ItsPki_TestCases.ttcn

          }
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_AT,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;
                
                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }
                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_01_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *             authorized with CERT_AA certificate
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData.recipients
       *                     indicating size 1
       *                     and containing the instance of RecipientInfo
       *                         containing certRecipInfo
       *                             containing recipientId
       *                                 indicating HashedId8 of the CERT_AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_AUTH_02_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_02_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *             authorized with AA certificate
       *                 containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData
       *                     containing ciphertext
       *                         containing data
       *                             encrypted using AA_ENC_PUB_KEY
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_AUTH_03_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_03_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData
       *                     containing ciphertext.aes128ccm.nonce
       *                         indicating value not equal to the nonce in N previous messages
       *                 and containing recipients[0].certRecipInfo.encKey
       *                     containing encrypted symmetric key (S_KEY)
       *                         indicating symmetric key not equal to the key was used in N previous messages
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_AUTH_04_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_04_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_04_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_04_BV
      
      group f_TC_SECPKI_ITSS_AUTH_04_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest := int2oct(0, 8);
          var EtsiTs103097Certificate v_certificate;
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // First enrolment
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate) {
              tc_ac.stop;

              if (PX_TRIGGER_EC_BEFORE_AT) {
                f_sendUtTriggerEnrolmentRequestPrimitive();
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          // N authorization
          for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
            f_sendUtTriggerAuthorizationRequestPrimitive();
            f_sleep(PX_RE_AUTHORIZATION_DELAY);
          } // End of 'for' statement
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var integer v_counter := 0;
          var Headers v_headers;
          var HttpMessage v_request;
          var HttpMessage v_response;
          var InnerAtRequest v_inner_at_request;
          var ListOfPublicVerificationKey v_generated_keys;
          var integer v_result;
          
          // Test component configuration
          f_cfHttpUp();
          
          // Test adapter configuration
          
          // Preamble
          /*f_init_default_headers_list(-, "inner_at_response", v_headers);
          // Wait for the first enrolment response
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_request.headers, v_inner_at_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                v_counter := v_counter + 1;
                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_request.headers, v_inner_at_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***");
                if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) {
                  v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                  v_counter := v_counter + 1;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              if (v_counter == PX_RE_AUTHORIZATION_COUNTER) {
                log("*** " & testcasename() & ": PASS: InnerAtRequest received with different key pairs ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
          } // End of 'alt' statement
          */
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_04_BV
      
      /**
       * @desc Check that the Authozation request protocol version is set to 1.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing version
       *                     indicating value 1
       *                 and containing content
       *                     containing autihorizationRequest
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.1 SECPKI_ITSS_AUTH_05_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_05_BV
      
    } // End of group itss_authorization_request
    
    group itss_authorization_response {
      // Void
    } // End of group itss_authorization_response
    
    group itss_authorization_request_repetition {

      /**
       * @desc Check that IUT repeats an authorization request when response has not been received
       * <pre>
       * Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
       * Initial conditions: {
       *     the IUT being in the 'enrolled' state
       *     and the IUT already sent the Authorization Request at the time T1
       *     and the IUT has not yet received the Authorization Response
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT local time is reached the T1 + PIXIT_AUTH_TIMEOUT_TH1 
       *         }
       *         then {
       *             the IUT sends to EA an AuthorizationRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_01_BV
       * @reference ETSI TS 103 601, clause 5.2
       */
      testcase TC_SECPKI_ITSS_AUTH_REP_01_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_REP_01_BV
      
      group f_TC_SECPKI_ITSS_AUTH_REP_01_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_REP_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          var InfoPortData            v_info_port_data;
          var boolean                 v_start_awaiting := false;
          
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            } // End of 'alt' statement
          
          // Test Body
          f_sendUtTriggerAuthorizationRequestPrimitive();
          tc_ac.start;
          alt {
            [v_start_awaiting == true] a_await_cam_with_current_cert(
                                                                     v_info_port_data.at_certificate
            ) {
              log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
            [] geoNetworkingPort.receive { 
              log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
              log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
              v_start_awaiting := true;
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_01_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_REP_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            f_await_ec_request_send_error_response(v_request);
            log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
          }
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          // Wait for the repetition
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;
                
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }
                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_01_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_REP_01_BV
      
      /**
       * @desc Check that IUT uses the same message to perform authorization retry
       * <pre>
       * Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
       * Initial conditions: {
       *     the IUT being in the 'enrolled' state
       *     and the IUT already sent the Authorization Request at the time T1
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to re-send an AuthorizationRequestMessage to AA
       *         }
       *         then {
       *             the IUT sends M to AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_02_BV
       * @reference ETSI TS 103 601, clause 5.1.2
       */
      testcase TC_SECPKI_ITSS_AUTH_REP_02_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_02_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_02_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_REP_02_BV
      
      group f_TC_SECPKI_ITSS_AUTH_REP_02_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_REP_02_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          var InfoPortData            v_info_port_data;
          var boolean                 v_start_awaiting := false;
          
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            } // End of 'alt' statement
          
          // Test Body
          f_sendUtTriggerAuthorizationRequestPrimitive();
          tc_ac.start;
          alt {
            [v_start_awaiting == true] a_await_cam_with_current_cert(
                                                                     v_info_port_data.at_certificate
            ) {
              log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
            [] geoNetworkingPort.receive { 
              log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
              log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
              v_start_awaiting := true;
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_02_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_REP_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_initial_request;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            f_await_ec_request_send_error_response(v_initial_request);
            log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
          }
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          // Wait for the repetition
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }
          
          // Test Body
          if (f_verify_repeated_request(v_request, v_initial_request) == false) {
            log("*** " & testcasename() & ": FAIL: Repeatition request are different ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          } else {
            log("*** " & testcasename() & ": PASS: Repeatition request are different ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          }
          // Postamble
          // Process the next request
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;
                
                log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }
                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": INCONC: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_02_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_REP_02_BV
      
      /**
       * @desc Check that IUT stops sending the Authorization Request message if Authorization Response message has been received
       * <pre>
       * Pics Selection: PICS_SECPKI_AUTHORIZATION_RETRY
       * Initial conditions: {
       *     the IUT being in the 'enrolled' state
       *     and the IUT has sent the Authorization Request more than 1 time
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an Authorization Response
       *         }
       *         then {
       *             the IUT stops sending Authorization Requests to AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_AUTH_REP_03_BV
       * @reference ETSI TS 103 601, clause 5.1.2
       */
      testcase TC_SECPKI_ITSS_AUTH_REP_03_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_REP_03_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_REP_03_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_REP_03_BV
      
      group f_TC_SECPKI_ITSS_AUTH_REP_03_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          var InfoPortData            v_info_port_data;
          var boolean                 v_start_awaiting := false;
          
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            } // End of 'alt' statement
          
          // Test Body
          f_sendUtTriggerAuthorizationRequestPrimitive();
          tc_ac.start;
          alt {
            [v_start_awaiting == true] a_await_cam_with_current_cert(
                                                                     v_info_port_data.at_certificate
            ) {
              log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
            [] geoNetworkingPort.receive { 
              log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
              log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
              v_start_awaiting := true;
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_REP_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_initial_request;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            f_await_ec_request_send_error_response(v_initial_request);
            log("*** " & testcasename() & ": INFO: Reply with 400 Bad Request error message ***");
          }
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);