Commit bd92233e authored by Yann Garcia's avatar Yann Garcia

Merge branch 'STF525' of https://forge.etsi.org/gitlab/ITS/ITS into STF525

parents 12cf527e be40c7ea
......@@ -8,16 +8,24 @@ LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
# Use this certificate if the RSU simulator act as IUT
LibItsCommon_Pixits.PX_CERT_FOR_TS := "CERT_IUT_A_AT"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_CTL_CONTENT_TYPE := "application/x-its-crl"
LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
LibItsPki_Pics.PICS_HEADER_HOST_EC := "ea.utopia.plugtests2019.innovation.keynectis.net"
LibItsPki_Pics.PICS_HEADER_HOST_ATV := "ea.utopia.plugtests2019.innovation.keynectis.net"
LibItsPki_Pics.PICS_HEADER_HOST_AT := "aa.utopia.plugtests2019.innovation.keynectis.net"
LibItsPki_Pics.PICS_HEADER_HOST_CA := "dc.plugtests2019.innovation.keynectis.net"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/"
LibItsPki_Pics.PICS_HTTP_GET_URI_CTL := "/getctl/1D3C7B499A054F8C";
LibItsPki_Pics.PICS_HTTP_GET_URI_CRL := "/getcrl/1D3C7B499A054F8C";
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/"
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '455453492D4954532D303031'O
......@@ -63,6 +71,7 @@ system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.utopia.plugtests2019.innovation.keynectis.net)"
#system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.1.41,local_port=80)" # Multiple HTTP component ports specific to TC_SECPKI_AA_AUTHVAL_xx
system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=aa.utopia.plugtests2019.innovation.keynectis.net)"
system.httpCaPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=dc.plugtests2019.innovation.keynectis.net)"
[EXECUTE]
......@@ -70,7 +79,7 @@ system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (not containing an item of type PsidSsp)
ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (containing opaque[0] (version) indicating other value than 1)
#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_02
# Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (containing opaque[1] (value) indicating "Enrolment Request" (bit 1) set to 0)
......@@ -174,6 +183,11 @@ ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
# Check that the AA sends AuthorizationValidationRequest after receiving of the AuthorizationRequest
#ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
# Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
ItsPki_TestCases.TC_RCA_CTLGEN_01_BV
# Check that the RootCA generates the CRL when CA certificate is about to be revoked
ItsPki_TestCases.TC_RCA_CRLGEN_02_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
KillTimer := 10.0
......
......@@ -8901,6 +8901,8 @@ module ItsPki_TestCases {
group ca_behavior {
group ctl {
/**
* @desc Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
* <pre>
......@@ -8976,7 +8978,7 @@ module ItsPki_TestCases {
tc_ac.stop;
if (f_verify_rca_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
if (f_verify_rca_ctl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
......@@ -9000,6 +9002,106 @@ module ItsPki_TestCases {
} // End of testcase TC_RCA_CTLGEN_01_BV
} // End of group ctl
group crl {
/**
* @desc Check that the RootCA generates the CRL when CA certificate is about to be revoked
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* }
* Expected behaviour:
* ensure that {
* when {
* the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list
* }
* then {
* the IUT issue a new CRL of type ToBeSignedCrl
* containing emtries
* containing item of type CrlEntry
* indicating HashedId8 of CERT_CA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP RCA_CRLGEN_01_BV
* @reference ETSI TS 102 941, clause 6.3.3
*/
testcase TC_RCA_CRLGEN_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var HeaderLines v_headers;
var HttpMessage v_response;
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp_ca();
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "ca_request", v_headers);
action("the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI_CRL,
v_headers
)));
tc_ac.start;
alt {
[] httpCaPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData( mw_signedDataPayload ),
mw_signerIdentifier_digest
))))))) -> value v_response {
var ToBeSignedCrl v_to_be_signed_crl;
tc_ac.stop;
if (f_verify_rca_crl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_crl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_crl(v_to_be_signed_crl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedCrl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_ca();
} // End of testcase TC_RCA_CRLGEN_02_BV
} // End of group crl
} // End of group ca_behavior
} // End of module ItsPki_TestCases
......@@ -66,7 +66,7 @@ module ItsPki_TestControl {
execute(TC_SECPKI_EA_AUTHVAL_RCV_01_BV());
execute(TC_SECPKI_EA_AUTHVAL_RCV_02_BI());
}
if (PICS_IUT_AA_ROLE) {
execute(TC_SECPKI_AA_AUTH_RCV_01_BV());
if (PICS_PKI_AUTH_POP) {
......@@ -87,7 +87,13 @@ module ItsPki_TestControl {
execute(TC_SECPKI_AA_AUTHVAL_01_BV());
}
if (PICS_IUT_CA_ROLE) {
execute(TC_RCA_CTLGEN_01_BV());
execute(TC_RCA_CRLGEN_02_BV());
}
} // End of 'control' statement
} // End of module module ItsPki_TestControl
Subproject commit 6e0111d02cdab632db6ac26074214f15b57e395b
Subproject commit 956ea968e8a7b3701c6fbb1386c3aac2e98c4d46
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment