Newer
Older
13001
13002
13003
13004
13005
13006
13007
13008
13009
13010
13011
13012
13013
13014
13015
13016
13017
13018
13019
13020
13021
13022
13023
13024
13025
13026
13027
13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
13055
13056
13057
13058
13059
13060
13061
13062
13063
13064
13065
13066
13067
13068
13069
13070
13071
13072
13073
13074
13075
13076
13077
13078
13079
13080
13081
13082
13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
13113
13114
13115
13116
13117
13118
13119
13120
13121
13122
13123
13124
13125
13126
13127
13128
13129
13130
13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178
13179
13180
13181
13182
13183
13184
13185
13186
13187
13188
13189
13190
13191
13192
13193
13194
13195
13196
13197
13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
13250
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
13263
13264
13265
13266
13267
13268
13269
13270
13271
13272
13273
13274
13275
13276
13277
13278
13279
13280
13281
13282
13283
13284
13285
13286
13287
13288
13289
13290
13291
13292
13293
13294
13295
13296
13297
13298
13299
13300
13301
13302
13303
13304
13305
13306
13307
13308
13309
13310
13311
13312
13313
13314
13315
13316
13317
13318
13319
13320
13321
13322
13323
13324
13325
13326
13327
13328
13329
13330
13331
13332
13333
13334
13335
13336
13337
13338
13339
13340
13341
13342
13343
13344
13345
13346
13347
13348
13349
13350
13351
13352
13353
13354
13355
13356
13357
13358
13359
13360
13361
13362
13363
13364
13365
13366
13367
13368
13369
13370
13371
13372
13373
13374
13375
13376
13377
13378
13379
13380
13381
13382
13383
13384
13385
13386
13387
13388
13389
13390
13391
13392
13393
13394
13395
13396
13397
13398
13399
13400
13401
13402
13403
13404
13405
13406
13407
13408
13409
13410
13411
13412
13413
13414
13415
13416
13417
13418
13419
13420
13421
13422
13423
13424
13425
13426
13427
13428
13429
13430
13431
13432
13433
13434
13435
13436
13437
13438
13439
13440
13441
13442
13443
13444
13445
13446
13447
13448
13449
13450
13451
13452
13453
13454
13455
13456
13457
13458
13459
13460
13461
13462
13463
13464
13465
13466
13467
13468
13469
13470
13471
13472
13473
13474
13475
13476
13477
13478
13479
13480
13481
13482
13483
13484
13485
13486
13487
13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
13507
13508
13509
13510
13511
13512
13513
13514
13515
13516
13517
13518
13519
13520
13521
13522
13523
13524
13525
13526
13527
13528
13529
13530
13531
13532
13533
13534
13535
13536
13537
13538
13539
13540
13541
13542
13543
13544
13545
13546
13547
13548
13549
13550
13551
13552
13553
13554
13555
13556
13557
13558
13559
13560
13561
13562
13563
13564
13565
13566
13567
13568
13569
13570
13571
13572
13573
13574
13575
13576
13577
13578
13579
13580
13581
13582
13583
13584
13585
13586
13587
13588
13589
13590
13591
13592
13593
13594
13595
13596
13597
13598
13599
13600
13601
13602
13603
13604
13605
13606
13607
13608
13609
13610
13611
13612
13613
13614
13615
13616
13617
13618
13619
13620
13621
13622
13623
13624
13625
13626
13627
13628
13629
13630
13631
13632
13633
13634
13635
13636
13637
13638
13639
13640
13641
13642
13643
13644
13645
13646
13647
13648
13649
13650
13651
13652
13653
13654
13655
13656
13657
13658
13659
13660
13661
13662
13663
13664
13665
13666
13667
13668
13669
13670
13671
13672
13673
13674
13675
13676
13677
13678
13679
13680
13681
13682
13683
13684
13685
13686
13687
13688
13689
13690
13691
13692
13693
13694
13695
13696
13697
13698
13699
13700
13701
13702
13703
13704
13705
13706
13707
13708
13709
13710
13711
13712
13713
13714
13715
13716
13717
13718
13719
13720
13721
13722
13723
13724
13725
13726
13727
13728
13729
13730
13731
13732
13733
13734
13735
13736
13737
13738
13739
13740
13741
13742
13743
13744
13745
13746
13747
13748
13749
13750
13751
13752
13753
13754
13755
13756
13757
13758
13759
13760
13761
13762
13763
13764
13765
13766
13767
13768
13769
13770
13771
13772
13773
13774
13775
13776
13777
13778
13779
13780
13781
13782
13783
13784
13785
13786
13787
13788
13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
13890
13891
13892
13893
13894
13895
13896
13897
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
