ItsPkiItss_TestCases.ttcn

          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              tc_ac.start; // TDOD To refined, use altstep
              alt {
                [] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
                  tc_ac.stop;
                  log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
                }
                [] tc_ac.timeout {
                  log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
                }
              } // End of 'alt' statement
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
          } // End of 'alt' statement

          // Test Body
          f_sendUtTriggerAuthorizationRequestPrimitive(); // TODO FSCOM Add BFK mode
          tc_ac.start;
          alt {
            [v_start_awaiting == true] a_await_cam_with_current_cert(
                                                                     v_info_port_data.at_certificate
            ) {
              log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
            [] geoNetworkingPort.receive { 
              log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
              log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
              v_start_awaiting := true;
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_itss

        function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
            log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          } else {
            log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_ec_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                                             { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                             mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                             )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var EeRaCertRequest v_bfk_authorization_request;
              var RaEeCertInfo v_bfk_authorization_response;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_bfk_authorization_request(v_request.request, v_headers, v_inner_ec_response.certificate, v_bfk_authorization_request, v_bfk_authorization_response, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              } else { // Send HTTP error 500
                f_send_500_Internal_Error(v_headers);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_BFK_AUTH_04_BV_pki

      } // End of group f_TC_SECPKI_ITSS_BFK_AUTH_04_BV

     /**
       * @desc Check that IUT downloads the AT certificates batch after receiving of positive ButterflyAuthorizationResponse message
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SEC_BFK_AUTH
       * Initial conditions: 
       *     with {
       *         the IUT being in the 'enrolled' state
       *         and the EA in 'operational' state
       *         and the IUT has sent the ButterflyAuthorizationRequestMessage
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EtsiTs102941Data as an answer of the EA
       *                 containing butterflyAuthorizationResponse
       *                     indicating RaEeCertInfo
       *                         containing generationTime
       *                             indicating GEN_TIME
       *                         and containing currentI
       *                             indicating VALUE_I
       *                         and containing requestHash
       *                             indicating REQ_HASH
       *                         and containing nextDlTime
       *                             indicating time between GEN_TIME and current time 
       *         }
       *         then {
       *             the IUT send the ButterflyAtDownloadRequestMessage
       *                 containing butterflyAtDownloadRequest
       *                     indicating EeRaDownloadRequest
       *                         containing generationTime
       *                             indicating value more than GEN_TIME
       *                         and containing filename
       *                             indicating string REQ_HASH + “_” + VALUE_I + “.zip”
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_BFK_CERTDNL_01_BV
       * @reference ETSI TS 102 941 [1], clauses 6.2.3.5.3 and 6.2.3.5.6
       */
      testcase TC_SECPKI_ITSS_BFK_CERTDNL_01_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SEC_BFK_AUTH) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT or PICS_SEC_BFK_AUTH required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start components
        v_itss.start(TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss());
        v_ea.start(TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_BFK_CERTDNL_01_BV

      group f_TC_SECPKI_ITSS_BFK_CERTDNL_01_BV {

        function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // FIXME TODO
        } // End of function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_itss

        function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // FIXME TODO
        } // End of function TC_SECPKI_ITSS_BFK_CERTDNL_01_BV_pki

      } // End of group f_TC_SECPKI_ITSS_BFK_CERTDNL_01_BV

    } // End of group itss_authorization_request_bfk

    // ETSI TS 103 525-2 V2.0.2 (2023-07) Clause 5.2.4  CTL handling
    group itss_ctl_handling {

      /**
       * @desc Check that the IUT trust the new RCA from the received ECTL
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT does not trust the CERT_RCA_NEW
       *     the IUT has received the TLM CTL
       *         containing the CERT_RCA_NEW
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT received a CAM
       *                 signed with AT certificate
       *                     signed with AA certificate
       *                         signed with CERT_RCA_NEW
       *         }
       *         then {
       *             the IUT accepts this CAM
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_01_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_01_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_cpoc;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp03(v_itss, v_cpoc);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_01_BV_itss());
        v_cpoc.start(f_TC_SECPKI_ITSS_CTL_01_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown03(v_itss, v_cpoc);

      } // End of testcase TC_SECPKI_ITSS_CTL_01_BV

      group f_TC_SECPKI_ITSS_CTL_01_BV {

        function f_TC_SECPKI_ITSS_CTL_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var GeoNetworkingPdu v_securedGnPdu;
          var integer i;

