Newer
Older
YannGarcia
committed
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating value 3
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_01_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
YannGarcia
committed
// Postamble
f_disconnect4SelfOrClientSync();
YannGarcia
committed
} // End of testcase TC_SECPKI_CA_CERTGEN_01_BV
YannGarcia
committed
/**
* @desc Check that the issuing certificate has type explicit
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_A_RCA)
YannGarcia
committed
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating value 3
* and containing type
* indicating 'explicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* and containing signature
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_02_BV_01
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_02_BV_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BV_01
/**
* @desc Check that the CA, been authorized using explicit certificate, is able to issue an implicit certificate
YannGarcia
committed
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES
YannGarcia
committed
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_A_RCA)
* }
* Expected behaviour:
* ensure that {
* when {
YannGarcia
committed
* the CA is requested to issue the implicit certificate
YannGarcia
committed
* this certificate is of type EtsiTs103097Certificate
YannGarcia
committed
* indicating value 3
* and containing type
* indicating 'implicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing reconstructionValue
* and not containing signature
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_02_BV_02
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_02_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) or not(PICS_SEC_IMPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, true, true, true) == false) { // implicit, reconstructionKey and no signature
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BV_02
/**
* @desc Check that the CA, been authorized using explicit certificate, is able to issue an implicit certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_I_AA)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the implicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating value 3
* and containing type
* indicating 'implicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing reconstructionValue
* and not containing signature
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_02_BV_03
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
testcase TC_SECPKI_CA_CERTGEN_02_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) or not(PICS_SEC_IMPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate("CERT_IUT_I_AA", -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate("CERT_IUT_I_AA", v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BV_03
YannGarcia
committed
/**
* @desc Check that the CA, been authorized using implicit certificate, does not issue an explicit certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_I_AA)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* the CA doesn’t issue the certificate
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_02_BO_01
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
testcase TC_SECPKI_CA_CERTGEN_02_BO_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) or not(PICS_SEC_IMPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
YannGarcia
committed
// Test Body
v_result := f_get_root_ca_certificate("CERT_IUT_I_AA", true, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": PASS: No root certificate was generated ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": FAIL: Root certificate shall not be generated ***");
YannGarcia
committed
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
YannGarcia
committed
// Postamble
f_disconnect4SelfOrClientSync();
YannGarcia
committed
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BO_01
YannGarcia
committed
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
/**
* @desc Check that CA issues certificate conformed to ETSI TS 103 097 [1], clause 6
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_I_AA)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBesigned
* containing id
* indicating 'none' or 'name'
* and containing cracaId
* indicating '000000'H
* and containing crlSeries
* indicating '0'D
* and not containing certRequestPermissions
* and not containing canRequestRollover
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_03_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
*/
testcase TC_SECPKI_CA_CERTGEN_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate("CERT_IUT_I_AA", -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate("CERT_IUT_I_AA", v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_03_BV
YannGarcia
committed
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
/**
* @desc Check that the certificate issuer of certificates is referenced using digest
* Check that right digest field is used to reference to the certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (C_ISSUER)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* containing self
* or containing X_DIGEST
* indicating last 8 bytes of the hash of the certificate calculated using X_ALGORITHM
* referenced to certificate
* and containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_04_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
*/
testcase TC_SECPKI_CA_CERTGEN_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var charstring v_authorized_certificate;
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_SHA256 and not PICS_SEC_BRAINPOOL_P256R1 and not PICS_SEC_BRAINPOOL_P384R1) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and (PICS_SEC_SHA256 or PICS_SEC_BRAINPOOL_P256R1 or PICS_SEC_BRAINPOOL_P384R1 required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_authorized_certificate := "CERT_IUT_I_AA";
v_result := f_get_root_ca_certificate(v_authorized_certificate, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(v_authorized_certificate, v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_04_BV
YannGarcia
committed
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
/**
* @desc Check that the CA is able to issue the certificate with the well-formed circular region validity restriction
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_CIRCULAR_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing circular region restriction
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing circularRegion
* containing center
* indicating a point inside the REGION
* and containing radius
* indicating a value when all points of the circle are inside the REGION
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_05_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.20, 6.4.17, 5.1.2.4
*/
testcase TC_SECPKI_CA_CERTGEN_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_CIRCULAR_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_CIRCULAR_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_05_BV
YannGarcia
committed
6558
6559
6560
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
/**
* @desc Check that the CA is able to issue the certificate with the well-formed rectangular region validity restriction
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_RECTANGULAR_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing rectangular region restriction
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing items of type RectangularRegion
* containing northwest
* indicating a point inside the REGION
* and containing southeast
* indicating a point on the south and east from northwest
* and inside the REGION
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_06_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.20, 6.4.17, 5.1.2.4
*/
testcase TC_SECPKI_CA_CERTGEN_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_RECTANGULAR_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_RECTANGULAR_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_06_BV
YannGarcia
committed
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
/**
* @desc Check that the CA is able to issue the certificate with the well-formed polygonal region validity restriction
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_POLYGONAL_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing polygonal region restriction
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing more than 2 items of type TwoDLocation
* indicating points inside the REGION
* and indicating unintercepting segments
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_07_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.20, 6.4.17, 5.1.2.4
*/
testcase TC_SECPKI_CA_CERTGEN_07_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_POLYGONAL_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_POLYGONAL_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_07_BV
YannGarcia
committed
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
/**
* @desc Check that the CA is able to issue the certificate with identified region validity restriction contains values that correspond to numeric country codes as defined by United Nations Statistics Division [5]
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_IDENTIFIED_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing identified region validity restriction
* indicating country or area COUNTRY
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing identifiedRegion
* containing 1 entry of type IdentifiedRegion
* containing countryOnly
* indicating integer representation of the identifier of country or area COUNTRY
* or containing countryAndRegions
* containing countryOnly
* indicating integer representation of the identifier of country or area COUNTRY
* or containing countryAndSubregions
* containing country
* indicating integer representation of the identifier of country or area COUNTRY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_08_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.23
*/
testcase TC_SECPKI_CA_CERTGEN_08_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_IDENTIFIED_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_IDENTIFIED_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_08_BV
YannGarcia
committed
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
/**
* @desc Check that the identified region validity restriction of the subordinate certificate is included in the identified region validity restriction of the issuing certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_IDENTIFIED_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* containing identifiedRegion
* containing countryOnly
* indicating COUNTRY
* or containing countryAndRegions
* containing countryOnly
* indicating COUNTRY
* and containing regions
* indicating REGIONS
* or containing countryAndSubregions
* containing country
* indicating COUNTRY
* and containing regionAndSubregions
* indicating REGIONS and SUBREGIONS
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing identifiedRegion
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing identifiedRegion
* containing countryOnly
* indicating value = COUNTRY
* or containing countryAndRegions
* containing countryOnly
* indicating value = COUNTRY
* and containing regions
* containing region identifiers contained in REGIONS
* or containing countryAndSubregions
* containing country
* indicating value = COUNTRY
* and containing regionAndSubregions
* containing region identifiers contained in REGIONS
* and containing subRegion identifiers contained in SUBREGIONS for every region
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_09_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.17, 5.1.2.4
*/
testcase TC_SECPKI_CA_CERTGEN_09_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_IDENTIFIED_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_IDENTIFIED_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_09_BV
YannGarcia
committed
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
/**
* @desc Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing signature
* containing X_SIGNATURE
* containing rSig
* containing x-only
* or containing compressed-y-0
* or containing compressed-y-1
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_10_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [3], clause 6.3.29, 6.3.30, 6.3.31
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_10_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) and not PICS_SEC_SHA256 and not PICS_SEC_BRAINPOOL_P256R1 and not PICS_SEC_BRAINPOOL_P384R1) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and (PICS_SEC_SHA256 or PICS_SEC_BRAINPOOL_P256R1 or PICS_SEC_BRAINPOOL_P384R1 required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_10_BV
/**
* @desc Check that the certificate verification key contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 or uncompressed
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* containing x-only
* or containing compressed-y-0
* or containing compressed-y-1
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v2.0.1 SECPKI_CA_CERTGEN_11_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [3], clause 6.3.38
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_11_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) and not PICS_SEC_SHA256 and not PICS_SEC_BRAINPOOL_P256R1 and not PICS_SEC_BRAINPOOL_P384R1) {