setverdict(inconc);
stop;
}
// Test component configuration
f_cfMtcUp02(v_itss, v_ea);
// Test adapter configuration
// Start components
v_itss.start(f_TC_SECPKI_AA_AUTHVAL_01_BV_itss());
v_ea.start(f_TC_SECPKI_AA_AUTHVAL_01_BV_ea());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
f_cfMtcDown02(v_itss, v_ea);
} // End of testcase TC_SECPKI_AA_AUTHVAL_01_BV
group f_TC_SECPKI_AA_AUTHVAL_01_BV {
function f_TC_SECPKI_AA_AUTHVAL_01_BV_itss() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var octetstring v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_aes_enc_key;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
// Test component configuration
f_cfHttpUp_itss(cc_taCert_A_EA, PICS_IUT_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
// Generate EC certificate
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate);
// Send AuthorizationRequest
f_http_build_authorization_request(v_ec_certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test body
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo, * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
tc_ac.stop;
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
if (v_result == 0) {
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_itss: PASS: Received exptected response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success); // inconc
} else {
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_itss: FAIL: Unexptected response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout); // inconc
}
}
[] tc_ac.timeout {
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_itss: INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_itss();
} // End of function f_TC_SECPKI_AA_AUTHVAL_01_BV_itss
function f_TC_SECPKI_AA_AUTHVAL_01_BV_ea() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var octetstring v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_aes_enc_key := int2oct(0, 16);
var SharedAtRequest v_shared_at_request;
var AuthorizationValidationResponse v_authorization_validation_response;
// Test component configuration
f_cfHttpUp_ea(cc_taCert_A_EA, PICS_IUT_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test body
tc_ac.start;
alt {
[] a_await_atv_http_request_from_iut( // Wait for authorizationValidation Request from IUT to EA
mw_http_request(
mw_http_request_post(
-, //FIXME: Use another PIXIT than PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
var integer v_result;
tc_ac.stop;
f_verify_http_at_request_from_iut_atv(v_request.request, v_aes_sym_key, v_request_hash, v_shared_at_request, v_result);
// Set verdict
if (v_result == 0) {
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_ea: PASS: IUT has sent AuthorizationValidation request ***");
// Send AuthorizationValidation response to finalize the exchange
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_ea: INFO: Send AuthorizationValidation response to finalize the exchange ***");
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_validation_response(v_shared_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_authorization_validation_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_ea: FAIL: Failed to verify AuthorizationValidation request ***");
// Send AuthorizationValidation response to finalize the exchange
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_ea: INFO: Send AuthorizationValidation response to finalize the exchange ***");
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_validation_response(v_shared_at_request, deniedpermissions, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_authorization_validation_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** f_TC_SECPKI_AA_AUTHVAL_01_BV_ea: INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
// TODO Wait for AuthorizationResponse
f_cfHttpDown_ea();
} // End of function f_TC_SECPKI_AA_AUTHVAL_01_BV_ea
} // End of group f_TC_SECPKI_AA_AUTHVAL_01_BV
} // End of authorization_validation_request
group authorization_validation_response {
/**
* @desc Check that the AA sends AuthorizationResponse after receiving the AuthorizationRequest.