          // Test component configuration
          f_cfUp_itss();

          // Test adapter configuration

          // Preamble
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData
                                                                                               )))) {
              tc_ac.stop;

              f_sendUtTriggerUpdateEctl(""); // FIXME Create PIXIT for ETCL URI
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } // End of 'alt' statement

          // Test Body
          v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_new);
          // Check that the CAM message is forwarde to Facilies layer
          f_sleep(PX_TAC);
          for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
            // empty on purpose 
          }
          if(i < lengthof(vc_utInds)) {
            log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          } else {
            log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }

          // Postamble
          f_cfDown_itss();

        } // End of function f_TC_SECPKI_ITSS_CTL_01_BV_itss

        function f_TC_SECPKI_ITSS_CTL_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var HttpMessage v_response;
          var Headers v_headers;

          // Test component configuration
          f_cfHttpUp_tlm();

          // Test adapter configuration

          // Preamble
          tc_ac.start;
          alt {
            [] a_await_cpoc_http_request_from_iut(
                                                  mw_http_request(
                                                                  mw_http_request_get(
                                                                                      PICS_HTTP_GET_URI_TLM
                                                                                      )),
                                                  v_response
                                                  ) {
              var HashedId8 v_rca_hashed_id8; // Used for signature
              var Oct32 v_rca_private_key;
              var EtsiTs103097Certificate v_rca_new; // The CERT_RCA_NEW
              var bitstring v_enc_msg;
              var ToBeSignedData v_tbs;
              var bitstring v_tbs_enc;
              var Oct32 v_tbs_signed;
              var Signature v_signature;
              var Ieee1609Dot2Data v_ieee1609dot2_signed_data;

              tc_ac.stop;

              // Read certificates
              f_getCertificateHash(PICS_IUT_CA_CERTIFICATE_ID, v_rca_hashed_id8);
              f_readSigningKey(PICS_IUT_CA_CERTIFICATE_ID, v_rca_private_key);
              f_readCertificate(cc_ectl_rca_new, v_rca_new);
              // Build the ToBeSignedTlmCtl data structure
              v_enc_msg := encvalue(
                                    valueof(
                                            m_to_be_signed_tlm_full_ctl(
                                                                        f_getCurrentTime() / 1000 + 3600,
                                                                        10,
                                                                        {
                                                                          m_ctrl_command_add(
                                                                                             m_ctl_entry_rca(
                                                                                                             m_root_ca_entry(
                                                                                                                             v_rca_new
                                                                                                                             )))
                                                                          }
                                                                        )));
              v_tbs := valueof(
                               m_toBeSignedData(
                                                m_signedDataPayload(
                                                                    m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
                                                                    ),
                                                m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
                                                ));
              v_tbs_enc := encvalue(v_tbs);
              // Sign the certificate
              v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_rca_hashed_id8, v_rca_private_key);
              v_signature := valueof(
                                     m_signature_ecdsaNistP256(
                                                               m_ecdsaP256Signature(
                                                                                    m_eccP256CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 32)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 32, 32)
                                                                                    )));
              log(testcasename() & ": v_signature= ", v_signature);
              v_ieee1609dot2_signed_data := valueof(
                                                    m_etsiTs103097Data_signed(
                                                                              m_signedData(
                                                                                           sha256,
                                                                                           v_tbs,
                                                                                           m_signerIdentifier_digest(v_rca_hashed_id8),
                                                                                           v_signature
                                                                                           )));
              // Send response with CERT_RCA_NEW
              f_init_default_headers_list(-, "tlm_ectl", v_headers);
              f_http_send(
                          v_headers,
                          m_http_response(
                                          m_http_response_ok(
                                                             m_http_message_body_binary(
                                                                                        m_binary_body_ieee1609dot2_data(
                                                                                                                        v_ieee1609dot2_signed_data
                                                                                                                        )),
                                                             v_headers
                                                             )));

              log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement

          // Test Body
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);

          // Postamble
          f_cfHttpDown_tlm();
        } // End of function f_TC_SECPKI_ITSS_CTL_01_BV_pki

      } // End of group f_TC_SECPKI_ITSS_CTL_01_BV

      /**
       * @desc Check that the IUT untrust the RCA when it is deleted from ECTL
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT does not trust the CERT_RCA
       *     the IUT has received the TLM CTL
       *         not containing the CERT_RCA
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT received a CAM
       *                 signed with AT certificate
       *                     signed with AA certificate
       *                         signed with CERT_RCA
       *         }
       *         then {
       *             the IUT rejects this CAM
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_02_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_02_BV() runs on ItsPkiItss system ItsPkiItssSystem {
        // Local variables
        var GeoNetworkingPdu v_securedGnPdu;
        var integer i;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfUp_itss();

        // Test adapter configuration

        // Preamble
        geoNetworkingPort.clear;
        tc_ac.start;
        alt {
          [] geoNetworkingPort.receive(
                                       mw_geoNwInd(
                                                   mw_geoNwSecPdu(
                                                                  mw_etsiTs103097Data_signed(
                                                                                             mw_signedData
                                                                                             )))) {
            tc_ac.stop;

            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
          }
        } // End of 'alt' statement

        // Test Body
        v_securedGnPdu := f_sendSecuredCam(cc_ectl_rca_untrust);
        // Check that the CAM message is forwarde to Facilies layer
        f_sleep(PX_TAC);
        for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
          // empty on purpose 
        }
        if(i < lengthof(vc_utInds)) {
          log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
        } else {
          log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
        }

        // Postamble
        f_cfDown_itss();

      } // End of testcase TC_SECPKI_ITSS_CTL_02_BV

      /**
       * @desc Check that the IUT trust the AA when it is received in RCA CTL
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT is trusting the CERT_AA_NEW
       *     the IUT has received the RCA CTL
       *         containing the CERT_AA_NEW
       *         and signed by CERT_RCA
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT received a CAM
       *                 signed with AT certificate
       *                     signed with AA_NEW certificate
       *         }
       *         then {
       *             the IUT accepts this CAM
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_03_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_03_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_dc;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp04(v_itss, v_dc);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_03_BV_itss());
        v_dc.start(f_TC_SECPKI_ITSS_CTL_03_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown04(v_itss, v_dc);

      } // End of testcase TC_SECPKI_ITSS_CTL_03_BV

      group f_TC_SECPKI_ITSS_CTL_03_BV {

        function f_TC_SECPKI_ITSS_CTL_03_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var GeoNetworkingPdu v_securedGnPdu;
          var integer i;

          // Test component configuration
          f_cfUp_itss();

          // Test adapter configuration

          // Preamble
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData
                                                                                               )))) {
              tc_ac.stop;

              f_sendUtTriggerRequestForRcaCtl(""); // FIXME Create PIXIT for RCA DC
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } // End of 'alt' statement

          // Test Body
          v_securedGnPdu := f_sendSecuredCam(cc_ectl_aa_new);
          // Check that the CAM message is forwarde to Facilies layer
          f_sleep(PX_TAC);
          for(i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, valueof(v_securedGnPdu.gnPacket.packet.payload)); i := i + 1) {
            // empty on purpose 
          }
          if(i < lengthof(vc_utInds)) {
            log("*** " & testcasename() & ": PASS: CA message was transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          } else {
            log("*** " & testcasename() & ": FAIL: CA message was not transmitted to upper layer ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }

          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_CTL_03_BV_itss

        function f_TC_SECPKI_ITSS_CTL_03_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var HttpMessage v_response;
          var Headers v_headers;

          // Test component configuration
          f_cfHttpUp_ca();

          // Test adapter configuration

          // Preamble
          tc_ac.start;
          alt {
            [] a_await_dc_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_get(
                                                                                    PICS_HTTP_GET_URI_DC
                                                                                    )),
                                                v_response
                                                ) {
              var HashedId8 v_aa_hashed_id8; // Used for signature
              var Oct32 v_aa_private_key;
              var EtsiTs103097Certificate v_aa_new; // The CERT_AA_NEW
              var bitstring v_enc_msg;
              var ToBeSignedData v_tbs;
              var bitstring v_tbs_enc;
              var Oct32 v_tbs_signed;
              var Signature v_signature;
              var Ieee1609Dot2Data v_ieee1609dot2_signed_data;

              tc_ac.stop;

