Continue PKI ATS development (fe22336b) · Commits · ITS - Intelligent Transport Systems / ITS

ttcn/AtsPki/ItsPki_Pixits.ttcn

+2 −0

Original line number	Diff line number	Diff line
		@@ -4,4 +4,6 @@ module ItsPki_Pixits {

		modulepar float PX_RE_ENROLMENT_DELAY := 2.0;

		modulepar boolean PX_TRIGGER_EC_BEFORE_AT := true;

		} // End of module ItsPki_Pixits

ttcn/AtsPki/ItsPki_TestCases.ttcn

+275 −32

Original line number	Diff line number	Diff line
		@@ -76,7 +76,7 @@ module ItsPki_TestCases {

		group itss_helpers {

		function f_verify_http_request_from_iut(
		function f_verify_http_ec_request_from_iut(
		in Request p_request,
		in HeaderLines p_headers,
		out InnerEcRequest p_inner_ec_request,
		@@ -91,48 +91,49 @@ module ItsPki_TestCases {
		var EtsiTs102941Data v_etsi_ts_102941_data;
		var Oct16 v_request_hash;
		var Oct16 v_aes_enc_key;
		var InnerEcResponse v_inner_ec_response;
		var template (value) HttpMessage v_response;

		log(">>> f_verify_http_request_from_iut:", p_request);
		log(">>> f_verify_http_ec_request_from_iut:", p_request);

		p_result := 0;

		if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/salt/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message, the rest is not checked yest
		if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/salt/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
		// Send error message
		v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
		// Set verdict
		p_result := -1;
		} else {
		log("f_verify_http_request_from_iut: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
		log("f_verify_http_ec_request_from_iut: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
		if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer)))) == false) {
		// Send error message
		f_http_build_inner_ec_response(p_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(p_inner_ec_request/Not required/, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		// Set verdict
		p_result := -2;
		} else {
		// Verify signature of mw_innerEcRequestSignedForPop
		if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_ec_request) == false) {
		// Send error message
		f_http_build_inner_ec_response(p_inner_ec_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(p_inner_ec_request/Not required/, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
		// Set verdict
		p_result := -3;
		} else {
		log("f_verify_http_request_from_iut: match ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
		log("f_verify_http_ec_request_from_iut: match ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
		if (match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
		// Send error message: Not enrolmentrequest
		f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
		// Set verdict
		p_result := -4;
		} else {
		// Send OK message
		log("f_verify_http_request_from_iut: Receive ", p_inner_ec_request);
		log("f_verify_http_ec_request_from_iut: Receive ", p_inner_ec_request);
		if (p_force_response_code == ok) {
		f_http_build_inner_ec_response(p_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(p_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		} else {
		log("f_verify_http_request_from_iut: Succeed buit force error code ", p_force_response_code);
		f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		log("f_verify_http_ec_request_from_iut: Succeed buit force error code ", p_force_response_code);
		f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		}
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
		// Set verdict
		@@ -143,9 +144,78 @@ module ItsPki_TestCases {
		}

		p_response := valueof(v_response);
		log("<<< f_verify_http_request_from_iut: p_response: ", p_response);
		log("<<< f_verify_http_request_from_iut: p_result: ", p_result);
		} // End of function f_verify_http_request_from_iut
		log("<<< f_verify_http_ec_request_from_iut: p_response: ", p_response);
		log("<<< f_verify_http_ec_request_from_iut: p_result: ", p_result);
		} // End of function f_verify_http_ec_request_from_iut

		function f_verify_http_at_request_from_iut(
		in Request p_request,
		in HeaderLines p_headers,
		in InnerEcResponse p_inner_ec_resonse,
		out InnerAtRequest pinner_at_request,
		out HttpMessage p_response,
		out integer p_result
		) runs on ItsPkiHttp {
		// Local variables
		var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
		var EtsiTs102941Data v_etsi_ts_102941_data;
		var Oct16 v_request_hash;
		var Oct16 v_aes_enc_key;
		var template (value) HttpMessage v_response;

		log(">>> f_verify_http_at_request_from_iut:", p_request);

		p_result := 0;