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the ITSS in "enrolled" state
* the EA in "operational" state
* and the IUT(AA) in "operational" state
* and the IUT had received the AuthorizationRequest from the ITSS
* and the IUT sent the AuthorizationValidationRequest
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT received the AuthorizationValidationResponseMessage
* }
* then {
* the IUT sends the EtsiTs103097Data message to the ITSS
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.4 SECPKI_AA_AUTHVAL_RCV_01_BV
* @reference ETSI TS 102 941, clause 6.2.3.3.2
*/
testcase TC_SECPKI_AA_AUTHVAL_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {/*
var Oct32 v_private_key_ec;
var Oct32 v_public_compressed_key_ec;
var integer v_compressed_key_mode_ec;
var InnerEcRequest v_inner_ec_request;
var EtsiTs103097Certificate v_ec_certificate;
var Oct32 v_private_key_at;
var Oct32 v_public_compressed_key_at;
var integer v_compressed_mode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_public_compressed_enc_key_at;
var integer v_compressed_enc_mode_at;
var octetstring v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Headers v_headers;
var HttpMessage v_request;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_aes_enc_key;
var InnerAtRequest v_shared_at_request;
var InnerAtResponse v_inner_at_response;
var AuthorizationValidationResponse v_authorization_validation_response;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(cc_taCert_A_EA, PICS_IUT_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
// TODO Use a function
// Generate EC certificate
f_generate_inner_ec_request(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_request);
f_generate_ec_certificate_for_inner_ec_response(v_inner_ec_request, v_private_key_ec, vc_eaWholeHash, v_ec_certificate)
// Send AuthorizationRequest
f_http_build_authorization_request(v_ec_certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
f_init_default_headers_list(-, "inner_at_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_atv_http_request_from_iut( // Wait for authorizationValidation Request from IUT to EA
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_ATV,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo, * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
var integer v_result;
tc_ac.stop;
f_verify_http_at_request_from_iut_atv(v_request.request, v_aes_sym_key, v_request_hash, v_shared_at_request, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": INFO: IUT has sent AuthorizationValidation request ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify AuthorizationValidation request ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
// Send AuthorizationValidationResponse
f_init_default_headers_list(-, "inner_atv_response", v_headers);
f_http_build_authorization_response(v_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_AT,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_response
) {
var integer v_result;
tc_ac.stop;
// Verify IUT response
f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: IUT has sent AuthorizationValidation response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify AuthorizationValidation response ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();*/
} // End of testcase TC_SECPKI_AA_AUTHVAL_RCV_01_BV
/**
* @desc Check that AA doesn't accept Authorization Validation Response message when this message is
* signed with certificate without appropriate permissions
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the ITSS in "enrolled" state
* the EA in "operational" state
* and the IUT(AA) in "operational" state
* and the IUT had received the AuthorizationRequest from the ITSS
* and the IUT sent the AuthorizationValidationRequest
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives the AuthorizationValidationResponseMessage
* containing signer
* containing digest
* indicating HashedId8 of the certificate
* containing appPermissions
* not containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* or containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* and containing ssp
* containing opaque[0] (version)
* indicating other value than 1
* or containing opaque[1] (value)
* indicating "AuthorizationValidationResponse" (bit 4) set to 0
* }
* then {
* the IUT answers with an AuthorisationValidationResponseMessage
* containing responseCode
* indicating non-zero value
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.4 SECPKI_AA_AUTHVAL_RCV_02_BI
* @reference ETSI TS 102 941, clause 6.2.3.3.2
*/
testcase TC_SECPKI_AA_AUTHVAL_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {} // End of testcase TC_SECPKI_AA_AUTHVAL_RCV_02_BI
} // End of group authorization_validation_response
} // End of group aa_beavior
group ca_behavior {
