Add README.md file

# ETSI ITS protocols project

## General Information

This repositories contains the test specifications and test adapter code for ETSI ITS protocols testing.

ETSI ITS protocols project supports:

- ETSI EN 302 637-2: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic Service"

- ETSI EN 102 637-3: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 3: Specifications of Decentralized Environmental Notification Basic Service" 

- ETSI TS 103 301: "Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Facilities layer protocols and communication requirements for infrastructure services"

- EN 302 636-5-1: "Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 5: Transport Protocols; Sub-part 1: Basic Transport Protocol"

- EN 302 636-4-1: "Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 4: Geographical addressing and forwarding for point-to-point and point-to-multipoint communications; Sub-part 1: Media-Independent Functionality"

In addition, it also support ITS Security as define by:

- ETSI TS 103 940: "Intelligent Transport Systems (ITS); Security; Security Architecture and Management".

- ETSI TS 103 097: "Intelligent Transport Systems (ITS); Security; Security header and certificate formats".

- ETSI TS 102 941: "Intelligent Transport Systems (ITS); Security; Trust and Privacy Management technical specification"

- IEEE Std 1609.2™-2016: "IEEE Standard for Wireless Access in Vehicular Environments –Security Services for Applications and Management Messages"

- IEEE Std 1609.2a™-2017: "Standard for Wireless Access In Vehicular Environments – Security Services for Applications and Management Messages Amendment 1".

Contact information

Email at cti_support at etsi dot org

License

Unless specified otherwise, the content of this repository and the files contained are released under the ETSI Software License.

See the attached LICENSE file or visit

https://forge.etsi.org/etsi-software-license

## STFs

The following STFs were or are currently involved in the evolutions of the ETSI ITS protocols project:

- STF 405, STF 422, STF 424, STF 455, STF 462, STF 481, STF 484, STF 507, STF 517, STF 525, STF 538, STF 545, TTF T002, TTF T011

## Installation

The ETSI ITS protocols project builds and tests regularly on the following platforms:

  - Linux (Ubuntu)

  - Windows ([Cygwin x64](https://cygwin.com/install.html), [Npcap SDK x64](https://nmap.org/npcap/#download) and [OpenSSL-Windows x64](https://www.openssl.org) are required)

Note: The [OpenSSL](https://www.openssl.org) version >= 1.1.1 is also required.

### How to do it?

They are three different methods:

- Using [Vagrant](https://www.vagrantup.com/)

- Using [Docker](https://www.docker.com/)

- Using [Eclipse TITAN on Windows or Linux](https://projects.eclipse.org/projects/tools.titan/downloads)

How to choose one of these methods is depending of your host system.

NOTE: In all case, if you want to setup an continuous integration process (e.g. Jenkins), Docker is the best choice. 

#### The host system is Windows

The both methods require a virtual machine. You can use either VirtualBox or WMware.

In this case, the easiest way is to use Vagrant.

#### The host system is Linux

Vagrant requires a virtual machine. You can use either VirtualBox or WMware.

Docker does not need a virtual machine, so it is the more efficant way.

#### Using Vagrant

Pre-requisites on your host machine:

- Install [Virtualbox](https://www.virtualbox.org/manual/ch01.html)

- Install [Vagrant](https://www.vagrantup.com/intro/getting-started/)

- Install Vagrant plugin vagrant-vbguest

- Credentials to access [ETSI forge](https://forge.etsi.org/gitlab/users/sign_in)

    - Set the environment variable USERNAME to your ETSI EOL account user name

    - Set the environment variable PASSWORD to your ETSI EOL account password

Procedure:

- On your host machine, open a command line session (PuTTY, DOS window...)

- From the ETSI ITS protocols project, clone the Vagrant folder

- In the file Vagrantfile, modify the tag config.vm.provision replacing <username> & <password> strings by your ETSI credentials

- In the Vagrant folder, execute the following commands:

```sh

$ vagrant up --provider virtualbox --provision

...

```

NOTE The creation and the installations will take some time to achieve

- Stop vagrant virtual machine

```sh

$ vagrant halt

...

```

- Update the file 'Vagrantfile' to match with your networks configuration

- Re-start the vagrant virtual machine and log to to the machine

```sh

$ vagrant up

...

$ vagrant ssh

```

- Switch to the next clause (Usage)

NOTE The user password is vagrant.

### Using Docker

Pre-requisites on your host machine:

- Install Virtualbox (For Windows host only)

- Install Docker

Procedure for a Windows host machine:

- On your host machine, open a the Docker Quickstart Terminal and change to a working folder such as ./temp/docker_its

Procedure for a Linux host machine:

- On your host machine, open a terminal and change to a working folder such as $HOME/temp/docker_its

On your host machine, download the following items from ETSI ITS protocols project:

- The docker folder

- The .jenkins.sh script file (hidden file) and add the execution rights on it

- Check the rights of the script files and the folders

From the your current directory, execute the following commands:

```sh

$ ./.jenkins.sh

...

```

NOTE The creation and the installations will take some time to achieve

- Start the container

```sh

$ ./docker/run-container.sh

...

```

- Switch to the next clause (Usage)

#### From scratch

Pre-requisites:

- Install Virtualbox

Procedure:

- Install a new Linux Virtual machine (Mint, Debian...)

- Update your system with the latest version of kernel and security packages

- Install the following packages (According to the Linux chosen, the package naming can be different)

    autoconf

    bison

    build-essential

    cmake

    curl

    dos2unix

    doxygen

    emacs

    expect

    flex

    g++:latest

    gcc:latest

    graphviz

    gdb 

    git-core

    gnutls-bin

    libglib2.0-dev

    libpcap-dev

    libgcrypt-dev

    libncurses5-dev

    libjsoncpp-dev

    libssl-dev

    libtool-bin

    libtool

    libwireshark-dev

    libxml2-dev

    lsof

    ntp

    pkg-config

    qt5-default

    qtmultimedia5-dev

    libqt5svg5-dev

    subversion

    sudo

    sshpass

    tcpdump

    texlive-font-utils

    tshark

    valgrind

    vim

    vsftpd

    xutils-dev 

    tree

    tzdata

    unzip

    wget

    xsltproc

- In your home directory, create the following folders: 

    - $HOME/frameworks, 

    - $HOME/dev

    - $HOME/lib

- In $HOME/frameworks, build the following package:

    - asn1c, according the procedure specified [here](https://github.com/vlm/asn1c.git)

    - Eclipse IDE for C/C++ Developers, according the procedure specified [here](https://www.eclipse.org/cdt/)

    - TITAN, according the procedure specified [here](https://github.com/eclipse/titan.core)

    - Import the TITAN plugin into your Eclipse IDE, according the procedure specified [here](https://github.com/eclipse/titan.core)

- Clone the ETSI ITS protocols project into $HOME/dev folder

```sh

$ git clone --recurse-submodules --single-branch https://forge.etsi.org/gitlab/ITS/TS.ITS.git ./TTF011_Its

```

- Update your default environment with the content of the script $HOME/dev/TTF011_Its/scripts/devenv.bash.ubuntu

- Switch to the next clause (Usage)

#### Using Eclipse TITAN

When cloning the ETSI ITS project, you can find two specific files:

- TTF011.tpd

- TTF011_Linux.tpd

These two files are used create the ETSI ITS project workspace on Eclipse TITAN. To do it, please follow the steps below:

- Start eclipse using a new workspace, (e.g. with the name workspace_titan)

- Select the menu option File/import

- In the Dialog box,select TITAN/Project from .tpd file

- Select the correct TTF011.tpd file and follow the instructions

NOTE: When the Eclipse TITAN workspace is created, you have to build manually the librairy 'libasn1c.so' following the commands below:

```sh

$ cd <eclipse workspace>/TTF011_Its

$ mkdir -p ./bin/asn1

$ cd ./bin/asn1

$ make CC=gcc -f ../../asn1/Makefile

$ rm *.cc # To prevent TITAN to import these .cc source files into our project

```

## Usage

This clause describes how to compile and execute an Abstract Test Suite.

The procedures below illustrate how to run the CAM test suite. The same procedures will apply for any other ETSI ITS test suite.