		if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/salt/, vc_aaWholeHash, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
		// Send error message
		v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
		// Set verdict
		p_result := -1;
		} else {/*
		log("f_verify_http_at_request_from_iut: match ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
		if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer)))) == false) {
		// Send error message
		f_http_build_inner_at_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		// Set verdict
		p_result := -2;
		} else {
		// Verify signature of mw_innerEcRequestSignedForPop
		if (f_verify_inner_at_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_at_request) == false) {
		// Send error message
		f_http_build_inner_at_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
		// Set verdict
		p_result := -3;
		} else {
		log("f_verify_http_at_request_from_iut: match ", match(p_inner_at_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
		if (match(p_inner_at_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
		// Send error message: Not enrolmentrequest
		f_http_build_inner_at_response(p_inner_at_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
		// Set verdict
		p_result := -4;
		} else {
		// Send OK message
		log("f_verify_http_at_request_from_iut: Receive ", p_inner_at_request);
		if (p_force_response_code == ok) {
		f_http_build_inner_at_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		} else {
		log("f_verify_http_at_request_from_iut: Succeed buit force error code ", p_force_response_code);
		f_http_build_inner_at_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
		}
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
		// Set verdict
		p_result := 0;
		}
		}
		}
		*/ }

		p_response := valueof(v_response);
		log("<<< f_verify_http_at_request_from_iut: p_response: ", p_response);
		log("<<< f_verify_http_at_request_from_iut: p_result: ", p_result);
		} // End of function f_verify_http_at_request_from_iut

		/**
		* @desc Await CA message using the default AT certificate
		@@ -346,7 +416,7 @@ module ItsPki_TestCases {
		tc_ac.stop;

		// Verify IUT response
		f_verify_http_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
		f_verify_http_ec_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
		// Send response
		if (isvalue(v_response)) {
		httpPort.send(v_response);
		@@ -575,7 +645,7 @@ module ItsPki_TestCases {
		tc_ac.stop;

		// Verify IUT response
		f_verify_http_request_from_iut(
		f_verify_http_ec_request_from_iut(
		v_request.request, v_headers, v_inner_ec_request, v_response, v_result,
		PICS_ITS_S_CANONICAL_ID, // containing itsId declared as digest containing the HashedId8 of the EC identifier

		@@ -824,7 +894,7 @@ module ItsPki_TestCases {
		tc_ac.stop;

		// Verify IUT response
		f_verify_http_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
		f_verify_http_ec_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
		// Send response
		if (isvalue(v_response)) {
		httpPort.send(v_response);
		@@ -865,7 +935,7 @@ module ItsPki_TestCases {
		tc_ac.stop;

		// Verify IUT response
		f_verify_http_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
		f_verify_http_ec_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
		// Send response
		if (isvalue(v_response)) {
		httpPort.send(v_response);
		@@ -1057,7 +1127,7 @@ module ItsPki_TestCases {
		tc_ac.stop;

		// Verify IUT response
		f_verify_http_request_from_iut(
		f_verify_http_ec_request_from_iut(
		v_request.request, v_headers, v_inner_ec_request, v_response, v_result,
		PICS_ITS_S_CANONICAL_ID, // containing itsId declared as digest containing the HashedId8 of the EC identifier

		@@ -1517,7 +1587,7 @@ module ItsPki_TestCases {
		tc_ac.stop;

		// Verify IUT response
		f_verify_http_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result, -, -, cantparse);
		f_verify_http_ec_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result, -, -, cantparse);
		// Send response forcing error code
		if (isvalue(v_response)) {
		httpPort.send(v_response);
		@@ -1696,7 +1766,7 @@ module ItsPki_TestCases {
		tc_ac.stop;

		// Verify IUT response
		f_verify_http_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result, -, -, cantparse);
		f_verify_http_ec_request_from_iut(v_request.request, v_headers, v_inner_ec_request, v_response, v_result, -, -, cantparse);
		// Send response forcing error code
		if (isvalue(v_response)) {
		httpPort.send(v_response);
		@@ -1725,7 +1795,180 @@ module ItsPki_TestCases {
		} // End of group itss_enrolment_response

		group itss_authorization_request {
		// TODO

		/**
		* @desc Check that the ITS-S send the Authorization Request message to the Authorization Authority (AA) to request an authorization ticket.
		* <pre>
		* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
		* Initial conditions:
		* with {
		* the IUT being in the "operational state"
		* }
		* Expected behaviour:
		* ensure that {
		* when {
		* the IUT is triggered to requested a new Authorization Ticket (AT)
		* }
		* then {
		* the IUT sends EtsiTs103097Data to the AA
		* }
		* }
		* </pre>
		*
		* @see ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_01_BV
		* @reference ETSI TS 102 941 [2], clause 6.1.3
		*/
		testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc /system ItsPkiItssSystem/ {
		// Local variables
		var ItsPkiItss v_itss;
		var ItsPkiHttp v_ea;