group ctl {
/**
* @desc Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* }
* Expected behaviour:
* ensure that {
* when {
* the RootCA is triggered to add new EA certificate (CERT_EA) in the CTL
* }
* then {
* the IUT issue a new CTL of type CtlFormat
* containing isFullCtl
* indicating TRUE
* and containing ctlCommands
* containing CtlCommand
* containing add
* containing ea
* containing eaCertificate
* indicating CERT_EA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP RCA_CTLGEN_01_BV
* @reference ETSI TS 102 941, clause 6.3.2 and 6.3.4
*/
testcase TC_RCA_CTLGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Headers v_headers;
var HttpMessage v_response;
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp_ca();
// Test adapter configuration
// Preamble
f_init_default_headers_list(PICS_HEADER_CTL_CONTENT_TYPE, "ca_request", v_headers);
action("The RootCA is triggered to add new EA certificate (CERT_EA) in the CTL");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI_CTL,
v_headers
)));
tc_ac.start;
alt {
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload
),
mw_signerIdentifier_digest
))))))) -> value v_response {
var ToBeSignedRcaCtl v_to_be_signed_rca_ctl;
tc_ac.stop;
if (f_verify_rca_ctl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_ctl(v_to_be_signed_rca_ctl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[PICS_MULTIPLE_END_POINT] httpCaPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload
),
mw_signerIdentifier_digest
))))))) -> value v_response {
var ToBeSignedRcaCtl v_to_be_signed_rca_ctl;
tc_ac.stop;
if (f_verify_rca_ctl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_ctl(v_to_be_signed_rca_ctl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_ca();
} // End of testcase TC_RCA_CTLGEN_01_BV
testcase TC_RCA_CTLGEN_xx_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var ToBeSignedRcaCtl v_ctl;
var Headers v_headers;
var HttpMessage v_response;
// Test component configuration
f_cfHttpUp_ca();
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp_ca();
// Test adapter configuration
/*{
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var ToBeSignedRcaCtl p_to_be_signed_rca_ctl;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_request_hash;
var Oct16 v_aes_enc_key;
var bitstring v_tbs;
f_build_dc_ctl(
"CERT_IUT_A_RCA", "CERT_TS_A_AA", "CERT_TS_A_EA",
p_to_be_signed_rca_ctl
);
f_sign_dc_ctl("CERT_IUT_A_RCA", p_to_be_signed_rca_ctl, v_ieee1609dot2_signed_and_encrypted_data);
v_tbs := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("############# ", bit2oct(v_tbs));
setverdict(inconc);
stop;
}*/
// Preamble
f_init_default_headers_list(PICS_HEADER_CTL_CONTENT_TYPE, "tlm_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
if (f_await_dc_request_send_response("CERT_IUT_A_RCA", "CERT_TS_A_AA", "CERT_TS_A_EA", v_ctl)) {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl sent ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to send CTL to the IUT ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_cfHttpDown_ca();
} // End of testcase TC_RCA_CTLGEN_xx_BV
} // End of group ctl
group crl {
/**
* @desc Check that the RootCA generates the CRL signed with appropriate certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* }
* Expected behaviour:
* ensure that {
* when {
* the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list
* }
* then {
* the IUT issue a new CRL of type ToBeSignedCrl
* containing emtries
* containing item of type CrlEntry
* indicating HashedId8 of CERT_CA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP RCA_CRLGEN_01_BV
* @reference ETSI TS 102 941, clause 6.3.3
*/
testcase TC_RCA_CRLGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Headers v_headers;
var HttpMessage v_response;
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp_ca();
// Test adapter configuration
// Preamble
f_init_default_headers_list(PICS_HEADER_CRL_CONTENT_TYPE, "ca_request", v_headers);
action("the RootCA is triggered to generate new CRL");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI_CRL,
v_headers
)));
tc_ac.start;
alt {
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData( mw_signedDataPayload ),
mw_signerIdentifier_digest
))))))) -> value v_response {
var ToBeSignedCrl v_to_be_signed_crl;
tc_ac.stop;
if (f_verify_rca_crl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_crl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_crl(v_to_be_signed_crl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedCrl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[PICS_MULTIPLE_END_POINT] httpCaPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData( mw_signedDataPayload ),
mw_signerIdentifier_digest
))))))) -> value v_response {
var ToBeSignedCrl v_to_be_signed_crl;
tc_ac.stop;
