From d8021f756973b84ca53e65c1db20628f263e43d5 Mon Sep 17 00:00:00 2001 From: berge Date: Tue, 18 Nov 2014 10:22:33 +0000 Subject: [PATCH] Merged branches/Security/ttcn (r1471-1819) to trunk. --- ttcn/AtsCAM/ItsCam_TestCases.ttcn | 2 +- ttcn/AtsDENM/ItsDenm_TestCases.ttcn | 16 +- .../ItsGeoNetworking_TestCases.ttcn | 52 +- .../ItsGeoNetworking_TestControl.ttcn | 2 +- ttcn/AtsSecurity/AtsSecurity_Functions.ttcn3 | 320 + ttcn/AtsSecurity/AtsSecurity_Templates.ttcn3 | 62 + ttcn/AtsSecurity/AtsSecurity_TestSystem.ttcn3 | 37 + ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3 | 9777 +++++++++++++++++ .../AtsSecurity/ItsSecurity_TestControl.ttcn3 | 115 + 9 files changed, 10347 insertions(+), 36 deletions(-) create mode 100644 ttcn/AtsSecurity/AtsSecurity_Functions.ttcn3 create mode 100644 ttcn/AtsSecurity/AtsSecurity_Templates.ttcn3 create mode 100644 ttcn/AtsSecurity/AtsSecurity_TestSystem.ttcn3 create mode 100644 ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3 create mode 100644 ttcn/AtsSecurity/ItsSecurity_TestControl.ttcn3 diff --git a/ttcn/AtsCAM/ItsCam_TestCases.ttcn b/ttcn/AtsCAM/ItsCam_TestCases.ttcn index c709ebba9..a8116f0fd 100644 --- a/ttcn/AtsCAM/ItsCam_TestCases.ttcn +++ b/ttcn/AtsCAM/ItsCam_TestCases.ttcn @@ -2817,7 +2817,7 @@ module ItsCam_TestCases { //change again the yaw rate value and set the expectation to the measured value v_yawRateVal := v_camInd.msgIn.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency.yawRate.yawRateValue; if (valueof(v_yawRateVal)>=32767) { - v_yawRateVal := -32767; + v_yawRateVal := -32766; } else { v_yawRateVal := v_camInd.msgIn.cam.camParameters.highFrequencyContainer.basicVehicleContainerHighFrequency.yawRate.yawRateValue+c_yawRateValOffset; diff --git a/ttcn/AtsDENM/ItsDenm_TestCases.ttcn b/ttcn/AtsDENM/ItsDenm_TestCases.ttcn index 420de9df4..76183c5b6 100644 --- a/ttcn/AtsDENM/ItsDenm_TestCases.ttcn +++ b/ttcn/AtsDENM/ItsDenm_TestCases.ttcn @@ -1976,7 +1976,7 @@ module ItsDenm_TestCases { m_situation(c_causeSlowVehicle, c_subCauseCode_Unavailable) }; var ActionID v_unknownActionId; - var ActionIDList v_actionIds := {mw_actionId(f_getIutStationId()), mw_actionId(f_getIutStationId())}; + var ActionIDList v_actionIds; var DenmInd v_denmInd; var integer i; @@ -1997,12 +1997,12 @@ module ItsDenm_TestCases { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body - v_unknownActionId := m_actionId( + v_unknownActionId := valueof(m_actionId( f_increaseSequenceNumber( v_actionIds[lengthof(v_actionIds)].sequenceNumber ), f_getIutStationId() - ); + )); f_utTerminateEvent(m_utEventCancellation(v_unknownActionId)); tc_ac.start; @@ -2088,7 +2088,7 @@ module ItsDenm_TestCases { }; var SequenceNumber v_sequenceNumber := v_initialSequenceNumber; var ActionID v_unknownActionId; - var ActionIDList v_actionIds := {mw_actionId(f_getIutStationId()), mw_actionId(f_getIutStationId())}; + var ActionIDList v_actionIds; var DenmInd v_denmInd; var integer i; @@ -2116,12 +2116,12 @@ module ItsDenm_TestCases { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body - v_unknownActionId := m_actionId( + v_unknownActionId := valueof(m_actionId( f_increaseSequenceNumber( v_actionIds[lengthof(v_actionIds)].sequenceNumber ), f_getTsStationId() - ); + )); f_utTerminateEvent(m_utEventCancellation(v_unknownActionId)); tc_ac.start; @@ -3368,7 +3368,7 @@ module ItsDenm_TestCases { v_actionId := f_sendDenMessage(v_denm); f_sleep(1.0); - v_detectionTime2 := v_denm.management.detectionTime - 1000; + v_detectionTime2 := valueof(v_denm.management.detectionTime) - 1000; v_actionId := f_sendDenMessage( m_denm( m_denmMgmtCon( @@ -3478,7 +3478,7 @@ module ItsDenm_TestCases { v_actionId := f_sendDenMessage(v_denm); f_sleep(1.0); - v_detectionTime2 := v_denm.management.detectionTime + 1000; + v_detectionTime2 := valueof(v_denm.management.detectionTime) + 1000; v_actionId := f_sendDenMessage( m_denm( m_denmMgmtCon( diff --git a/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestCases.ttcn b/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestCases.ttcn index 708c17f7d..68fea5982 100644 --- a/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestCases.ttcn +++ b/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestCases.ttcn @@ -142,7 +142,7 @@ module ItsGeoNetworking_TestCases { // Test Body v_gnPacket := m_geoNwPdu(m_geoNwShbPacket(v_longPosVectorNodeB)); - v_gnPacket.basicHeader.version := v_gnPacket.basicHeader.version + 1; + v_gnPacket.basicHeader.version := valueof(v_gnPacket.basicHeader.version) + 1; f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_gnPacket)); @@ -2002,7 +2002,7 @@ module ItsGeoNetworking_TestCases { function f_TP_GEONW_PON_LOT_BV_03_main(in template (value) LongPosVector p_longPosVectorNodeA) runs on ItsGeoNetworking { // Test Body - if ( not f_utTriggerEvent(m_generateGeoUnicastMessage(p_longPosVectorNodeA.gnAddr)) ) { + if ( not f_utTriggerEvent(m_generateGeoUnicastMessage(valueof(p_longPosVectorNodeA.gnAddr))) ) { log("*** " & testcasename() & ": INCONC: Trigger failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } @@ -2014,7 +2014,7 @@ module ItsGeoNetworking_TestCases { log("*** " & testcasename() & ": FAIL: Received Location Service Request ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } - [] a_receiveGeoUnicastWithDestination(mw_shortPosVectorPosition(f_longPosVector2ShortPosVector(p_longPosVectorNodeA))) { + [] a_receiveGeoUnicastWithDestination(mw_shortPosVectorPosition(f_longPosVector2ShortPosVector(valueof(p_longPosVectorNodeA)))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: GeoUnicast packet received correctly ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); @@ -2581,7 +2581,7 @@ module ItsGeoNetworking_TestCases { function f_TP_GEONW_PON_LOT_BV_05_main(in template (value) LongPosVector p_longPosVectorNodeB, in template (value) LongPosVector p_obsoleteLongPosVectorNodeB) runs on ItsGeoNetworking { // Test Body - if ( not f_utTriggerEvent(m_generateGeoUnicastMessage(p_longPosVectorNodeB.gnAddr)) ) { + if ( not f_utTriggerEvent(m_generateGeoUnicastMessage(valueof(p_longPosVectorNodeB.gnAddr)))) { log("*** " & testcasename() & ": INCONC: Trigger failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } @@ -2593,12 +2593,12 @@ module ItsGeoNetworking_TestCases { log("*** " & testcasename() & ": FAIL: Received Location Service Request ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } - [] a_receiveGeoUnicastWithDestination(mw_shortPosVectorPosition(f_longPosVector2ShortPosVector(p_obsoleteLongPosVectorNodeB))) { + [] a_receiveGeoUnicastWithDestination(mw_shortPosVectorPosition(f_longPosVector2ShortPosVector(valueof(p_obsoleteLongPosVectorNodeB)))) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: GeoUnicast received with obsolete Destination Position Vector ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } - [] a_receiveGeoUnicastWithDestination(mw_shortPosVectorPosition(f_longPosVector2ShortPosVector(p_longPosVectorNodeB))) { + [] a_receiveGeoUnicastWithDestination(mw_shortPosVectorPosition(f_longPosVector2ShortPosVector(valueof(p_longPosVectorNodeB)))) { tc_ac.stop; log("*** " & testcasename() & ": PASS: GeoUnicast packet received correctly ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); @@ -6141,7 +6141,7 @@ module ItsGeoNetworking_TestCases { // Test Body if(not f_utTriggerEvent(m_generateGeoUnicastMessageWithTrafficClass( v_longPosVectorNodeA.gnAddr, - m_trafficClass(e_scfDisabled)))) { + valueof(m_trafficClass(e_scfDisabled))))) { log("*** " & testcasename() & ": INCONC: Trigger failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } @@ -6286,7 +6286,7 @@ module ItsGeoNetworking_TestCases { // Test Body if(not f_utTriggerEvent(m_generateGeoAnycastMessageWithTrafficClass( f_getArea(c_area2), - m_trafficClass(e_scfDisabled)))) { + valueof(m_trafficClass(e_scfDisabled))))) { log("*** " & testcasename() & ": INCONC: Trigger failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } @@ -6431,7 +6431,7 @@ module ItsGeoNetworking_TestCases { // Test Body if(not f_utTriggerEvent(m_generateGeoBroadcastMessageWithTrafficClass( f_getArea(c_area2), - m_trafficClass(e_scfDisabled)))) { + valueof(m_trafficClass(e_scfDisabled))))) { log("*** " & testcasename() & ": INCONC: Trigger failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } @@ -6572,7 +6572,7 @@ module ItsGeoNetworking_TestCases { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body - if(not f_utTriggerEvent(m_generateTsbMessageWithTrafficClass(m_trafficClass(e_scfDisabled)))) { + if(not f_utTriggerEvent(valueof(m_generateTsbMessageWithTrafficClass(valueof(m_trafficClass(e_scfDisabled)))))) { log("*** " & testcasename() & ": INCONC: Trigger failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } @@ -6712,7 +6712,7 @@ module ItsGeoNetworking_TestCases { f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); // Test Body - if(not f_utTriggerEvent(m_generateShbMessageWithTrafficClass(m_trafficClass(e_scfDisabled)))) { + if(not f_utTriggerEvent(valueof(m_generateShbMessageWithTrafficClass(valueof(m_trafficClass(e_scfDisabled)))))) { log("*** " & testcasename() & ": INCONC: Trigger failed ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); } @@ -8477,9 +8477,9 @@ module ItsGeoNetworking_TestCases { } // end TC_GEONW_PON_GUC_BV_06 /** - * @desc Behavior function for NodeB (TC_GEONW_PON_GUC_BV_06) - * @param p_distanceToNodeA Distance between IUT and NodeA - * @param p_longPosVectorNodeA Position vector of NodeA + * @desc Behavior function for NodeB (TC_GEONW_PON_GUC_BV_06) + * @param p_distanceToNodeA Distance between IUT and NodeA + * @param p_longPosVectorNodeA Position vector of NodeA */ function f_GEONW_PON_GUC_BV_06_nodeB(in integer p_distanceToNodeA, in LongPosVector p_longPosVectorNodeA) runs on ItsGeoNetworking { @@ -10678,7 +10678,7 @@ module ItsGeoNetworking_TestCases { } // Test Body - v_gnPacket.basicHeader.routerHopLimit := v_gnPacket.basicHeader.routerHopLimit / 2; + v_gnPacket.basicHeader.routerHopLimit := valueof(v_gnPacket.basicHeader.routerHopLimit) / 2; f_sleep(PX_TAC); for(i:=0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_gnPacket.gnPacket.packet.payload.rawPayload); i:=i+1) { // empty on purpose @@ -10729,7 +10729,7 @@ module ItsGeoNetworking_TestCases { } // Test Body - v_msgInd.msgIn.basicHeader.routerHopLimit := v_msgInd.msgIn.basicHeader.routerHopLimit / 2; + v_msgInd.msgIn.basicHeader.routerHopLimit := valueof(v_msgInd.msgIn.basicHeader.routerHopLimit) / 2; f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_msgInd.msgIn)); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); @@ -10818,15 +10818,15 @@ module ItsGeoNetworking_TestCases { group GEONW_PON_GBC_BV_12 { /** - * @desc Test that the reception of a broadcast indication over upper Gn SAP triggers the origination of a - * Simple GeoBroadcast if this method is selected in the MIB + * @desc Test that the reception of a broadcast indication over upper Gn SAP triggers the origination of a + * Simple GeoBroadcast if this method is selected in the MIB * 
                  * Pics Selection:  PICS_GN_GEOBROADCAST_FORWARDING_ALGORITHM == 'SIMPLE' 
                  *                  OR PICS_GN_GEOBROADCAST_FORWARDING_ALGORITHM == 'UNSPECIFIED'
                  * Config Id: CF02
                  * Initial conditions:
                  *  with {
-                 *      the IUT being in the "initial state" and
+                 *      the IUT being in the "initial state" and
                  *      the IUT having received Beacon information from ItsNodeD and
                  *      the IUT having received Beacon information from ItsNodeB
                  *  }
@@ -10859,7 +10859,7 @@ module ItsGeoNetworking_TestCases {
                         setverdict(inconc);
                         stop;
                     }
-                    
+                    
                     // Test component configuration
                     f_cf02Up();
                     
@@ -11962,7 +11962,7 @@ module ItsGeoNetworking_TestCases {
                     }
                     
                     // Test Body
-                    v_msgInd.msgIn.basicHeader.routerHopLimit := v_msgInd.msgIn.basicHeader.routerHopLimit -1;
+                    v_msgInd.msgIn.basicHeader.routerHopLimit := valueof(v_msgInd.msgIn.basicHeader.routerHopLimit) -1;
                     f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_msgInd.msgIn));
                     
                     tc_noac.start;
@@ -12564,7 +12564,7 @@ module ItsGeoNetworking_TestCases {
                     }
                     
                     // Test Body
-                    v_msgInd.msgIn.basicHeader.routerHopLimit := v_msgInd.msgIn.basicHeader.routerHopLimit - 1;
+                    v_msgInd.msgIn.basicHeader.routerHopLimit := valueof(v_msgInd.msgIn.basicHeader.routerHopLimit) - 1;
                     v_gnPacket := v_msgInd.msgIn;
                     f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_msgInd.msgIn));
                     f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
@@ -18164,11 +18164,11 @@ module ItsGeoNetworking_TestCases {
                     
                 } // end TC_GEONW_CAP_FPB_BV_01
                 
-                /**
+                /**
                  * @desc    Behavior function for NodeB (TC_GEONW_CAP_FPB_BV_01)
-                 * @param   p_sequenceNumberC           Initial sequence number of NodeC
-                 * @param   p_nbrOfPackets              Number of packets sent by other component
-                 * @param   p_nbrOfDiscardedMessages    Number of packets that should be discarded
+                 * @param   p_sequenceNumberC           Initial sequence number of NodeC
+                 * @param   p_nbrOfPackets              Number of packets sent by other component
+                 * @param   p_nbrOfDiscardedMessages    Number of packets that should be discarded
                  */
                 function f_GEONW_CAP_FPB_BV_01_nodeB(
                     in UInt16 p_sequenceNumberC,
diff --git a/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestControl.ttcn b/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestControl.ttcn
index f6b884900..69c5f6b73 100644
--- a/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestControl.ttcn
+++ b/ttcn/AtsGeoNetworking/ItsGeoNetworking_TestControl.ttcn
@@ -10,7 +10,7 @@ module ItsGeoNetworking_TestControl {
     // ATS GeoNetworking
     import from ItsGeoNetworking_TestCases {testcase all};
     
-    // LibIts
+    // LibItsGeoNetworking
     import from LibItsGeoNetworking_Pics all;
     import from LibItsGeoNetworking_TypesAndValues all;
     
diff --git a/ttcn/AtsSecurity/AtsSecurity_Functions.ttcn3 b/ttcn/AtsSecurity/AtsSecurity_Functions.ttcn3
new file mode 100644
index 000000000..9bb9b5a91
--- /dev/null
+++ b/ttcn/AtsSecurity/AtsSecurity_Functions.ttcn3
@@ -0,0 +1,320 @@
+/**
+ *  @author     ETSI / STF481
+ *  @version    $URL$
+ *              $Id$
+ *  @desc       Module containing functions for the secured GN ATS
+ *
+ */
+module AtsSecurity_Functions {
+    
+    // LibIts
+    import from DENM_PDU_Descriptions language "ASN.1:1997" all;
+    import from ITS_Container language "ASN.1:1997" all;
+
+    // LibCommon
+    import from LibCommon_BasicTypesAndValues all;
+    import from LibCommon_Time all;
+    
+    // LibItsCommon
+    import from LibItsCommon_TypesAndValues all;
+    import from LibItsCommon_TestSystem all;
+    import from LibItsCommon_Functions all;
+    
+    // LibItsDenm
+    import from LibItsDenm_TypesAndValues all;
+    import from LibItsDenm_Templates all;
+    import from LibItsDenm_Functions all;
+    import from LibItsDenm_TestSystem all;
+    
+    // LibItsCam
+//    import from LibItsCam_TypesAndValues all;
+    import from LibItsCam_Templates all;
+    import from LibItsCam_Functions all;
+    import from LibItsCam_TestSystem all;
+    
+    // LibItsGeoNetworking
+    import from LibItsGeoNetworking_TestSystem all;
+    import from LibItsGeoNetworking_Functions all;
+    import from LibItsGeoNetworking_Templates all;
+    import from LibItsGeoNetworking_TypesAndValues all;
+    
+    // LibItsSecurity
+    import from LibItsSecurity_TypesAndValues all;
+    import from LibItsSecurity_Templates all;
+    import from LibItsSecurity_Functions all;
+    import from LibItsSecurity_Pixits all;
+    
+    group secCam {
+        
+        /**
+        * @desc   Prepare a secured CAM
+        * @param  p_configId            The configuration identifier to be used
+        * @param  p_headerFields        HeaderFields to be inserted in the message
+        * @param  p_signerInfoType      Add digest or AT certificate or certificate chain
+        * @param  p_addMissingHeaders   Whether to add mandatory headers not present in p_headerFields
+        * @return Secured GeoNetworking packet containing a CAM
+        */
+        function f_prepareSecuredCam(
+                                     in charstring p_configId,
+                                     in template (omit) HeaderFields p_headerFields := omit,
+                                     in SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
+                                     in boolean p_addMissingHeaders := true
+        ) runs on ItsGeoNetworking return GeoNetworkingPdu {
+            // Local variables
+            var GnNonSecuredPacket v_gnNonSecuredPacket;
+            var octetstring v_gnPayload;
+            var template (value) SecuredMessage v_securedMessage;
+            
+            // Build signed SecuredMessage
+            v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(
+                f_getPosition(c_compNodeC)
+            ));
+            
+            // Add CAM payload
+            v_gnNonSecuredPacket.payload := valueof(
+                f_adaptPayload_m(
+                    bit2oct(
+                        encvalue(
+                            m_camReq(
+                                m_camMsg_vehicle_HF_BV(
+                                    f_getTsStationId(),
+                                    f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
+                                    LibItsCam_Templates.m_tsPosition
+            ))))));
+            
+            // Encode it
+            v_gnPayload := bit2oct(
+                encvalue(
+                    v_gnNonSecuredPacket
+                )
+            );
+            f_buildGnSecuredCam(
+                v_securedMessage,
+                m_payload_signed(v_gnPayload),
+                p_signerInfoType,
+                p_headerFields,
+                p_configId,
+                p_addMissingHeaders
+            );
+            
+            // Return secured Gn packet
+            return valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
+        } // End of function f_prepareSecuredCam
+        
+        /**
+        * @desc   Sends a secured CAM
+        * @param  p_configId        The configuration identifier to be used
+        * @param  p_headerFields    Additional HeaderFields
+        * @param  p_signerInfoType  Add digest or AT certificate or certificate chain
+        * @return GeoNetworking payload
+        */
+        function f_sendSecuredCam(
+                                  in charstring p_configId,
+                                  in template (omit) HeaderFields p_headerFields := omit,
+                                  in SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256
+        ) runs on ItsGeoNetworking return GeoNetworkingPdu {
+            // Local variables
+            var GeoNetworkingPdu v_securedGnPdu := f_prepareSecuredCam(p_configId, p_headerFields, p_signerInfoType);
+                   
+            f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                        
+            return v_securedGnPdu;
+            
+        } // End of function f_sendSecuredCam
+        
+    } // End of group secCam
+    
+    group secDenm {
+        
+        /**
+        * @desc   Prepare a secured CENM
+        * @param  p_configId            The configuration identifier to be used
+        * @param  p_headerFields        HeaderFields to be inserted in the message
+        * @param  p_signerInfoType      Add digest or AT certificate or certificate chain
+        * @param  p_addMissingHeaders   Whether to add mandatory headers not present in p_headerFields
+        * @return Secured GeoNetworking packet containing a CAM
+        */
+        function f_prepareSecuredDenm(
+                                      in charstring p_configId,
+                                      in template (omit) HeaderFields p_headerFields := omit,
+                                      in SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
+                                      in boolean p_addMissingHeaders := true
+        ) runs on ItsGeoNetworking return GeoNetworkingPdu {
+            // Local variables
+            var GnNonSecuredPacket v_gnNonSecuredPacket;
+            var octetstring v_gnPayload;
+            var LongPosVector v_longPosVectorNodeC := f_getPosition(c_compNodeC);
+            var template (value) SecuredMessage v_securedMessage;
+            var template (value) SituationContainer v_situation := m_situation(c_causeVehicleBreakdown, c_subCauseCode_Unavailable);
+            
+            // Build signed SecuredMessage
+            v_gnNonSecuredPacket := valueof(
+                m_geoNwBroadcastPacket(
+                    v_longPosVectorNodeC,
+                    vc_localSeqNumber,
+                    f_getGeoBroadcastArea(
+                        c_area2
+            )));
+            
+            // Add the DENM payload
+            v_gnNonSecuredPacket.payload := valueof(
+                f_adaptPayload_m(
+                    bit2oct(
+                        encvalue(
+                            m_denmReq(
+                                m_denmPdu(
+                                    m_denm(
+                                        m_denmMgmtCon(
+                                            m_tsActionId
+                                        ),
+                                        v_situation,
+                                        m_denmLocation_zeroDelta
+            )))))));
+            
+            // Encode it
+            v_gnPayload := bit2oct(
+                encvalue(
+                    v_gnNonSecuredPacket
+                )
+            );
+            f_buildGnSecuredDenm(
+                v_securedMessage,
+                m_payload_signed(v_gnPayload),
+                p_signerInfoType,
+                valueof(m_threeDLocation(
+                    v_longPosVectorNodeC.latitude,
+                    v_longPosVectorNodeC.longitude,
+                    '0000'O
+                )),
+                p_headerFields,
+                p_configId,
+                p_addMissingHeaders
+            );
+            
+            // Return secured Gn packet
+            return valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
+        } // End of function f_prepareSecuredDenm
+        
+        /**
+        * @desc   Sends a secured DENM
+        * @param  p_configId        The configuration identifier to be used
+        * @param  p_headerFields    Additional HeaderFields
+        * @param  p_signerInfoType  Add digest or AT certificate or certificate chain
+        * @return GeoNetworking payload
+        */
+        function f_sendSecuredDenm(
+                                  in charstring p_configId,
+                                  in template (omit) HeaderFields p_headerFields := omit,
+                                  in SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256
+        ) runs on ItsGeoNetworking return GeoNetworkingPdu {
+            // Local variables
+            var GeoNetworkingPdu v_securedGnPdu := f_prepareSecuredDenm(p_configId, p_headerFields, p_signerInfoType);
+                   
+            f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                        
+            return v_securedGnPdu;
+            
+        } // End of function f_sendSecuredDenm
+        
+    } // End of group secDenm 
+    
+    group camTrigger {
+        
+        /**
+        * @desc    Triggers a CAM change speed event to get a CAM frequency greather than 1 Hz (i.e. more than one CAM per seconds)
+        * @remark  This function spawns an ItsCam component in alive mode
+        * @see     fb_changeCamFrequencyGreatherThan1Hz()
+        * @return  Reference to the component used to send the trigger
+        */
+        function f_setCamFrequencyGreatherThan1Hz() runs on ItsBaseComponent return ItsCam {
+            var ItsCam v_camComponent;
+            
+            v_camComponent := ItsCam.create("CAM Trigger");
+            v_camComponent.start(fb_setCamFrequencyGreatherThan1Hz());
+            v_camComponent.done;
+            
+            return v_camComponent;
+        } // End of function f_setCamFrequencyGreatherThan1Hz
+        
+        /**
+        * @desc Behaviour function for triggering a CAM change speed event on IUT
+        */
+        function fb_setCamFrequencyGreatherThan1Hz() runs on ItsCam {
+            
+            // Local variables
+            var SpeedValue v_speedValue := 1667; // in cm/s, e.g. 60Km/h = 1667 cm/s
+            
+            map(self:utPort, system:camUtPort);
+            
+            LibItsCam_Functions.f_utTriggerEvent(valueof(m_changeSpeed(v_speedValue)));
+            
+            unmap(self:utPort, system:camUtPort);
+        }  // End of function fb_setCamFrequencyGreatherThan1Hz
+        
+    } // End of group camTrigger 
+    
+    group denmTrigger {
+        
+        /**
+        * @desc    Triggers a DENM event on IUT
+        * @remark  This function spawns an ItsDenm component in alive mode
+        * @see     fb_secTriggerDenmEvent()
+        * @return  Reference to the component used to send the trigger
+        */
+        function f_triggerDenmEvent() runs on ItsBaseComponent return ItsDenm {
+            var ItsDenm v_denmComponent;
+            
+            v_denmComponent := ItsDenm.create("DENM Trigger") alive;
+            v_denmComponent.start(fb_secTriggerDenmEvent());
+            v_denmComponent.done;
+            
+            return v_denmComponent;
+        } // End of function f_triggerDenmEvent
+        
+        /**
+        * @desc    Cancels all previously triggered DENM events on IUT
+        * @param   p_denmComponent     Reference of the component previously used to trigger DENM events
+        * @see     fb_secCancelDenmEvent()
+        */
+        function f_cancelDenmEvent(ItsDenm p_denmComponent) runs on ItsBaseComponent {
+            p_denmComponent.start(fb_secCancelDenmEvent());
+            p_denmComponent.done;
+            p_denmComponent.kill;
+        } // End of function f_cancelDenmEvent
+        
+        /**
+        * @desc Behaviour function for triggering a DENM event on IUT
+        */
+        function fb_secTriggerDenmEvent() runs on ItsDenm {
+            
+            // Local variables
+            var template (value) SituationContainer v_situation := m_situation(c_causeVehicleBreakdown, c_subCauseCode_Unavailable);
+            
+            map(self:utPort, system:denmUtPort);
+            vc_default := activate(LibItsDenm_Functions.a_utDefault());
+            
+            vc_utActionIDs[0] := LibItsDenm_Functions.f_utTriggerEvent(m_utTriggerEvent(v_situation, m_denmLocation_zeroDelta));
+            log("actionId=", vc_utActionIDs[0]);
+            
+        }  // End of function f_secTriggerDenmEvent
+        
+        /**
+        * @desc Behaviour function for cancelling previously triggered DENM events on IUT
+        */
+        function fb_secCancelDenmEvent() runs on ItsDenm {
+            
+            // Local variables
+            var integer v_counter;
+            
+            for (v_counter := 0; v_counter < lengthof(vc_utActionIDs); v_counter := v_counter + 1) {
+                LibItsDenm_Functions.f_utTerminateEvent(m_utEventCancellation(vc_utActionIDs[v_counter]));
+            } // End of 'for' statement
+            
+            unmap(self:utPort, system:denmUtPort);
+            deactivate(vc_default);
+            
+        } // End of function f_secTriggerDenmEvent
+        
+    } // End of group denmTrigger
+    
+} // End of module AtsSecurity_Functions
diff --git a/ttcn/AtsSecurity/AtsSecurity_Templates.ttcn3 b/ttcn/AtsSecurity/AtsSecurity_Templates.ttcn3
new file mode 100644
index 000000000..23dd30174
--- /dev/null
+++ b/ttcn/AtsSecurity/AtsSecurity_Templates.ttcn3
@@ -0,0 +1,62 @@
+/**
+ *  @author   ETSI / STF481
+ *  @version  $URL$
+ *            $Id$
+ *  @desc     Module containing templates for secured GeoNetworking ATS
+ *
+ */
+module AtsSecurity_Templates {
+    
+//    // LibIts
+//    import from DENM_PDU_Descriptions language "ASN.1:1997" all;
+//    import from ITS_Container language "ASN.1:1997" all;
+//    
+    // LibItsBtp
+    import from LibItsBtp_TypesAndValues all;
+    import from LibItsBtp_Templates all;
+    import from LibItsBtp_Pixits all;
+    
+    // LibItsGeoNet
+    import from LibItsGeoNetworking_TypesAndValues all;
+    import from LibItsGeoNetworking_Templates all;
+    
+    template (present) BtpPayload mw_btpCamPayload := {
+        decodedPayload := {
+            camPacket := ?
+        },
+        rawPayload := ?
+    } // End of template mw_btpCamPayload
+    
+    
+    template (present) BtpPayload mw_btpDenmPayload := {
+        decodedPayload := {
+            denmPacket := ?
+        },
+        rawPayload := ?
+    } // End of template mw_btpDenmPayload
+    
+    template (present) Payload mw_secCamPayload := {
+        decodedPayload := {
+            btpPacket := mw_btpA(
+                PX_DESTINATION_PORT,
+                ?,
+                mw_btpCamPayload
+            )
+        },
+        rawPayload := ?
+        
+    } // End of template mw_secCamPayload
+    
+    template (present) Payload mw_secDenmPayload := {
+        decodedPayload := {
+            btpPacket := mw_btpB(
+                PX_DESTINATION_PORT,
+                ?,
+                mw_btpDenmPayload
+            )
+        },
+        rawPayload := ?
+        
+    } // End of template mw_secCamPayload
+    
+} // End of module AtsSecurity_Templates 
\ No newline at end of file
diff --git a/ttcn/AtsSecurity/AtsSecurity_TestSystem.ttcn3 b/ttcn/AtsSecurity/AtsSecurity_TestSystem.ttcn3
new file mode 100644
index 000000000..15ea0f490
--- /dev/null
+++ b/ttcn/AtsSecurity/AtsSecurity_TestSystem.ttcn3
@@ -0,0 +1,37 @@
+/**
+ *  @author     ETSI / STF481
+ *  @version    $URL$
+ *              $Id$
+ *  @desc       Module containing t fest system description for the secured GN ATS
+ *
+ */
+module AtsSecurity_TestSystem { 
+    
+    import from LibItsCommon_TestSystem all;
+    import from LibItsCam_TestSystem all;
+    import from LibItsDenm_TestSystem all;
+    import from LibItsGeoNetworking_TestSystem all;
+    
+    /**
+     * @desc Secured GN test system description
+     * @member acPort               Test Adapter control port
+     * @member geoNetworkingPort    GeoNetworking port
+     * @member utPort               GeoNetworking UT port
+     * @member denmUtPort           DENM UT port
+     * @member cammUtPort           CAM UT port
+     */
+    type component ItsSecSystem {
+        
+        port AdapterControlPort acPort;
+        
+        // NT2 ports
+        port LibItsGeoNetworking_TestSystem.UpperTesterPort utPort;
+        port GeoNetworkingPort geoNetworkingPort;
+        
+        // FA ports
+        port LibItsDenm_TestSystem.UpperTesterPort denmUtPort;
+        port LibItsCam_TestSystem.UpperTesterPort camUtPort;
+        
+    } // end ItsGeoNetworkingSystem
+    
+} // End of module AtsSecurity_TestSystem 
\ No newline at end of file
diff --git a/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3 b/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3
new file mode 100644
index 000000000..07499aa46
--- /dev/null
+++ b/ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn3
@@ -0,0 +1,9777 @@
+/**
+ *  @author   ETSI / STF481
+ *  @version  $URL$
+ *        $Id$
+ *  @desc     Testcases  file for Security Protocol
+ *  @see      Draft ETSI TS 103 097 V1.1.14
+ */
+module ItsSecurity_TestCases {
+    
+    // Libcommon
+    import from LibCommon_Time all;
+    import from LibCommon_VerdictControl all;
+    import from LibCommon_Sync all;
+    
+    // LibItsCommon
+//    import from LibItsCommon_TypesAndValues all;
+    import from LibItsCommon_Functions all;
+    
+    // LibItsSecurity
+    import from LibItsSecurity_TypesAndValues all;
+    import from LibItsSecurity_Templates all;
+    import from LibItsSecurity_Functions all;
+    import from LibItsSecurity_Pixits all;
+    
+    // LibItsGeoNetworking
+    import from LibItsGeoNetworking_TestSystem all;
+    import from LibItsGeoNetworking_Functions all;
+    import from LibItsGeoNetworking_Templates all;
+    import from LibItsGeoNetworking_TypesAndValues all;
+    import from LibItsGeoNetworking_Pics all;
+    import from LibItsGeoNetworking_Pixits all;
+
+    // LibItsBtp
+    import from LibItsBtp_TypesAndValues all;
+    import from LibItsBtp_Templates all;
+
+    // LibItsCam
+    import from LibItsCam_Templates all;
+    import from LibItsCam_Functions { group camGenerators } ;
+    
+    // LibItsDenm
+    import from LibItsDenm_TypesAndValues all;
+    import from LibItsDenm_Templates {
+        template m_situation, m_denmLocation_zeroDelta, m_denm, m_denmMgmtCon, m_tsActionId
+    };
+    import from LibItsDenm_TestSystem all;
+    
+    // AtsSecurity
+    import from AtsSecurity_TestSystem all;
+    import from AtsSecurity_Functions all;
+    import from AtsSecurity_Templates all;
+    
+    group g_SecuredMessages {
+
+        /**
+         * @desc    Check that ITS-S sends a SecuredMessage containing protocol version set to 2
+         * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         *  with {
+         *      the IUT being in the 'authorized' state
+         *  }
+         * Expected behaviour:
+         * ensure that {
+         *     when { 
+         *     the IUT is requested to send a SecuredMessage
+         *     } then {
+         *     the IUT sends a SecuredMessage
+         *         containing protocol_version 
+         *         indicating value '2'
+         *     }
+         * }
+         * 

+         *
+         * @see     Draft ETSI TS 103 097 V1.1.14 Clause 5.1    SecuredMessage 
+         * @reference   EN 302 636-4-1 [1], clauses 9.3.2 , 8.6.2 and Annex G
+         */
+        testcase TC_SEC_ITSS_SND_MSG_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+            // Local variables
+            var LongPosVector v_longPosVectorIut;
+                
+            // Test control
+                
+            // Test component configuration
+            f_cf01Up();
+            v_longPosVectorIut := f_getPosition(c_compIut);
+                
+            // Test adapter configuration
+                
+            // Preamble
+            f_prNeighbour();
+            f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            // Test Body
+            tc_ac.start;
+            alt {
+                [] geoNetworkingPort.receive(mw_geoNwInd(mw_geoNwSecPdu(mdw_securedMessage_dummy))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": PASS: Security protocol version set to 2 ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                [] tc_ac.timeout {
+                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                }
+            } // End of 'alt' statement
+            
+            // Postamble
+            f_acTriggerEvent(m_stopPassBeaconing);
+            f_poNeighbour();
+            f_cf01Down();
+            
+        } // End of testcase TC_SEC_ITSS_SND_MSG_01
+        
+        /**
+         * @desc    Check that IUT sends the message signed with the digest pointing to the AT certificate
+         * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   and the IUT is configured to send more than one CAM per second
+         *   and the IUT having sent last CAM
+         *     containing header_fields['signer_info'].signer.type
+         *       indicating 'certificate'
+         * }
+         * Expected behaviour:
+         * ensure that {
+         *   when {
+         *     the IUT is requested to send next CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields ['signer_info'] {
+         *         containing signer {
+         *           containing type
+         *             indicating 'certificate_digest_with_sha256'
+         *           containing digest
+         *             referencing the certificate
+         *               containing subject_info.subject_type
+         *                 indicating 'authorization_ticket'
+         *         }
+         *       }
+         *   }
+         * } 
+         * 

+         *
+         * @see     ETSI TS 103 097 V1.1.14, clause 6.3 
+         * @reference   EN 302 636-4-1 [1], clauses 9.3.2 , 8.6.2 and Annex G
+         */
+        testcase TC_SEC_ITSS_SND_MSG_04_01() runs on ItsGeoNetworking system ItsSecSystem {
+            
+            // Local declarations
+            var SecuredMessage v_recv;
+            var Certificate v_cert;
+            var LongPosVector v_longPosVectorIut;
+            
+            // Test control
+            
+            // Test component configuration
+            f_cf01Up();
+            v_longPosVectorIut := f_getPosition(c_compIut);
+                
+            // Test adapter configuration
+                
+            // Preamble
+            f_prNeighbour();
+            f_setCamFrequencyGreatherThan1Hz();
+            // execution will be stopped if cert is not received during tc_ac 
+            log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
+            tc_ac.start;
+            f_waitForCertificate(v_cert);
+            tc_ac.stop;
+            if (v_cert.subject_info.subject_type != e_authorization_ticket) {
+                log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate  ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_error);
+            }
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            // Test Body
+            tc_ac.start;
+            alt {
+                [] a_securedMessageWithDigest (v_recv) {
+                    var SignerInfo v_si;
+                    tc_ac.stop;
+                    if (f_getMsgSignerInfo(v_recv, v_si) == true) {
+                        if (v_si.signerInfo.digest == f_calculateDigestFromCertificate(v_cert)) {
+                            log("*** " & testcasename() & ": PASS: Digest corresponds to the AT certificate ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                        } else {
+                            log("*** " & testcasename() & ": FAIL: Digest corresponds to unknown certificate ***");
+                            log("f_calculateDigestFromCertificate(v_cert)=", f_calculateDigestFromCertificate(v_cert));
+                            log("v_si.signerInfo.digest=", v_si.signerInfo.digest);
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    } else {
+                        log("*** " & testcasename() & ": FAIL: Received message is not signed well ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                }
+                [] tc_ac.timeout {
+                    log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                } 
+            } // End of 'alt' statement
+            
+            // Postamble
+            f_poNeighbour();
+            f_cf01Down();
+            
+        } // End of testcase TC_SEC_ITSS_SND_MSG_04_01
+        
+        /**
+         * @desc    Check that IUT uses the AT certificate to sign messages
+         * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate in the next CAM
+         * }
+         * ensure that {
+         *     when {
+         *         the IUT is requested to send a next CAM
+         *     } then {
+         *         the IUT sends a SecuredMessage
+         *             containing header_fields ['signer_info'] {
+         *                 containing signer {
+         *                     containing type
+         *                         indicating 'certificate'
+         *                     containing certificate
+         *                         containing subject_info.subject_type
+         *                             indicating 'authorization_ticket'
+         *                 }
+         *             }
+         *     }
+         * }
+         * 

+         *
+         * @see
+         * @reference   ETSI TS 103 097 V1.1.14, clause 6.3
+         */
+        testcase TC_SEC_ITSS_SND_MSG_04_02() runs on ItsGeoNetworking system ItsSecSystem {
+            
+            // Local declarations
+            var SecuredMessage v_recv;
+            var Certificate v_cert;
+            var LongPosVector v_longPosVectorIut;
+            
+            //  Test component configuration
+            f_cf01Up();
+            v_longPosVectorIut := f_getPosition(c_compIut);
+            
+            // Preamble
+            f_prNeighbour();
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            // Test Body
+            tc_ac.start;
+            alt {
+                [] a_securedMessageWithCertificate(v_recv) {
+                    var SignerInfo v_si;
+                    if (f_getMsgSignerInfo(v_recv, v_si)) {  
+                        v_cert :=  v_si.signerInfo.certificate;
+                        if (v_cert.subject_info.subject_type != e_authorization_ticket ) {
+                            log("*** " & testcasename() & ": FAIL: received certificate is not an AT certificate  ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                        log("*** " & testcasename() & ": PASS: message signed with AT certificate");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    } else {
+                        log("*** " & testcasename() & ": FAIL: received message is not signed well  ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                }
+                [] tc_ac.timeout {
+                    log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                } 
+            } // End of 'alt' statement
+            
+            // Postamble
+            f_poNeighbour();
+            f_cf01Down();
+        } // End of testcase TC_SEC_ITSS_SND_MSG_04_02
+        
+        /**
+         * @desc    Check that the SecuredMessage signature containes the ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only
+         * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         * }
+         * ensure that {
+         *     when {
+         *         the IUT is requested to send a next CAM
+         *     } then {
+         *      the IUT sends a SecuredMessage 
+         *          containing header_fields ['its_aid']
+         *              containing its_aid
+         *                  indicating 'AID_CAM'
+         *          and containing trailer_fields['signature']
+         *              containing signature.ecdsa_signature
+         *                  containing R.type
+         *                      indicating compressed_lsb_y_0
+         *                      or indicating compressed_lsb_y_1 
+         *                      or indicating x_coordinate_only
+         *     }
+         * }
+         * 

