Skip to content
ItsPki_TestCases.ttcn 792 KiB
Newer Older
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          
          // Wait for the repetition
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              
              tc_ac.stop;

              // Verify IUT response
              if (f_verify_repeated_request(v_request, v_initial_request) == false) {
                log("*** " & testcasename() & ": FAIL: Repeatition request are different ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              } else {
                f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
                // Send response
                if (isvalue(v_response)) {
                  httpPort.send(v_response);
                }
                // Set verdict
                if (v_result == 0) {
                  var octetstring v_msg;
                  var octetstring v_hashed_id8;
                  
                  log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                  v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                  if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                    v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                  } else {
                    v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                  }
                  infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_REP_03_BV
      
      /**
       * @desc Check that IUT stops sending the Authorization Request message if maximum number of retry has been reached
       * <pre>
       * Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
       * Initial conditions: {
       *     the IUT being in the 'enrolled' state
       *     and the IUT has sent the Authorization Request
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT sent the PIXIT_AUTH_MAX_N1 Authorization Request messages
       *         }
       *         then {
       *             the IUT stops sending Authorization Requests
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_04_BV
       * @reference ETSI TS 103 601, clause 5.1.2
       */
      testcase TC_SECPKI_ITSS_AUTH_REP_04_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_04_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_04_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_REP_04_BV
      
      group f_TC_SECPKI_ITSS_AUTH_REP_04_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          var InfoPortData            v_info_port_data;
          var boolean                 v_start_awaiting := false;
          
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            } // End of 'alt' statement
          
          // Test Body
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_initial_request;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          
          // Test adapter configuration
          
          // Preamble
          for (var integer v_i := 0; v_i < PX_AUTH_MAX_N1; v_i := v_i + 1) {
            if (PX_TRIGGER_EC_BEFORE_AT) {
              f_await_ec_request_send_error_response(v_initial_request);
              log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
            }
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          } // End of 'for' staement
          
          // Do not expect any repetition
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment not expected due to number of error ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": INCONC: No more enrolment request done ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_04_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_REP_04_BV
      
    } // End of group itss_authorization_request_repetition
    
    group itss_ctl_handling {
      
      /**
       * @desc Check that the IUT trust the new RCA from the received ECTL
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT does not trust the CERT_RCA_NEW
       *     the IUT has received the TLM CTL
       *         containing the CERT_RCA_NEW
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT received a CAM
       *                 signed with AT certificate
       *                     signed with AA certificate
       *                         signed with CERT_RCA_NEW
       *         }
       *         then {
       *             the IUT accepts this CAM
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_01_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_01_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_cpoc;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp03(v_itss, v_cpoc);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_01_BV_itss());
        v_cpoc.start(f_TC_SECPKI_ITSS_CTL_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown03(v_itss, v_cpoc);
        
      } // End of testcase TC_SECPKI_ITSS_CTL_01_BV
      
      group f_TC_SECPKI_ITSS_CTL_01_BV {
        
        function f_TC_SECPKI_ITSS_CTL_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var GeoNetworkingPdu v_securedGnPdu;
          var integer i;
          
        // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData
                                                                                               )))) {
              tc_ac.stop;
              
              f_sendUtTriggerUpdateEctl(""); // FIXME Create PIXIT for ETCL URI
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_new);
          // Check that the CAM message is forwarde to Facilies layer
          f_sleep(PX_TAC);
          for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
            // empty on purpose 
          }
          if(i < lengthof(vc_utInds)) {
            log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          } else {
            log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }
          
          // Postamble
          f_cfDown_itss();
          
        } // End of function f_TC_SECPKI_ITSS_CTL_01_BV_itss

        function f_TC_SECPKI_ITSS_CTL_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var HttpMessage v_response;
          var Headers v_headers;

          // Test component configuration
          f_cfHttpUp_tlm();
          
          // Test adapter configuration
          
          // Preamble
          tc_ac.start;
          alt {
            [] a_await_cpoc_http_request_from_iut(
                                                  mw_http_request(
                                                                  mw_http_request_get(
                                                                                      PICS_HTTP_GET_URI_TLM
                                                                                      )),
                                                  v_response
                                                  ) {
              var HashedId8 v_rca_hashed_id8; // Used for signature
              var Oct32 v_rca_private_key;
              var EtsiTs103097Certificate v_rca_new; // The CERT_RCA_NEW
              var bitstring v_enc_msg;
              var ToBeSignedData v_tbs;
              var bitstring v_tbs_enc;
              var Oct32 v_tbs_signed;
              var Signature v_signature;
              var Ieee1609Dot2Data v_ieee1609dot2_signed_data;

              tc_ac.stop;

              // Read certificates
              f_getCertificateHash(PICS_IUT_CA_CERTIFICATE_ID, v_rca_hashed_id8);
              f_readSigningKey(PICS_IUT_CA_CERTIFICATE_ID, v_rca_private_key);
              f_readCertificate(cc_ectl_rca_new, v_rca_new);
              // Build the ToBeSignedTlmCtl data structure
              v_enc_msg := encvalue(
                                    valueof(
                                            m_to_be_signed_tlm_full_ctl(
                                                                        f_getCurrentTime() / 1000 + 3600,
                                                                        10,
                                                                        {
                                                                          m_ctrl_command_add(
                                                                                             m_ctl_entry_rca(
                                                                                                             m_root_ca_entry(
                                                                                                                             v_rca_new
                                                                                                                             )))
                                                                          }
                                                                        )));
              v_tbs := valueof(
                               m_toBeSignedData(
                                                m_signedDataPayload(
                                                                    m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
                                                                    ),
                                                m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
                                                ));
              v_tbs_enc := encvalue(v_tbs);
              // Sign the certificate
              v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_rca_hashed_id8, v_rca_private_key);
              v_signature := valueof(
                                     m_signature_ecdsaNistP256(
                                                               m_ecdsaP256Signature(
                                                                                    m_eccP256CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 32)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 32, 32)
                                                                                    )));
              log(testcasename() & ": v_signature= ", v_signature);
              v_ieee1609dot2_signed_data := valueof(
                                                    m_etsiTs103097Data_signed(
                                                                              m_signedData(
                                                                                           sha256,
                                                                                           v_tbs,
                                                                                           m_signerIdentifier_digest(v_rca_hashed_id8),
                                                                                           v_signature
                                                                                           )));
              // Send response with CERT_RCA_NEW
              f_init_default_headers_list(-, "tlm_ectl", v_headers);
              f_http_send(
                          v_headers,
                          m_http_response(
                                          m_http_response_ok(
                                                             m_http_message_body_binary(
                                                                                        m_binary_body_ieee1609dot2_data(
                                                                                                                        v_ieee1609dot2_signed_data
                                                                                                                        )),
                                                             v_headers
                                                             )));
              
              log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          
          // Postamble
          f_cfHttpDown_tlm();
        } // End of function f_TC_SECPKI_ITSS_CTL_01_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_CTL_01_BV

      /**
       * @desc Check that the IUT untrust the RCA when it is deleted from ECTL
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT does not trust the CERT_RCA
       *     the IUT has received the TLM CTL
       *         not containing the CERT_RCA
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT received a CAM
       *                 signed with AT certificate
       *                     signed with AA certificate
       *                         signed with CERT_RCA
       *         }
       *         then {
       *             the IUT rejects this CAM
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_02_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_02_BV() runs on ItsPkiItss system ItsPkiItssSystem {
        // Local variables
        var GeoNetworkingPdu v_securedGnPdu;
        var integer i;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfUp_itss();
        
        // Test adapter configuration
        
        // Preamble
        geoNetworkingPort.clear;
        tc_ac.start;
        alt {
          [] geoNetworkingPort.receive(
                                       mw_geoNwInd(
                                                   mw_geoNwSecPdu(
                                                                  mw_etsiTs103097Data_signed(
                                                                                             mw_signedData
                                                                                             )))) {
            tc_ac.stop;
            
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Test Body
        v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_untrust);
        // Check that the CAM message is forwarde to Facilies layer
        f_sleep(PX_TAC);
        for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
          // empty on purpose 
        }
        if(i < lengthof(vc_utInds)) {
          log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
        } else {
          log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
        }

        // Postamble
        f_cfDown_itss();

      } // End of testcase TC_SECPKI_ITSS_CTL_02_BV

      /**
       * @desc Check that the IUT trust the AA when it is received in RCA CTL
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT is trusting the CERT_AA_NEW
       *     the IUT has received the RCA CTL
       *         containing the CERT_AA_NEW
       *         and signed by CERT_RCA
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT received a CAM
       *                 signed with AT certificate
       *                     signed with AA_NEW certificate
       *         }
       *         then {
       *             the IUT accepts this CAM
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_03_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_03_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_dc;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp04(v_itss, v_dc);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_03_BV_itss());
        v_dc.start(f_TC_SECPKI_ITSS_CTL_03_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown04(v_itss, v_dc);
        
      } // End of testcase TC_SECPKI_ITSS_CTL_03_BV
      
      group f_TC_SECPKI_ITSS_CTL_03_BV {
        
        function f_TC_SECPKI_ITSS_CTL_03_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var GeoNetworkingPdu v_securedGnPdu;
          var integer i;
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData
                                                                                               )))) {
              tc_ac.stop;
              
              f_sendUtTriggerRequestForRcaCtl(""); // FIXME Create PIXIT for RCA DC
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          v_securedGnPdu := f_sendSecuredCam(cc_ectl_aa_new);
          // Check that the CAM message is forwarde to Facilies layer
          f_sleep(PX_TAC);
          for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
            // empty on purpose 
          }
          if(i < lengthof(vc_utInds)) {
            log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          } else {
            log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_CTL_03_BV_itss
        
        function f_TC_SECPKI_ITSS_CTL_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var HttpMessage v_response;
          var Headers v_headers;