Pre-requisites:

- Your machine is installed following one of the installation method describes in the previous clause

- Refer to the ETSI TS 103 099 for the description of the Test System architecture and configuration

- Your are logged as 'etsi' or 'vagrant' user

- Procedure using TITAN command line (only):

    - Open several SSH session (PuTTY...)

    - Change to the directory ~/dev/TTF011_Its/

    - Modify the file config.mk according to your system:

        - On Linux, comment all the lines using the '#' character

        - On Windows, update the path accordingly

    - Build the test suite AtsCAM using the following command:

```sh

$ export ATS=AtsCAM # The Abstract Test Suite you wnat to build, such as AtsDENM, AtsSecurity...

$ make

...

```

- Edit the file ../etc/AtsCAM.cfg

- Update the following fields (see ETSI TS 103 099 for details):

    - system.camPort.params

    - system.utPort.params

- To run the test suitem, execute the following command:

```sh

$ cd ~/dev/TTF011_Its/scripts

$ ../run_all.bash

...

```

- The log files are located in ../logs/AtsCAM folder for this example. You can edit them using any editor or using the Eclipse TITAN log plugins

## How to generate ITS test certificates

The Test System includes a tool, asn1certgen, to generate ITS test certificates used for Conformance Testing.

This tool is located in the folder '~/dev/TTF011_Its/tools/itscertgen/'.

Note: These certificates can not be used in a true architectures, there are present only for testing and/or debug purposes.

### Build the tool 'asn1certgen' to generate new certificates bundle

To build the tool, run the 'make' command in each of the following folders:

- cshared

- cxml

- checker

- asn1certgen

### Generate the certificates

After applying the previous clause, change to the folder '~/dev/TTF011_Its/data/v3' and execute 'make' command:

```

$ cd ~/dev/TTF011_Its/data/v3

$ make

```

The certificates will be located in the folder '~/dev/TTF011_Its/data/v3/certificates'.

To use this newly generated certificates, you shall update two parameters located in the TTCN-3 file LibItsSecurity_Pixits. These are:

- LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH, which is the path the certificates folder (e.g. LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/<user>/tmp")

- LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME, which is the name of the certificates folder (e.g. LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert")

### Modify or create new certificates

The folder '~/dev/TTF011_Its/data/v3/profiles' contains an XML file for each certificate to be generated.

This XML file describes the certificate content (e.g. CERT_IUT_A_RCA.xml describes the root certificate for all CERT_IUT_A certificates).

By modifying these files, you can change create new certificate with different geographical area, different validity periods or different SSPs.

To re-generates the certificates, refer to the previous clause.

## Security Test suites configurations

The security Test suites configurations depends of the Test suite to be executed.

### ITS Protocol Test suites for Facilities layer

These are the ITS Test suites such as AtsCAM (102 868-x) , AtsDENM (102 869-x) or IVI (103 191-x) Test suites. These Test suite can be executed againt an ITS device configured to use Security.

In this cases, the following parameters shall be modified to match the ITS device configuration:

- PICS_IS_IUT_SECURED=true which indicates that the ITS device under test is secured

In addition, the Test System shall be configured to support the security modifying the following settings as described below:

- device_mode=1

- secured_mode=1

- sec_db_path=/home/<user>/dev/TTF011_Its/data/v3/certificates

### ITS Protocol Test suites for Transport layer

This is the AtsGeoNetworking Test suite (ETSI TS 102 871-x) which required more specific configuration (ETSI EN 302 636-4-1).

In this cases, the following parameters shall be modified to match the ITS device configuration:

- PICS_GN_SECURITY=false, which indicate the GeoNetworking Test Suite does not manage ITS Security protocol

- PICS_IS_IUT_SECURED=true, which indicates that the ITS device under test is secured

In addition, the Test System shall be configured to support the security modifying the following settings as described below:

- device_mode=1

- secured_mode=1

- sec_db_path=/home/<user>/dev/TTF011_Its/data/v3/certificates

### ITS Protocol Test suites for Security

This clause is relative to the AtsSecurity (ETSI TS 103 096-x) Test suite which are focused on ITS Security protocol (ETSI TS 103 097).