              // Read certificates
              f_getCertificateHash("CERT_IUT_AA", v_aa_hashed_id8);
              f_readSigningKey("CERT_IUT_AA", v_aa_private_key);
              f_readCertificate(cc_ectl_aa_new, v_aa_new);
              // Build the ToBeSignedRcaCtl data structure
              v_enc_msg := encvalue(
                                    valueof(
                                            m_to_be_signed_rca_full_ctl(
                                                                        f_getCurrentTime() / 1000 + 3600,
                                                                        10,
                                                                        {
                                                                          m_ctrl_command_add(
                                                                                             m_ctl_entry_aa(
                                                                                                            m_aa_entry(
                                                                                                                       v_aa_new,
                                                                                                                       "" // FIXME PICS_AA_ENTRY_URL
                                                                                                                       )))
                                                                          }
                                                                        )));
              v_tbs := valueof(
                               m_toBeSignedData(
                                                m_signedDataPayload(
                                                                    m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
                                                                    ),
                                                m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
                                                ));
              v_tbs_enc := encvalue(v_tbs);
              // Sign the certificate
              v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_aa_hashed_id8, v_aa_private_key);
              v_signature := valueof(
                                     m_signature_ecdsaNistP256(
                                                               m_ecdsaP256Signature(
                                                                                    m_eccP256CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 32)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 32, 32)
                                                                                    )));
              log(testcasename() & ": v_signature= ", v_signature);
              v_ieee1609dot2_signed_data := valueof(
                                                    m_etsiTs103097Data_signed(
                                                                              m_signedData(
                                                                                           sha256,
                                                                                           v_tbs,
                                                                                           m_signerIdentifier_digest(v_aa_hashed_id8),
                                                                                           v_signature
                                                                                           )));
              // Send response with CERT_AA_NEW
              f_init_default_headers_list(-, "ca_request", v_headers);
              f_http_send(
                          v_headers,
                          m_http_response(
                                          m_http_response_ok(
                                                             m_http_message_body_binary(
                                                                                        m_binary_body_ieee1609dot2_data(
                                                                                                                        v_ieee1609dot2_signed_data
                                                                                                                        )),
                                                             v_headers
                                                             )));

              log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement

          // Test Body
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);

          // Postamble
          f_cfHttpDown_ca();
        } // End of function f_TC_SECPKI_ITSS_CTL_03_BV_pki

      } // End of group f_TC_SECPKI_ITSS_CTL_03_BV

      /**
       * @desc Check that the IUT requests new ECTL when current one is expired
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT already downloaded the TLM CTL
       *         containing nextUpdate
       *             indicating timestamp T1
       *         and containing CPOC URL
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the T1 < CURRENT TIME
       *         }
       *         then {
       *             the IUT sends a request to the CPOC for a new CTL
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_04_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_04_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_tlm;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp03(v_itss, v_tlm);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_04_BV_itss());
        v_tlm.start(f_TC_SECPKI_ITSS_CTL_04_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown03(v_itss, v_tlm);

      } // End of testcase TC_SECPKI_ITSS_CTL_04_BV

      group f_TC_SECPKI_ITSS_CTL_04_BV {

        function f_TC_SECPKI_ITSS_CTL_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var GeoNetworkingPdu v_securedGnPdu;
          var integer i;

          // Test component configuration
          f_cfUp_itss();

          // Test adapter configuration

          // Preamble
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData
                                                                                               )))) {
              tc_ac.stop;

              f_sendUtTriggerRequestForRcaCtl(""); // FIXME Create PIXIT for RCA DC
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } // End of 'alt' statement

          // Test Body
          log("*** " & testcasename() & ": PASS: Trigger was sent ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);

          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_CTL_04_BV_itss

        function f_TC_SECPKI_ITSS_CTL_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variables
          var Headers v_headers;
          var HttpMessage v_response;
          var float v_t1 := 30.0; // nextUpdate expiry in second
                                  // := (f_getCurrentTime()/* - 1072915200000*/) / 1000; // nextUpdate expiry in second

          // Test component configuration
          f_cfHttpUp_tlm();

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(PICS_HEADER_CTL_CONTENT_TYPE, "tlm_request", v_headers);
          tc_ac.start;
          alt {
            [] a_await_cpoc_http_request_from_iut(
                                                  mw_http_request(
                                                                  mw_http_request_get(
                                                                                      PICS_HTTP_GET_URI_TLM
                                                                                      )),
                                                  v_response
                                                  ) {
              var HashedId8 v_rca_hashed_id8; // Used for signature
              var Oct32 v_rca_private_key;
              var EtsiTs103097Certificate v_rca_new; // The CERT_RCA_NEW
              var bitstring v_enc_msg;
              var ToBeSignedData v_tbs;
              var bitstring v_tbs_enc;
              var Oct32 v_tbs_signed;
              var Signature v_signature;
              var Ieee1609Dot2Data v_ieee1609dot2_signed_data;

              tc_ac.stop;

              // Read certificates
              f_getCertificateHash(PICS_IUT_CA_CERTIFICATE_ID, v_rca_hashed_id8);
              f_readSigningKey(PICS_IUT_CA_CERTIFICATE_ID, v_rca_private_key);
              f_readCertificate(cc_ectl_rca_new, v_rca_new);
              // Build the ToBeSignedTlmCtl data structure
              v_enc_msg := encvalue(
                                    valueof(
                                            m_to_be_signed_tlm_full_ctl(
                                                                        f_getCurrentTime() / 1000 + 30,
                                                                        10,
                                                                        {
                                                                          m_ctrl_command_add(
                                                                                             m_ctl_entry_rca(
                                                                                                             m_root_ca_entry(
                                                                                                                             v_rca_new
                                                                                                                             )))
                                                                          }
                                                                        )));
              v_tbs := valueof(
                               m_toBeSignedData(
                                                m_signedDataPayload(
                                                                    m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
                                                                    ),
                                                m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
                                                ));
              v_tbs_enc := encvalue(v_tbs);
              // Sign the certificate
              v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_rca_hashed_id8, v_rca_private_key);
              v_signature := valueof(
                                     m_signature_ecdsaNistP256(
                                                               m_ecdsaP256Signature(
                                                                                    m_eccP256CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 32)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 32, 32)
                                                                                    )));
              log(testcasename() & ": v_signature= ", v_signature);
              v_ieee1609dot2_signed_data := valueof(
                                                    m_etsiTs103097Data_signed(
                                                                              m_signedData(
                                                                                           sha256,
                                                                                           v_tbs,
                                                                                           m_signerIdentifier_digest(v_rca_hashed_id8),
                                                                                           v_signature
                                                                                           )));
              // Send response with CERT_RCA_NEW
              f_init_default_headers_list(-, "tlm_ectl", v_headers);
              f_http_send(
                          v_headers,
                          m_http_response(
                                          m_http_response_ok(
                                                             m_http_message_body_binary(
                                                                                        m_binary_body_ieee1609dot2_data(
                                                                                                                        v_ieee1609dot2_signed_data
                                                                                                                        )),
                                                             v_headers
                                                             )));

              log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
            }
          } // End of 'alt' statement

          // Test Body
          tc_wait.start(v_t1);
          alt {
            [] a_await_cpoc_http_request_from_iut(
                                                  mw_http_request(
                                                                  mw_http_request_get(
                                                                                      PICS_HTTP_GET_URI_TLM
                                                                                      )),
                                                  v_response
                                                  ) {
              tc_wait.stop;

              // TODO Send an error response (400 Bad request?)
              log("*** " & testcasename() & ": FAIL: ITSS TLM CTL request received before the tiemer expiry ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
            }
            [] tc_wait.timeout {
              log("*** " & testcasename() & ": PASS: No ITSS TLM CTL request done before the timer expiry ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
          } // End of 'alt' statement

          // TODO Wait for the request after timer expiry

          // Postamble
          f_cfHttpDown_tlm();

        } // End of testcase TC_SECPKI_ITSS_CTL_04_BV

      } // End of group f_TC_SECPKI_ITSS_CTL_04_BV

      /**
       * @desc Check that the IUT requests new RCA CTL when current one is expired
       * <pre>
       * Pics Selection:
       * Initial conditions: {
       *     the IUT already downloaded the RCA CTL
       *         containing nextUpdate
       *             indicating timestamp T1
       *         and containing RCA DC URL
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the T1 < CURRENT TIME
       *         }
       *         then {
       *             the IUT sends a request to the RCA DC for a new CTL
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 TP SECPKI_ITSS_CTL_05_BV
       * @reference ETSI TS 102 941, clause 6.3.5
       */
      testcase TC_SECPKI_ITSS_CTL_05_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_dc;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp04(v_itss, v_dc);

        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_CTL_05_BV_itss());
        v_dc.start(f_TC_SECPKI_ITSS_CTL_05_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown04(v_itss, v_dc);

      } // End of testcase TC_SECPKI_ITSS_CTL_05_BV

      group f_TC_SECPKI_ITSS_CTL_05_BV {