+         *
+         * @see
+         * @reference   ETSI TS 103 097 V1.1.14, clause 6.3
+         */
+        testcase TC_SEC_ITSS_SND_MSG_05_01() runs on ItsGeoNetworking system ItsSecSystem {
+            
+            // Local declarations
+            var LongPosVector v_longPosVectorIut;
+            
+            //  Test component configuration
+            f_cf01Up();
+            v_longPosVectorIut := f_getPosition(c_compIut);
+            
+            // Preamble
+            f_prNeighbour();
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            // Test Body
+            tc_ac.start;
+            alt {
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage_CAMs(
+                                ?,
+                                ?,
+                                {
+                                    mw_trailer_field_signature(
+                                        mw_signature(
+                                            mw_ecdsaSignature(
+                                                mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only,
+                                                ?
+                                            )
+                                        )
+                                    )
+                                }
+                            ),
+                            ?
+                ))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_0 received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage_CAMs(
+                                ?,
+                                ?,
+                                {
+                                    mw_trailer_field_signature(
+                                        mw_signature(
+                                            mw_ecdsaSignature(
+                                                mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only,
+                                                ?
+                                            )
+                                        )
+                                    )
+                                }
+                            ),
+                            ?
+                ))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to compressed_lsb_y_1 received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage_CAMs(
+                                ?,
+                                ?,
+                                {
+                                    mw_trailer_field_signature(
+                                        mw_signature(
+                                            mw_ecdsaSignature(
+                                                mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only
+                                            )
+                                        )
+                                    )
+                                }
+                            ),
+                            ?
+                ))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": PASS: Expected CAM message containing signature with the ECC point of type set to x_coordinate_only received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage_CAMs
+                ))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": Failed: Expected CAM message received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                [] tc_ac.timeout {
+                    log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                } 
+            } // End of 'alt' statement
+            
+            // Postamble
+            f_poNeighbour();
+            f_cf01Down();
+        } // End of testcase TC_SEC_ITSS_SND_MSG_05_01
+        
+        group secCAMProfile {
+            
+            /**
+             * @desc    Check that the secured CAM contains exactly one element of these header fields: signer_info, generation_time, its_aid.
+                        Check that the header fields are in the ascending order according to the numbering of the enumeration except of the signer_info, which is encoded first.
+                        Check that generation_time_standard_deviation, expiration, encryption_parameters, recipient_info are not used
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *     the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *     when {
+             *         the IUT is requested to send a CAM
+             *     } then {
+             *         the IUT sends a SecuredMessage  {
+             *             containing header_fields[0]
+             *                 containing type 
+             *                     indicating 'signer_info'
+             *             and containing header_fields [n].type
+             *                 indicating value < header_fields [n+1].type
+             *             and containing header_fields ['generation_time']
+             *             and containing header_fields['its_aid']
+             *                 indicating 'AID_CAM'
+             *             and not containing header_fields['generation_time_standard_deviation']
+             *             and not containing header_fields['expiration']
+             *             and not containing header_fields['encryption_parameters']
+             *             and not containing header_fields['recipient_info']
+             *         }
+             *     }
+             * }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_02_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var GeoNetworkingInd v_geoNwInd;
+                var HeaderFields v_headersFields;
+                var HeaderFieldType v_previousHeaderType;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(
+                                            e_signer_info
+                                        ), 
+                                        mw_header_field(e_generation_time), 
+                                        mw_header_field_its_aid_CAM
+                                    )
+                                ), 
+                                mw_geoNwPduWithPayload(
+                                    ?,
+                                    ?,
+                                    mw_secCamPayload).packet
+                    ))) -> value v_geoNwInd {
+                        tc_ac.stop;
+                        
+                        // Process header fields manually
+                        v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
+                        
+                        // Check that signerInfo is first header
+                        if ((lengthof(v_headersFields) < 1) or not match(v_headersFields[0].type_, e_signer_info)) {
+                            log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                       
+                        for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
+                            // Check forbidden header
+                            // FIXME: 'generation_time_with_confidence' does not exist. is it e_generation_time_standard_deviation ?
+                            if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) {
+                                log("*** " & testcasename() & ": FAIL: Forbidden header present");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            } 
+                            if (match(v_headersFields[v_counter].type_, e_signer_info)) {
+                                log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            } 
+                            
+                            if (v_counter > 1 ) {
+                                // Check that no header is duplicated
+                                if (v_headersFields[v_counter].type_ == v_previousHeaderType) {
+                                    log("*** " & testcasename() & ": FAIL: multiple instances of same header");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                }
+                                
+                                // Check that headers are ordered
+                                if (v_headersFields[v_counter].type_ < v_previousHeaderType) {
+                                    log("*** " & testcasename() & ": FAIL: headers not in correct order");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                }
+                            }
+                            v_previousHeaderType := v_headersFields[v_counter].type_;
+                        } // End of 'for' statement
+                        
+                        log("*** " & testcasename() & ": PASS: correct secured packet received");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    } 
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_02_01
+            
+            /**
+             * @desc    Check that the secured CAM contains in the normal case the signer_info field of type certificate_digest_with_sha256
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT is configured to send more than one CAM per second
+             *      and the IUT having sent last CAM
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate'
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send next CAM
+             *  } then {
+             *          the IUT sends a SecuredMessage
+             *              containing header_fields['signer_info'] {
+             *                  containing signer
+             *                      containing type
+             *                          indicating 'certificate_digest_with_sha256'
+             *                      containing digest
+             *                  containing header_fields['its_aid']
+             *                      indicating 'AID_CAM'
+             *              }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_05_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const integer c_cntTimeLimit := 10;
+                const float c_certificateGenerationTime := 1.0;
+                
+                timer t_minTransInterval := c_certificateGenerationTime * 0.95;
+                var integer v_cntTime := 0;
+                var GeoNetworkingInd v_geoNwInd;
+                var boolean v_nextCamWithCertificate := false;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_setCamFrequencyGreatherThan1Hz();
+                geoNetworkingPort.clear;
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) { 
+                        tc_ac.stop;
+                        t_minTransInterval.start;
+                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+                    }
+                }
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        tc_ac.stop; 
+                        if (v_nextCamWithCertificate == true) {
+                            v_cntTime := v_cntTime + 1;
+                            if (v_cntTime == c_cntTimeLimit) { // Exit message loop
+                                log("*** " & testcasename() & ": INFO: The subset of CAM messages including certificate was received ***");
+                            }
+                            else {
+                                log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
+                                tc_ac.start;
+                                t_minTransInterval.start;
+                                v_nextCamWithCertificate := false;
+                                repeat;
+                            }
+                        } else {
+                            log("*** " & testcasename() & ": FAIL: Certificate in received CAM ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_digest
+                    )))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
+                        tc_ac.start;
+                        repeat;
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs
+                    ))) {
+                        log("*** " & testcasename() & ": FAIL: Neither Certificate not Digest in received CAM ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] t_minTransInterval.timeout {
+                        v_nextCamWithCertificate := true;
+                        log("*** " & testcasename() & ": INFO: Next CAM shall contain certificate ***");
+                        repeat;  
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }                    
+                } // End of 'alt' statement
+                log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);  
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_05_01
+            
+            /**
+             * @desc    Check that the secured CAM contains the signer_info field of certificate when over the time of one second no other SecuredMessage contained a signer_info of type certificate..
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *     the IUT being in the 'authorized' state
+             *     and the IUT is configured to send more then one CAM per second
+             *     and the IUT having sent a CAM
+             *         containing header_fields['signer_info'].signer.type
+             *             indicating 'certificate'
+             *         contains header_fields['generation_time']
+             *             indicating TIME_LAST
+             *     }
+             * ensure that {
+             *     when {
+             *         the IUT sends one of the next SecuredMessage
+             *             containing header_fields['signer_info'] {
+             *                 containing signer {
+             *                     containing type
+             *                         indicating 'certificate'
+             *                     containing certificate
+             *                 }
+             *             containing header_fields['its_aid']
+             *                indicating 'AID_CAM'
+             *             }
+             *     } then {
+             *         this message
+             *             contains header_fields['generation_time']
+             *                 indicating TIME (TIME >= TIME_LAST + 1sec)
+             *     }
+             * }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_06_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const integer c_cntTimeLimit := 10;
+                const float c_certificateGenerationTime := 1.0;
+                
+                timer t_minTransInterval := c_certificateGenerationTime * 1.05;
+                var integer v_cntTime := 0;
+                var GeoNetworkingInd v_geoNwInd;
+                var boolean v_nextCamWithCertificate := false;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_setCamFrequencyGreatherThan1Hz();
+                geoNetworkingPort.clear;
+                tc_ac.start;
+                alt {
+                     [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                     )))) { 
+                        tc_ac.stop;
+                        t_minTransInterval.start;
+                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        tc_ac.stop; 
+                        v_cntTime := v_cntTime + 1;
+                        if (v_cntTime == c_cntTimeLimit) { // Exit message loop
+                            log("*** " & testcasename() & ": INFO: The subset of CAM messages including certificate was received ***");
+                        }
+                        else {
+                            log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
+                            tc_ac.start;
+                            t_minTransInterval.start;
+                            v_nextCamWithCertificate := false;
+                            repeat;
+                        }
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        tc_ac.stop;
+                        if (v_nextCamWithCertificate == true) {
+                            log("*** " & testcasename() & ": FAIL: No Certificate in received CAM ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        } else {
+                            log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
+                            tc_ac.start;
+                            repeat;
+                        }
+                    }
+                    [] t_minTransInterval.timeout {
+                        v_nextCamWithCertificate := true;
+                        log("*** " & testcasename() & ": INFO: Next CAM shall contain certificate ***");
+                        repeat;  
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);  
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_06_01
+            
+            /**
+             * @desc    Check that the secured CAM contains the signer_info field of certificate when the timeout of 1 second has been
+             *        expired after the previous CAM containing the certificate.
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT is configured to send more than one CAM per second
+             *      and the IUT having sent a CAM
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate'
+             *          at TIME_1 
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send next CAM right after 1 second after the TIME_1
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing header_fields ['signer_info'] {
+             *                  containing signer {
+             *                      containing type
+             *                          indicating 'certificate'
+             *                      containing certificate
+             *                  }
+             *              }
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_CAM'
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_06_02() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const integer c_cntTimeLimit := 10;
+                const float c_certificateGenerationTime := 1.0;
+                
+                timer t_minTransInterval := c_certificateGenerationTime * 1.05;
+                var integer v_cntTime := 0;
+                var GeoNetworkingInd v_geoNwInd;
+                var boolean v_nextCamWithCertificate := false;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_setCamFrequencyGreatherThan1Hz();
+                geoNetworkingPort.clear;
+                tc_ac.start;
+                alt {
+                     [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                     )))) { 
+                        tc_ac.stop;
+                        t_minTransInterval.start;
+                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        tc_ac.stop; 
+                        v_cntTime := v_cntTime + 1;
+                        if (v_cntTime == c_cntTimeLimit) { // Exit message loop
+                            log("*** " & testcasename() & ": INFO: The subset of CAM messages including certificate was received ***");
+                        }
+                        else {
+                            log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
+                            tc_ac.start;
+                            t_minTransInterval.start;
+                            v_nextCamWithCertificate := false;
+                            repeat;
+                        }
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs
+                    ))) {
+                        tc_ac.stop;
+                        if (v_nextCamWithCertificate == true) {
+                            log("*** " & testcasename() & ": FAIL: No Certificate in received CAM ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        } else {
+                            log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
+                            tc_ac.start;
+                            repeat;
+                        }
+                    }
+                    [] t_minTransInterval.timeout {
+                        v_nextCamWithCertificate := true;
+                        log("*** " & testcasename() & ": INFO: Next CAM shall contain certificate ***");
+                        repeat;  
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);  
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_06_02
+            
+            /**
+             * @desc    Check that SUT send certificate to unknown ITS-S
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT is configured to send more than one CAM per second
+             *      and the IUT having already sent CAM at TIME_1
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate'
+             *      and the IUT having received a SecuredMessage
+             *                              at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec)
+             *          containing header_fields['signer_info'] {
+             *              containing signer
+             *                  containing type
+             *                      indicating 'certificate_digest_with_sha256'
+             *                  containing digest
+             *                      indicating HashedId3 value
+             *                          referenced to unknown certificate
+             *          }
+             *          containing header_fields['its_aid']
+             *              indicating 'AID_CAM'
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send CAM
+             *                      at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec)
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing header_fields[0] {
+             *                  containing type 
+             *                      indicating 'signer_info'
+             *                  containing signer {
+             *                      containing type
+             *                          indicating 'certificate'
+             *                      containing certificate
+             *                  }
+             *              }
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_CAM'
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_07_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const float c_certificateGenerationTime := 1.0;
+                
+                timer t_minTransInterval := c_certificateGenerationTime * 0.95;
+                var GeoNetworkingInd v_geoNwInd;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_setCamFrequencyGreatherThan1Hz();
+                geoNetworkingPort.clear;
+                tc_ac.start;
+                alt {
+                     [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                     )))) { 
+                        tc_ac.stop;
+                        t_minTransInterval.start;
+                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+                        
+                        // Send secured message from unknown ITS-S
+                        f_sendSecuredCam(cc_taCertB);
+                        
+                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+                    }
+                }
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        tc_ac.stop; 
+                        log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
+                        if (t_minTransInterval.running) {
+                            log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
+                        }
+                        else {
+                            log("*** " & testcasename() & ": INCONC: CAM with certificate received after 1s... ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                        }   
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
+                        tc_ac.start;
+                        repeat;
+                    }
+                    [] t_minTransInterval.timeout {
+                        log("*** " & testcasename() & ": INFO: Next CAM shall contain certificate ***");
+                        repeat;  
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_07_01
+            
+            /**
+             * @desc    Check that IUT restart the certificate sending timer when the certificate has been sent
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT is configured to send more then one CAM per second
+             *      and the IUT having already sent CAM at TIME_1
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate'
+             *      and the IUT having received a CAM
+             *                              at TIME_2 (TIME_1 + 0.3sec) {
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate_digest_with_sha256'
+             *          containing header_fields['signer_info'].signer.digest
+             *              referenced to unknown certificate
+             *      }
+             *      and the IUT having sent CAM at TIME_3 (TIME_3 > TIME_2)
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate'
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is sending the next CAM at TIME_4
+             *              containing header_fields['signer_info'].signer.type
+             *                  indicating 'certificate'
+             *      } then {
+             *          the difference between TIME_4 and TIME_3 is about of 1sec
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_07a_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const float c_certificateGenerationTime := 1.0;
+                
+                timer t_minTransInterval := c_certificateGenerationTime * 0.95;
+                var GeoNetworkingInd v_geoNwInd;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_setCamFrequencyGreatherThan1Hz();
+                geoNetworkingPort.clear;
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) { 
+                        tc_ac.stop;
+                        t_minTransInterval.start;
+                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+                        
+                        // Send secured message with request for unrecognized certificate
+                        f_sendSecuredCam(
+                            cc_taCertB,
+                            {
+                                m_header_field_unrecognised_certificate(
+                                    f_HashedId3FromHashedId8(
+                                        vc_atCertificate.signer_info.signerInfo.digest
+                                    )
+                                )
+                            } );
+                        
+                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        tc_ac.stop; 
+                        log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
+                        if (t_minTransInterval.running) {
+                            log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
+                        } else {
+                            log("*** " & testcasename() & ": INCONC: CAM with certificate received after 1s... ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                        }
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
+                        tc_ac.start;
+                        repeat;
+                    }
+                    [] t_minTransInterval.timeout {
+                        log("*** " & testcasename() & ": INFO: Next CAM shall contain certificate ***");
+                        repeat;  
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_07a_01
+            
+            /**
+             * @desc    Check that SUT send certificate when requested
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT is configured to send more than one CAM per second
+             *      and the IUT having already sent CAM at TIME_1
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate' 
+             *      and the IUT having received a SecuredMessage 
+             *                          at TIME_2 (TIME_1 < TIME_2 < TIME_1 + 1sec)
+             *          containing header_fields['request_unrecognized_certificate']
+             *              containing digests {
+             *                  containing HashedId3 value
+             *                      referencing to the AT certificate
+             *                  and not containing HashedId3 value
+             *                      referencing to the AA certificate
+             *              }
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send a CAM
+             *                  at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1 + 1sec)
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing header_fields['signer_info'] {
+             *                  containing signer {
+             *                      containing type
+             *                          indicating 'certificate'
+             *                      containing certificate
+             *                          referenced by the requested digest 
+             *                  }
+             *              }
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_CAM'
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_08_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const float c_certificateGenerationTime := 1.0;
+                
+                timer t_minTransInterval := c_certificateGenerationTime * 0.95;
+                var GeoNetworkingInd v_geoNwInd;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_setCamFrequencyGreatherThan1Hz();
+                geoNetworkingPort.clear;
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) { 
+                        tc_ac.stop;
+                        t_minTransInterval.start;
+                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+                        
+                        // Send secured message with request for unrecognized certificate
+                        f_sendSecuredCam(
+                            cc_taCertB,
+                            {
+                                m_header_field_unrecognised_certificate(                                                              // containing digests
+                                    f_HashedId3FromHashedId8(                           // containing HashedId3 value
+                                        vc_atCertificate.signer_info.signerInfo.digest  //  referencing to the AT certificate
+                                                                                        // and not containing HashedId3 value referencing to the AA certificate
+                                    )
+                                )
+                            } );
+                        
+                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        tc_ac.stop; 
+                        log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
+                        if (t_minTransInterval.running) {
+                            log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate was successful ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
+                        } else {
+                            log("*** " & testcasename() & ": INCONC: CAM with certificate received after 1s... ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                        }
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate ***"); 
+                        tc_ac.start;
+                        repeat;
+                    }
+                    [] t_minTransInterval.timeout {
+                        log("*** " & testcasename() & ": INFO: Next CAM shall contain certificate ***");
+                        repeat;  
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_08_01
+            
+            /**
+             * @desc    Check that SUT send certificate_chain when requested
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT is configured to send more than one CAM per second
+             *      and the IUT having already sent a CAM
+             *          containing header_fields['signer_info'].signer.type
+             *              indicating 'certificate'
+             *          at TIME_1
+             *      and the IUT having received a SecuredMessage
+             *          containing header_fields['request_unrecognized_certificate'] {
+             *              containing digests {
+             *                  containing HashedId3 value
+             *                      referencing to the AA certificate
+             *              }
+             *          }
+             *          at TIME_2 (TIME_1 < TIME_2 < TIME_1+ 1sec)
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send a CAM
+             *              at TIME_3 (TIME_1 < TIME_2 < TIME_3 < TIME_1+ 1sec)
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing header_fields['signer_info'] {
+             *                  containing signer {
+             *                      containing type
+             *                          indicating 'certificate_chain'
+             *                      containing certificates[last]
+             *                          indicating the AT certificate
+             *                      containing certificates[last-1]
+             *                          indicating the AA certificate
+             *                  }
+             *              }
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_CAM'
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_09_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const float c_certificateGenerationTime := 1.0;
+                
+                timer t_minTransInterval := c_certificateGenerationTime * 0.95;
+                var GeoNetworkingInd v_geoNwInd;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_setCamFrequencyGreatherThan1Hz();
+                geoNetworkingPort.clear;
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) { 
+                        tc_ac.stop;
+                        t_minTransInterval.start;
+                        log("*** " & testcasename() & ": INFO: Initial conditions: First CAM message with certificate received ***");
+                        
+                        // Send secured message with request for unrecognized certificate
+                        f_sendSecuredCam(
+                            cc_taCertB,
+                            {
+                                m_header_field_unrecognised_certificate(                    // containing digests
+                                    f_HashedId3FromHashedId8(                               //     containing HashedId3 value
+                                        vc_aaCertificate.signer_info.signerInfo.digest  //         referencing to the AA certificate
+                                    )
+                                )
+                            });
+                        
+                        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Initial conditions: CAM message with certificate not received ***");
+                        f_selfOrClientSyncAndVerdictPreamble("error", e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate_chain
+                    )))) -> value v_geoNwInd {
+                        tc_ac.stop; 
+                        log("*** " & testcasename() & ": INFO: CAM retransmission with certificate ***"); 
+                        if (t_minTransInterval.running) {
+                            var SignerInfo v_signerInfo;
+                            var CertificateChain v_certificates;
+                            var integer v_certificateChainLength;
+                            
+                            // Extract certificate chain
+                            f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
+                            v_certificates := v_signerInfo.signerInfo.certificates;
+                            v_certificateChainLength := lengthof(v_certificates);
+                            if (v_certificateChainLength >= 2) { // Check length
+                                if ( // Check Content
+                                    not(
+                                        (v_certificates[v_certificateChainLength - 1].subject_info.subject_type == e_authorization_authority) and 
+                                            // Check the certificate chain contains certificates[last] indicating the AT certificate
+                                        (v_certificates[v_certificateChainLength - 2].subject_info.subject_type == e_authorization_ticket)
+                                            // Check the certificate chain contains certificates[last-1] indicating the AA certificate
+                                )) {
+                                    log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content ***");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
+                                } else {
+                                    log("*** " & testcasename() & ": PASS: Generation of CAM messages including certificate chain was successful ***");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                                } 
+                            } else {
+                                log("*** " & testcasename() & ": FAIL: Unexpected certificate chain content length ***");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
+                            }
+                        } else {
+                            log("*** " & testcasename() & ": INCONC: CAM with certificate chain received after 1s... ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                        }   
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate chain ***"); 
+                        tc_ac.start;
+                        repeat;
+                    }
+                    [] t_minTransInterval.timeout {
+                        log("*** " & testcasename() & ": INFO: Next CAM shall contain certificate chain ***");
+                        repeat;  
+                    }
+                    
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }                    
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_09_01
+            
+            /**
+             * @desc    Check that message generation time is inside the validity period of the signing certificate
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      the IUT being requested to include certificate in the next CAM 
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send CAM
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing security_profile
+             *                  indicating '1'
+             *              containing header_fields ['generation_time'] {
+             *                  containing generation_time
+             *                      indicating TIME_1 (CUR_TIME - 5min <= TIME_1 <= CUR_TIME + 5min)
+             *              }
+             *              containing header_fields ['signer_info'] {
+             *                  containing signer {
+             *                      containing type
+             *                          indicating 'certificate'
+             *                      containing certificate {
+             *                          not containing validity_restrictions['time_start_and_end']
+             *                          or containing validity_restrictions['time_start_and_end'] {
+             *                              containing start_validity
+             *                                  indicating value <= TIME_1
+             *                              containing end_validity
+             *                                  indicating value > TIME_1
+             *                          }
+             *                      }
+             *                  }
+             *              }
+             *              containing its_aid
+             *                  indicating 'AID_CAM'
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_10_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                const integer c_timeThreshold := 5000; /** Time threshold in milliseconds */
+                
+                var GeoNetworkingInd v_geoNwInd;
+                var SignerInfo v_signerInfo;
+                var Certificate v_certificate;
+                var HeaderField v_headerField;
+                var Time64 v_generationTime;
+                var ValidityRestriction v_validity;
+                var integer v_currentTime, v_lowerBound, v_upperBound;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field_generation_time, 
+                                        mw_header_field_signer_info_certificate,
+                                        mw_header_field_its_aid_CAM
+                    ))))) -> value v_geoNwInd {
+                        tc_ac.stop; 
+                        log("*** " & testcasename() & ": INFO: CAM transmission with certificate ***");
+                        
+                        v_currentTime := f_getCurrentTime();
+                        v_lowerBound := (v_currentTime - c_timeThreshold) * 1000;
+                        v_upperBound := (v_currentTime + c_timeThreshold) * 1000;
+                        
+                        // Extract generation_time
+                        f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField);
+                        v_generationTime := v_headerField.headerField.generation_time;
+                        
+                        // Extract certificate
+                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
+                        v_certificate := v_signerInfo.signerInfo.certificate;
+                         
+                        // Check current time 
+                        if (match(v_generationTime, (v_lowerBound .. v_upperBound))) {
+                            log("*** " & testcasename() & ": PASS: Generation time matches current time ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
+                        } else {
+                            log("*** " & testcasename() & ": FAIL: Generation time does not match current time. ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }   
+                        
+                        // Check generation_time validity
+                        if (
+                            not(f_getCertificateValidityRestriction(v_certificate, e_time_start_and_end, v_validity)) or 
+                            (v_generationTime >= (v_validity.validity.time_start_and_end.start_validity * 1000000) and 
+                            (v_generationTime < (v_validity.validity.time_start_and_end.end_validity * 1000000)))
+                        ) {
+                            log("*** " & testcasename() & ": PASS: Generation time within certificate validity ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); 
+                        } else {
+                            log ("start_validity (in us)=", v_validity.validity.time_start_and_end.start_validity * 1000000);
+                            log ("end_validity (in us)  =", v_validity.validity.time_start_and_end.end_validity * 1000000);
+                            log("*** " & testcasename() & ": FAIL: Generation time not within certificate validity ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: CAM retransmission w/o certificate  ***"); 
+                        tc_ac.start;
+                        repeat;
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_10_01
+            
+            /**
+             * @desc    Check secured CAM its_aid value
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send CAM
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing header_fields ['its_aid'] {
+             *                  containing its_aid
+             *                      indicating 'AID_CAM' (16512)
+             *              }
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_11_01() runs on ItsGeoNetworking system ItsSecSystem {
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs,
+                                mw_geoNwPduWithPayload(
+                                    ?,
+                                    ?,
+                                    mw_secCamPayload).packet
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: CAM received as message_type 2");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_dummy, 
+                                mw_geoNwPduWithPayload(
+                                    ?,
+                                    ?,
+                                    mw_secCamPayload).packet
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": FAIL: CAM received with different message_type");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_11_01
+            
+            /**
+             * @desc    Check that the IUT sends certificate request when it receives a message from unknown station
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      and the IUT has receiving a SecuredMessage {
+             *          containing header_fields['signer_info'].signer {
+             *              containing type
+             *                  indicating 'certificate_digest_with_sha256'
+             *              containing digest
+             *                  indicating HashedId3 value DIGEST_A
+             *                      referenced to unknown certificate
+             *          }
+             *      }
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send CAM
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing header_fields['request_unrecognized_certificate'] {
+             *                  containing digests
+             *                      containing HashedId3 value
+             *                          indicating DIGEST_A
+             *              }
+             *              containing header_fields ['its_aid'] {
+             *                  containing its_aid
+             *                      indicating 'AID_CAM'
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_12_01() runs on ItsGeoNetworking system ItsSecSystem {
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                // Send secured message from unknown ITS-S
+                f_sendSecuredCam(cc_taCertB);
+                geoNetworkingPort.clear;
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_request_unrecognized_certificate(
+                                        {
+                                            f_HashedId3FromHashedId8(
+                                                vc_lastAtCertificateUsed.signer_info.signerInfo.digest
+                                            )
+                                        } // End of list
+                    ))))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: CAM received with request for unrecognized certificate");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_dummy
+                    ))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": FAIL: CAM received without request for unrecognized certificate");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_12_01
+            
+            /**
+             * @desc    Check that the Secured CAM contains exactly one non-empty payload of type signed.
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send a CAM
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+             *              containing header_fields ['its_aid'] {
+             *                  containing its_aid
+             *                      indicating 'AID_CAM' (16512)
+             *              }
+             *              containing payload_field
+             *                  containing exactly one element of type Payload {
+             *                      containing type
+             *                          indicating 'signed'
+             *                      containing not-empty data
+             *                  }
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_14_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                //  Local variables
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    ?, 
+                                    mw_payload(
+                                        e_signed
+                    ))))) {
+                        tc_ac.stop;
+                        
+                        log("*** " & testcasename() & ": PASS: CAM received with exactly 1 signed payload");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_14_01
+            
+            /**
+             * @desc    Check that the secured CAM contains only one TrailerField of type signature.
+             *        Check that the signature contained in the SecuredMessage is calculated over the 
+             *        right fields by cryptographically verifying the signature.
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when {
+             *          the IUT is requested to send a CAM
+             *      } then {
+             *          the IUT sends a SecuredMessage {
+            *              containing header_fields ['signer_info'] {
+             *                  containing signer {
+             *                      containing type
+             *                          indicating 'certificate_digest_with_sha256'
+             *                      containing digest
+             *                          referenced to the certificate
+             *                              containing subject_info.subject_type
+             *                                  indicating 'authorization_ticket' (2)
+             *                              and containing subject_attributes['verification key'] (KEY)
+             *                  }
+             *                  or containing signer {
+             *                      containing type
+             *                          indicating 'certificate'
+             *                      containing certificate
+             *                          containing subject_info.subject_type
+             *                              indicating 'authorization_ticket' (2)
+             *                          and containing subject_attributes['verification key'] (KEY)
+             *                  }
+             *              }
+             *              containing header_fields ['its_aid'] {
+             *                  containing its_aid
+             *                      indicating 'AID_CAM'
+             *              }
+             *              containing trailer_fields {
+             *                  containing single instance of type TrailerField {
+             *                      containing type
+             *                          indicating 'signature'
+             *                      containing signature
+             *                          verifiable using KEY
+             *                  }
+             *              }
+             *          }
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_SND_CAM_16_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                //  Local variables
+                const integer c_nbVerification := 3;
+                var integer v_nbVerification := 0;
+                var GeoNetworkingInd v_geoNwInd;
+                var SignerInfo v_signerInfo;
+                var Certificate v_certificate;
+                var boolean v_certificateReceived := false;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) -> value v_geoNwInd { 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: CAM message with certificate received ***");
+                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
+                        v_certificate := v_signerInfo.signerInfo.certificate;
+                        v_certificateReceived := true;
+                        
+                        if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) {
+                            log("*** " & testcasename() & ": FAIL: CAM received with invalide signature");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                        
+                        v_nbVerification := v_nbVerification + 1;
+                        if (v_nbVerification < c_nbVerification) {
+                            tc_ac.start;
+                            repeat;
+                        }
+                    }
+                    [v_certificateReceived == true] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_CAMs(
+                                    mw_header_field_signer_info_digest
+                    )))) -> value v_geoNwInd {
+                        tc_ac.stop;
+                        
+                        if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) {
+                            log("*** " & testcasename() & ": FAIL: CAM received with invalide signature");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                        
+                        v_nbVerification := v_nbVerification + 1;
+                        if (v_nbVerification < c_nbVerification) {
+                            tc_ac.start;
+                            repeat;
+                        }
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                log("*** " & testcasename() & ": PASS: All CAMs received with correct signature");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_CAM_16_01
+            
+        } // End of group secCAMProfile
+        
+        group secDENMProfile {
+            
+            /**
+             * @desc   Check that the secured DENM contains exactly one element of these header fields: signer_info, generation_time, generation_location, message_type.
+             *         Check that the header fields are in the ascending order according to the numbering of the enumeration except of the signer_info, which is encoded first.
+             *         Check that generation_time_with_confidence (generation_time_standard_deviation) is not used  
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing header_fields[0]
+             *         containing type 
+             *           indicating 'signer_info'
+             *       containing header_fields [n].type
+             *         indicating value less then header_fields [n+ 1].type
+             *       containing header_fields ['generation_time']
+             *       containing header_fields ['generation_location']
+             *       containing header_fields ['its_aid'] {
+             *          containing its_aid
+             *              indicating 'AID_DENM'
+             *       }
+             *       not containing header_fields ['generation_time_with_confidence']
+             *     }
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_02_01() runs on ItsGeoNetworking system ItsSecSystem {
+                // Local variables
+                var GeoNetworkingInd v_geoNwInd;
+                var HeaderFields v_headersFields;
+                var HeaderFieldType v_previousHeaderType;
+                var ItsDenm v_denmComponent;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                v_denmComponent := f_triggerDenmEvent();
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(
+                                            e_generation_time
+                                        ), 
+                                        mw_header_field(
+                                            e_generation_location
+                                        ), 
+                                        mw_header_field_its_aid_DENM
+                                    )
+                                ), 
+                                mw_geoNwAnyPacket_withPayload(
+                                    ?
+                    )))) -> value v_geoNwInd {
+                        tc_ac.stop;
+                        
+                        // Process header fields manually
+                        v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
+                        
+                        // Check that signerInfo is first header
+                        if (lengthof(v_headersFields) < 1 or not match(v_headersFields[0].type_, e_signer_info)) {
+                            log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);    
+                        }
+                       
+                        v_previousHeaderType := v_headersFields[0].type_;
+                        for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
+                            // Check forbidden header
+                            // FIXME: 'generation_time_with_confidence' does not exist. is it e_generation_time_standard_deviation ?
+                            if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) {
+                                log("*** " & testcasename() & ": FAIL: Forbidden header present");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                            if (match(v_headersFields[v_counter].type_, e_signer_info)) {
+                                log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                            if (v_counter > 1 ) {
+                                // Check that no header is duplicated
+                                if (v_headersFields[v_counter].type_ == v_previousHeaderType) {
+                                    log("*** " & testcasename() & ": FAIL: multiple instances of same header");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                }
+                                
+                                // Check that headers are ordered
+                                if (v_headersFields[v_counter].type_ < v_previousHeaderType) {
+                                    log("*** " & testcasename() & ": FAIL: headers not in correct order");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                }
+                            }
+                            v_previousHeaderType := v_headersFields[v_counter].type_;
+                        } // End of 'for' statement
+                        
+                        log("*** " & testcasename() & ": PASS: correct secured packet received");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    } 
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_cancelDenmEvent(v_denmComponent);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_02_01
+            
+            /**
+             * @desc   Check that secured DENM contains the certificate as a signer_info   
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing header_fields['signer_info']{
+             *         containing signer {
+             *           containing type
+             *             indicating 'certificate'
+             *           containing certificate
+             *         }
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_03_01() runs on ItsGeoNetworking system ItsSecSystem {
+                // Local variables
+                var GeoNetworkingInd v_geoNwInd;
+                var HeaderFields v_headersFields;
+                var HeaderFieldType v_previousHeaderType;
+                var integer v_counter;
+                var ItsDenm v_denmComponent;
+                                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                v_denmComponent := f_triggerDenmEvent();
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    mw_header_field_signer_info_certificate
+                                ), 
+                                mw_geoNwAnyPacket_withPayload(
+                                    ?
+                    )))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: DENM signed with certificate");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    mw_header_field(
+                                        e_signer_info
+                                    )
+                                ), 
+                                mw_geoNwAnyPacket_withPayload(
+                                    ?
+                    )))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": FAIL: DENM signed with digest");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_cancelDenmEvent(v_denmComponent);
+                f_poNeighbour();
+                f_cf01Down();
+            }
+            
+            /**
+             * @desc   Check that message generation time is inside the validity period of the signing certificate
+             *         Check that message generation time value is realistic (according to values proposed in C2C SEC12)    
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields['generation_time'] {
+             *         containing generation_time
+             *           indicating TIME_1 (CUR_TIME - 10min <= TIME_1 <= CUR_TIME + 10min)
+             *       }
+             *       containing header_fields['signer_info'] {
+             *         containing signer {
+             *           containing type
+             *             indicating 'certificate'
+             *           containing certificate {
+             *             containing validity_restrictions['time_start_and_end'] {
+             *               containing start_validity
+             *                 indicating value <= TIME_1
+             *               containing end_validity
+             *                 indicating value > TIME_1
+             *             }
+             *             or not containing validity_restrictions['time_start_and_end']
+             *           }
+             *         }
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @see
+             * @reference   ETSI TS 103 097 V1.1.14, clauses 5.4, 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_04_01() runs on ItsGeoNetworking system ItsSecSystem {
+                // Local variables
+                var GeoNetworkingInd v_geoNwInd;
+                var HeaderField      v_headerField;
+                var Time64           v_generationTime;
+                var Time64           v_curTime;
+                var Time64           v_startTime, v_endTime;
+                var Certificate      v_cert;
+                var ItsDenm          v_denmComponent;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_denmComponent := f_triggerDenmEvent();
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(
+                                            e_generation_time
+                                        ),
+                                        mw_header_field_signer_info_certificate,
+                                        mw_header_field_its_aid_DENM
+                                    )
+                                ), 
+                                mw_geoNwAnyPacket_withPayload(
+                                    ?
+                    )))) -> value v_geoNwInd {
+                        tc_ac.stop;
+                        v_curTime := f_getCurrentTime();
+                        v_curTime := v_curTime * 1000; // Time64 is in microseconds 
+                         
+                        if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg,
+                                               e_generation_time, v_headerField)) {
+                            v_generationTime := v_headerField.headerField.generation_time; 
+                            if (v_generationTime < v_curTime - (10*60*3600)) {
+                                log("*** " & testcasename() & ": FAIL: DENM generation time is too far in the past");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                            
+                            if (v_generationTime > v_curTime + (10*60*3600)) {
+                                log("*** " & testcasename() & ": FAIL: DENM generation time is too far in the future");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                            
+                            // Check that generation time is inside the certificate validation period
+                            if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg,
+                                                   e_signer_info, v_headerField)) {
+                                v_cert := v_headerField.headerField.signer.signerInfo.certificate;
+                                
+                                for (var integer v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
+                                    if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
+                                        v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
+                                        if (v_generationTime > v_endTime ) {
+                                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
+                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                        }
+                                    }
+                                    if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_end) {
+                                        v_endTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000;
+                                        v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000;
+                                        if (v_generationTime < v_startTime or v_generationTime > v_endTime ) {
+                                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
+                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                        }
+                                    }
+                                } // End of 'for' statement
+                                log("*** " & testcasename() & ": PASS: DENM generation time is inside the validity of the certificate");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                            } else {
+                                log("*** " & testcasename() & ": INCONC: DENM signer info is not available");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                        } else {
+                            log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation time header");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_cancelDenmEvent(v_denmComponent);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_04_01
+            
+            /**
+             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location
+             *         when AT certificate does not contain any region restrictions
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_A)
+             *     not containing validity_restrictions['region']
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['generation_location']
+             *         containing generation_location
+             *       containing header_fields ['its_aid'] {
+             *          containing its_aid
+             *              indicating 'AID_DENM'
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_05_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var Certificate v_atCertificate;
+                var ItsDenm     v_denmComponent;
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                // Load IUT certificate IUT_CERT_A 
+                f_readCertificate("IUT_CERT_A.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_A
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_denmComponent := f_triggerDenmEvent();
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    mw_header_field_signer_info_certificate(
+                                        mw_certificate(
+                                            ?,
+                                            ?,
+                                            ?,
+                                            superset(
+                                                mw_validity_restriction_region
+                    ))))))) {
+                        log("*** " & testcasename() & ": INFO: Skip DENM containing region restrictions ***");
+                        repeat;
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(
+                                            e_generation_location
+                                        ),
+                                        mw_header_field_signer_info_certificate,
+                                        mw_header_field_its_aid_DENM
+                    ))))) {
+                        // The certificate doesn't contain region restrictions because such messages was catched before 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                        
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        // the message does not contain generation location 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement 
+                
+                // Postamble
+                // Cancel DENM events
+                f_cancelDenmEvent(v_denmComponent);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_05_01
+            
+            function f_TC_SEC_ITSS_SND_DENM_05(
+                                           in template GeographicRegion pmw_region := ?
+            ) runs on ItsGeoNetworking {
+                
+                // Local variables
+                var GeoNetworkingInd v_geoNwInd;
+                var ItsDenm v_denmComponent;
+                
+                // Trigger DENM 
+                v_denmComponent := f_triggerDenmEvent();
+                tc_ac.start;
+                alt {
+                    // DENM contains generation location and certificate with region restrictions  
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(
+                                            e_generation_location
+                                        ),
+                                        mw_header_field_signer_info_certificate(
+                                            mw_certificate(
+                                                ?,
+                                                ?,
+                                                ?, 
+                                                superset(
+                                                    mw_validity_restriction_region(
+                                                        pmw_region
+                                                    )
+                                                )
+                                            )
+                                        ),
+                                        mw_header_field_its_aid_DENM
+                    ))))) -> value v_geoNwInd {
+                        var ValidityRestriction v_vr;
+                        var HeaderField         v_hf;
+                        tc_ac.stop;
+                        // check that generation location is inside the circular region of the certificate
+                        if (    f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf)
+                           and f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
+                        ) {
+                            if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
+                                log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                            }
+                        } else {
+                            log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    }
+                    // DENM doesn't 'contains generation location and certificate with region restrictions 
+                    // FIXME Not possible, generation_location field is mandatory for DENM
+//                    [] geoNetworkingPort.receive(
+//                        mw_geoNwInd(
+//                            mw_geoNwSecPdu(
+//                                mdw_securedMessage_DENMs(
+//                                    complement( // FIXME Cannot work !!!
+//                                        superset(
+//                                            mw_header_field(
+//                                                e_generation_location
+//                    ))))))) {
+//                        tc_ac.stop;
+//                        log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header");
+//                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+//                    }
+                    // DENM signing certificate doesn't 'contains region restriction
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    mw_header_field_signer_info_certificate(
+                                        mw_certificate(
+                                            ?,
+                                            ?,
+                                            ?, 
+                                            { } // DENM signing certificate doesn't 'contains region restriction
+                    )))))) {
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                f_cancelDenmEvent(v_denmComponent);
+            } // End of function f_TC_SEC_ITSS_SND_DENM_05
+            
+            /**
+             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
+             *         which is inside the circular region containing in the validity restriction of the 
+             *         certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_B) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'circle'
+             *         containing circular_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['generation_location']
+             *         containing generation_location
+             *           indicating value inside the REGION
+             *       containing header_fields ['its_aid'] {
+             *          containing its_aid
+             *              indicating 'AID_DENM'
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_05_02() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var Certificate v_atCertificate;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                // Load IUT certificate IUT_CERT_B
+                f_readCertificate("IUT_CERT_B.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_B 
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_DENM_05(mw_geographicRegion_circle);
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_05_02
+
+            /**
+             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
+             *         which is inside the rectangular region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_C) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'rectangle'
+             *         containing rectangular_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_field ['generation_location']
+             *         containing generation_location
+             *           indicating value inside the REGION
+             *       containing header_field ['its_aid'] {
+             *          containing its_aid
+             *              indicating 'AID_DENM'
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_05_03() runs on ItsGeoNetworking system ItsSecSystem {
+                // Test control
+                var Certificate v_atCertificate;
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_C 
+                f_readCertificate("IUT_CERT_C.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_C
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_DENM_05(mw_geographicRegion_rectangular);
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_05_03
+            
+            /**
+             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
+             *         which is inside the polygonal region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_D) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'polygon'
+             *         containing polygonal_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_field ['generation_location']
+             *         containing generation_location
+             *           indicating value inside the REGION
+             *       containing header_field ['its_aid'] {
+             *          containing its_aid
+             *              indicating 'AID_DENM'
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_05_04() runs on ItsGeoNetworking system ItsSecSystem {
+                // Test control
+                var Certificate v_atCertificate;
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_D 
+                f_readCertificate("IUT_CERT_D.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_D
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_DENM_05(mw_geographicRegion_polygonal);
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_05_04
+            
+            /**
+             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
+             *         which is inside the identified region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field      
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_E) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'id_region'
+             *         containing identified_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *          containing exactly one header_fields ['generation_location'] {
+             *              containing generation_location
+             *                  indicating value inside the REGION
+             *              containing header_fields ['its_aid'] {
+             *                  containing its_aid
+             *                      indicating 'AID_DENM'
+             *              }
+             *          }
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_05_05() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var Certificate v_atCertificate;
+                
+                //  Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_E 
+                f_readCertificate("IUT_CERT_E.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_E
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_DENM_05(mw_geographicRegion_identified);
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_05_05
+            
+            /**
+             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
+             *         which is inside the region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing header_fields['signed_info'].certificate {
+             *         containing validity_restrictions ['region']
+             *         {
+             *           containing region.region_type
+             *             indicating 'circle'
+             *           containing region.circular_region
+             *             indicating REGION
+             *         } or {
+             *           containing region.region_type
+             *             indicating 'rectangle'
+             *           containing region.rectangular_region
+             *             containing array of rectangles
+             *               indicating REGION
+             *         } or {
+             *           containing region.region_type
+             *             indicating 'polygonal'
+             *           containing region.polygonal_region
+             *             indicating REGION
+             *         } or {      
+             *           containing region.region_type
+             *             indicating 'id_region'
+             *           containing region.circular_region
+             *             indicating REGION
+             *         }
+             *       }
+             *       containing exactly one header_fields['generation_location']
+             *         containing generation_location
+             *           indicating location inside the REGION
+             *       containing header_fields ['its_aid'] {
+             *          containing its_aid
+             *              indicating 'AID_DENM'
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_05_06() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var Certificate v_atCertificate;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_B 
+                f_readCertificate("IUT_CERT_B.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_B
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_DENM_05(); // any type of regions
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_05_06
+            
+            /**
+             * @desc   Check secured DENM message type    
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *     the IUT being in the 'authorized' state
+             * }
+             * Expected results:
+             * ensure that {
+             *     when {
+             *         the IUT is requested to send a DENM
+             *     } then {
+             *         the IUT sends a SecuredMessage {
+             *             containing header_fields ['its_aid'] {
+             *                 containing its_aid
+             *                     indicating 'AID_DENM' (16513)
+             *              }
+             *         }
+             *     }
+             * }
+             * 

+             * @see
+             * @reference   ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_06_01() runs on ItsGeoNetworking system ItsSecSystem {
+                // Local variables
+                var ItsDenm v_denmComponent;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); 
+                
+                // Test Body
+                v_denmComponent := f_triggerDenmEvent();
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    mw_header_field_its_aid_CAM
+                    )))) {
+                        log("*** " & testcasename() & ": PASS: DENM message type is set to '1'");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs
+                    ))) {
+                        log("*** " & testcasename() & ": FAIL: DENM message type is not '1'");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs
+                    ))) {
+                        log("*** " & testcasename() & ": FAIL: DENM message type header field does not exist");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement 
+                
+                // Postamble
+                f_cancelDenmEvent(v_denmComponent);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_06_01
+            
+            /**
+             * @desc   Check secured DENM message type
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *     the IUT being in the 'authorized' state
+             * }
+             * Expected results:
+             * ensure that {
+             *     when {
+             *         the IUT is requested to send a DENM
+             *     } then {
+             *         the IUT sends a SecuredMessage {
+             *             containing header_fields ['its_aid'] {
+             *                 containing its_aid
+             *                     indicating 'AID_DENM'
+             *             }
+             *             containing payload_field
+             *                 containing exactly one element of type Payload {
+             *                     containing type
+             *                         indicating 'signed'
+             *                             containing not-empty data
+             *             }
+             *         }
+             *     }
+             * }
+             * 

+             * @see
+             * @reference   ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_08_01() runs on ItsGeoNetworking system ItsSecSystem {
+                // Local variables
+                var ItsDenm v_denmComponent;
+                
+                // Test component configuration
+                f_cf01Up();
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_denmComponent := f_triggerDenmEvent();
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    ?,
+                                    mw_payload(e_signed)
+                    )))) {
+                        log("*** " & testcasename() & ": PASS: DENM payload is 'signed'");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    ?,
+                                    mw_payload()
+                    )))) {
+                         log("*** " & testcasename() & ": FAIL: DENM payload is not 'signed'");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs
+                    ))) {
+                         log("*** " & testcasename() & ": FAIL: DENM payload is not exist");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_cancelDenmEvent(v_denmComponent);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_08_01
+            
+            /**
+             * @desc   Check that the secured DENM contains only one TrailerField of type signature.
+             *         Check that the signature contained in the SecuredMessage is calculated 
+             *         over the right fields by cryptographically verifying the signature.     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing header_field ['signer_info'] {
+             *         containing signer {
+             *           containing type
+             *             indicating 'certificate'
+             *           containing certificate
+             *             containing subject_info.subject_type
+             *               indicating 'authorization_ticket' (2)
+             *             and containing subject_attributes['verification key'] (KEY)
+             *         }
+             *       }
+             *       containing header_field ['its_aid'] {
+             *          containing its_aid
+             *              indicating 'AID_DENM'
+             *       }
+             *       containing trailer_fields {
+             *         containing single instance of type TrailerField {
+             *           containing type
+             *             indicating 'signature'
+             *           containing signature
+             *             verifiable using KEY
+             *           }
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @see
+             * @reference   ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_DENM_10_01() runs on ItsGeoNetworking system ItsSecSystem {
+                //  Local variables
+                var GeoNetworkingInd v_geoNwInd;
+                var SignerInfo v_signerInfo;
+                var Certificate v_certificate;
+                var ItsDenm v_denmComponent;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                v_denmComponent := f_triggerDenmEvent();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_DENMs(
+                                    mw_header_field_signer_info_certificate
+                    )))) -> value v_geoNwInd { 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: DENM message with certificate received ***");
+                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
+                        
+                        if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
+                            log("*** " & testcasename() & ": FAIL: DENM received with invalide signature");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                log("*** " & testcasename() & ": PASS: DENM received with correct signature");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                
+                // Postamble
+                f_cancelDenmEvent(v_denmComponent);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_10_01
+                
+        } // End of group secDENMProfile
+        
+        group secOtherProfile {
+            
+            /**
+             * @desc   Check that the generic secured message contains exactly one element of these header fields: 
+             *             signer_info, generation_time, generation_location.
+             *         Check that the header fields are in the ascending order according to the numbering of the enumeration
+             *             except of the signer_info, which is encoded first.   
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * Expected Results:
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing header_fields [0].type
+             *         indicating 'signer_info'
+             *       containing header_fields [1..n] 
+             *         where header_fields [v_counter].type < header_fields [v_counter + 1].type
+             *       containing header_fields ['generation_time']
+             *       containing header_fields ['generation_location']
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }  
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.3
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_02_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector v_longPosVectorIut;
+                var GeoNetworkingInd v_geoNwInd;
+                var HeaderFields v_headersFields;
+                var HeaderFieldType v_previousHeaderType;
+                var integer v_counter;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(e_generation_time), 
+                                        mw_header_field(e_generation_location),
+                                        complement(
+                                            mw_header_field_its_aid_CAM,
+                                            mw_header_field_its_aid_DENM
+                                        )
+                                    )
+                                ), 
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) -> value v_geoNwInd {
+                        tc_ac.stop;
+                        
+                        // Process header fields manually
+                        v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
+                        
+                        // Check that signerInfo is first header
+                        if (lengthof(v_headersFields) < 1 or not match(v_headersFields[0].type_, e_signer_info)) {
+                            log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);    
+                        }
+                        
+                        for (v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
+                            // Check that no header is duplicated
+                            if (match(v_headersFields[v_counter].type_, e_signer_info)) {
+                                log("*** " & testcasename() & ": FAIL: multiple instances of signer_info");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                            
+                            if (v_counter > 1) {
+                                // Check that headers are ordered
+                                if (v_headersFields[v_counter].type_ == v_previousHeaderType) {
+                                    log("*** " & testcasename() & ": FAIL: multiple instances of same Header");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                }
+                                if (v_headersFields[v_counter].type_  < v_previousHeaderType) {
+                                    log("*** " & testcasename() & ": FAIL: headers not in correct order");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                }
+                            }
+                            v_previousHeaderType := v_headersFields[v_counter].type_;
+                        } // End of 'for' statement
+                        
+                        log("*** " & testcasename() & ": PASS: correct secured packet received");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_02_01
+            
+            /**
+             * @desc   Check that generic secured message contains the certificate as a signer_info
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial Conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * Expected Behaviour
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['signer_info'] {
+             *         containing signer {
+             *           containing type
+             *             indicating 'certificate'
+             *           containing certificate
+             *         }
+             *       }
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.3
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_03_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector v_longPosVectorIut;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                 mdw_securedMessage_Others(
+                                    mw_header_field_signer_info_certificate
+                                ), 
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) { 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: Beacon signed with certificate ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others(
+                                    mw_header_field(
+                                        e_signer_info
+                                    )
+                                ),
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) { 
+                        log("*** " & testcasename() & ": INFO: Beacon signed with digest ***");
+                        repeat;
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected Beacon not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_03_01
+            
+            /**
+             * @desc   Check that message generation time is inside the validity period of the signing certificate
+             *         Check that message generation time value is realistic (according to values proposed in C2C SEC12)    
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * Expected behaviour:
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields['generation_time'] {
+             *         containing generation_time
+             *           indicating TIME_1 (CUR_TIME - 10min <= TIME_1 <= CUR_TIME + 10min)
+             *       }
+             *       containing header_fields['signer_info'] {
+             *         containing signer {
+             *           containing type
+             *             indicating 'certificate'
+             *           containing certificate {
+             *             containing validity_restrictions['time_start_and_end'] {
+             *               containing start_validity
+             *                 indicating value <= TIME_1
+             *               containing end_validity
+             *                 indicating value > TIME_1
+             *             }
+             *             or not containing validity_restrictions['time_start_and_end']
+             *           }
+             *         }
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @see
+             * @reference   ETSI TS 103 097 V1.1.14, clauses 5.4, 7.3
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_04_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector    v_longPosVectorIut;
+                var GeoNetworkingInd v_geoNwInd;
+                var HeaderField      v_headerField;
+                var Time64           v_generationTime;
+                var Time64           v_curTime;
+                var Time64           v_startTime, v_endTime;
+                var Certificate      v_cert;
+                var integer          v_counter;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(
+                                            e_generation_time
+                                        ),
+                                        mw_header_field_signer_info_certificate,
+                                        complement(
+                                            mw_header_field_its_aid_CAM,
+                                            mw_header_field_its_aid_DENM
+                                        )
+                                    )
+                                ), 
+                                mw_geoNwBeaconPacket(
+                                    ?
+                                )
+                            )
+                    )) -> value v_geoNwInd { 
+                        const integer c_deltaTime := 2 * 3600 * 1000000; // Two hours, in microsecoonds
+                        
+                        tc_ac.stop;
+                        v_curTime := f_getCurrentTime();
+                        v_curTime := v_curTime * 1000; // Clause 4.2.16 Time64: is in microseconds
+                        
+                        if (
+                            f_getMsgHeaderField(
+                                v_geoNwInd.msgIn.gnPacket.securedMsg,
+                                e_generation_time, 
+                                v_headerField
+                        )) {
+                            v_generationTime := v_headerField.headerField.generation_time;  
+                            log("v_generationTime=", v_generationTime);
+                            log("v_curTime=", v_curTime);
+                            log("v_curTime - c_deltaTime=", v_curTime - c_deltaTime);
+                            if (v_generationTime < (v_curTime - c_deltaTime)) {
+                                log("*** " & testcasename() & ": FAIL: Beacon generation time is too far in the past");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                            
+                            if (v_generationTime > (v_curTime + c_deltaTime)) {
+                                log("*** " & testcasename() & ": FAIL: Beacon generation time is too far in the future");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                            
+                            // Check that generation time is inside the certificate validation period
+                            if (
+                                f_getMsgHeaderField(
+                                    v_geoNwInd.msgIn.gnPacket.securedMsg,
+                                    e_signer_info, 
+                                    v_headerField
+                            )) {
+                                v_cert := v_headerField.headerField.signer.signerInfo.certificate;
+                                
+                                for (v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
+                                    if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
+                                        v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
+                                        if (v_generationTime > v_endTime ) {
+                                            log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate");
+                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                        }
+                                    }
+                                    if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_end) {
+                                        v_endTime   := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.end_validity   * 1000000;
+                                        v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000;
+                                        if (v_generationTime < v_startTime or v_generationTime > v_endTime ) {
+                                            log("*** " & testcasename() & ": FAIL: Beacon generation time is not inside the validity of the certificate");
+                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                                        }
+                                    }
+                                } // End of 'for' statement
+                                log("*** " & testcasename() & ": PASS: Beacon generation time is inside the validity of the certificate");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                            } else {
+                                log("*** " & testcasename() & ": INCONC: DENM signer info is not available");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                        }
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected Beacon not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_04_01
+
+            /**
+             * @desc   Check that the secured GN Beacon contains exactly one HeaderField generation_location
+             *         when AT certificate does not contain any region restrictions    
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_A)
+             *     not containing validity_restrictions['region']
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['generation_location']
+             *         containing generation_location
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_05_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector v_longPosVectorIut;
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(mw_geoNwSecPdu(
+                            mdw_securedMessage_Others(
+                                mw_header_field_signer_info_certificate(
+                                    mw_certificate(
+                                        ?,
+                                        ?,
+                                        ?,
+                                        superset(
+                                            mw_validity_restriction_region
+                    ))))))) {
+                        log("*** " & testcasename() & ": INFO: Skip DENM containing region restrictions ***");
+                        repeat;
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage(
+                                    superset(
+                                        mw_header_field(
+                                            e_generation_location
+                                        ),
+                                        mw_header_field_signer_info_certificate,
+                                        complement(
+                                            mw_header_field_its_aid_CAM,
+                                            mw_header_field_its_aid_DENM
+                                        )
+                    ))))) {
+                        // The certificate doesn't contain region restrictions because such messages was catched before 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others(
+                                    mw_header_field_signer_info_certificate
+                    )))) {
+                        // The message does not contain generation location 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_01
+            
+            /**
+             * @desc   Check that the secured GN Beacon contains exactly one HeaderField generation_location 
+             *         which is inside the circular region containing in the validity restriction of the 
+             *         certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_B) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'circle'
+             *         containing circular_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a GN Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['generation_location']
+             *         containing generation_location
+             *           indicating value inside the REGION
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_05_02() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector   v_longPosVectorIut;
+                var Certificate     v_atCertificate;
+                
+                // Test control
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_B 
+                f_readCertificate("IUT_CERT_B.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_B
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_GENMSG_05(mw_geographicRegion_circle);
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_02
+
+            /**
+             * @desc   Check that the secured GN Beacon contains exactly one HeaderField generation_location 
+             *         which is inside the rectangular region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_C) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'rectangle'
+             *         containing rectangular_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a DENM
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['generation_location']
+             *         containing generation_location
+             *           indicating value inside the REGION
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_05_03() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector   v_longPosVectorIut;
+                var Certificate     v_atCertificate;
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_C 
+                f_readCertificate("IUT_CERT_C.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_C
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_GENMSG_05(mw_geographicRegion_rectangular);
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_03
+            
+            /**
+             * @desc   Check that the secured GN Message contains exactly one HeaderField generation_location 
+             *         which is inside the polygonal region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_D) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'polygon'
+             *         containing polygonal_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['generation_location']
+             *         containing generation_location
+             *           indicating value inside the REGION
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_05_04() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector   v_longPosVectorIut;
+                var Certificate     v_atCertificate;
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_D 
+                f_readCertificate("IUT_CERT_D.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_D
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_GENMSG_05(mw_geographicRegion_polygonal);
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_04
+            
+            /**
+             * @desc   Check that the secured GN Message contains exactly one HeaderField generation_location 
+             *         which is inside the identified region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field      
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT has been authorized with the AT certificate (CERT_AT_E) {
+             *     containing validity_restrictions ['region'] {
+             *       containing region{
+             *         containing region_type
+             *           indicating 'id_region'
+             *         containing identified_region
+             *           indicating REGION
+             *       }
+             *     }
+             *   }
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing exactly one header_fields ['generation_location']
+             *         containing generation_location
+             *           indicating value inside the REGION
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_05_05() runs on ItsGeoNetworking system ItsSecSystem {
+                // Local variables
+                var LongPosVector   v_longPosVectorIut;
+                var Certificate     v_atCertificate;
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_E 
+                f_readCertificate("IUT_CERT_E.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_E
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_GENMSG_05(mw_geographicRegion_identified);
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_05
+            
+            /**
+             * @desc   Check that the secured GN Message contains exactly one HeaderField generation_location 
+             *         which is inside the region containing in the validity restriction 
+             *         of the certificate pointed by the signer_info field     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send a Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing header_fields['signed_info'].certificate {
+             *         containing validity_restrictions ['region']
+             *         {
+             *           containing region.region_type
+             *             indicating 'circle'
+             *           containing region.circular_region
+             *             indicating REGION
+             *         } or {
+             *           containing region.region_type
+             *             indicating 'rectangle'
+             *           containing region.rectangular_region
+             *             containing array of rectangles
+             *               indicating REGION
+             *         } or {
+             *           containing region.region_type
+             *             indicating 'polygonal'
+             *           containing region.polygonal_region
+             *             indicating REGION
+             *         } or {      
+             *           containing region.region_type
+             *             indicating 'id_region'
+             *           containing region.circular_region
+             *             indicating REGION
+             *         }
+             *       }
+             *       containing exactly one header_fields['generation_location']
+             *         containing generation_location
+             *           indicating location inside the REGION
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *     }
+             *   }
+             * }
+             * 

+             * @reference       ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_05_06() runs on ItsGeoNetworking system ItsSecSystem {
+                // Local variables
+                var LongPosVector   v_longPosVectorIut;
+                var Certificate     v_atCertificate;
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Load IUT certificate IUT_CERT_B 
+                f_readCertificate("IUT_CERT_B.AT_CERT", v_atCertificate);
+                // TODO: Push Certificate IUT_CERT_B
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                f_TC_SEC_ITSS_SND_GENMSG_05(); // any type of regions
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_05_06
+            
+            group f_TC_SEC_ITSS_SND_GENMSG_05_xx {
+                
+                function f_TC_SEC_ITSS_SND_GENMSG_05(
+                                                       in template (present) GeographicRegion p_region := ?
+                ) runs on ItsGeoNetworking {
+                    
+                    // Local variables
+                    var GeoNetworkingInd v_geoNwInd;
+                    
+                    tc_ac.start;
+                    alt {
+                        // GN message must contain generation location and the certificate with region restrictions  
+                        [] geoNetworkingPort.receive(
+                            mw_geoNwInd(
+                                mw_geoNwSecPdu(
+                                    mdw_securedMessage(
+                                        superset(
+                                            mw_header_field(e_generation_location),
+                                            mw_header_field_signer_info_certificate(
+                                                mw_certificate(
+                                                    ?,
+                                                    ?,
+                                                    ?, 
+                                                    superset(
+                                                        mw_validity_restriction_region(
+                                                            p_region
+                        ))))))))) -> value v_geoNwInd {
+                            var ValidityRestriction v_vr;
+                            var HeaderField         v_hf;
+                            
+                            tc_ac.stop;
+                            // Check that generation location is inside the circular region of the certificate
+                            if (
+                                f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and 
+                                f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
+                            ) {
+                                if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
+                                    log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
+                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                                }
+                            } else {
+                                log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                        }
+                        // GN message doesn't contain generation location 
+                        [] geoNetworkingPort.receive(
+                            mw_geoNwInd(
+                                mw_geoNwSecPdu(
+                                    mdw_securedMessage_Others
+                        ))) -> value v_geoNwInd {
+                            var HeaderField v_hf;
+                            
+                            tc_ac.stop;
+                            
+                            // Check that generation location is not present
+                            f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf);
+                            if (not isbound(v_hf)) {
+                                log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header");
+                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                            }
+                        }
+                        // GN signing certificate doesn't contains region restriction 
+                        [] geoNetworkingPort.receive(
+                            mw_geoNwInd(
+                                mw_geoNwSecPdu(
+                                    mdw_securedMessage_Others(
+                                        mw_header_field_signer_info_certificate(
+                                            mw_certificate(
+                                                ?,
+                                                ?,
+                                                ?, 
+                                                { } // GN signing certificate doesn't contains region restriction
+                        )))))) {
+                            tc_ac.stop;
+                            log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                        [] tc_ac.timeout {
+                            log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                        }
+                    } // End of 'alt' statement
+                } // End of function f_TC_SEC_ITSS_SND_GENMSG_05 
+                
+            } // End of group f_TC_SEC_ITSS_SND_GENMSG_05_xx
+            
+            /**
+             * @desc        Check that the secured message contains exactly one payload of type signed     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *     the IUT being in the 'authorized' state
+             * }
+             * Expected results:
+             * ensure that {
+             *     when {
+             *         the IUT is requested to send a Beacon
+             *     } then {
+             *         the IUT sends a SecuredMessage {
+             *            not containing header_field ['its_aid']
+             *              indicating 'AID_CAM'
+             *            not containing header_field ['its_aid']
+             *              indicating 'AID_DENM'
+             *            containing payload_fields
+             *              containing exactly one element of type Payload {
+             *                containing type
+             *                  indicating 'signed'
+             *                containing not-empty data
+             *              }
+             *         }
+             *     }
+             * }
+             * 

+             * @see
+             * @reference   ETSI TS 103 097 V1.1.14, clause 7.3
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_06_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var LongPosVector v_longPosVectorIut;
+                
+                // Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Test adapter configuration
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
+                
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others,
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) { 
+                        log("*** " & testcasename() & ": FAIL: Beacon multiple payloads");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others(
+                                    ? 
+                                    //omit // FIXME Not possible due to SecuredMessage typing
+                                ),
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) { 
+                        log("*** " & testcasename() & ": FAIL: Beacon payload is ommited");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others(
+                                    ?, 
+                                    mw_payload(
+                                        e_signed
+                                    ) 
+                                ),
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) { 
+                        log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others(
+                                    ?, 
+                                    mw_payload
+                                ),
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) { 
+                        log("*** " & testcasename() & ": FAIL: Beacon payload is not 'signed'");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others(
+                                    ?, 
+                                    mw_payload(
+                                        e_signed, 
+                                        ? length(0) // TODO ''O ?????
+                                    )
+                                ),
+                                mw_geoNwBeaconPacket(
+                                    ?
+                    )))) { 
+                        log("*** " & testcasename() & ": FAIL: Beacon payload data is empty");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected Message not received ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01
+            
+            /**
+             * @desc   Check that the secured GN Message contains only one TrailerField of type signature.
+             *         Check that the signature contained in the SecuredMessage is calculated 
+             *         over the right fields by cryptographically verifying the signature.     
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send Beacon
+             *   } then {
+             *     the IUT sends a SecuredMessage {
+             *       containing header_fields ['signer_info'] {
+             *         containing signer {
+             *           containing type
+             *             indicating 'certificate'
+             *           containing certificate
+             *             containing subject_info.subject_type
+             *               indicating 'authorization_ticket' (2)
+             *             and containing subject_attributes['verification key'] (KEY)
+             *         }
+             *       }
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_CAM'
+             *       not containing header_field ['its_aid']
+             *         indicating 'AID_DENM'
+             *       containing trailer_fields {
+             *         containing single instance of type TrailerField {
+             *           containing type
+             *             indicating 'signature'
+             *           containing signature
+             *             verifiable using KEY        }
+             *       }
+             *     }
+             *   }
+             * }
+             * 

+             * @see
+             * @reference   ETSI TS 103 097 V1.1.14, clause 7.3
+             */
+            testcase TC_SEC_ITSS_SND_GENMSG_07_01() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                //  Local variables
+                var LongPosVector v_longPosVectorIut;
+                var GeoNetworkingInd v_geoNwInd;
+                var SignerInfo v_signerInfo;
+                
+                //  Test component configuration
+                f_cf01Up();
+                v_longPosVectorIut := f_getPosition(c_compIut);
+                
+                // Preamble
+                f_prNeighbour();
+                f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                    
+                // Test Body
+                tc_ac.start;
+                alt {
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others(
+                                    mw_header_field_signer_info_certificate
+                    )))) -> value v_geoNwInd { 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***");
+                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
+                        
+                        if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
+                            log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    }
+                    [] geoNetworkingPort.receive(
+                        mw_geoNwInd(
+                            mw_geoNwSecPdu(
+                                mdw_securedMessage_Others
+                    ))) { 
+                        tc_ac.stop;
+                        log("*** " & testcasename() & ": FAIL: Beacon message without certificate received");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    [] tc_ac.timeout {
+                        log("*** " & testcasename() & ": INCONC: Expected GN Message not received");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                    }
+                } // End of 'alt' statement
+                log("*** " & testcasename() & ": PASS: GN Message received with correct signature");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                
+                // Postamble
+                f_acTriggerEvent(m_stopPassBeaconing);
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_SND_DENM_10_01
+            
+        } // End of group secOtherProfile
+        
+    } // End of group g_SecuredMessages
+    
+    group g_receiverBehavior {
+        
+        group g_recvCamProfile {
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured CAM containing certificate in signer_info
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage
+             *              containing protocol_version 
+             *                  indicating value '2'
+             *              and containing header_fields[0]
+             *                  containing type 
+             *                      indicating 'signer_info'
+             *                  and containing signer {
+             *                      containing type
+             *                          indicating 'certificate'
+             *                      and containing certificate (CERT_AT_A) {
+             *                          containing subject_info.subject_type
+             *                              indicating 'authorization_ticket' (2)
+             *                          and containing subject_attributes['verification key'] (KEY)
+             *                      }
+             *                  }
+             *              and containing header_fields [1] {
+             *                  containing type
+             *                      indicating 'generation_time'
+             *                  containing generation_time
+             *                      indicating CURRENT_TIME
+             *              }
+             *              and containing header_fields[2] {
+             *                  containing type
+             *                      indicating 'its_aid'
+             *                  containing its_aid
+             *                      indicating 'AID_CAM'
+             *              }
+             *              and not containing any other header fields
+             *              and containing payload_field {
+             *                  containing type
+             *                      indicating 'signed'
+             *                  containing data
+             *                      indicating length > 0
+             *                      containing CAM payload
+             *              }
+             *              and containing trailer_fields {
+             *                  containing single instance of type TrailerField {
+             *                      containing type
+             *                          indicating 'signature'
+             *                      containing signature
+             *                          verifiable using KEY
+             *                  }
+             *              }
+             *      } then {
+             *          the IUT accepts the message
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_01_01_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredCam(cc_taCertA, omit, e_certificate);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_01_01_NB
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured CAM containing certificate digest of the known certificate in signer_info
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *      the IUT already sent a Secured message containing certificate (CERT_AT_A)
+             *          containing subject_info.subject_type
+             *              indicating 'authorization_ticket' (2)
+             *          and containing subject_attributes['verification key'] (KEY)
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage
+             *              containing protocol_version 
+             *                  indicating value '2'
+             *              and containing header_fields[0]
+             *                  containing type 
+             *                      indicating 'signer_info'
+             *                  and containing signer {
+             *                      containing type
+             *                          indicating 'certificate_digest_with_sha256'
+             *                      and containing digest
+             *                          referencing to certificate (CERT_AT_A)
+             *                  }
+             *              and containing header_fields [1] {
+             *                  containing type
+             *                      indicating 'generation_time'
+             *                  containing generation_time
+             *                      indicating CURRENT_TIME
+             *              }
+             *              and containing header_fields[2] {
+             *                  containing type
+             *                      indicating 'its_aid'
+             *                  containing its_aid
+             *                      indicating 'AID_CAM'
+             *              }
+             *              and not containing any other header fields
+             *              and containing payload_field {
+             *                  containing type
+             *                      indicating 'signed'
+             *                  containing data
+             *                      indicating length > 0
+             *                      containing CAM payload
+             *              }
+             *              and containing trailer_fields {
+             *                  containing single instance of type TrailerField {
+             *                      containing type
+             *                          indicating 'signature'
+             *                      containing signature
+             *                          verifiable using KEY
+             *                  }
+             *              }
+             *      } then {
+             *          the IUT accepts the message
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_01_02_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredCam(cc_taCertA, omit, e_certificate_digest_with_sha256);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_01_02_NB
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured CAM containing certificate chain in signer_info
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage
+             *              containing protocol_version 
+             *                  indicating value '2'
+             *              and containing header_fields[0]
+             *                  containing type 
+             *                      indicating 'signer_info'
+             *                  and containing signer {
+             *                      containing type
+             *                          indicating 'certificate_chain'
+             *                      and containing certificates
+             *                          containing certificate (CERT_AA_A) at index 0 {
+             *                              containing subject_info.subject_type
+             *                                  indicating 'authorization_authority'
+             *                              and containing subject_attributes['verification key'] (KEY_AA)
+             *                          }
+             *                          and containing certificate (CERT_AT_A) at index 1 {
+             *                              containing subject_info.subject_type
+             *                                  indicating 'authorization_ticket'
+             *                              and containing signer_info {
+             *                                  containing type
+             *                                      indicating 'certificate_digest_with_sha256'
+             *                                  containing digest
+             *                                      referencing to the CERT_AA_A
+             *                              }
+             *                              and containing signature
+             *                                  verifiable using KEY_AA
+             *                              and containing subject_attributes['verification key'] (KEY)
+             *                          }
+             *                  }
+             *              and containing header_fields [1] {
+             *                  containing type
+             *                      indicating 'generation_time'
+             *                  containing generation_time
+             *                      indicating CURRENT_TIME
+             *              }
+             *              and containing header_fields[2] {
+             *                  containing type
+             *                      indicating 'its_aid'
+             *                  containing its_aid
+             *                      indicating 'AID_CAM'
+             *              }
+             *              and not containing any other header fields
+             *              and containing payload_field {
+             *                  containing type
+             *                      indicating 'signed'
+             *                  containing data
+             *                      indicating length > 0
+             *                      containing CAM payload
+             *              }
+             *              and containing trailer_fields {
+             *                  containing single instance of type TrailerField {
+             *                      containing type
+             *                          indicating 'signature'
+             *                      containing signature
+             *                          verifiable using KEY
+             *                  }
+             *              }
+             *      } then {
+             *          the IUT accepts the message
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_01_03_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredCam(cc_taCertA, omit, e_certificate_chain);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                 
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_01_03_NB
+            
+            /**
+             * @desc    Check that IUT discards a Secured CAM containing protocol version set to a value less then 2
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage (CAM)
+             *              containing protocol_version 
+             *                  indicating 1
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_CAM'
+             *      } then {
+             *          the IUT discards a SecuredMessage
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_02_01a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(cc_taCertA);
+                v_securedGnPdu.gnPacket.securedMsg.protocol_version := 1;
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_02_01a_EB
+            
+            /**
+             * @desc    Check that IUT discards a Secured CAM containing protocol version set to a value greater then 2
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage (CAM)
+             *              containing protocol_version 
+             *                  indicating 3
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_CAM'
+             *      } then {
+             *          the IUT discards a SecuredMessage
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_02_01b_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(cc_taCertA); 
+                v_securedGnPdu.gnPacket.securedMsg.protocol_version := 3;
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_02_01b_EB
+            
+            /**
+             * @desc    Check that IUT discards a secured CAM if the header_fields contains more than one element of header field type: signer_info
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *  when {  
+             *      the IUT is receiving a SecuredMessage (CAM) 
+             *          containing header_fields[0].type
+             *              indicating 'signer_info'
+             *          and containing header_fields[1].type
+             *              indicating 'signer_info'
+             *          and containing header_fields[2].type
+             *              indicating 'generation_time'
+             *          and containing header_fields[3] {
+             *              containing type
+             *                  indicating 'its_aid'
+             *              containing its_aid
+             *                  indicating 'AID_CAM'
+             *          and not containing other header fields
+             *  } then { 
+             *      the IUT discards the message 
+             *  } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_04_01a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_signer_info(
+                            m_signerInfo_digest(
+                                vc_atCertificate.signer_info.signerInfo.digest
+                        )), 
+                        m_header_field_signer_info(
+                            m_signerInfo_certificate(
+                                vc_aaCertificate
+                        )), 
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_its_aid_CAM
+                    }, 
+                    e_certificate_digest_with_sha256,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_04_01a_EB
+            
+            /**
+             * @desc    Check that IUT discards a secured CAM if the header_fields does not contain the header field type: signer_info
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *  when {  
+             *      the IUT is receiving a SecuredMessage (CAM) 
+             *          containing header_fields[0].type
+             *              indicating 'generation_time'
+             *          and containing header_fields[1] {
+             *              containing type
+             *                  indicating 'its_aid'
+             *              containing its_aid
+             *                  indicating 'AID_CAM'
+             *          and not containing other header fields
+             *  } then { 
+             *      the IUT discards the message 
+             *  } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_04_01b_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_its_aid_CAM
+                    }, 
+                    e_certificate_digest_with_sha256,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_04_01b_EB
+            
+            /**
+             * @desc    Check that IUT is able to receive a secured CAM if the signer_info header field is not encoded first
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *  when {  
+             *      TODO
+             *  } then { 
+             *      the IUT discards the message 
+             *  } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_04_01c_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_its_aid_CAM,
+                        m_header_field_signer_info(
+                            m_signerInfo_digest(
+                                vc_atCertificate.signer_info.signerInfo.digest
+                        ))
+                    }, 
+                    e_certificate_digest_with_sha256,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_04_01c_EB
+            
+            /**
+             * @desc    Check that IUT discards a secured CAM if the header_fields doesn't contain the element of header field of type: generation_time
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *  when {  
+             *      the IUT is receiving a SecuredMessage (CAM)
+             *          containing header_fields[0].type
+             *              indicating 'signer_info'
+             *          and containing header_fields[1] {
+             *              containing type
+             *                  indicating 'its_aid'
+             *              containing its_aid
+             *                  indicating 'AID_CAM'
+             *       }
+             *       and not containing other header fields
+             *  } then { 
+             *      the IUT discards the message 
+             *  } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_04_02a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_signer_info(
+                            m_signerInfo_digest(
+                                vc_atCertificate.signer_info.signerInfo.digest
+                        )), 
+                        m_header_field_its_aid_CAM
+                    }, 
+                    e_certificate_digest_with_sha256,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_04_02a_EB
+            
+            /**
+             * @desc    Check that IUT discards a secured CAM if the header_fields contain more than one element of header field of type: its_aid
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *  when {  
+             *      the IUT is receiving a SecuredMessage (CAM)
+             *          containing header_fields[0].type
+             *              indicating 'signer_info'
+             *          and containing header_fields[1].type
+             *              indicating 'generation_time'
+             *          and and containing header_fields[2] {
+             *              containing type
+             *                  indicating 'its_aid'
+             *              containing its_aid
+             *                  indicating 'AID_CAM'
+             *          and and containing header_fields[3] {
+             *              containing type
+             *                  indicating 'its_aid'
+             *              containing its_aid
+             *                  indicating 'AID_DENM'
+             *       }
+             *       and not containing other header fields
+             *  } then { 
+             *      the IUT discards the message 
+             *  } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_04_03a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_signer_info(
+                            m_signerInfo_digest(
+                                vc_atCertificate.signer_info.signerInfo.digest
+                        )), 
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_its_aid_CAM,
+                        m_header_field_its_aid_DENM
+                    }, 
+                    e_certificate_digest_with_sha256,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_04_03a_EB
+            
+            /**
+             * @desc    Check that IUT ignores the HeaderFields generation_time_standard_deviation of received Secured CAM
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *  when {  
+             *      the IUT is receiving a SecuredMessage (CAM)
+             *          containing header_fields[0].type
+             *              indicating 'signer_info'
+             *          and containing header_fields[1].type
+             *              indicating 'generation_time'
+             *                  indicating TIME_1 inside the validity period of the signer certificate
+             *          and containing header_fields[2].type
+             *              indicating 'generation_time_with_standard_deviation'
+             *                  indicating TIME_2 inside the validity period of the signer certificate
+             *          and and containing header_fields[3] {
+             *              containing type
+             *                  indicating 'its_aid'
+             *              containing its_aid
+             *                  indicating 'AID_CAM'
+             *       }
+             *       and not containing other header fields
+             *  } then { 
+             *      the IUT discards the message 
+             *  } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_04_05a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_signer_info(
+                            m_signerInfo_digest(
+                                vc_atCertificate.signer_info.signerInfo.digest
+                        )), 
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_generation_time_with_standard_deviation(
+                            m_time64WithStandardDeviation(
+                                1000, // In us
+                                0
+                        )), 
+                        m_header_field_its_aid_CAM
+                    }, 
+                    e_certificate_digest_with_sha256,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_04_05a_EB
+            
+            /**
+             * @desc    Check that IUT ignores the HeaderFields generation_time_standard_deviation of received Secured CAM
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *  when {  
+             *      the IUT is receiving a SecuredMessage (CAM)
+             *          containing header_fields[0].type
+             *              indicating 'signer_info'
+             *          and containing header_fields[1].type
+             *              indicating 'generation_time'
+             *                  indicating TIME_1 outside the validity period of the signer certificate
+             *          and containing header_fields[2].type
+             *              indicating 'generation_time_with_standard_deviation'
+             *                  indicating TIME_2 inside the validity period of the signer certificate
+             *          and and containing header_fields[3] {
+             *              containing type
+             *                  indicating 'its_aid'
+             *              containing its_aid
+             *                  indicating 'AID_CAM'
+             *       }
+             *       and not containing other header fields
+             *  } then { 
+             *      the IUT discards the message 
+             *  } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_04_05b_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_signer_info(
+                            m_signerInfo_digest(
+                                vc_atCertificate.signer_info.signerInfo.digest
+                        )), 
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_generation_time_with_standard_deviation(
+                            m_time64WithStandardDeviation(
+                                1000 * f_getCurrentTime(), // In us
+                                0
+                        )), 
+                        m_header_field_its_aid_CAM
+                    }, 
+                    e_certificate_digest_with_sha256,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_04_05b_EB
+            
+            /**
+             * @desc    Check that IUT discards secured CAM when its_aid value is not equal to 16512
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with { 
+             *  the IUT being in the 'authorized' state 
+             * } 
+             * ensure that { 
+             *     when {  
+             *         the IUT is receiving a SecuredMessage (CAM) 
+             *             containing header_fields['its_aid'] 
+             *                 indicating AID_DENM 
+             *             and containing payload_field { 
+             *                 containing type 
+             *                     indicating 'signed' 
+             *                 containing data 
+             *                     containing CAM payload 
+             *             } 
+             *     } then { 
+             *         the IUT discards the message 
+             *     } 
+             * } 
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_07_01_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_its_aid_DENM
+                    }
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_07_01a_EB
+            
+            /**
+            * @desc    Check that IUT discards the Secured CAM containing empty payload of type 'signed'.
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *              and containing header_fields['its_aid']
+            *                  indicating 'AID_CAM'
+            *               and containing payload_field {
+            *                   containing type
+            *                       indicating 'signed'
+            *                   containing data
+            *                       indicating length 0
+            *               }
+            *           }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_09_02_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                var GnNonSecuredPacket v_gnNonSecuredPacket;
+                var octetstring v_gnPayload;
+                var template (value) SecuredMessage v_securedMessage;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
+                v_gnNonSecuredPacket.payload.rawPayload := ''O;
+                v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
+                f_buildGnSecuredCam(
+                    v_securedMessage,
+                    m_payload_signed(
+                        v_gnPayload
+                    )
+                );
+                v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_09_02_EB
+            
+            /**
+            * @desc    Check that IUT discards the Secured CAM containing non-empty payload of type 'unsecured'
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *              and containing header_fields['its_aid']
+            *                  indicating 'AID_CAM'
+            *               and containing payload_field {
+            *                   containing type
+            *                       indicating 'unsecured'
+            *               }
+            *           }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_09_03_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                var GnNonSecuredPacket v_gnNonSecuredPacket;
+                var octetstring v_gnPayload;
+                var template (value) SecuredMessage v_securedMessage;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
+                v_gnNonSecuredPacket.payload := valueof(f_adaptPayload_m(
+                    bit2oct(
+                        encvalue(
+                            m_camMsg_vehicle_HF_BV(
+                                f_getTsStationId(),
+                                f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
+                                LibItsCam_Templates.m_tsPosition
+                            )
+                        )
+                    )
+                ));
+                v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
+                f_buildGnSecuredCam(
+                    v_securedMessage,
+                    m_payload_unsecured(
+                        v_gnPayload
+                    )
+                );
+                v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_09_03_EB
+
+            /**
+            * @desc    Check that IUT discards the Secured CAM containing non-empty payload of type 'encrypted'
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *              and containing header_fields['its_aid']
+            *                  indicating 'AID_CAM'
+            *               and containing payload_field {
+            *                   containing type
+            *                       indicating 'encrypted'
+            *               }
+            *           }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_09_04_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                var GnNonSecuredPacket v_gnNonSecuredPacket;
+                var octetstring v_gnPayload;
+                var template (value) SecuredMessage v_securedMessage;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
+                v_gnNonSecuredPacket.payload := valueof(f_adaptPayload_m(
+                    bit2oct(
+                        encvalue(
+                            m_camMsg_vehicle_HF_BV(
+                                f_getTsStationId(),
+                                f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
+                                LibItsCam_Templates.m_tsPosition
+                            )
+                        )
+                    )
+                ));
+                v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
+                f_buildGnSecuredCam(
+                    v_securedMessage,
+                    m_payload_encrypted(
+                        v_gnPayload
+                    )
+                );
+                v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_09_04_EB
+            
+            /**
+            * @desc    Check that IUT discards the Secured CAM containing exactly one non-empty payload of type 'signed_external'
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *              and containing header_fields['its_aid']
+            *                  indicating 'AID_CAM'
+            *               and containing payload_field {
+            *                   containing type
+            *                       indicating 'signed_external'
+            *               }
+            *           }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_09_05_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                var GnNonSecuredPacket v_gnNonSecuredPacket;
+                var octetstring v_gnPayload;
+                var template (value) SecuredMessage v_securedMessage;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
+                v_gnNonSecuredPacket.payload := valueof(f_adaptPayload_m(
+                    bit2oct(
+                        encvalue(
+                            m_camMsg_vehicle_HF_BV(
+                                f_getTsStationId(),
+                                f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
+                                LibItsCam_Templates.m_tsPosition
+                            )
+                        )
+                    )
+                ));
+                v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
+                f_buildGnSecuredCam(
+                    v_securedMessage,
+                    m_payload_signed_external
+                );
+                v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_09_05_EB
+            
+            /**
+            * @desc    Check that IUT discards the Secured CAM containing non-empty payload of type 'signed_and_encrypted'
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *              and containing header_fields['its_aid']
+            *                  indicating 'AID_CAM'
+            *               and containing payload_field {
+            *                   containing type
+            *                       indicating 'signed_and_encrypted'
+            *               }
+            *           }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_09_06_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                var GnNonSecuredPacket v_gnNonSecuredPacket;
+                var octetstring v_gnPayload;
+                var template (value) SecuredMessage v_securedMessage;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_gnNonSecuredPacket := valueof(m_geoNwShbPacket(f_getPosition(c_compNodeC)));
+                v_gnNonSecuredPacket.payload := valueof(f_adaptPayload_m(
+                    bit2oct(
+                        encvalue(
+                            m_camMsg_vehicle_HF_BV(
+                                f_getTsStationId(),
+                                f_getCurrentTime() mod 65536, // See ETSI EN 302 637-2 V1.3.0 - Clause B.3 generationDelatTime
+                                LibItsCam_Templates.m_tsPosition
+                            )
+                        )
+                    )
+                ));
+                v_gnPayload := bit2oct(encvalue(v_gnNonSecuredPacket));
+                f_buildGnSecuredCam(
+                    v_securedMessage,
+                     m_payload_signed_and_encrypted(
+                        v_gnPayload
+                    )
+                );
+                v_securedGnPdu := valueof(m_geoNwSecPdu(v_gnNonSecuredPacket, v_securedMessage));
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_09_06_EB
+            
+            /**
+            * @desc    Check that IUT discards the Secured CAM doesn't containing the TrailerField of type 'signature'
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *    with {
+            *        the IUT being in the 'authorized' state
+            *    }
+            *    ensure that {
+            *        when {
+            *            the IUT is receiving a SecuredMessage {
+            *              and containing header_fields['its_aid']
+            *                  indicating 'AID_CAM'
+            *                and containing trailer_fields
+            *                    not containing any instance of type TrailerField {
+            *                        containing type
+            *                            indicating 'signature'
+            *                    }
+            *            }
+            *        } then {
+            *            the IUT discards the message
+            *        }
+            *    }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_10_01_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(cc_taCertA); 
+                v_securedGnPdu.gnPacket.securedMsg.trailer_fields := {};
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for(i:=0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i:=i+1) {
+                // empty on purpose
+                }
+                if(i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_10_01_EB
+            
+            /**
+            * @desc    Check that IUT discards the Secured CAM containing more then one instance of TrailerField of type 'signature'
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *              and containing header_fields['its_aid']
+            *                  indicating 'AID_CAM'
+            *              and containing trailer_fields[0].type
+            *                           indicating 'signature'
+            *              and containing trailer_fields[1].type
+            *                  indicating 'signature'
+            *                   }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_10_02_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(cc_taCertA); 
+                v_securedGnPdu.gnPacket.securedMsg.trailer_fields[1] := v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0];
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for(i:=0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i:=i+1) {
+                // empty on purpose
+                }
+                if(i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_10_02_EB
+
+            /**
+            * @desc    Check that the IUT discards Secured message containing signature that is not verified using the 
+            *        verification key from the certificate contained in the message's signer info
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *               containing header_fields ['signer_info'] {
+            *                   containing signer {
+            *                       containing type
+            *                           indicating 'certificate'
+            *                       containing certificate
+            *                           containing subject_info.subject_type
+            *                               indicating 'authorization_ticket' (2)
+            *                           and containing subject_attributes['verification key'] (KEY)
+            *                   }
+            *               }
+            *               containing header_fields['its_aid']
+            *                   indicating 'AID_CAM'
+            *               containing trailer_fields {
+            *                   containing single instance of type TrailerField {
+            *                       containing type
+            *                           indicating 'signature'
+            *                       containing signature
+            *                           NOT verifiable using KEY
+            *                   }
+            *               }
+            *           }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_11_01_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    omit, 
+                    e_certificate
+                );
+                v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s
+                    := not4b(v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s);
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for(i:=0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i:=i+1) {
+                // empty on purpose
+                }
+                if(i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                              
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_11_01_EB
+
+            /**
+            * @desc    Check that the IUT discards Secured message containing signature that is not verified using the 
+            *        verification key from the certificate, referenced by the digest contained in the message's signer info
+            * 
+            * Pics Selection: none
+            * Config Id: CF01
+            * Initial conditions:
+            *   with {
+            *       the IUT being in the 'authorized' state
+            *   }
+            *   ensure that {
+            *       when {
+            *           the IUT is receiving a SecuredMessage {
+            *               containing header_fields ['signer_info'] {
+            *                   containing signer {
+            *                       containing type
+            *                           indicating 'certificate_digest_with_sha256'
+            *                       containing digest
+            *                           referencing to the certificate
+            *                               containing subject_info.subject_type
+            *                                   indicating 'authorization_ticket' (2)
+            *                               and containing subject_attributes['verification key'] (KEY)
+            *                   }
+            *               }
+            *               containing header_fields['its_aid']
+            *                   indicating 'AID_CAM'
+            *               containing trailer_fields {
+            *                   containing single instance of type TrailerField {
+            *                       containing type
+            *                           indicating 'signature'
+            *                       containing signature
+            *                           NOT verifiable using KEY
+            *                   }
+            *               }
+            *           }
+            *       } then {
+            *           the IUT discards the message
+            *       }
+            *   }
+            * 

+            *
+            * @see
+            * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+            */
+            testcase TC_SEC_ITSS_RCV_CAM_11_02_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    omit, 
+                    e_certificate_digest_with_sha256
+                );
+                v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s
+                    := not4b(v_securedGnPdu.gnPacket.securedMsg.trailer_fields[0].trailerField.signature_.signature_.ecdsa_signature.s);
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for(i:=0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i:=i+1) {
+                // empty on purpose
+                }
+                if(i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_11_02_EB
+            
+            /**
+             * @desc    Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type "enrolment_credential"
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * Expected behaviour:
+             * ensure that {
+             *   when {
+             *      the IUT is receiving a SecuredMessage (CAM)
+             *          containing header_field 'signer_info'
+             *              containing signer_info.type
+             *                  indicating 'certificate'
+             *              containing signer.certificate.subject_info.subject_type
+             *                  indicating 'enrolment_credentials'
+             *          and containing header_field 'its_aid'
+             *              indicating 'AID_CAM'
+             *       }
+             *       and not containing other header fields
+             *   } then { 
+             *      the IUT discards the message 
+             *   }
+             * } 
+             * 

+             *
+             * @see     ETSI TS 103 097 V1.1.14, clause 6.3 
+             * @reference   EN 302 636-4-1 [1], clauses 9.3.2 , 8.6.2 and Annex G
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_12_01_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertF, 
+                    {
+                        m_header_field_signer_info(
+                            m_signerInfo_certificate(
+                                vc_atCertificate
+                        )), 
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_its_aid_CAM
+                    }, 
+                    e_certificate,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_12_01_EB
+            
+            /**
+             * @desc    Check that IUT discards a Secured CAM if the signer certificate of the message contains the subject type "authorization_authority"
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * Expected behaviour:
+             * ensure that {
+             *   when {
+             *      the IUT is receiving a SecuredMessage (CAM)
+             *          containing header_field 'signer_info'
+             *              containing signer_info.type
+             *                  indicating 'certificate'
+             *              containing signer.certificate.subject_info.subject_type
+             *                  indicating 'authorization_authority'
+             *          and containing header_field 'its_aid'
+             *              indicating 'AID_CAM'
+             *       }
+             *       and not containing other header fields
+             *   } then { 
+             *      the IUT discards the message 
+             *   }
+             * } 
+             * 

+             *
+             * @see     ETSI TS 103 097 V1.1.14, clause 6.3 
+             * @reference   EN 302 636-4-1 [1], clauses 9.3.2 , 8.6.2 and Annex G
+             */
+            testcase TC_SEC_ITSS_RCV_CAM_12_02_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredCam(
+                    cc_taCertA, 
+                    {
+                        m_header_field_signer_info(
+                            m_signerInfo_certificate(
+                                vc_aaCertificate
+                        )), 
+                        m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
+                        m_header_field_its_aid_CAM
+                    }, 
+                    e_certificate,
+                    false
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_CAM_12_02_EB
+            
+        } // End of group g_recvCamProfile
+        
+        group g_recvDenmProfile {
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured DENM signed with the certificate without region validity restriction
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Expected behavior:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is receiving a SecuredMessage
+             *          containing header_fields[0]
+             *              containing type 
+             *                  indicating 'signer_info'
+             *              and containing signer {
+             *                  containing type
+             *                      indicating 'certificate'
+             *                  and containing certificate (CERT_AT_A) {
+             *                      containing subject_info.subject_type
+             *                          indicating 'authorization_ticket' (2)
+             *                      and containing subject_attributes['verification key'] (KEY)
+             *             and not containing validity_restrictions['region']
+             *                  }
+             *              }
+             *       and containing header_fields [1]
+             *         containing type 
+             *           indicating 'generation_time'
+             *              containing generation_time
+             *                  indicating CURRENT_TIME
+             *       and containing header_fields [2]
+             *         containing type 
+             *           indicating 'generation_location'
+             *              containing generation_location
+             *       and containing header_fields[3]
+             *         containing type 
+             *           indicating 'its_aid'
+             *         containing its_aid
+             *              indicating 'AID_DENM'
+             *          and containing payload_field {
+             *              containing type
+             *                  indicating 'signed'
+             *              containing data
+             *                  indicating length > 0
+             *                  containing DENM payload
+             *          }
+             *          and containing trailer_fields {
+             *              containing single instance of type TrailerField {
+             *                  containing type
+             *                      indicating 'signature'
+             *                  containing signature
+             *                      verifiable using KEY
+             *              }
+             *          }
+             *   } then {
+             *     the IUT accepts the message
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_01_01a_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertA, omit, e_certificate);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_01_01a_NB
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured DENM signe with the certificate with a circular region validity restriction
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Expected behavior:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is receiving a SecuredMessage
+             *       and containing header_fields[0]
+             *              containing type 
+             *                  indicating 'signer_info'
+             *              and containing signer {
+             *                  containing type
+             *                      indicating 'certificate'
+             *                  and containing certificate (CERT_AT_B) {
+             *                      containing subject_info.subject_type
+             *                          indicating 'authorization_ticket' (2)
+             *                      and containing subject_attributes['verification key'] (KEY)
+             *                      and containing validity_restrictions['region'] {
+             *                          containing region{
+             *                              containing region_type
+             *                                  indicating 'circle'
+             *                              and containing circular_region
+             *                                  indicating REGION
+             *                          }
+             *                      }
+             *                  }
+             *       and containing header_fields [1]
+             *         containing type 
+             *           indicating 'generation_time'
+             *              containing generation_time
+             *                  indicating CURRENT_TIME
+             *       and containing header_fields [2]
+             *         containing type 
+             *           indicating 'generation_location'
+             *              containing generation_location
+             *                  indicating position inside the REGION
+             *       and containing header_fields[3]
+             *         containing type 
+             *           indicating 'its_aid'
+             *         containing its_aid
+             *              indicating 'AID_DENM'
+             *       and not containing any other header_fields
+             *       and containing payload_fields {
+             *              containing type
+             *                  indicating 'signed'
+             *              containing data
+             *                  indicating length > 0
+             *                  containing DENM payload
+             *          }
+             *          and containing trailer_fields {
+             *              containing single instance of type TrailerField {
+             *                  containing type
+             *                      indicating 'signature'
+             *                  containing signature
+             *                      verifiable using KEY
+             *              }
+             *          }
+             *   } then {
+             *     the IUT accepts the message
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_01_01b_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertB, omit, e_certificate);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_01_01b_NB
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured DENM signe with the certificate with a rectangular region validity restriction
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Expected Behavior:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is receiving a SecuredMessage
+             *       containing protocol_version 
+             *         indicating value '2'
+             *       and containing header_fields[0]
+             *              containing type 
+             *                  indicating 'signer_info'
+             *              and containing signer {
+             *                  containing type
+             *                      indicating 'certificate'
+             *                  and containing certificate (CERT_AT_C) {
+             *                      containing subject_info.subject_type
+             *                          indicating 'authorization_ticket' (2)
+             *                      and containing subject_attributes['verification key'] (KEY)
+             *                      and containing validity_restrictions['region'] {
+             *                          containing region{
+             *                              containing region_type
+             *                                  indicating 'rectangle'
+             *                              and containing rectangular_regions
+             *                                  indicating REGIONS
+             *                          }
+             *                      }
+             *                  }
+             *       and containing header_fields [1]
+             *         containing type 
+             *           indicating 'generation_time'
+             *              containing generation_time
+             *                  indicating CURRENT_TIME
+             *       and containing header_fields [2]
+             *         containing type 
+             *           indicating 'generation_location'
+             *              containing generation_location
+             *           indicating position inside the REGION
+             *       and containing header_fields[3]
+             *         containing type 
+             *           indicating 'its_aid'
+             *         containing its_aid
+             *              indicating 'AID_DENM'
+             *       and not containing any other header_fields
+             *          and containing payload_field {
+             *              containing type
+             *                  indicating 'signed'
+             *              containing data
+             *                  indicating length > 0
+             *                  containing DENM payload
+             *          }
+             *          and containing trailer_fields {
+             *              containing single instance of type TrailerField {
+             *                  containing type
+             *                      indicating 'signature'
+             *                  containing signature
+             *                      verifiable using KEY
+             *              }
+             *          }
+             *   } then {
+             *     the IUT accepts the message
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_01_01c_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertC, omit, e_certificate);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_01_01c_NB
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured DENM signe with the certificate with a polygonal region validity restriction 
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Expected Behavior:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is receiving a SecuredMessage
+             *       containing protocol_version 
+             *         indicating value '2'
+             *       and containing header_fields[0]
+             *              containing type 
+             *                  indicating 'signer_info'
+             *              and containing signer {
+             *                  containing type
+             *                      indicating 'certificate'
+             *                  and containing certificate (CERT_AT_D) {
+             *                      containing subject_info.subject_type
+             *                          indicating 'authorization_ticket' (2)
+             *                      and containing subject_attributes['verification key'] (KEY)
+             *                      and containing validity_restrictions['region'] {
+             *                          containing region{
+             *                              containing region_type
+             *                                  indicating 'polygon'
+             *                              and containing polygonal_region
+             *                   indicating REGION
+             *                          }
+             *                      }
+             *                  }
+             *       and containing header_fields [1]
+             *         containing type 
+             *           indicating 'generation_time'
+             *              containing generation_time
+             *                  indicating CURRENT_TIME
+             *       and containing header_fields [2]
+             *         containing type 
+             *           indicating 'generation_location'
+             *              containing generation_location
+             *           indicating position inside the REGION
+             *       and containing header_fields[3]
+             *         containing type 
+             *           indicating 'its_aid'
+             *         containing its_aid
+             *              indicating 'AID_DENM'
+             *       and not containing any other header_fields
+             *          and containing payload_field {
+             *              containing type
+             *                  indicating 'signed'
+             *              containing data
+             *                  indicating length > 0
+             *                  containing DENM payload
+             *          }
+             *          and containing trailer_fields {
+             *              containing single instance of type TrailerField {
+             *                  containing type
+             *                      indicating 'signature'
+             *                  containing signature
+             *                      verifiable using KEY
+             *              }
+             *          }
+             *   } then {
+             *     the IUT accepts the message
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_01_01d_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertD, omit, e_certificate);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_01_01d_NB
+            
+            /**
+             * @desc    Check that IUT accepts a well-formed Secured DENM signe with the certificate with a identified region validity restriction 
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Expected Behavior:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is receiving a SecuredMessage
+             *       containing protocol_version 
+             *         indicating value '2'
+             *       and containing header_fields[0]
+             *              containing type 
+             *                  indicating 'signer_info'
+             *              and containing signer {
+             *                  containing type
+             *                      indicating 'certificate'
+             *           and containing certificate (CERT_AT_E) {
+             *                      containing subject_info.subject_type
+             *                          indicating 'authorization_ticket' (2)
+             *                      and containing subject_attributes['verification key'] (KEY)
+             *                      and containing validity_restrictions['region'] {
+             *                          containing region{
+             *                              containing region_type
+             *                                  indicating 'id_region'
+             *                              and containing identified_region
+             *                                  indicating REGION
+             *                          }
+             *                      }
+             *                  }
+             *       and containing header_fields [1]
+             *         containing type 
+             *           indicating 'generation_time'
+             *              containing generation_time
+             *                  indicating CURRENT_TIME
+             *       and containing header_fields [2]
+             *         containing type 
+             *           indicating 'generation_location'
+             *              containing generation_location
+             *                  indicating position inside the REGION
+             *       and containing header_fields[3]
+             *         containing type 
+             *           indicating 'its_aid'
+             *         containing its_aid
+             *              indicating 'AID_DENM'
+             *       and not containing any other header_fields
+             *          and containing payload_field {
+             *              containing type
+             *                  indicating 'signed'
+             *              containing data
+             *                  indicating length > 0
+             *                  containing DENM payload
+             *          }
+             *          and containing trailer_fields {
+             *              containing single instance of type TrailerField {
+             *                  containing type
+             *                      indicating 'signature'
+             *                  containing signature
+             *                      verifiable using KEY
+             *              }
+             *          }
+             *   } then {
+             *     the IUT accepts the message
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_01_01e_NB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertD, omit, e_certificate);
+                
+                f_sleep(PX_TAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": PASS: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_01_01e_NB
+            
+            /**
+             * @desc    Check that IUT discards a Secured DENM containing protocol version set to a value less then 2
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage (DENM)
+             *              containing protocol_version 
+             *                  indicating 1
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_DENM'
+             *      } then {
+             *          the IUT discards a SecuredMessage
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_02_01a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredDenm(cc_taCertA);
+                v_securedGnPdu.gnPacket.securedMsg.protocol_version := 1;
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_02_01a_EB
+            
+            /**
+             * @desc    Check that IUT discards a Secured DENM containing protocol version set to a value greater then 2
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage (DENM)
+             *              containing protocol_version 
+             *                  indicating 3
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_DENM'
+             *      } then {
+             *          the IUT discards a SecuredMessage
+             *      }
+             *  }
+             * 

+             *
+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_02_01b_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredDenm(cc_taCertA);
+                v_securedGnPdu.gnPacket.securedMsg.protocol_version := 1;
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                }
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_02_01b_EB
+            
+            /**
+             * @desc  Check that IUT discards secured DENM when its_aid value is not equal to 16513
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             *  with {
+             *      the IUT being in the 'authorized' state
+             *  }
+             *  ensure that {
+             *      when { 
+             *          the IUT is receiving a SecuredMessage
+             *              containing header_fields['its_aid']
+             *                  indicating 'AID_CAM'
+             *              and containing payload_field {
+             *                  containing type    
+             *                    indicating 'signed'    
+             *                  containing data    
+             *                    containing DENM payload    
+             *              }    
+             *      } then {
+             *          the IUT discards the DENM
+             *      }
+             *  }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.1
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_07_01a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_prepareSecuredDenm(
+                    cc_taCertA, 
+                    {
+                        m_header_field_its_aid_CAM
+                    }
+                ); 
+                f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
+                
+                f_sleep(PX_TNOAC);
+                for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_securedGnPdu.gnPacket.packet.payload.rawPayload); i := i + 1) {
+                    // empty on purpose 
+                } // End of 'for' statement
+                if (i < lengthof(vc_utInds)) {
+                    log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                else {
+                    log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_07_01a_EB
+            
+            /**
+             * @desc   Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the circular validity region of the signing certificate
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send DENM
+             *   } then {
+             *     the IUT is receiving a SecuredMessage {
+             *          containing header_fields['signer_info'].type
+             *              indicating 'certificate'
+             *          and containing  header_fields ['signer_info'].certificate (CERT_AT_B)
+             *              containing validity_restrictions['region'] {
+             *                  containing region{
+             *                      containing region_type
+             *                          indicating 'circle'
+             *                      and containing circular_region
+             *                          indicating REGION
+             *                  }
+             *              }
+             *          and containing header_fields ['generation_location']
+             *              containing generation_location
+             *                  indicating position outside the REGION
+             *          and containing header_fields['its_aid']
+             *              indicating 'AID_DENM'
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_08_01a_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertB, omit, e_certificate);
+                
+                f_sleep(PX_TNOAC);
+                if (lengthof(vc_utInds) == 0) {
+                    log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_08_01a_EB
+            
+            /**
+             * @desc    Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the rectangilar validity region of the signing certificate
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send DENM
+             *   } then {
+             *     the IUT is receiving a SecuredMessage {
+             *          containing header_fields['signer_info'].type
+             *              indicating 'certificate'
+             *          and containing  header_fields ['signer_info'].certificate (CERT_AT_C)
+             *              containing validity_restrictions['region'] {
+             *                  containing region{
+             *                      containing region_type
+             *                          indicating 'rectangle'
+             *                      and containing rectangular_regions
+             *                          indicating REGION
+             *                  }
+             *              }
+             *          and containing header_fields ['generation_location']
+             *              containing generation_location
+             *                  indicating position outside the REGION
+             *          and containing header_fields['its_aid']
+             *              indicating 'AID_DENM'
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_08_01b_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertC, omit, e_certificate);
+                
+                f_sleep(PX_TNOAC);
+                if (lengthof(vc_utInds) == 0) {
+                    log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_08_01b_EB
+            
+            /**
+             * @desc    Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the polygonal validity region of the signing certificate    
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send DENM
+             *   } then {
+             *     the IUT is receiving a SecuredMessage {
+             *          containing header_fields['signer_info'].type
+             *              indicating 'certificate'
+             *          and containing  header_fields ['signer_info'].certificate (CERT_AT_D)
+             *              containing validity_restrictions['region'] {
+             *                  containing region{
+             *                      containing region_type
+             *                          indicating 'polygon'
+             *                      and containing polygonal_region
+             *                          indicating REGION
+             *                  }
+             *              }
+             *          and containing header_fields ['generation_location']
+             *              containing generation_location
+             *                  indicating position outside the REGION
+             *          and containing header_fields['its_aid']
+             *              indicating 'AID_DENM'
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_08_01c_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertD, omit, e_certificate);
+                
+                f_sleep(PX_TNOAC);
+                if (lengthof(vc_utInds) == 0) {
+                    log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_08_01c_EB
+            
+            /**
+             * @desc    Check that IUT discards Secured DENM if the HeaderField generation_location is outside of the identified validity region of the signing certificate 
+             * 
+             * Pics Selection: none
+             * Config Id: CF01
+             * Initial conditions:
+             * with {
+             *   the IUT being in the 'authorized' state
+             * }
+             * ensure that {
+             *   when {
+             *     the IUT is requested to send DENM
+             *   } then {
+             *     the IUT is receiving a SecuredMessage {
+             *          containing header_fields['signer_info'].type
+             *              indicating 'certificate'
+             *          and containing  header_fields ['signer_info'].certificate (CERT_AT_E)
+             *              containing validity_restrictions['region'] {
+             *                  containing region{
+             *                      containing region_type
+             *                          indicating 'id_region'
+             *                      and containing identified_region
+             *                          indicating REGION
+             *                  }
+             *              }
+             *          and containing header_fields ['generation_location']
+             *              containing generation_location
+             *                  indicating position outside the REGION
+             *          and containing header_fields['its_aid']
+             *              indicating 'AID_DENM'
+             *   }
+             * }
+             * 

+             * @see
+             * @reference ETSI TS 103 097 V1.1.14, clause 7.2
+             */
+            testcase TC_SEC_ITSS_RCV_DENM_08_01d_EB() runs on ItsGeoNetworking system ItsSecSystem {
+                
+                // Local variables
+                var integer i;
+                var GeoNetworkingPdu v_securedGnPdu;
+                
+                //  Test component configuration
+                f_cf01Up();
+                
+                // Preamble
+                f_prNeighbour();
+                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+                
+                // Test Body
+                v_securedGnPdu := f_sendSecuredDenm(cc_taCertE, omit, e_certificate);
+                
+                f_sleep(PX_TNOAC);
+                if (lengthof(vc_utInds) == 0) {
+                    log("*** " & testcasename() & ": PASS: DENM was dropped by the IUT ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                else {
+                    log("*** " & testcasename() & ": FAIL: DENM was transmitted to upper layer ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                // Postamble
+                f_poNeighbour();
+                f_cf01Down();
+            } // End of testcase TC_SEC_ITSS_RCV_DENM_08_01d_EB
+            
+        } // End of group g_recvDenmProfile
+        
+    } // End of group g_receiverbehavior
+    
+    group g_Certificates {
+        
+        /**
+         * @desc    Check that AT certificate has version 2
+         * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate in the next CAM
+         * }
+         * Expected Behaviour:
+         * ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating certificate
+         *         containing certificate {
+         *           containing version
+         *             indicating '2'
+         *         }
+         *       }
+         *   }
+         * }
+         * 

+         * @reference ETSI TS 103 097 V1.1.14, clause 6.1
+         */
+        testcase TC_SEC_SND_CERT_01_01() runs on ItsGeoNetworking system ItsSecSystem {
+            
+            // Test component configuration
+            f_cf01Up();
+            
+            // Preamble
+            f_prNeighbour();
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            // Test Body
+            tc_ac.start;
+            alt {
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage(
+                                superset(
+                                    mw_header_field_signer_info_certificate(
+                                        mw_certificate(
+                ))))))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage(
+                                superset(
+                                    mw_header_field_signer_info_certificate(
+                                        ?
+                )))))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                [] tc_ac.timeout {
+                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                }
+            } // End of 'alt' statement
+            
+            // Postamble
+            f_poNeighbour();
+            f_cf01Down();
+        } // End of testcase TC_SEC_SND_CERT_01_01
+        
+        /**
+         * @desc    Check that AA certificate has version 2
+         * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *      the IUT being requested to include certificate chain in the next CAM
+         * }
+         * Expected Behaviour:
+         * ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating certificate_chain
+         *         containing certificates.length >1
+         *         containing certificates[last-1] {
+         *           containing version
+         *             indicating '2'
+         *         }
+         *       }
+         *   }
+         * }
+         * 

+         * @reference ETSI TS 103 097 V1.1.14, clause 6.1
+         */
+        testcase TC_SEC_SND_CERT_01_02() runs on ItsGeoNetworking system ItsSecSystem {
+            // Local declarations
+            var SecuredMessage v_recv;
+            var Certificate v_cert;
+            var SignerInfo v_si;
+            var HashedId8 v_digest;
+            
+            // Test component configuration
+            f_cf01Up();
+            
+            // Preamble
+            f_prNeighbour();
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            // Wait for the message with the certificate to retrieve the AA digest.
+            // Ask for the chain, containing AT and AA certificate
+            // Check AA Certificate
+            log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain  ***");
+            tc_ac.start;
+            f_askForCertificateChain(f_generateDefaultCam());
+            tc_ac.stop;
+            
+            // Test Body
+            tc_ac.start;
+            alt {
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage(
+                                superset(
+                                    mw_header_field_signer_info_certificate_chain(
+                                        superset(
+                                            mw_aa_certificate
+                ))))))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+                }
+                [] geoNetworkingPort.receive(
+                    mw_geoNwInd(
+                        mw_geoNwSecPdu(
+                            mdw_securedMessage(
+                                superset(
+                                    mw_header_field_signer_info_certificate_chain
+                ))))) {
+                    tc_ac.stop;
+                    log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                [] tc_ac.timeout {
+                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+                }
+            } // End of 'alt' statement
+            
+            // Postamble
+            f_poNeighbour();
+            f_cf01Down();
+            
+        } // End of testcase TC_SEC_SND_CERT_01_02
+        
+        /**
+         * @desc    Check that the certificate chain is valid: Check signer_info 
+         * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate chain in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating certificate_chain
+         *         containing certificates[N] {
+         *           containing signer_info {
+         *             containing type
+         *               indicating 'certificate_digest_with_sha256'
+         *             containing digest
+         *               referenced to the certificates[N-1]
+         *           }
+         *         }
+         *       }
+         *   }
+         * }
+         * 

+         * @reference ETSI TS 103 097 V1.1.14, clause 6.1
+         */
+        testcase TC_SEC_SND_CERT_02_01() runs on ItsGeoNetworking system ItsSecSystem {
+            // TODO: This TC is fully covered by TC_SEC_SND_CERT_09_02 
+            // Local declarations
+            var CertificateChain v_chain;
+            var SignerInfo v_si;
+            var HashedId8 v_digest;
+            
+            // Test component configuration
+            f_cf01Up();
+            
+            // Preamble
+            f_prNeighbour();
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
+            tc_ac.start;
+            if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+            }
+            tc_ac.stop;
+            
+            // Test Body
+            for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1) {                
+                if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
+                    log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't contain signer info ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
+                    log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+                
+                v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
+                if (not match (v_si.signerInfo.digest, v_digest)) {
+                    log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                }
+            } // End of 'for' statement
+            log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***");
+            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+            
+            // Postamble
+            f_poNeighbour();
+            f_cf01Down();
+            
+        } // End of testcase TC_SEC_SND_CERT_02_01
+        
+        /**
+         * @desc Check that the length of the vector of rectangles is less then 6.
+         *       Check that region is continuous and does not contain any holes.
+         *       Check that the rectangles are valid  
+         * 
+         * Pics Selection: PIC_UseRectangularRegion
+         * Config Id: CF01
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate'
+         *         containing certificate {
+         *           containing no validity restriction or validity_restrictions['region']{
+         *             containing region_type
+         *               indicating 'rectangle'
+         *             containing rectangular_region {
+         *               indicating length <= 6
+         *               containing elements of type RectangularRegion
+         *                 indicating continuous region without holes
+         *                 containing northwest and southeast
+         *                   indicating northwest is on the north from southeast
+         *             }
+         *           }
+         *         }
+         *       }
+         *   }
+         * }
+         * 

+         * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.21, 4.2.24
+         */
+        testcase TC_SEC_SND_CERT_04_01() runs on ItsGeoNetworking system ItsSecSystem {
+            // Local declarations
+            var Certificate         v_cert;
+            var ValidityRestriction v_vr;
+            var integer             v_counter;
+            
+            // Test component configuration
+            f_cf01Up();
+            
+            // Preamble
+            f_prNeighbour();
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            // Test body
+            tc_ac.start;
+            f_waitForCertificate(v_cert);
+            tc_ac.stop;
+            if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
+                if (v_vr.validity.region.region_type == e_rectangle) {
+                    var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
+                    if (lengthof(v_rects) > 6) {
+                        log("*** " & testcasename() & ": FAIL: Rectangular regions count is more then 6 ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    for (v_counter := 0; v_counter 1) { 
+                        if (true !=  f_isContinuousRectangularRegions(v_rects)) {
+                            log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
+                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                        }
+                    }
+                } else {
+                    log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
+                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
+                }
+                
+                log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+            } else {
+                log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+            }
+            
+            // Postamble
+            f_poNeighbour();
+            f_cf01Down();
+            
+        } // End of testcase TC_SEC_SND_CERT_04_01
+        
+        /**
+         * @desc Check that the rectangular region of the subordinate certificate is well formed 
+         *       and inside the validity restrictions of the issuing certificate.  
+         * 
+         * Pics Selection: PIC_UseRectangularRegion
+         * Config Id: CF01
+         * with {
+         *     the IUT being in the 'authorized' state
+         *     the IUT being requested to include certificate chain in the next CAM
+         * } ensure that {
+         *   when {
+         *        the IUT is requested to send a CAM
+         *      } then {
+         *        the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *          containing type
+         *            indicating 'certificate_chain'
+         *         containing certificates
+         *           indicating CERTIFICATES {
+         *                containing CERTIFICATES[N] {
+         *               containing validity_restrictions['region'] {
+         *                 containing region_type
+         *                   indicating 'rectangle'
+         *                 containing rectangular_region {
+         *                   indicating length <= 6
+         *                   and containing elements of type RectangularRegion
+         *                     containing northwest and southeast
+         *                       indicating northwest  on the north from southeast
+         *                   and indicating continuous region without holes
+         *                     which is inside the CERTIFICATES[N-1].validity_restrictions['region'] if region validity restriction is containted in certificate CERTIFICATES[N-1]
+         *                    }
+         *                  }
+         *             }
+         *           }
+         *       }
+         *       }
+         * }
+         * 

+         * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.21, 4.2.24
+         */
+        testcase TC_SEC_SND_CERT_04_02() runs on ItsGeoNetworking system ItsSecSystem {
+            // Local declarations
+            var CertificateChain    v_chain;
+            var ValidityRestriction v_vr, v_vri;  // current and issuing cert validity restrictions
+            var boolean f_vr, f_vri;
+            
+            
+            // Test component configuration
+            f_cf01Up();
+            
+            // Preamble
+            f_prNeighbour();
+            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+            
+            log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
+            tc_ac.start;
+            if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
+                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+                f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
+            }
+            tc_ac.stop;
+            
+            // Test Body
+            f_vr := false;
+            for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
+                v_vri := v_vr;
+                f_vri := f_vr;
+                f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
+                if (f_vr) {
+                    var RectangularRegions v_rects;
+                    if (v_vr.validity.region.region_type != e_rectangle) {
+                        log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not rectangular ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    v_rects := v_vr.validity.region.region.rectangular_region;
+                    if (lengthof(v_rects) > 6) {
+                        log("*** " & testcasename() & ": FAIL: Rectangular regions count is more then 6 ***");
+                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+                    }
+                    for (var integer j:=0; j
+         * Pics Selection: PIC_UsePolygonalRegion
+         * Config Id: CF01
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate'
+         *         containing certificate {
+         *           containing validity_restrictions['region']{
+         *             containing region_type
+         *               indicating 'polygon'
+         *             containing polygonal_region {
+         *               indicating length >=3 and <=12
+         *               indicating continuous region without holes and intersections
+         *             }
+         *           }
+         *         }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.25 + */ + testcase TC_SEC_SND_CERT_05_01() runs on ItsGeoNetworking system ItsSecSystem { + var Certificate v_cert; + var ValidityRestriction v_vr; + var integer v_counter; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test body + tc_ac.start; + f_waitForCertificate(v_cert); + tc_ac.stop; + if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) { + if (v_vr.validity.region.region_type == e_polygon) { + var PolygonalRegion v_pr := v_vr.validity.region.region.polygonal_region; + var integer v_length := lengthof(v_pr); + if (v_length < 3) { + log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + if (v_length > 12) { + log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + if (true != f_isValidPolygonalRegion(v_pr)) { + log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } else { + log("*** " & testcasename() & ": INCONC: Certificate has other region type ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc + } + } else { + log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } + + // Postamble + f_poNeighbour(); + f_cf01Down(); + + } // End of testcase TC_SEC_SND_CERT_05_01 + + /** + * @desc Check Polygonal Region: + * Must contain at least 3 and no more then 12 points. + * Intersections and holes are not permited. + * The region must be inside the issuing certificate restrictions. + * 
+         * Pics Selection: PIC_UsePolygonalRegion
+         * Config Id: CF01
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate chain in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate_chain'
+         *         containing certificates
+         *           indicating CERTIFICATES {
+         *             containing CERTIFICATES[N] {
+         *               containing validity_restrictions['region'] {
+         *                 containing region_type
+         *                   indicating 'polygon'
+         *                 containing polygonal_region {
+         *                   indicating length >=3 and <=12
+         *                   indicating continuous region without holes and intersections
+         *                     which is inside the CERTIFICATES[N-1].validity_restrictions['region'].polygonal_region 
+         *                       if region validity restriction is containted in certificate CERTIFICATES[N-1]
+         *                 }
+         *               }
+         *             }
+         *           }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.25 + */ + testcase TC_SEC_SND_CERT_05_02() runs on ItsGeoNetworking system ItsSecSystem { + // Local declarations + var CertificateChain v_chain; + var ValidityRestriction v_vr, v_vri; // current and issuing cert validity restrictions + var boolean f_vr, f_vri; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + f_vr := false; + for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) { + v_vri := v_vr; + f_vri := f_vr; + f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr); + if (f_vr) { + var PolygonalRegion v_pr; + var integer v_length; + + if (v_vr.validity.region.region_type != e_polygon) { + log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + v_pr := v_vr.validity.region.region.polygonal_region; + v_length := lengthof(v_pr); + + if (v_length < 3) { + log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if (v_length > 12) { + log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big in cert " & int2str(v_counter) & "***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if (true != f_isValidPolygonalRegion(v_pr)) { + log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if (f_vri) { + // current restrictions must be inside of the parent one + if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + } else { + // Region validity restriction is not exist + if (f_vri) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate " & int2str(v_counter) & + "because this restriction exists in the issuing certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + } // End of 'for' statement + + log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + + } // End of testcase TC_SEC_SND_CERT_05_02 + + /** + * @desc Check Identified Region: + * Must contain value that correspond to numeric country codes as defined in ISO 3166-1 + * 
+         * Pics Selection: PIC_UseIdentifiedRegion, PIC_UseISO31661RegionDictionary
+         * Config Id: CF01
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate'
+         *         containing certificate {
+         *           containing validity_restrictions['region']{
+         *             containing region_type
+         *               indicating 'id'
+         *             containing id_region {
+         *               containing region_dictionary
+         *                 indicating 'iso_3166_1' (0)
+         *               containing region_identifier
+         *                 indicating valid value according to 'iso_3166_1'
+         *               containing local_region
+         *             }
+         *           }
+         *         }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.27 + */ + testcase TC_SEC_SND_CERT_06_01() runs on ItsGeoNetworking system ItsSecSystem { + var Certificate v_cert; + var ValidityRestriction v_vr; + var integer v_counter; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test body + tc_ac.start; + f_waitForCertificate(v_cert); + tc_ac.stop; + if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) { + if (v_vr.validity.region.region_type == e_id) { + if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) { + log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } else { + log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } + + // Postamble + f_poNeighbour(); + f_cf01Down(); + + } // End of testcase TC_SEC_SND_CERT_06_01 + + /** + * @desc Check Identified Region: + * Must contain value that correspond to numeric country codes as defined in ISO 3166-1 + * Subordinate certificate restrictions must be a subset of the issuing certificate restrictions + * 
+         * Pics Selection: PIC_UseIdentifiedRegion, PIC_UseISO31661RegionDictionary
+         * Config Id: CF01
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate chain in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate_chain'
+         *         containing certificates
+         *           indicating CERTIFICATES {
+         *             containing CERTIFICATES[0] {
+         *               containing validity_restrictions['region'] {
+         *                 containing region_type
+         *                   indicating 'id'
+         *                 containing id_region {
+         *                   containing region_dictionary
+         *                     indicating 'iso_3166_1' (0)
+         *                   containing region_identifier
+         *                     indicating valid value according to 'iso_3166_1'
+         *                   containing local_region
+         * 
+         *                 }
+         *             }
+         *             containing CERTIFICATES[n] (1..N) {
+         *               containing no validity restriction of type region or validity_restrictions['region'] {
+         *                 containing region_type
+         *                   indicating 'id'
+         *                 containing id_region 
+         *                   containing region_dictionary
+         *                     indicating 'iso_3166_1' (0)
+         *                   containing region_identifier
+         *                     indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.region_identifier
+         *                   containing local_region
+         *                     indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region
+         *                       or any value if CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region == 0
+         *                 }
+         *               }
+         *             }
+         *           }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.27 + */ + testcase TC_SEC_SND_CERT_06_02() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var ValidityRestriction v_vr, v_vri; // current and issuing cert validity restrictions + var boolean f_vr, f_vri; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + f_vr := false; + for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) { + v_vri := v_vr; + f_vri := f_vr; + f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr); + + if (f_vr) { + if (v_vr.validity.region.region_type == e_id) { + if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) { + log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + + if (f_vri) { + // the region code must be the same + if (v_vr.validity.region.region.id_region.region_identifier != + v_vri.validity.region.region.id_region.region_identifier) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + if ( v_vri.validity.region.region.id_region.local_region != 0 + and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region ) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + + } else { + // Region validity restriction is not exist + if (f_vri) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate " & int2str(v_counter) & + "because this restriction exists in the issuing certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + } + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_06_02 + + /** + * @desc Check Identified Region: + * Must contain value that correspond to numeric country codes as defined by United Nations Statistics Division + * 
+         * Pics Selection: PIC_UseIdentifiedRegion, PIC_UseUnStatsRegionDictionary
+         * Config Id: CF01
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate'
+         *         containing certificate {
+         *           containing validity_restrictions['region']{
+         *             containing region_type
+         *               indicating 'id'
+         *             containing id_region {
+         *               containing region_dictionary
+         *                 indicating 'un_stats' (0)
+         *               containing region_dictionary
+         *                 indicating 'un_stats' (0)
+         *               indicating length >=3 and <=12
+         *               indicating continuous region without holes and intersections
+         *             }
+         *           }
+         *         }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.27 + */ + testcase TC_SEC_SND_CERT_06_03() runs on ItsGeoNetworking system ItsSecSystem { + var Certificate v_cert; + var ValidityRestriction v_vr; + var integer v_counter; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test body + tc_ac.start; + f_waitForCertificate(v_cert); + tc_ac.stop; + if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) { + if (v_vr.validity.region.region_type == e_id) { + if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) { + log("*** " & testcasename() & ": FAIL: Identified region is not the UN Stats Region Code ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + log("*** " & testcasename() & ": PASS: Certificate has a valid identified region restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } else { + log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_06_03 + + /** + * @desc Check Identified Region: + * Must contain value that correspond to numeric country codes as defined by United Nations Statistics Division + * Subordinate certificate restrictions must be a subset of the issuing certificate restrictions + * 
+         * Pics Selection: PIC_UseIdentifiedRegion, PIC_UseUnStatsRegionDictionary
+         * Config Id: CF01
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate chain in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate_chain'
+         *         containing certificates
+         *           indicating CERTIFICATES {
+         *             containing CERTIFICATES[0] {
+         *               containing validity_restrictions['region'] {
+         *                 containing region_type
+         *                   indicating 'id'
+         *                 containing id_region {
+         *                   containing region_dictionary
+         *                     indicating 'un_stats' (1)
+         *                   containing region_identifier
+         *                     indicating valid value according to UnStats document
+         *                   containing local_region
+         * 
+         *                 }
+         *             }
+         *             containing CERTIFICATES[n] (1..N) {
+         *               containing no validity restriction of type region or validity_restrictions['region'] {
+         *                 containing region_type
+         *                   indicating 'id'
+         *                 containing id_region 
+         *                   containing region_dictionary
+         *                     indicating 'un_stats' (1)
+         *                   containing region_identifier
+         *                     indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.region_identifier
+         *                   containing local_region
+         *                     indicating CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region
+         *                       or any value if CERTIFICATES[n-1].validity_restrictions['region'].id_region.local_region == 0
+         *                 }
+         *               }
+         *             }
+         *           }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 4.2.27 + */ + testcase TC_SEC_SND_CERT_06_04() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var ValidityRestriction v_vr, v_vri; // current and issuing cert validity restrictions + var boolean f_vr, f_vri; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + f_vr := false; + for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) { + v_vri := v_vr; + f_vri := f_vr; + f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr); + + if (f_vr) { + if (v_vr.validity.region.region_type == e_id) { + if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) { + log("*** " & testcasename() & ": FAIL: Identified region is not the UN Stats Region Code ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + + if (f_vri) { + // the region code must be the same + if (v_vr.validity.region.region.id_region.region_identifier != + v_vri.validity.region.region.id_region.region_identifier) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + if ( v_vri.validity.region.region.id_region.local_region != 0 + and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region + and not f_isIdentifiedRegionInside(v_vri.validity.region.region.id_region.local_region, v_vr.validity.region.region.id_region.local_region) + ) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the subregion of the issuing one ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + + } else { + // Region validity restriction is not exist + if (f_vri) { + log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate " & int2str(v_counter) & + "because this restriction exists in the issuing certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + } + + // Postamble + f_poNeighbour(); + f_cf01Down(); + + } // End of testcase TC_SEC_SND_CERT_06_04 + + /** + * @desc Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only + * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *      the IUT being requested to include certificate in the next CAM
+         * }
+         * Expected Behaviour:
+         * ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating certificate
+         *         containing certificate {
+         *             containing signature.ecdsa_signature
+         *                 containing R.type
+         *                     indicating compressed_lsb_y_0
+         *                     or indicating compressed_lsb_y_1 
+         *                     or indicating x_coordinate_only
+         *         }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clause 6.1 + */ + testcase TC_SEC_SND_CERT_07_01() runs on ItsGeoNetworking system ItsSecSystem { + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + tc_ac.start; + alt { + [] geoNetworkingPort.receive( + mw_geoNwInd( + mw_geoNwSecPdu( + mdw_securedMessage( + superset( + mw_header_field_signer_info_certificate( + mw_at_certificate( + ?, + ?, + ?, + mw_signature( + mw_ecdsaSignature( + mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only + ))))))))) { + tc_ac.stop; + log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_0 received ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } + [] geoNetworkingPort.receive( + mw_geoNwInd( + mw_geoNwSecPdu( + mdw_securedMessage( + superset( + mw_header_field_signer_info_certificate( + mw_at_certificate( + ?, + ?, + ?, + mw_signature( + mw_ecdsaSignature( + mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only + ))))))))) { + tc_ac.stop; + log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_1 received ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } + [] geoNetworkingPort.receive( + mw_geoNwInd( + mw_geoNwSecPdu( + mdw_securedMessage( + superset( + mw_header_field_signer_info_certificate( + mw_at_certificate( + ?, + ?, + ?, + mw_signature( + mw_ecdsaSignature( + mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only + ))))))))) { + tc_ac.stop; + log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to x_coordinate_only received ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } + [] geoNetworkingPort.receive( + mw_geoNwInd( + mw_geoNwSecPdu( + mdw_securedMessage( + superset( + mw_header_field_signer_info_certificate( + mw_at_certificate + )))))) { + tc_ac.stop; + log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + [] tc_ac.timeout { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); + } + } // End of 'alt' statement + + // Postamble + f_poNeighbour(); + f_cf01Down(); + + } // End of testcase TC_SEC_SND_CERT_07_01 + + /** + * @desc Check the certificate signature + * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate'
+         *         containing certificate {
+         *           containing signer_info[0] {
+         *             containing type
+         *               indicating 'certificate_digest_with_sha256'
+         *             containing digest
+         *               referenced to the certificate CERT
+         *           }
+         *           containing signature
+         *             verifiable using CERT.subject_attributes['verification_key'].key
+         *         }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clause 7.4 + */ + testcase TC_SEC_SND_CERT_09_01() runs on ItsGeoNetworking system ItsSecSystem { + // Local declarations + var GeoNetworkingInd v_geoNwInd; + var Certificate v_at_cert; + var Certificate v_aa_cert; + var HashedId8 v_aa_digest; + var SignerInfo v_si; + var integer v_counter; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Wait for the message with the certificate to get the AA cert digest. + // Ask for the chain, containing AT and AA certificate + // Check that the AT cert in the first message is signed with the AA cert + log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); + tc_ac.start; + f_waitForCertificate(v_at_cert); + tc_ac.stop; + + if (true != f_getCertificateSignerInfo(v_at_cert, v_si)) { + log("*** " & testcasename() & ": FAIL: AT Certificate signer info is unknown ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + if (not match (v_si.type_, e_certificate_digest_with_sha256)) { + log("*** " & testcasename() & ": FAIL: AT Certificate is not signed well ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_aa_digest := v_si.signerInfo.digest; + + // Send a certificate request to the IUT + f_sendCertificateRequest(v_aa_digest, f_generateDefaultCam()); + + // Test Body + tc_ac.start; + alt { + [] geoNetworkingPort.receive( + mw_geoNwInd( + mw_geoNwSecPdu( + mdw_securedMessage( + superset( + mw_header_field_signer_info_certificate_chain + ))))) -> value v_geoNwInd { + var SecuredMessage v_secMsg; + var integer v_chainLength; + tc_ac.stop; + // Check certificate chain + + if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) { + v_chainLength := lengthof(v_si.signerInfo.certificates); + if (v_chainLength < 2 ) { + log("*** " & testcasename() & ": FAIL: Certificate chain doesn't contain the AA cert ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + // get aa cert + v_aa_cert := v_si.signerInfo.certificates[v_chainLength-2]; + if (not match (v_aa_digest, f_calculateDigestFromCertificate(v_aa_cert))) { + log("*** " & testcasename() & ": FAIL: AT certificate was not signed with the given AA cert ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + // Check that at cert is signed with aa cert + if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) { + log("*** " & testcasename() & ": FAIL: AT certificate signature error ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + log("*** " & testcasename() & ": PASS: AT certificate was well signed with AA certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } else { + log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + [] tc_ac.timeout { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); + } + } // End of 'alt' statement + + // Postamble + f_poNeighbour(); + f_cf01Down(); + + } // End of testcase TC_SEC_SND_CERT_09_01 + + /** + * @desc Check the signatures of the certificates in the chain + * 
+         * Pics Selection: none
+         * Config Id: CF01
+         * Initial conditions:
+         * with {
+         *   the IUT being in the 'authorized' state
+         *   the IUT being requested to include certificate chain in the next CAM
+         * } ensure that {
+         *    when {
+         *     the IUT is requested to send a CAM
+         *   } then {
+         *     the IUT sends a SecuredMessage
+         *       containing header_fields['signer_info'].signer {
+         *         containing type
+         *           indicating 'certificate_chain'
+         *         containing certificates
+         *           indicating CERTIFICATES {
+         *             containing CERTIFICATES[N] {
+         *               containing signer_info[0] {
+         *                 containing type
+         *                   indicating 'certificate_digest_with_sha256'
+         *                 containing digest
+         *                   referenced to the certificate CERTIFICATES[N-1]
+         *               }
+         *               containing signature
+         *                 verifiable using CERTIFICATES[N-1].subject_attributes['verification_key'].key
+         *             }
+         *         }
+         *       }
+         *   }
+         * }
+         *
+ * @reference ETSI TS 103 097 V1.1.14, clause 7.4 + */ + testcase TC_SEC_SND_CERT_09_02() runs on ItsGeoNetworking system ItsSecSystem { + // Local declarations + var GeoNetworkingInd v_geoNwInd; + var Certificate v_cert; + var CertificateChain v_chain; + var SignerInfo v_si; + var HashedId8 v_digest; + var integer v_counter; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Wait for the message with the certificate to get the AA cert digest. + // Ask for the chain, containing AT and AA certificate + // Check that the AT cert in the first message is signed with the AA cert + log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate and ask for a certificate chain ***"); + tc_ac.start; + f_askForCertificateChain(f_generateDefaultCam()); + tc_ac.stop; + + // Test Body + tc_ac.start; + alt { + [] geoNetworkingPort.receive( + mw_geoNwInd( + mw_geoNwSecPdu( + mdw_securedMessage( + superset( + mw_header_field_signer_info_certificate_chain + ))))) -> value v_geoNwInd { + var SecuredMessage v_secMsg; + var integer v_chainLength; + tc_ac.stop; + // Check certificate chain + if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) { + v_chain := v_si.signerInfo.certificates; + for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) { + if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) { + log("*** " & testcasename() & ": FAIL: Certificate "&int2str(v_counter) & " doesn't have a signer info ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + if (not match (v_si.type_, e_certificate_digest_with_sha256)) { + log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + // Check that cert is signed by issuing cert + v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]); + if (not match (v_si.signerInfo.digest, v_digest)) { + log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + // Check that the signature is valid + if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_chain[v_counter], v_chain[v_counter - 1])) { + log("*** " & testcasename() & ": FAIL: AT certificate signature error ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } // End of 'for' statement + + log("*** " & testcasename() & ": PASS: All certificates in the chain signed by it's issuing certs ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } else { + log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + [] tc_ac.timeout { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); + } + } + + // Postamble + f_poNeighbour(); + f_cf01Down(); + + } // End of testcase TC_SEC_SND_CERT_09_02 + + group g_AA_Certificates { + + /** + * @desc Check that the subject_type of the AA certificate is set to authorization_authority + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_authority' (2)
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 7.4.3 + */ + testcase TC_SEC_SND_CERT_AA_01_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) { + log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AA_01_01 + + /** + * @desc Check that the subject_name variable-length vector shall have a maximum length of 32 bytes. + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing subject_info.subject_name
+             *             indicating length <= 32 bytes
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 7.4.3 + */ + testcase TC_SEC_SND_CERT_AA_02_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + // Verified automatically on decoding + if (lengthof(v_chain[lengthof(v_chain) - 2].subject_info.subject_name) > 32 ) { + log("*** " & testcasename() & ": FAIL: Subject name of the AA certificate is too long ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + log("*** " & testcasename() & ": PASS: Subject name of the AA certificate is good ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AA_02_01 + + /** + * @desc Check that signer info of the AA certificate is a digest + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing signer_info {
+             *             containing type
+             *               indicating 'certificate_digest_with_sha256'
+             *             containing digest
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 7.4.3 + */ + testcase TC_SEC_SND_CERT_AA_04_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var Certificate v_aa_cert; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_aa_cert := v_chain[lengthof(v_chain) - 2]; + if (not match(v_aa_cert, mw_aa_certificate(mw_signerInfo_digest))) { + log("*** " & testcasename() & ": FAIL: AA certificate not signed by digest ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + log("*** " & testcasename() & ": PASS: AA certificate is signed by digest ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AA_04_01 + + /** + * @desc Check that all neccesary subject attributes are present and arranged in accesing order + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing subject_attributes [0..N] {
+             *             indicating subject_attributes[n].type < subject_attributes[n+ 1].type
+             *             containing subject_attributes['verification_key']
+             *             containing subject_attributes['assurance_level']
+             *             containing subject_attributes['its_aid_list']
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.1, 7.4, 7.4.3 + */ + testcase TC_SEC_SND_CERT_AA_05_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var SubjectAttributes v_attrs; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + if (not match(v_chain[lengthof(v_chain) - 2], + mw_aa_certificate(?, + superset(mw_subject_attribute_verification_key, + mw_subject_attribute_assurance_level, + mw_subject_attribute_its_aid_list))) + ) { + log("*** " & testcasename() & ": FAIL: Required subject attribute of AA certificate is not found ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + v_attrs := v_chain[lengthof(v_chain) - 2].subject_attributes; + for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) { + if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) { + log("*** " & testcasename() & ": FAIL: AA certificate subject attributes are not arranged in accening order ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + + log("*** " & testcasename() & ": PASS: All required AA certificate subject attributes are presents ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AA_05_01 + + /** + * @desc Check that time_start_and_end is included in the AA certificate validation restrictions + * Check that end_validity is later then start_validity + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing validity_restrictions [0..N] {
+             *             not containing validity_restrictions['time_end']
+             *             and not containing validity_restrictions['time_start_and_duration']
+             *             and containing validity_restrictions['time_start_and_end']
+             *               containing start_validity
+             *                 indicating START_AA_VALIDITY
+             *               containing end_validity
+             *                 indicating END_AA_VALIDITY >=START_AA_VALIDITY
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.7, 7.4, 7.4.3 + */ + testcase TC_SEC_SND_CERT_AA_06_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var Certificate v_aa_cert; + var ValidityRestriction v_vr; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_aa_cert := v_chain[lengthof(v_chain) - 2]; + if (match (v_aa_cert.validity_restrictions, (superset(mw_validity_restriction_time_end, + mw_validity_restriction_time_start_and_duration))) + ) { + log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) { + log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) { + log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AA_06_01 + + /** + * @desc Check that all AIDs containing in the in the its_aid_list in AA certificate are unique + * Check that AID list contains not more then 31 items + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing subject_attributes['its_aid_list']
+             *             containing its_aid_list[0..N]
+             *               containing no more then 31 unique item
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.9, 7.4.3 + */ + testcase TC_SEC_SND_CERT_AA_08_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var Certificate v_aa_cert; + var SubjectAttribute v_sa; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_aa_cert := v_chain[lengthof(v_chain) - 2]; + if (f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) { + + if (lengthof(v_sa.attribute.its_aid_list) > 31) { + log("*** " & testcasename() & ": FAIL: ITS-AID list contains " & int2str(lengthof(v_sa.attribute.its_aid_list)) & " items (>31) ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + for (var integer v_counter :=0; v_counter < lengthof(v_sa.attribute.its_aid_list); v_counter := v_counter + 1) { + for (var integer j :=0; j < lengthof(v_sa.attribute.its_aid_list); j := j + 1) { + if (v_counter != j and v_sa.attribute.its_aid_list[v_counter] == v_sa.attribute.its_aid_list[j]) { + log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_sa.attribute.its_aid_list[j]) & " is duplicated in AA certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } + } // End of 'for' statement + } else { + log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AA_08_01 + + } // End of group g_AA_Certificates + group g_AT_Certificates { + + /** + * @desc Check that the subject_type of the AT certificate is set to 'authorization_ticket' + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating 'certificate'
+             *         containing certificate {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_ticket' (1)
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_01_01() runs on ItsGeoNetworking system ItsSecSystem { + var Certificate v_at_cert; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); + tc_ac.start; + if (not f_waitForCertificate(v_at_cert)) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (not match(v_at_cert, mw_at_certificate)) { + log("*** " & testcasename() & ": FAIL: Message wasn't signed by AT certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + log("*** " & testcasename() & ": PASS: AT certificate has the 'authorization_ticket' subject_type ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_01_01 + + /** + * @desc Check that signer info of the AA certificate is a digest + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating 'certificate'
+             *         containing certificate
+             *           containing signer_info {
+             *             containing type
+             *               indicating 'certificate_digest_with_sha256'
+             *             containing digest
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.1, 7.4, 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_02_01() runs on ItsGeoNetworking system ItsSecSystem { + var Certificate v_at_cert; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); + tc_ac.start; + if (not f_waitForCertificate(v_at_cert)) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if ( + not match(v_at_cert, mw_certificate(mw_signerInfo_digest)) + ) { + log("*** " & testcasename() & ": FAIL: AT certificate doesn't contain a digest of issuing cert ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + log("*** " & testcasename() & ": PASS: The signer info of AT certificate is a digest ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_02_01 + + /** + * @desc Check that the subject_name variable-length vector is empty for AT certificates + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating 'certificate'
+             *         containing certificates {
+             *           containing subject_info.subject_name
+             *             indicating length = 0
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_03_01() runs on ItsGeoNetworking system ItsSecSystem { + var Certificate v_at_cert; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); + tc_ac.start; + if (not f_waitForCertificate(v_at_cert)) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (0 != lengthof(v_at_cert.subject_info.subject_name)) { + log("*** " & testcasename() & ": FAIL: Subject name of the AT certificate is not empty ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + log("*** " & testcasename() & ": PASS: Subject name of the AT certificate is empty ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_03_01 + + /** + * @desc Check that all neccesary subject attributes of AT certificate are present and arranged in accesing order + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating 'certificate'
+             *         containing certificate {
+             *           containing subject_attributes [0..N] {
+             *             indicating subject_attributes[n].type < subject_attributes[n+ 1].type
+             *             containing subject_attributes['verification_key']
+             *             containing subject_attributes['assurance_level']
+             *             containing subject_attributes['its_aid_ssp_list']
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.1, 7.4, 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_04_01() runs on ItsGeoNetworking system ItsSecSystem { + var Certificate v_at_cert; + var SubjectAttributes v_attrs; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***"); + tc_ac.start; + if (not f_waitForCertificate(v_at_cert)) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (not match( + v_at_cert, + mw_at_certificate( + ?, + superset( + mw_subject_attribute_verification_key, + mw_subject_attribute_assurance_level, + mw_subject_attribute_its_aid_ssp_list + )))) { + log("*** " & testcasename() & ": FAIL: Required subject attribute of AT certificate is not found ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + v_attrs := v_at_cert.subject_attributes; + for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) { + if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) { + log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } // End of 'for' statement + + log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_04_01 + + /** + * @desc Check that time_start_and_end is included in the AT certificate validation restrictions + * Check that time_start_and_end is inside the AA certificate time restrictions + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_authority' (2)
+             *           containing validity_restrictions['time_start_and_end']
+             *             containing start_validity
+             *               indicating START_AA_VALIDITY
+             *             containing end_validity
+             *               indicating END_AA_VALIDITY
+             *           }
+             *         }
+             *         containing certificates[last] {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_ticket' (1)
+             *           not containing validity_restrictions['time_end']
+             *           and not containing validity_restrictions['time_start_and_duration']
+             *           and containing validity_restrictions['time_start_and_end'] {
+             *             containing start_validity
+             *               indicating START_AT_VALIDITY (START_AT_VALIDITY >= START_AA_VALIDITY )
+             *             and containing end_validity
+             *               indicating END_AT_VALIDITY (END_AT_VALIDITY >= START_AT_VALIDITY <= END_AA_VALIDITY)
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.7, 7.4, 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_05_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var Certificate v_aa_cert, v_at_cert; + var ValidityRestriction v_vr, v_aa_vr; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_aa_cert := v_chain[lengthof(v_chain) - 2]; + v_at_cert := v_chain[lengthof(v_chain) - 1]; + if (match ( + v_at_cert.validity_restrictions, + ( + superset( + mw_validity_restriction_time_end, + mw_validity_restriction_time_start_and_duration + ) + ) + )) { + log("*** " & testcasename() & ": FAIL: AT certificate must not contain time_end and time_start_and_duration restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if ( true != f_getCertificateValidityRestriction(v_at_cert, e_time_start_and_end, v_vr)) { + log("*** " & testcasename() & ": FAIL: AT certificate must contain time_start_and_end restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) { + log("*** " & testcasename() & ": FAIL: start validity must not be greater then end validity in the validity restrictions of AT certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_aa_vr)) { + log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if ( v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_end.start_validity + or v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.time_start_and_end.end_validity + ) { + log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + log("*** " & testcasename() & ": PASS: Time validity restriction of the AT certificate is good ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_05_01 + + /** + * @desc Check that all AIDs containing in the in the its_aid_ssp_list in AT certificate are unique and exists in the its_aid_list in the AA certificate + * Check that the length of SSP of each AID is 31 octet maximum + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_authority' (2)
+             *           containing subject_attributes['its_aid_list']
+             *             containing its_aid_list[0..N]
+             *               indicating ITS_AID_LIST_AA
+             *           }
+             *         }
+             *         containing certificates[last] {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_ticket' (1)
+             *           containing subject_attributes['its_aid_ssp_list']
+             *             containing its_aid_ssp_list[0..N] {
+             *               containing its_aid_ssp_list[n]{
+             *                 containing its_aid
+             *                   indicating unique value containing in the  ITS_AID_LIST_AA
+             *                 containing service_specific_permissions
+             *                   indicating length <= 31 octet
+             *               }
+             *             }
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.9, 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_07_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var Certificate v_aa_cert, v_at_cert; + var SubjectAttribute v_sa; + var IntXs v_aid_list; + var ItsAidSsps v_aid_ssp_list; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_aa_cert := v_chain[lengthof(v_chain) - 2]; + v_at_cert := v_chain[lengthof(v_chain) - 1]; + if (not f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) { + log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + v_aid_list := v_sa.attribute.its_aid_list; + + if (not f_getCertificateSubjectAttribute(v_at_cert, e_its_aid_ssp_list, v_sa)) { + log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + v_aid_ssp_list := v_sa.attribute.its_aid_ssp_list; + + for (var integer v_counter :=0; v_counter < lengthof(v_aid_ssp_list); v_counter := v_counter + 1) { + // Check unique + for (var integer j :=0; j < lengthof(v_aid_ssp_list); j := j + 1) { + if (v_counter != j and v_aid_ssp_list[v_counter].its_aid == v_aid_ssp_list[j].its_aid) { + log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is duplicated in AT certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + } // End of 'for' statement + if (not match(v_aid_ssp_list[v_counter], (all from v_aid_list))) { + log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is not exist in AA certificate ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + // TODO Not possible due to typing To be removed +// if (lengthof(v_aid_ssp_list[v_counter].service_specific_permissions.sspContainer) > 31) { +// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " has too long service_specific_permissions ***"); +// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); +// } + } // End of 'for' statement + + log("*** " & testcasename() & ": PASS: The ITS_AID_SSP list of the AT certificate is good ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_07_01 + + /** + * @desc Check that AT certificate is signed by AA cert + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a first CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] (CERT_AA) {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_authority' (2)
+             *           and containing subject_attributes['verification key'] (KEY)
+             *         }
+             *         containing certificates[last] {
+             *           containing subject_info.subject_type
+             *             indicating 'authorization_ticket' (1)
+             *           }
+             *           and containing signer_info[0]{
+             *             containing type
+             *               indicating 'certificate_digest_with_sha256'
+             *             containing digest
+             *               referencing to CERT_AA
+             *           }
+             *           and containing signature
+             *             verifiable using KEY
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.9, 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_08_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var Certificate v_aa_cert, v_at_cert; + var HashedId8 v_aa_digest; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_at_cert := v_chain[lengthof(v_chain) - 1]; + v_aa_cert := v_chain[lengthof(v_chain) - 2]; + v_aa_digest := f_calculateDigestFromCertificate(v_aa_cert); + + if (not match(v_at_cert, mw_at_certificate(mw_signerInfo_digest(v_aa_digest)))) { + log("*** " & testcasename() & ": FAIL: AT certificate signer info doesn't reference the AA certificate from the chain ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + if (not f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) { + log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + + log("*** " & testcasename() & ": PASS: AT certificate was signed by the AA certificate from the given chain ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_08_01 + + /** + * @desc Check that the assurance level of the subordinate certificate is equal to or lower than the assurance level of the issuing certificate + * 
+             * Pics Selection: 
+             * Config Id: CF01
+             * with {
+             *   the IUT being in the 'authorized' state
+             *   the IUT being requested to include certificate chain in the next CAM
+             * } ensure that {
+             *    when {
+             *     the IUT is requested to send a CAM
+             *   } then {
+             *     the IUT sends a SecuredMessage
+             *       containing header_fields['signer_info'].signer {
+             *         containing type
+             *           indicating certificate_chain
+             *         containing certificates[last-1] (CERT_AA) {
+             *           containing subject_attributes ['assurance_level']
+             *             containig assurance_level
+             *               indicating indicating assurance level AL_AA
+             *         }
+             *         containing certificates[last] (CERT_AT) {
+             *           containing subject_attributes ['assurance_level']
+             *             containig assurance_level
+             *               indicating indicating assurance level AL_AT (AL_AT <= AL_AA)
+             *         }
+             *           }
+             *         }
+             *       }
+             *   }
+             * }
+             *
+ * @reference ETSI TS 103 097 V1.1.14, clauses 6.9, 7.4.1 + */ + testcase TC_SEC_SND_CERT_AT_09_01() runs on ItsGeoNetworking system ItsSecSystem { + var CertificateChain v_chain; + var Certificate v_aa_cert, v_at_cert; + var SubjectAttribute v_sa; + var SubjectAssurance v_aa_assurance_level, v_at_assurance_level; + + // Test component configuration + f_cf01Up(); + + // Preamble + f_prNeighbour(); + f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success); + + // Test Body + log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***"); + tc_ac.start; + if (f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) { + log("*** " & testcasename() & ": INCONC: Expected message not received ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout); + } + tc_ac.stop; + if (lengthof(v_chain) < 2) { + log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***"); + f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error); + } + v_aa_cert := v_chain[lengthof(v_chain) - 2]; + v_at_cert := v_chain[lengthof(v_chain) - 1]; + if (not f_getCertificateSubjectAttribute(v_aa_cert, e_assurance_level, v_sa)) { + log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + v_aa_assurance_level := v_sa.attribute.assurance_level; + + if (not f_getCertificateSubjectAttribute(v_at_cert, e_assurance_level, v_sa)) { + log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } + v_at_assurance_level := v_sa.attribute.assurance_level; + + if (bit2int(v_aa_assurance_level.levels) < bit2int(v_at_assurance_level.levels)) { + log("*** " & testcasename() & ": FAIL: The assurence levels mismatch ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); + } else { + log("*** " & testcasename() & ": PASS: The assurence levels match ***"); + f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success); + } + + // Postamble + f_poNeighbour(); + f_cf01Down(); + } // End of testcase TC_SEC_SND_CERT_AT_09_01 + + } // End of group g_AT_Certificates + + } // End of group g_Certificates + +} // End of module ItsSecurity_TestCase diff --git a/ttcn/AtsSecurity/ItsSecurity_TestControl.ttcn3 b/ttcn/AtsSecurity/ItsSecurity_TestControl.ttcn3 new file mode 100644 index 000000000..7f98ea5ef --- /dev/null +++ b/ttcn/AtsSecurity/ItsSecurity_TestControl.ttcn3 @@ -0,0 +1,115 @@ +/** + * @author ETSI / STF481 + * @version $URL$ + * $Id$ + * @desc Test Control file for Security Protocol + * + */ +module ItsSecurity_TestControl { + + // ItsSecurity + import from ItsSecurity_TestCases all; + + // Test Execution + control { + + execute(TC_SEC_ITSS_SND_MSG_01()); + execute(TC_SEC_ITSS_SND_MSG_04_01()); + execute(TC_SEC_ITSS_SND_MSG_04_02()); + execute(TC_SEC_ITSS_SND_MSG_05_01()); + + execute(TC_SEC_ITSS_SND_CAM_05_01()); + execute(TC_SEC_ITSS_SND_CAM_06_01()); + execute(TC_SEC_ITSS_SND_CAM_06_02()); + execute(TC_SEC_ITSS_SND_CAM_07_01()); + execute(TC_SEC_ITSS_SND_CAM_07a_01()); + execute(TC_SEC_ITSS_SND_CAM_08_01()); + execute(TC_SEC_ITSS_SND_CAM_09_01()); + execute(TC_SEC_ITSS_SND_CAM_10_01()); + execute(TC_SEC_ITSS_SND_CAM_11_01()); + execute(TC_SEC_ITSS_SND_CAM_12_01()); + execute(TC_SEC_ITSS_SND_CAM_14_01()); + execute(TC_SEC_ITSS_SND_CAM_16_01()); + + execute(TC_SEC_ITSS_SND_DENM_02_01()); + execute(TC_SEC_ITSS_SND_DENM_03_01()); + execute(TC_SEC_ITSS_SND_DENM_04_01()); + execute(TC_SEC_ITSS_SND_DENM_05_01()); + execute(TC_SEC_ITSS_SND_DENM_05_03()); + execute(TC_SEC_ITSS_SND_DENM_05_04()); + execute(TC_SEC_ITSS_SND_DENM_05_05()); + execute(TC_SEC_ITSS_SND_DENM_05_06()); + execute(TC_SEC_ITSS_SND_DENM_06_01()); + execute(TC_SEC_ITSS_SND_DENM_08_01()); + execute(TC_SEC_ITSS_SND_DENM_10_01()); + + execute(TC_SEC_ITSS_SND_GENMSG_02_01()); + execute(TC_SEC_ITSS_SND_GENMSG_03_01()); + execute(TC_SEC_ITSS_SND_GENMSG_04_01()); + execute(TC_SEC_ITSS_SND_GENMSG_05_01()); + execute(TC_SEC_ITSS_SND_GENMSG_05_02()); + execute(TC_SEC_ITSS_SND_GENMSG_05_03()); + execute(TC_SEC_ITSS_SND_GENMSG_05_04()); + execute(TC_SEC_ITSS_SND_GENMSG_05_05()); + execute(TC_SEC_ITSS_SND_GENMSG_05_06()); + execute(TC_SEC_ITSS_SND_GENMSG_06_01()); + execute(TC_SEC_ITSS_SND_GENMSG_07_01()); + + execute(TC_SEC_ITSS_RCV_CAM_01_01_NB()); + execute(TC_SEC_ITSS_RCV_CAM_01_02_NB()); + execute(TC_SEC_ITSS_RCV_CAM_01_03_NB()); + execute(TC_SEC_ITSS_RCV_CAM_02_01a_EB()); + execute(TC_SEC_ITSS_RCV_CAM_02_01b_EB()); + execute(TC_SEC_ITSS_RCV_CAM_04_01a_EB()); + execute(TC_SEC_ITSS_RCV_CAM_04_01b_EB()); + execute(TC_SEC_ITSS_RCV_CAM_04_01c_EB()); + execute(TC_SEC_ITSS_RCV_CAM_04_02a_EB()); + execute(TC_SEC_ITSS_RCV_CAM_04_03a_EB()); + execute(TC_SEC_ITSS_RCV_CAM_04_05a_EB()); + execute(TC_SEC_ITSS_RCV_CAM_04_05b_EB()); + execute(TC_SEC_ITSS_RCV_CAM_07_01_EB()); + execute(TC_SEC_ITSS_RCV_CAM_09_02_EB()); + execute(TC_SEC_ITSS_RCV_CAM_09_03_EB()); + execute(TC_SEC_ITSS_RCV_CAM_09_04_EB()); + execute(TC_SEC_ITSS_RCV_CAM_09_05_EB()); + execute(TC_SEC_ITSS_RCV_CAM_09_06_EB()); + execute(TC_SEC_ITSS_RCV_CAM_10_01_EB()); + execute(TC_SEC_ITSS_RCV_CAM_10_02_EB()); + execute(TC_SEC_ITSS_RCV_CAM_11_01_EB()); + execute(TC_SEC_ITSS_RCV_CAM_11_02_EB()); + execute(TC_SEC_ITSS_RCV_CAM_12_01_EB()); + execute(TC_SEC_ITSS_RCV_CAM_12_02_EB()); + + execute(TC_SEC_SND_CERT_01_01()); + execute(TC_SEC_SND_CERT_01_02()); + execute(TC_SEC_SND_CERT_02_01()); + execute(TC_SEC_SND_CERT_04_01()); + execute(TC_SEC_SND_CERT_04_02()); + execute(TC_SEC_SND_CERT_05_01()); + execute(TC_SEC_SND_CERT_05_02()); + execute(TC_SEC_SND_CERT_06_01()); + execute(TC_SEC_SND_CERT_06_02()); + execute(TC_SEC_SND_CERT_06_03()); + execute(TC_SEC_SND_CERT_06_04()); + execute(TC_SEC_SND_CERT_07_01()); + execute(TC_SEC_SND_CERT_09_01()); + execute(TC_SEC_SND_CERT_09_02()); + + execute(TC_SEC_SND_CERT_AA_01_01()); + execute(TC_SEC_SND_CERT_AA_02_01()); + execute(TC_SEC_SND_CERT_AA_04_01()); + execute(TC_SEC_SND_CERT_AA_05_01()); + execute(TC_SEC_SND_CERT_AA_06_01()); + execute(TC_SEC_SND_CERT_AA_08_01()); + execute(TC_SEC_SND_CERT_AT_01_01()); + execute(TC_SEC_SND_CERT_AT_02_01()); + execute(TC_SEC_SND_CERT_AT_03_01()); + execute(TC_SEC_SND_CERT_AT_04_01()); + execute(TC_SEC_SND_CERT_AT_05_01()); + execute(TC_SEC_SND_CERT_AT_07_01()); + execute(TC_SEC_SND_CERT_AT_08_01()); + execute(TC_SEC_SND_CERT_AT_09_01()); + + } // End of 'control' statement + +} // End of module ItsSecurity_TestControl \ No newline at end of file -- GitLab