          // Test component configuration
          f_cfHttpUp_ca();
          
          // Test adapter configuration
          
          // Preamble
          tc_ac.start;
          alt {
            [] a_await_dc_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_get(
                                                                                    PICS_HTTP_GET_URI_DC
                                                                                    )),
                                                v_response
                                                ) {
              var HashedId8 v_aa_hashed_id8; // Used for signature
              var Oct32 v_aa_private_key;
              var EtsiTs103097Certificate v_aa_new; // The CERT_AA_NEW
              var bitstring v_enc_msg;
              var ToBeSignedData v_tbs;
              var bitstring v_tbs_enc;
              var Oct32 v_tbs_signed;
              var Signature v_signature;
              var Ieee1609Dot2Data v_ieee1609dot2_signed_data;

              tc_ac.stop;

              // Read certificates
              f_getCertificateHash("CERT_IUT_AA", v_aa_hashed_id8);
              f_readSigningKey("CERT_IUT_AA", v_aa_private_key);
              f_readCertificate(cc_ectl_aa_new, v_aa_new);
              // Build the ToBeSignedRcaCtl data structure
              v_enc_msg := encvalue(
                                    valueof(
                                            m_to_be_signed_rca_full_ctl(
                                                                        f_getCurrentTime() / 1000 + 3600,
                                                                        10,
                                                                        {
                                                                          m_ctrl_command_add(
                                                                                             m_ctl_entry_aa(
                                                                                                            m_aa_entry(
                                                                                                                       v_aa_new,
                                                                                                                       "" // FIXME PICS_AA_ENTRY_URL
                                                                                                                       )))
                                                                          }
                                                                        )));
              v_tbs := valueof(
                               m_toBeSignedData(
                                                m_signedDataPayload(
                                                                    m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
                                                                    ),
                                                m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
                                                ));
              v_tbs_enc := encvalue(v_tbs);
              // Sign the certificate
              v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_aa_hashed_id8, v_aa_private_key);
              v_signature := valueof(
                                     m_signature_ecdsaNistP256(
                                                               m_ecdsaP256Signature(
                                                                                    m_eccP256CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 32)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 32, 32)
                                                                                    )));
              log(testcasename() & ": v_signature= ", v_signature);
              v_ieee1609dot2_signed_data := valueof(
                                                    m_etsiTs103097Data_signed(
                                                                              m_signedData(
                                                                                           sha256,
                                                                                           v_tbs,
                                                                                           m_signerIdentifier_digest(v_aa_hashed_id8),
                                                                                           v_signature
                                                                                           )));
              // Send response with CERT_AA_NEW
              f_init_default_headers_list(-, "ca_request", v_headers);
              f_http_send(
                          v_headers,
                          m_http_response(
                                          m_http_response_ok(
                                                             m_http_message_body_binary(
                                                                                        m_binary_body_ieee1609dot2_data(
                                                                                                                        v_ieee1609dot2_signed_data
                                                                                                                        )),
                                                             v_headers
                                                             )));
              
              log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          
          // Postamble
          f_cfHttpDown_ca();
        } // End of function f_TC_SECPKI_ITSS_CTL_03_BV_pki

      } // End of group f_TC_SECPKI_ITSS_CTL_03_BV
      
      /**
       * @desc Check that the IUT requests new ECTL when current one is expired
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT already downloaded the TLM CTL
       *         containing nextUpdate
       *             indicating timestamp T1
       *         and containing CPOC URL
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the T1 < CURRENT TIME
       *         }
       *         then {
       *             the IUT sends a request to the CPOC for a new CTL
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_04_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_04_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_tlm;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp03(v_itss, v_tlm);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_04_BV_itss());
        v_tlm.start(f_TC_SECPKI_ITSS_CTL_04_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown03(v_itss, v_tlm);
        
      } // End of testcase TC_SECPKI_ITSS_CTL_04_BV
      
      group f_TC_SECPKI_ITSS_CTL_04_BV {
        
        function f_TC_SECPKI_ITSS_CTL_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var GeoNetworkingPdu v_securedGnPdu;
          var integer i;
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData
                                                                                               )))) {
              tc_ac.stop;
              
              f_sendUtTriggerRequestForRcaCtl(""); // FIXME Create PIXIT for RCA DC
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          log("*** " & testcasename() & ": PASS: Trigger was sent ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);