In this cases, the following parameters shall be modified to match the ITS device configuration:

- PICS_GN_SECURITY=true, which indicate the GeoNetworking Test Suite manages ITS Security protocol

- PICS_IS_IUT_SECURED=false

In addition, the Test System shall be configured to support the security modifying the following settings as described below:

- device_mode=0

- secured_mode=0

- its_aid=36 for CAM or 37 for DENM

### ITS Protocol Test suites for Security/PKI

This clause is relative to the AtsPki (ETSI TR 103 525-x) Test suite which are focused on ITS PKI Security protocol (ETSI TS 102 941).

In this cases, the following parameters shall be modified according to the considered group of tests:

- For all tests focused on ITS device enrolment:

    - PICS_GN_SECURITY=true, which indicate the GeoNetworking Test Suite manages ITS Security protocol

    - PICS_IS_IUT_SECURED=false

    - HTTP_P_PL_ACT_AS_SERVER=true

    - PICS_TS_EA_CERTIFICATE_ID=CERT_TS_A_EA

    - PICS_MULTIPLE_END_POINT=false

    - PICS_IUT_ITS_S_ROLE=true

- For all tests focused on PKI:

    - HTTP_P_PL_ACT_AS_SERVER=true

    - PICS_TS_EA_CERTIFICATE_ID=CERT_pki certificate_EA

    - PICS_MULTIPLE_END_POINT=true

In addition, the Test System shall be configured to support the security modifying the following settings as described below:

- device_mode=0

- secured_mode=0

## Wireshark with support of ETSI ITS Protocols

The official version of Wireshark, supporting ETSI ITS Protocols, is available [here](https://www.wireshark.org/download.html).

Some sample capture files are available [here](https://wiki.wireshark.org/SampleCaptures).

## How to Report a Bug

The ETSI ITS protocols project is under constant development, so it is possible that you will

encounter a bug while using it. Please report bugs at cti_support at etsi dot org.

    && DEBIAN_FRONTEND=noninteractive apt-get install software-properties-common -y \

    && DEBIAN_FRONTEND=noninteractive add-apt-repository ppa:linuxuprising/java -y \

    && DEBIAN_FRONTEND=noninteractive apt-get update \

    && ( echo "oracle-java16-installer shared/accepted-oracle-license-v1-2 boolean true" | debconf-set-selections -v ) \

    && ( echo "oracle-java17-installer shared/accepted-oracle-license-v1-2 boolean true" | debconf-set-selections -v ) \

    && DEBIAN_FRONTEND=noninteractive apt-get --allow-unauthenticated install -y \

      autoconf \

      bison \

      lsof \

      net-tools \

      ntp \

      oracle-java16-installer \

      oracle-java16-set-default \

      oracle-java17-installer \

      oracle-java17-set-default \

      openssh-server \

      pkg-config \

      python3-dev \

sudo DEBIAN_FRONTEND=noninteractive apt-get update

sudo DEBIAN_FRONTEND=noninteractive apt-get --allow-unauthenticated install emacs openjdk-11-jre gcc-8 g++-8 git subversion lsof ntp gdb make cmake flex bison autoconf doxygen graphviz libtool libncurses5-dev expect libssl-dev libgcrypt-dev libxml2-dev libedit2 libedit-dev xutils-dev libjsoncpp-dev tcpdump libpcap-dev libwireshark-dev wget tree unzip sshpass kubuntu-desktop valgrind qt5-default qttools5-dev qtmultimedia5-dev libqt5svg5-dev vim tzdata dos2unix xsltproc -y

# Install java

#sudo DEBIAN_FRONTEND=noninteractive apt-get install oracle-java9-installer oracle-java9-set-default -y

#sudo DEBIAN_FRONTEND=noninteractive apt-get --allow-unauthenticated install oracle-java10-installer oracle-java10-set-default -y

#sudo DEBIAN_FRONTEND=noninteractive apt --fix-broken install -y

#sudo DEBIAN_FRONTEND=noninteractive apt-get install oracle-java17-installer oracle-java17-set-default -y

#echo "oracle-java17-installer shared/accepted-oracle-license-v1-2 boolean true" | debconf-set-selections -v

sudo DEBIAN_FRONTEND=noninteractive apt-get autoremove --purge -y

sudo DEBIAN_FRONTEND=noninteractive apt-get clean