ItsPkiItss_TestCases.ttcn

        function f_TC_SECPKI_ITSS_AUTH_10_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_10_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_10_BV_pki: v_response: ", v_response); 
                            
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;

                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");

                if(ispresent(v_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions)){
                  if (not(ispresent(v_inner_at_request.sharedAtRequest.requestedSubjectAttributes.certIssuePermissions))) {
                    v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                    if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                      v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                    } else {
                      v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                    }
                    infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                  } else {
                    log("*** " & testcasename() & ": FAIL: certIssuePermissions are present ***");
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                  }
              } else {
                log("*** " & testcasename() & ": FAIL: Can't parse authorization request ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }}}

            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_10_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_10_BV   

      /**
       * @desc Check that ITS-S sends Authorization request containing EC signature
       *       Check that the EC signature of the Authorization request contains valid hash algorithm
       *       Check that the ecSignature DataHash is calculated over the sharedATRequest
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
       *	                containing EtsiTs102941Data
       *		                 containing authorizationRequest
       *			                  containing ecSignature
       *                           containing structure of type EtsiTs103097Data-SignedExternalPayload
       *                              containing hashId
       *                                 indicating supported hash algorithm (HASH_ALG)
       *                               and containing tbsData
       *                                  containing payload
       *                                     containing extDataHash
       *					                              indicating hash of sharedATRequest using HASH_ALG
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_11_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
       testcase TC_SECPKI_ITSS_AUTH_11_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_11_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_11_BV
      
      group f_TC_SECPKI_ITSS_AUTH_11_BV {
   
        function f_TC_SECPKI_ITSS_AUTH_11_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcRequest v_inner_ec_request;
          var InnerEcResponse v_inner_ec_response;
          var template (omit) EtsiTs103097Certificate v_ec_cert := omit;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_AT,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              var Ieee1609Dot2Data v_ieee1609dot2_data_ecsig;
              var octetstring v_hash_shared_at_request;
              var Ieee1609Dot2Data v_ieee1609dot2_data;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_ec_cert, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_11_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_11_BV_pki: v_response: ", v_response);
              
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;

                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }

                if (not match(v_inner_at_request.ecSignature, mw_ec_signature_ext_payload)){
                  log("*** " & testcasename() & ": FAIL: SignedExternalPayload does not exist ***");
                  log("*** " & testcasename() & ": FAIL:     ", match(v_inner_at_request.ecSignature, mw_ec_signature_ext_payload));
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                v_ieee1609dot2_data_ecsig := v_inner_at_request.ecSignature.ecSignature;

                if(not(ispresent(v_ieee1609dot2_data_ecsig.content.signedData.hashId))){   
                  log("*** " & testcasename() & ": FAIL: AT request shall contain hashId ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }  

                if(not(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.payload))) {
                  log("*** " & testcasename() & ": FAIL: AT request shall contain tbsData ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                } 

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.payload.extDataHash)) {
                  var HashAlgorithm hash := v_ieee1609dot2_data_ecsig.content.signedData.hashId;
                  
                  if (hash == sha256) {
                    // Calculate the hash of the SharedAtRequest
                    v_hash_shared_at_request := f_hashWithSha256(bit2oct(encvalue(v_inner_at_request.sharedAtRequest)));
                    if(match(v_ieee1609dot2_data.content.signedData.tbsData.payload.extDataHash.sha256HashedData, v_hash_shared_at_request)){
                      infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                      f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                    }
                  } else if (hash == sha384) {
                    // Calculate the hash of the SharedAtRequest
                    v_hash_shared_at_request := f_hashWithSha384(bit2oct(encvalue(v_inner_at_request.sharedAtRequest)));
                    if(match(v_ieee1609dot2_data.content.signedData.tbsData.payload.extDataHash.sha384HashedData, v_hash_shared_at_request)){
                      infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                      f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                } else {
                      log("*** " & testcasename() & ": FAIL: AT request shall contain extDataHash ***");
                      f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                  }
              } else {
                log("*** " & testcasename() & ": FAIL: Can't parse authorization request ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }}}}
    
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_11_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_11_BV 

            /**
       * @desc Check that the ecSignature psid is set to the proper ITS_AID
       *       Check that the ecSignature generation time is present
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
       *	                containing EtsiTs102941Data
       *		                 containing authorizationRequest
       *			                  containing ecSignature
       *                            containing structure of type EtsiTs103097Data-SignedExternalPayload
       *                                containing tbsData
       *                                    containing headerInfo
       *                                        containing psid
       *                                            indicating AID_PKI_CERT_REQUEST
       *                                         and containing generationTime
       *					                               and not containing any other headers
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_12_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_12_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_12_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_12_BV

      group f_TC_SECPKI_ITSS_AUTH_12_BV {

        function f_TC_SECPKI_ITSS_AUTH_12_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              var Ieee1609Dot2Data v_ieee1609dot2_data_ecsig;
              var octetstring v_hash_shared_at_request;
              var Ieee1609Dot2Data v_ieee1609dot2_data;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_12_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_12_BV_pki: v_response: ", v_response);
    
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;
                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }

                if(not(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo))) {
                  log("*** " & testcasename() & ": FAIL: AT request shall contain headerInfo ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(not(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.psid))) {
                  log("*** " & testcasename() & ": FAIL: AT request shall contain psid ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(not(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.generationTime))) {
                    log("*** " & testcasename() & ": FAIL: AT request shall contain generationTime ***");
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.expiryTime)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain expiryTime ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.generationLocation)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain generationLocation ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.p2pcdLearningRequest)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain p2pcdLearningRequest ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.missingCrlIdentifier)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain missingCrlIdentifier ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.encryptionKey)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain encryptionKey ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.inlineP2pcdRequest)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain inlineP2pcdRequest ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.requestedCertificate)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain requestedCertificate ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.pduFunctionalType)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain pduFunctionalType ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                if(ispresent(v_ieee1609dot2_data.content.signedData.tbsData.headerInfo.contributedExtensions)){
                  log("*** " & testcasename() & ": FAIL: AT request shall not contain contributedExtensions ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                }

                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                log("*** " & testcasename() & ": PASS: InnerATRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Can't parse authorization request ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }}

            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_12_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_12_BV

      /**
       * @desc Check that ITS-S sends Authorization request containing EC signature
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
       *	                containing EtsiTs102941Data
       *		                 containing authorizationRequest
       *			                  containing ecSignature
       *                           containing structure of type EtsiTs103097Data-SignedExternalPayload
       *                              containing hashId
       *                                 indicating supported hash algorithm (HASH_ALG)
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_13_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
       testcase TC_SECPKI_ITSS_AUTH_13_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_11_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_13_BV

      /**
       * @desc Check that the ecSignature of the Authorization request is signed with EC certificate
       *        Check that the signature over tbsData computed using the private key corresponding to
       *        the EC's verification public key.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT is enrolled with CERT_EC certificate
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                containing EtsiTs102941Data
       *                  containing authorizationRequest
       *                    containing ecSignature
       *                      containing structure of type EtsiTs103097Data-SignedExternalPayload
       *                        containing signer
       *                          indicating HashedId8 of the CERT_EC certificate
       *                        containing signature
       *                          indicating signature over sharedATRequest calculated with CERT_EC verificationKey 
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_14_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_14_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_14_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
      }  // End of testcase TC_SECPKI_ITSS_AUTH_14_BV

      group f_TC_SECPKI_ITSS_AUTH_14_BV {

        function f_TC_SECPKI_ITSS_AUTH_14_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_AT,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              var boolean v_contains_ecsignature;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss_for_ecSignature(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result, v_contains_ecsignature);
              log("f_TC_SECPKI_ITSS_AUTH__BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
              
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;

                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }
                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_14_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_14_BV

      /**
       * @desc Check that the encrypted ecSignature of the Authorization request is encrypted using the EA encryptionKey
       *        Check that the encrypted ecSignature of the Authorization request was done from the 
       *          EtsiTs103097Data-SignedExternalPayload structure
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE, PICS_SECPKI_AUTHORIZATION and PICS_SECPKI_AUTH_PRIVACY
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         and the AA in 'operational' state
       *         and the EA in 'operational' state
       *         authorized with CERT_EA certificate
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                containing EtsiTs102941Data
       *                  containing authorizationRequest
       *                    containing ecSignature
       *                      containing encryptedEcSignature
       *                        containing recipients
       *                        containing only one element of type RecipientInfo
       *                          containing certRecipInfo
       *                            containing recipientId
       *                              indicating HashedId8 of the CERT_EA
       *                            and containing encKey
       *                              indicating encryption key of supported type
       *                       and containing cyphertext
       *                        containing encrypted representation of structure EtsiTs103097Data-SignedExternalPayload
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_15_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_15_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION or not PICS_SECPKI_AUTH_PRIVACY) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE, PICS_SECPKI_AUTHORIZATION and PICS_SECPKI_AUTH_PRIVACY are required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_15_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
      }

      group f_TC_SECPKI_ITSS_AUTH_15_BV {

        function f_TC_SECPKI_ITSS_AUTH_15_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;


          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_AT,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              var boolean v_contains_ecsignature;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss_for_encrypted_ecSignature(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH__BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
              
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;

                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }
                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify AT an AuthorizationRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_15_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_15_BV

      /**
       * @desc Check that the ecSignature of the Authorization request is not encrypted
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE, PICS_SECPKI_AUTHORIZATION and not PICS_SECPKI_AUTH_PRIVACY
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                containing EtsiTs102941Data
       *                  containing authorizationRequest
       *                    containing ecSignature
       *                      containing ecSignature
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_16_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_16_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION or PICS_SECPKI_AUTH_PRIVACY) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_16_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
      }  // End of testcase TC_SECPKI_ITSS_AUTH_16_BV

      group f_TC_SECPKI_ITSS_AUTH_16_BV {

        function f_TC_SECPKI_ITSS_AUTH_16_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;


          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_AT,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              var boolean v_contains_ecsignature;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss_for_ecSignature(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result, v_contains_ecsignature);
              log("f_TC_SECPKI_ITSS_AUTH__BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
              
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0 and v_contains_ecsignature == true) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;

                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }
                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify AT an AuthorizationRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }