From f4b960ed112d5f5deb14dec7a617045a48313ae6 Mon Sep 17 00:00:00 2001 From: garciay Date: Thu, 28 Jul 2016 07:33:24 +0000 Subject: [PATCH] Remove TsSecuredMode flag from TA config, replace by ATS PICS + AcSecPrimitive Add TsEnforceSecuredMode in TA to enable/disable security checks by the TA (message can be rejected) --- .../org/etsi/its/adapter/Management.java | 31 ++++++++----------- .../etsi/its/tool/elvior/res/ta.properties | 13 +++++--- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/javasrc/adapter/org/etsi/its/adapter/Management.java b/javasrc/adapter/org/etsi/its/adapter/Management.java index 2fce87f9f..9ce0beab4 100644 --- a/javasrc/adapter/org/etsi/its/adapter/Management.java +++ b/javasrc/adapter/org/etsi/its/adapter/Management.java @@ -66,9 +66,9 @@ public class Management implements IManagementTA, IManagementLayers { private static final int longitude = Integer.decode(((CharstringValue)TERFactory.getInstance().getTaParameter("TsLongitude")).getString()); /** - * Secured mode status + * Enforce secured mode status */ - private static final String TsSecuredMode = ((CharstringValue)TERFactory.getInstance().getTaParameter("TsSecuredMode")).getString(); + private static final String TsEnforceSecuredMode = ((CharstringValue)TERFactory.getInstance().getTaParameter("TsEnforceSecuredMode")).getString(); /** * Secured root path to access certificates & private keys @@ -142,11 +142,6 @@ public class Management implements IManagementTA, IManagementLayers { */ private Management() { - // Check for secured mode settings in TestAdapter configuration file - if (TsSecuredMode.equals("true")) { - setupSecuredMode(); - } - // For debug only: byte[] mid = new byte[] {(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00}; @@ -233,7 +228,7 @@ public class Management implements IManagementTA, IManagementLayers { @Override public byte[] getLongPositionVector(byte[] targetGnAddress) { byte[] mid = ByteHelper.extract(targetGnAddress, 2, 6); -// System.out.println("getLongPositionVector: Looking for Loc Entry: " + ByteHelper.byteArrayToString(mid)); + TERFactory.getInstance().logDebug("getLongPositionVector: Looking for Loc Entry: " + ByteHelper.byteArrayToString(mid)); long key = ByteHelper.byteArrayToLong(mid); for(int i = 0; i < GET_LPV_TIMEOUT; ++i) { if (locTable.containsKey(key)) { @@ -283,7 +278,7 @@ public class Management implements IManagementTA, IManagementLayers { long key = ByteHelper.byteArrayToLong(mid); ITuple entry = locTable.get(key); if(entry == null || entry.getA() < timestamp) { -// System.out.println("gnUpdateLocTable: Adding Loc Entry for: " + ByteHelper.byteArrayToString(mid)); +// TERFactory.getInstance().logDebug("gnUpdateLocTable: Adding Loc Entry for: " + ByteHelper.byteArrayToString(mid)); locTable.put(key, new Tuple(timestamp, lpv)); } } @@ -375,7 +370,7 @@ public class Management implements IManagementTA, IManagementLayers { @Override public boolean isEnforceSecuredModeSet() { - return TsSecuredMode.equals("true"); + return TsEnforceSecuredMode.equals("true"); } @Override @@ -414,12 +409,12 @@ public class Management implements IManagementTA, IManagementLayers { } /** - * @desc This method setup secured mode according to the Test adapter settings (@see TsSecuredMode flags). - * The secured mode could be overrided by test case secured mode configuration through AC primitives + * @desc This method setup secured mode according to ATS settings (AcSecPrimitive) and the Test adapter settings (TsEnforceSecuredMode flags) + * @see TsEnforceSecuredMode flags. * @remark This method shall be called by the constructor only */ private void setupSecuredMode() { -// System.out.println(">>> setupSecuredMode: " + certificateId); + TERFactory.getInstance().logDebug(">>> setupSecuredMode: " + certificateId); securedMode = true; ICertificatesIO _certCache = CertificatesIOFactory.getInstance(); @@ -430,26 +425,26 @@ public class Management implements IManagementTA, IManagementLayers { _certCache.readCertificate(certificateId, certificate); // Extract public keys atCertificate = certificate.toByteArray(); -// System.out.println("Management.setupSecuredModeFromTaConfig: certificate=" + ByteHelper.byteArrayToString(atCertificate)); + TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: certificate=" + ByteHelper.byteArrayToString(atCertificate)); // Compute AT certificate digest byte[] atHash = CryptoLib.hashWithSha256(atCertificate); atCertificateDigest = ByteHelper.extract(atHash, atHash.length - 8, 8); -// System.out.println("Management.setupSecuredModeFromTaConfig: atCertificateDigest=" + ByteHelper.byteArrayToString(atCertificateDigest)); + TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: atCertificateDigest=" + ByteHelper.byteArrayToString(atCertificateDigest)); int offset = 16; // FIXME To be enhanced // KeyX signingPublicKeyX = new byte[32]; System.arraycopy(atCertificate, offset, signingPublicKeyX, 0, 32); offset += 32; -// System.out.println("Management.setupSecuredModeFromTaConfig: signingPublicKeyX=" + ByteHelper.byteArrayToString(signingPublicKeyX)); + TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPublicKeyX=" + ByteHelper.byteArrayToString(signingPublicKeyX)); // KeyY signingPublicKeyY = new byte[32]; System.arraycopy(atCertificate, offset, signingPublicKeyY, 0, 32); -// System.out.println("Management.setupSecuredModeFromTaConfig: signingPublicKeyY=" + ByteHelper.byteArrayToString(signingPublicKeyY)); + TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPublicKeyY=" + ByteHelper.byteArrayToString(signingPublicKeyY)); // Extract private keys ByteArrayOutputStream signingPrivateKey = new ByteArrayOutputStream(); _certCache.readSigningKey(certificateId, signingPrivateKey); this.signingPrivateKey = signingPrivateKey.toByteArray().clone(); -// System.out.println("Management.setupSecuredModeFromTaConfig: signingPrivateKey=" + ByteHelper.byteArrayToString(this.signingPrivateKey)); + TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPrivateKey=" + ByteHelper.byteArrayToString(this.signingPrivateKey)); // TODO Add support of encryption } } diff --git a/javasrc/tool/org/etsi/its/tool/elvior/res/ta.properties b/javasrc/tool/org/etsi/its/tool/elvior/res/ta.properties index 4f66e7685..21956164b 100644 --- a/javasrc/tool/org/etsi/its/tool/elvior/res/ta.properties +++ b/javasrc/tool/org/etsi/its/tool/elvior/res/ta.properties @@ -56,10 +56,15 @@ TsBeaconInterval=1000 TsLatitude=514787010 # Longitude of Test System TsLongitude=56547460 +# ITS-AID for other profile +TsItsAidOther=38 # Secured mode status -TsSecuredMode=false -# Secured root path to access certificates and private keys -TsSecuredPath="" +UtSecuredMode=false +# Enforce secured mode status +TsEnforceSecuredMode=false # Secured configuration identifier -TsSecuredConfiId=data/certificates +TsSecuredRootPath=data/certificates +# Secured root path to access certificates and private keys +TsSecuredConfiId= + -- GitLab