Commit f4b960ed authored by garciay's avatar garciay
Browse files

Remove TsSecuredMode flag from TA config, replace by ATS PICS + AcSecPrimitive

Add TsEnforceSecuredMode in TA to enable/disable security checks by the TA (message can be rejected)
parent 60ad3d03
......@@ -66,9 +66,9 @@ public class Management implements IManagementTA, IManagementLayers {
private static final int longitude = Integer.decode(((CharstringValue)TERFactory.getInstance().getTaParameter("TsLongitude")).getString());
/**
* Secured mode status
* Enforce secured mode status
*/
private static final String TsSecuredMode = ((CharstringValue)TERFactory.getInstance().getTaParameter("TsSecuredMode")).getString();
private static final String TsEnforceSecuredMode = ((CharstringValue)TERFactory.getInstance().getTaParameter("TsEnforceSecuredMode")).getString();
/**
* Secured root path to access certificates & private keys
......@@ -142,11 +142,6 @@ public class Management implements IManagementTA, IManagementLayers {
*/
private Management() {
// Check for secured mode settings in TestAdapter configuration file
if (TsSecuredMode.equals("true")) {
setupSecuredMode();
}
// For debug only:
byte[] mid = new byte[] {(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00};
......@@ -233,7 +228,7 @@ public class Management implements IManagementTA, IManagementLayers {
@Override
public byte[] getLongPositionVector(byte[] targetGnAddress) {
byte[] mid = ByteHelper.extract(targetGnAddress, 2, 6);
// System.out.println("getLongPositionVector: Looking for Loc Entry: " + ByteHelper.byteArrayToString(mid));
TERFactory.getInstance().logDebug("getLongPositionVector: Looking for Loc Entry: " + ByteHelper.byteArrayToString(mid));
long key = ByteHelper.byteArrayToLong(mid);
for(int i = 0; i < GET_LPV_TIMEOUT; ++i) {
if (locTable.containsKey(key)) {
......@@ -283,7 +278,7 @@ public class Management implements IManagementTA, IManagementLayers {
long key = ByteHelper.byteArrayToLong(mid);
ITuple<Long, byte[]> entry = locTable.get(key);
if(entry == null || entry.getA() < timestamp) {
// System.out.println("gnUpdateLocTable: Adding Loc Entry for: " + ByteHelper.byteArrayToString(mid));
// TERFactory.getInstance().logDebug("gnUpdateLocTable: Adding Loc Entry for: " + ByteHelper.byteArrayToString(mid));
locTable.put(key, new Tuple<Long, byte[]>(timestamp, lpv));
}
}
......@@ -375,7 +370,7 @@ public class Management implements IManagementTA, IManagementLayers {
@Override
public boolean isEnforceSecuredModeSet() {
return TsSecuredMode.equals("true");
return TsEnforceSecuredMode.equals("true");
}
@Override
......@@ -414,12 +409,12 @@ public class Management implements IManagementTA, IManagementLayers {
}
/**
* @desc This method setup secured mode according to the Test adapter settings (@see TsSecuredMode flags).
* The secured mode could be overrided by test case secured mode configuration through AC primitives
* @desc This method setup secured mode according to ATS settings (AcSecPrimitive) and the Test adapter settings (TsEnforceSecuredMode flags)
* @see TsEnforceSecuredMode flags.
* @remark This method shall be called by the constructor only
*/
private void setupSecuredMode() {
// System.out.println(">>> setupSecuredMode: " + certificateId);
TERFactory.getInstance().logDebug(">>> setupSecuredMode: " + certificateId);
securedMode = true;
ICertificatesIO _certCache = CertificatesIOFactory.getInstance();
......@@ -430,26 +425,26 @@ public class Management implements IManagementTA, IManagementLayers {
_certCache.readCertificate(certificateId, certificate);
// Extract public keys
atCertificate = certificate.toByteArray();
// System.out.println("Management.setupSecuredModeFromTaConfig: certificate=" + ByteHelper.byteArrayToString(atCertificate));
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: certificate=" + ByteHelper.byteArrayToString(atCertificate));
// Compute AT certificate digest
byte[] atHash = CryptoLib.hashWithSha256(atCertificate);
atCertificateDigest = ByteHelper.extract(atHash, atHash.length - 8, 8);
// System.out.println("Management.setupSecuredModeFromTaConfig: atCertificateDigest=" + ByteHelper.byteArrayToString(atCertificateDigest));
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: atCertificateDigest=" + ByteHelper.byteArrayToString(atCertificateDigest));
int offset = 16; // FIXME To be enhanced
// KeyX
signingPublicKeyX = new byte[32];
System.arraycopy(atCertificate, offset, signingPublicKeyX, 0, 32);
offset += 32;
// System.out.println("Management.setupSecuredModeFromTaConfig: signingPublicKeyX=" + ByteHelper.byteArrayToString(signingPublicKeyX));
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPublicKeyX=" + ByteHelper.byteArrayToString(signingPublicKeyX));
// KeyY
signingPublicKeyY = new byte[32];
System.arraycopy(atCertificate, offset, signingPublicKeyY, 0, 32);
// System.out.println("Management.setupSecuredModeFromTaConfig: signingPublicKeyY=" + ByteHelper.byteArrayToString(signingPublicKeyY));
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPublicKeyY=" + ByteHelper.byteArrayToString(signingPublicKeyY));
// Extract private keys
ByteArrayOutputStream signingPrivateKey = new ByteArrayOutputStream();
_certCache.readSigningKey(certificateId, signingPrivateKey);
this.signingPrivateKey = signingPrivateKey.toByteArray().clone();
// System.out.println("Management.setupSecuredModeFromTaConfig: signingPrivateKey=" + ByteHelper.byteArrayToString(this.signingPrivateKey));
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPrivateKey=" + ByteHelper.byteArrayToString(this.signingPrivateKey));
// TODO Add support of encryption
}
}
......
......@@ -56,10 +56,15 @@ TsBeaconInterval=1000
TsLatitude=514787010
# Longitude of Test System
TsLongitude=56547460
# ITS-AID for other profile
TsItsAidOther=38
# Secured mode status
TsSecuredMode=false
# Secured root path to access certificates and private keys
TsSecuredPath=""
UtSecuredMode=false
# Enforce secured mode status
TsEnforceSecuredMode=false
# Secured configuration identifier
TsSecuredConfiId=data/certificates
TsSecuredRootPath=data/certificates
# Secured root path to access certificates and private keys
TsSecuredConfiId=
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment