msg("http_codec::encode_request: Add body ", os);
		p_encoding_buffer.put_os(os);
		//FIXME For test With GEMALTO, comment to be removed, p_encoding_buffer.put_cs("\r\n");
		p_encoding_buffer.put_cs("\r\n");
		}

		loggers::get_instance().log_to_hexa("<<< http_codec::encode_request: ", p_encoding_buffer);

etc/AtsPki/AtsPki_Gemalto.cfg_

+21 −9

Original line number	Diff line number	Diff line
		@@ -10,17 +10,23 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"

		LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"

		# Gemalto
		LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
		LibItsPki_Pics.PICS_HEADER_HOST_EC := "etsi.enrolment.ea.msi-dev.acloud.gemalto.com"
		LibItsPki_Pics.PICS_HEADER_HOST_ATV := "etsi.authvalidation.ea.msi-dev.acloud.gemalto.com"
		LibItsPki_Pics.PICS_HEADER_HOST_AT := "etsi.authorization.aa.msi-dev.acloud.gemalto.com"

		LibItsPki_Pics.PICS_HTTP_POST_URI_EC :="/"
		LibItsPki_Pics.PICS_HTTP_POST_URI_AT :="/"
		LibItsPki_Pics.PICS_HTTP_POST_URI_ATV :="/"

		LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
		LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O
		LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_GEMALTO_EA"
		LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_GEMALTO_AA"

		LibItsPki_Pixits.PX_AUTHORIZATION_REQUEST_WITH_POP := false # Not private key available

		[LOGGING]
		# In this section you can specify the name of the log file and the classes of events
		# you want to log into the file or display on console (standard error).
		@@ -37,17 +43,19 @@ LogEventTypes:= Yes

		[TESTPORT_PARAMETERS]
		# Multiple HTTP component ports
		system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.enrolment.ea.msi-dev.acloud.gemalto.com)"
		system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.authvalidation.ea.msi-dev.acloud.gemalto.com)"
		system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.authorization.aa.msi-dev.acloud.gemalto.com)"
		system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.182.66)" #etsi.enrolment.ea.msi-dev.acloud.gemalto.com
		system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.182.87)" #etsi.authvalidation.ea.msi-dev.acloud.gemalto.com
		system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.182.235)" #etsi.authorization.aa.msi-dev.acloud.gemalto.com

		[EXECUTE]
		# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response to a received EnrolmentRequest message
		ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
		# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response
		# to a received EnrolmentRequest message
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
		# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI

		# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
		# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be
		#done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
		@@ -60,8 +68,12 @@ ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_09_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_10_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_11_BV
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_AA_BV_01
		#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_01

		# The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface at reference point S4
		#in response to a received AuthorizationValidationRequest message
		#ItsPki_TestCases.TC_SECPKI_EA_AUTHVAL_RCV_01_BV

		ItsPki_TestCases.TC_SECPKI_AA_AUTH_RCV_01_BV

		[MAIN_CONTROLLER]
		# The options herein control the behavior of MC.

etc/AtsPki/AtsPki_Idnomic.cfg_

0 → 100644

+76 −0

Original line number	Diff line number	Diff line
		[MODULE_PARAMETERS]
		# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.

		# Enable Security support
		LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
		# Root path to access certificate stored in files, identified by certficate ID
		LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
		# Configuration sub-directory to access certificate stored in files
		LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"

		LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
		LibItsHttp_Pics.PICS_HEADER_HOST := "test.bsi.v2x-pilot.escrypt.com"

		LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
		LibItsPki_Pics.PICS_HEADER_HOST_EC := "ea.utopia.plugtests2019.innovation.keynectis.net"
		LibItsPki_Pics.PICS_HEADER_HOST_ATV := "ea.utopia.plugtests2019.innovation.keynectis.net"
		LibItsPki_Pics.PICS_HEADER_HOST_AT := "aa.utopia.plugtests2019.innovation.keynectis.net"

		LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
		LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorize"
		LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorize"
		LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
		LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
		LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '45545349504C55470000000000000000'O
		LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_IDNOMIC_EA"
		LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_IDNOMIC_AA"

		[LOGGING]
		# In this section you can specify the name of the log file and the classes of events
		# you want to log into the file or display on console (standard error).

		LogFile := "../logs/%e.%h-%r.%s"
		FileMask := LOG_ALL \| USER \| DEBUG \| MATCHING
		ConsoleMask := LOG_ALL \| USER \| DEBUG \| MATCHING
		#FileMask := ERROR \| WARNING \| USER \| MATCHING \| EXECUTOR_RUNTIME \| VERDICTOP
		#ConsoleMask := ERROR \| WARNING \| USER \| MATCHING \| EXECUTOR_RUNTIME \| VERDICTOP
		LogSourceInfo := Stack
		LogEntityName:= Yes
		LogEventTypes:= Yes
		#TimeStampFormat := DateTime

		[TESTPORT_PARAMETERS]
		# Multiple HTTP component ports
		system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.utopia.plugtests2019.innovation.keynectis.net)"
		system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.utopia.plugtests2019.innovation.keynectis.net)"
		system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=aa.utopia.plugtests2019.innovation.keynectis.net)"

		[EXECUTE]
		# The EnrolmentResponse message shall be sent by the EA to the ITS-S across the interface at reference point S3 in response to a received EnrolmentRequest message
		ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
		# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI

		# The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved algorithm and the encryption shall be done with the same AES key as the one used by the ITS-S requestor for the encryption of the EnrolmentRequest message.
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_02_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_03_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_04_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_05_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_06_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_07_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_01_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_08_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_09_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_10_BV
		#ItsPki_TestCases.TC_SECPKI_EA_ENR_11_BV
		#ItsPki_TestCases.TC_SEC_PKI_SND_EA_AA_BV_01
		#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_01

		[MAIN_CONTROLLER]
		# The options herein control the behavior of MC.
		KillTimer := 10.0
		LocalAddress := 127.0.0.1
		TCPPort := 12000
		NumHCs := 1

ttcn/AtsPki/ItsPki_TestCases.ttcn

+20 −17

Original line number	Diff line number	Diff line
		@@ -212,24 +212,27 @@ module ItsPki_TestCases {
		if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) {
		// Verify signature of mw_innerEcRequestSignedForPop
		if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, v_inner_ec_request) == false) {
		f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		log("* " & testcasename() & ": FAIL: Failed to verify InnerEcResponseSignedForPop message *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
		} else {
		log("* " & testcasename() & ": DEBUG: match ", match(v_inner_ec_request, mw_innerEcRequest), " *"); // TODO In TITAN, this is the only way to get the unmatching in log
		if (match(v_inner_ec_request, mw_innerEcRequest)) {
		log("* " & testcasename() & ": LOG: Receive ", v_inner_ec_request, " *");
		f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash,
		'3E4CAB36D3BCB08A838CECBE0AACD1AE1EB2C4E60896AB23B88CE14568AE16EF'O,//TODO vc_eaPrivateKey, waiting for new certificates
		'B8B3E88138D442B34CFC7F9C1DB5F825D372344931CBD67CE033CA4219D70BF6'O, //TODO vc_eaHash, waiting for new certificates
		v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		log("* " & testcasename() & ": PASS: InnerEcRequest received *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
		} else {
		f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		log("* " & testcasename() & ": FAIL: Unexpected message received *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
		}
		}
		} else {
		f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, vc_eaPrivateKey, vc_eaHashedId8, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(v_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		log("* " & testcasename() & ": FAIL: Unexpected message received *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
		}
		@@ -3502,7 +3505,7 @@ module ItsPki_TestCases {
		}

		// Test component configuration
		f_cfHttpUp();
		f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

		// Test adapter configuration

		@@ -3555,7 +3558,7 @@ module ItsPki_TestCases {
		log("* " & testcasename() & ": PASS: AuthorizationValidationResponse received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
		}
		[PICS_MULTIPLE_END_POINT] httpAtPort.receive(
		[PICS_MULTIPLE_END_POINT] httpAtVPort.receive(
		mw_http_response(
		mw_http_response_ok(
		mw_http_message_body_binary(
		@@ -3635,7 +3638,7 @@ module ItsPki_TestCases {
		}

		// Test component configuration
		f_cfHttpUp();
		f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

		// Test adapter configuration

		@@ -3811,7 +3814,7 @@ module ItsPki_TestCases {

		// Test Body
		f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
		f_init_default_headers_list(-, "authorization_request", v_headers);
		f_init_default_headers_list(-, "inner_at_request", v_headers);
		f_http_send(
		v_headers,
		m_http_request(

LibIts @ 467ea0b7

Original line number	Diff line number	Diff line
		Subproject commit b1729a03676613e0233209066db2209f1cfdf853
		Subproject commit 467ea0b72dbef25dc1a8ce0c938f77442a7fdf4d