          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_CTL_04_BV_itss
        
        function f_TC_SECPKI_ITSS_CTL_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variables
          var Headers v_headers;
          var HttpMessage v_response;
          var float v_t1 := 30.0; // nextUpdate expiry in second
                                  // := (f_getCurrentTime()/* - 1072915200000*/) / 1000; // nextUpdate expiry in second
          
          // Test component configuration
          f_cfHttpUp_tlm();
        
          // Test adapter configuration
        
          // Preamble
          f_init_default_headers_list(PICS_HEADER_CTL_CONTENT_TYPE, "tlm_request", v_headers);
          tc_ac.start;
          alt {
            [] a_await_cpoc_http_request_from_iut(
                                                  mw_http_request(
                                                                  mw_http_request_get(
                                                                                      PICS_HTTP_GET_URI_TLM
                                                                                      )),
                                                  v_response
                                                  ) {
              var HashedId8 v_rca_hashed_id8; // Used for signature
              var Oct32 v_rca_private_key;
              var EtsiTs103097Certificate v_rca_new; // The CERT_RCA_NEW
              var bitstring v_enc_msg;
              var ToBeSignedData v_tbs;
              var bitstring v_tbs_enc;
              var Oct32 v_tbs_signed;
              var Signature v_signature;
              var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
              
              tc_ac.stop;
              
              // Read certificates
              f_getCertificateHash(PICS_IUT_CA_CERTIFICATE_ID, v_rca_hashed_id8);
              f_readSigningKey(PICS_IUT_CA_CERTIFICATE_ID, v_rca_private_key);
              f_readCertificate(cc_ectl_rca_new, v_rca_new);
              // Build the ToBeSignedTlmCtl data structure
              v_enc_msg := encvalue(
                                    valueof(
                                            m_to_be_signed_tlm_full_ctl(
                                                                        f_getCurrentTime() / 1000 + 30,
                                                                        10,
                                                                        {
                                                                          m_ctrl_command_add(
                                                                                             m_ctl_entry_rca(
                                                                                                             m_root_ca_entry(
                                                                                                                             v_rca_new
                                                                                                                             )))
                                                                          }
                                                                        )));
              v_tbs := valueof(
                               m_toBeSignedData(
                                                m_signedDataPayload(
                                                                    m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
                                                                    ),
                                                m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
                                                ));
              v_tbs_enc := encvalue(v_tbs);
              // Sign the certificate
              v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_rca_hashed_id8, v_rca_private_key);
              v_signature := valueof(
                                     m_signature_ecdsaNistP256(
                                                               m_ecdsaP256Signature(
                                                                                    m_eccP256CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 32)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 32, 32)
                                                                                    )));
              log(testcasename() & ": v_signature= ", v_signature);
              v_ieee1609dot2_signed_data := valueof(
                                                    m_etsiTs103097Data_signed(
                                                                              m_signedData(
                                                                                           sha256,
                                                                                           v_tbs,
                                                                                           m_signerIdentifier_digest(v_rca_hashed_id8),
                                                                                           v_signature
                                                                                           )));
              // Send response with CERT_RCA_NEW
              f_init_default_headers_list(-, "tlm_ectl", v_headers);
              f_http_send(
                          v_headers,
                          m_http_response(
                                          m_http_response_ok(
                                                             m_http_message_body_binary(
                                                                                        m_binary_body_ieee1609dot2_data(
                                                                                                                        v_ieee1609dot2_signed_data
                                                                                                                        )),
                                                             v_headers
                                                             )));
              
              log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          tc_wait.start(v_t1);
          alt {
            [] a_await_cpoc_http_request_from_iut(
                                                  mw_http_request(
                                                                  mw_http_request_get(
                                                                                      PICS_HTTP_GET_URI_TLM
                                                                                      )),
                                                  v_response
                                                  ) {
              tc_wait.stop;
              
              // TODO Send an error response (400 Bad request?)
              log("*** " & testcasename() & ": FAIL: ITSS TLM CTL request received before the tiemer expiry ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
            }
            [] tc_wait.timeout {
              log("*** " & testcasename() & ": PASS: No ITSS TLM CTL request done before the timer expiry ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
          } // End of 'alt' statement

          // TODO Wait for the request after timer expiry
          
          // Postamble
          f_cfHttpDown_tlm();
          
        } // End of testcase TC_SECPKI_ITSS_CTL_04_BV
        
      } // End of group f_TC_SECPKI_ITSS_CTL_04_BV
      
      /**
       * @desc Check that the IUT requests new RCA CTL when current one is expired
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT already downloaded the RCA CTL
       *         containing nextUpdate
       *             indicating timestamp T1
       *         and containing RCA DC URL
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the T1 < CURRENT TIME
       *         }
       *         then {
       *             the IUT sends a request to the RCA DC for a new CTL
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_05_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_05_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_dc;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp04(v_itss, v_dc);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_05_BV_itss());