if (f_verify_rca_crl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_crl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_crl(v_to_be_signed_crl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedCrl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_ca();
} // End of testcase TC_RCA_CRLGEN_01_BV
} // End of group crl
} // End of group ca_behavior
group tlm_behavior {
group ctl {
/**
* @desc Check that the TLM generates the ECTL when new RootCA is about to be added
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* }
* Expected behaviour:
* ensure that {
* when {
* the TLM is triggered to add new RootCA certificate (CERT_RCA) in the CTL
* }
* then {
* the IUT issue a new CTL of type CtlFormat
* containing isFullCtl
* indicating TRUE
* and containing ctlCommands
* containing CtlCommand
* containing add
* containing rca
* containing selfsignedRootCa
* indicating CERT_RCA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP TLM_ECTLGEN_01_BV
* @reference ETSI TS 102 941, clause 6.3.1
*/
testcase TC_TLM_ECTLGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var Headers v_headers;
var HttpMessage v_response;
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp_tlm();
// Test adapter configuration
// Preamble
f_init_default_headers_list(PICS_HEADER_CTL_CONTENT_TYPE, "tlm_request", v_headers);
action("The TLM is triggered to add new RootCA certificate (CERT_RCA) in the CTL");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_http_send(
v_headers,
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI_ECTL,
v_headers
)));
tc_ac.start;
alt {
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData( mw_signedDataPayload ),
- // Certificate or HasedId8
))))))) -> value v_response {
var ToBeSignedTlmCtl v_to_be_signed_tlm_ectl;
tc_ac.stop;
// FIXME Can not verify signature, to be checked
if (f_verify_tlm_ectl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, false, v_to_be_signed_tlm_ectl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_ectl(v_to_be_signed_tlm_ectl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[PICS_MULTIPLE_END_POINT] httpTlmPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData( mw_signedDataPayload ),
- // Certificate or HasedId8
))))))) -> value v_response {
var ToBeSignedTlmCtl v_to_be_signed_tlm_ectl;
tc_ac.stop;
// FIXME Can not verify signature, to be checked
if (f_verify_tlm_ectl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, false, v_to_be_signed_tlm_ectl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_ectl(v_to_be_signed_tlm_ectl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown_tlm();
} // End of testcase TC_TLM_ECTLGEN_01_BV
} // End of group ctl
} // End of group tlm_behavior
YannGarcia
committed
13910
13911
13912
13913
13914
13915
13916
13917
13918
13919
13920
13921
13922
13923
13924
13925
13926
13927
13928
13929
13930
13931
13932
13933
13934
13935
13936
13937
13938
13939
13940
13941
13942
13943
13944
13945
13946
13947
13948
13949
13950
13951
13952
13953
13954
13955
13956
13957
13958
13959
13960
13961
13962
13963
13964
13965
13966
13967
13968
13969
13970
13971
13972
13973
13974
13975
13976
13977
13978
13979
13980
13981
13982
13983
13984
13985
13986
13987
13988
13989
13990
13991
13992
13993
13994
13995
13996
13997
13998
13999
14000
group cpoc_behavior {
/**
* @desc Check that the TLM CTL is published and accessible when issued
* <pre>
* Pics Selection:
* Initial conditions:
* the TLM issued a new CTL
* }
* Expected behaviour:
* ensure that {
* when {
* the ITS-S asked the IUT for the newly issued CTL
* }
* then {
* the IUT is answered with this CTL
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 TP SECPKI_CPOC_LISTDIST_01_BV
* @reference ETSI TS 102 941, Clauses 6.3.2 and 6.3.3
*/
testcase TC_SECPKI_CPOC_LISTDIST_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variable
var Headers v_headers;
var HttpMessage v_response;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "cpoc_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI_ECTL,
v_headers
)));
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload
)
))))))) -> value v_response {
var ToBeSignedTlmCtl v_to_be_signed_tlm_ectl;
tc_ac.stop;
// FIXME Can not verify signature, to be checked
if (f_verify_tlm_ectl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, false, v_to_be_signed_tlm_ectl) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify ECTL message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
if (f_verify_full_ectl(v_to_be_signed_tlm_ectl) == true) {
log("*** " & testcasename() & ": PASS: ToBeSignedTlmCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[PICS_MULTIPLE_END_POINT] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload
)
))))))) -> value v_response {
var ToBeSignedTlmCtl v_to_be_signed_tlm_ectl;