		// Test control
		if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
		log("* " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC *");
		setverdict(inconc);
		stop;
		}

		// Test component configuration
		f_cfMtcUp(v_itss, v_ea);

		// Start component
		v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
		v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());

		// Synchronization
		f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

		// Cleanup
		f_cfMtcDown(v_itss, v_ea);

		} // End of testcase TC_SECPKI_ITSS_AUTH_01_BV

		group f_TC_SECPKI_ITSS_AUTH_01_BV {

		function f_TC_SECPKI_ITSS_AUTH_01_BV_itss() runs on ItsPkiItss /system ItsPkiItssSystem/ {
		// Local variables
		var HashedId8 v_certificate_digest;
		var EtsiTs103097Certificate v_certificate;

		// Test component configuration
		vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
		f_cfUp_itss();

		// Test adapter configuration

		// Preamble
		f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
		f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
		// Wait for IUT certificate
		geoNetworkingPort.clear;
		tc_ac.start;
		alt {
		[] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
		tc_ac.stop;

		if (PX_TRIGGER_EC_BEFORE_AT) {
		f_sendUtTriggerEnrolmentRequestPrimitive();
		}
		f_selfOrClientSyncAndVerdict(c_prDone, e_success);
		}
		[] geoNetworkingPort.receive(
		mw_geoNwInd(
		mw_geoNwSecPdu(
		mw_etsiTs103097Data_signed
		))) {
		repeat;
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected CA message not received *");
		f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
		}
		} // End of 'alt' statement

		// Test Body
		f_sendUtTriggerAuthorizationRequestPrimitive();
		log("* " & testcasename() & ": PASS: Enrolment trigger sent succesfully *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_success);

		// Postamble
		f_cfDown_itss();
		} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_itss

		function f_TC_SECPKI_ITSS_AUTH_01_BV_pki() runs on ItsPkiHttp /system ItsPkiHttpSystem/ {
		// Local variable
		var HeaderLines v_headers;
		var HttpMessage v_request;
		var InnerEcResponse v_inner_ec_response;

		// Test component configuration
		f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

		// Test adapter configuration

		// Preamble
		if (PX_TRIGGER_EC_BEFORE_AT) {
		if (f_await_ec_request_send_response(v_inner_ec_response) == true) {
		log("* " & testcasename() & ": INFO: Enrolment succeed *");
		f_selfOrClientSyncAndVerdict(c_prDone, e_success);
		} else {
		log("* " & testcasename() & ": INCONC: Enrolment failed *");
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
		}
		} else {
		f_selfOrClientSyncAndVerdict(c_prDone, e_success);
		}

		// Test Body
		tc_ac.start;
		alt {
		[] a_await_at_http_response_from_iut(
		mw_http_request(
		mw_http_request_post(
		PICS_HTTP_POST_URI_EC,
		-,
		mw_http_message_body_binary(
		mw_binary_body_ieee1609dot2_data(
		mw_enrolmentRequestMessage(
		mw_encryptedData(
		-,
		mw_SymmetricCiphertext_aes128ccm
		)))))),
		v_request
		) {
		var HttpMessage v_response;
		var integer v_result;
		var InnerAtRequest v_inner_at_request;

		tc_ac.stop;

		// Verify IUT response
		f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_ec_response, v_inner_at_request, v_response, v_result);
		// Send response
		if (isvalue(v_response)) {
		httpPort.send(v_response);
		}
		// Set verdict
		if (v_result == 0) {
		log("* " & testcasename() & ": PASS: InnerEcRequest received *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
		} else {
		log("* " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
		}
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected message not received *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
		}
		} // End of 'alt' statement

		// Postamble
		f_cfHttpDown();
		} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_pki

		} // End of group f_TC_SECPKI_ITSS_AUTH_01_BV

		} // End of group itss_authorization_request

		group itss_authorization_response {

LibIts @ b90de034

Original line number	Diff line number	Diff line
		Subproject commit d2d6eae8e179a226e372c6ede69cb9a0863f654e
		Subproject commit b90de034d822448787ed192b35e5936f4e693427

Admin message