Skip to content
ItsPki_TestCases.ttcn 1.06 MiB
Newer Older
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
          } // End of 'alt' statement
          */
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of group f_TC_SECPKI_ITSS_AUTH_04_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc Check that the Authozation request protocol version is set to 1.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing version
       *                     indicating value 1
       *                 and containing content
       *                     containing autihorizationRequest
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_05_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
      } // End of testcase TC_SECPKI_ITSS_AUTH_05_BV
4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618 4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 4647 4648 4649 4650 4651 4652 4653 4654 4655 4656 4657 4658 4659 4660 4661 4662 4663 4664 4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 4760 4761 4762 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818 4819 4820 4821 4822 4823 4824 4825 4826 4827 4828 4829 4830 4831 4832 4833 4834 4835 4836 4837 4838 4839 4840
      /**
       * @desc Check that for each authorization request the ITS-S generates a new verification key pair
       *       Check that for each authorization request the ITS-S generates a new encryption key pair
       *       Check that for each authorization request the ITS-S generates a new hmac-key
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
	     *	            containing EtsiTs102941Data
	     *		            containing authorizationRequest
	     *			            containing publicKeys
       *                    containing verificationKey
	     *					            indicating value not equal to the field verificationKey of N previous messages
	     *				            and not containing encryptionKey
	     *				            or containing encryptionKey
	     *					            indicating value not equal to the field encryptionKey of N previous messages
	     *			            and containing hmacKey
	     *				            indicating value not equal to the field hmacKey of N previous messages
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_06_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_06_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_06_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_06_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_06_BV

      group f_TC_SECPKI_ITSS_AUTH_06_BV {

        function f_TC_SECPKI_ITSS_AUTH_06_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest := int2oct(0, 8);
          var EtsiTs103097Certificate v_certificate;

          // Test component configuration
          f_cfUp_itss();

          // Test adapter configuration

          // Preamble
          // First enrolment
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate) {
              tc_ac.stop;

              if (PX_TRIGGER_EC_BEFORE_AT) {
                f_sendUtTriggerEnrolmentRequestPrimitive();
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement

          // Test Body
          // N authorization
          for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
            f_sendUtTriggerAuthorizationRequestPrimitive();
            f_sleep(PX_RE_AUTHORIZATION_DELAY);
          } // End of 'for' statement
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);

          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss

        function f_TC_SECPKI_ITSS_AUTH_06_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var integer v_counter := 0;
          var Headers v_headers;
          var HttpMessage v_request;
          var HttpMessage v_response;
          var InnerAtResponse v_inner_at_response;
          var ListOfPublicVerificationKey v_generated_keys;
          var ListOfPublicEncryptionKey v_enc_key;
          var ListofHmacKey v_hmac_key;
          var InnerAtRequest v_inner_at_request;
          var InnerEcResponse v_inner_ec_response;
          var integer v_result;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          // Wait for the first enrolment response
          tc_ac.start;
          for (var integer v_j := 0; v_j < PX_RE_AUTHORIZATION_COUNTER-1; v_j := v_j + 1) {
            alt {
              [] a_await_at_http_response_from_iut(
                                                  mw_http_request(
                                                                  mw_http_request_post(
                                                                                        PICS_HTTP_POST_URI_EC,
                                                                                        -,
                                                                                        mw_http_message_body_binary(
                                                                                                                    mw_binary_body_ieee1609dot2_data(
                                                                                                                                                    mw_enrolmentRequestMessage(
                                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                                { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                                mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                                )))))),
                                                  v_request
                                                  ) {
                tc_ac.stop;

                // Verify IUT response
                f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
                // Send response
                if (isvalue(v_response)) {
                  httpPort.send(v_response);
                }
                // Set verdict
                if (v_result == 0) {
                  v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                  v_enc_key[v_counter] := v_inner_at_request.publicKeys.encryptionKey;
                  v_hmac_key[v_counter] := v_inner_at_request.hmacKey
                  v_counter := v_counter + 1;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                }
              }
              [] tc_ac.timeout {
                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
              }
            }
          } // End of 'alt' statement

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***");
                if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) {
                  v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                }

                if(ispresent(v_inner_at_request.publicKeys.encryptionKey)){
                  log("*** " & testcasename() & ": LOG: ", match(v_enc_key, superset(v_inner_at_request.publicKeys.encryptionKey)), "***");
                  if (match(v_enc_key, superset(v_inner_at_request.publicKeys.encryptionKey))) {
                    v_enc_key[v_counter] := v_inner_at_request.publicKeys.encryptionKey;
                    f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                  } else {
                    log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                    f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                  }
                }

                log("*** " & testcasename() & ": LOG: ", match(v_hmac_key, superset(v_inner_at_request.hmacKey)), "***");
                if (match(v_hmac_key, superset(v_inner_at_request.hmacKey))) {
                  v_hmac_key[v_counter] := v_inner_at_request.hmacKey;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                }

                v_counter := v_counter + 1;

              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
                }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
                }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_06_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_06_BV

      /**
       * @desc Check that ITS-S sends Authorization request with a keyTag field computed as described in ETSI TS 102 941 [1], clause 6.2.3.3.1
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
       *	            containing EtsiTs102941Data
       *		            containing authorizationRequest
       *			            containing sharedAtRequest
       *                    containing keyTag
       *					            indicating properly calculated value
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_07_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_07_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_07_BV

      /**
       * @desc Check that ITS-S sends Authorization request with eaId of EA certificate
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT is enrolled by the EC, signed with the CERT EA certificate
       *         the IUT being in the "operational" state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
       *	                containing EtsiTs102941Data
       *		                 containing authorizationRequest
       *			                  containing sharedAtRequest
       *                          containing eaId
       *					                  indicating HashedId8 of CERT_ EA certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_08_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_08_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_08_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_08_BV

      group f_TC_SECPKI_ITSS_AUTH_08_BV {

        function f_TC_SECPKI_ITSS_AUTH_08_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
              
              var charstring v_ea_certificate_id := "CERT_TS_A_EA";
              var Oct32 v_hash;
              var HashedId8 v_ea_certificate_hashed_id8;

              f_getCertificateHash256(v_ea_certificate_id, v_hash);
              v_ea_certificate_hashed_id8 := f_hashedId8FromSha256(v_hash);
              log("*** " & testcasename() & ": DEBUG: v_ea_certificate_hashed_id8= ", v_ea_certificate_hashed_id8); 
                            
              if(ispresent(v_inner_at_request.sharedAtRequest.eaId)){
                if (match(v_inner_at_request.sharedAtRequest.eaId, v_ea_certificate_hashed_id8) == true) {
                  // Send response
                  if (isvalue(v_response)) {
                    httpPort.send(v_response);
                  }
                  // Set verdict
                  if (v_result == 0) {
                    var octetstring v_msg;
                    var octetstring v_hashed_id8;

                    log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                    v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                    if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                      v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                    } else {
                      v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                    }
                    infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                  } else {
                    log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                    }
                  }
                }
              }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_08_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_08_BV  

      /**
       * @desc Check that ITS-S sends Authorization request with the certificateFormat equal to 1
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
       *	                containing EtsiTs102941Data
       *		                 containing authorizationRequest
       *			                  containing sharedAtRequest
       *                          containing certificateFormat
       *					                     indicating 1
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_09_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_09_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_09_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_08_BV

      group f_TC_SECPKI_ITSS_AUTH_09_BV {

        function f_TC_SECPKI_ITSS_AUTH_09_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
                            
              if(ispresent(v_inner_at_request.sharedAtRequest.certificateFormat)){
                if (v_inner_at_request.sharedAtRequest.certificateFormat == 1) {
                  // Send response
                  if (isvalue(v_response)) {
                    httpPort.send(v_response);
                  }
                  // Set verdict
                  if (v_result == 0) {
                    var octetstring v_msg;
                    var octetstring v_hashed_id8;

                    log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                    v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                    if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                      v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                    } else {
                      v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                    }
                    infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                  } else {
                    log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                    }
                  }
                }
              }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_09_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_09_BV  

      /**
       * @desc Check that ITS-S sends Authorization request certificate attributes are properly set
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends a EtsiTs103097Data to the AA
       *	              containing EtsiTs102941Data
       *		               containing authorizationRequest
       *			                containing sharedAtRequest
       *                          containing requestedSubjectAttributes
       *					                   containing appPermissions
       *                             and not containing certIssuePermissions
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_10_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_10_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_10_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_AUTH_08_BV

      group f_TC_SECPKI_ITSS_AUTH_10_BV {

        function f_TC_SECPKI_ITSS_AUTH_10_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response); 
                            
              if(ispresent(v_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions)){
                if (not(ispresent(v_inner_at_request.sharedAtRequest.requestedSubjectAttributes.certIssuePermissions))) {
                  // Send response
                  if (isvalue(v_response)) {
                    httpPort.send(v_response);
                  }
                  // Set verdict
                  if (v_result == 0) {
                    var octetstring v_msg;
                    var octetstring v_hashed_id8;

                    log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                    v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                    if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                      v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                    } else {
                      v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                    }
                    infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                  } else {
                    log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                    f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
                    }
                  }
                }
              }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_10_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_10_BV   
      /**
       * @desc Check that the ecSignature of the Authorization request is signed with EC certificate
       *        Check that the signature over tbsData computed using the private key corresponding to
       *        the EC's verification public key.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT is enrolled with CERT_EC certificate
       *         and the AA in 'operational' state
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to request new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                containing EtsiTs102941Data
       *                  containing authorizationRequest
       *                    containing ecSignature
       *                      containing structure of type EtsiTs103097Data-SignedExternalPayload
       *                        containing signer
       *                          indicating HashedId8 of the CERT_EC certificate
       *                        containing signature
       *                          indicating signature over sharedATRequest calculated with CERT_EC verificationKey 
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v2.0.1 SECPKI_ITSS_AUTH_14_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_14_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;

        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }

        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_14_BV_pki());

        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});

        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
      }  // End of testcase TC_SECPKI_ITSS_AUTH_14_BV

      group f_TC_SECPKI_ITSS_AUTH_14_BV {

        function f_TC_SECPKI_ITSS_AUTH_14_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;
          var InnerEcRequest v_inner_ec_request;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

          // Test adapter configuration

          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_request, v_inner_ec_response, v_request) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }

          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_AT,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_aaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              var InnerAtResponse v_inner_at_response;
              var boolean v_contains_ecsignature;

              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss_for_ecSignature(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result, v_contains_ecsignature);
              log("f_TC_SECPKI_ITSS_AUTH__BV_pki: v_result: ", v_result);
              log("f_TC_SECPKI_ITSS_AUTH_01_BV_pki: v_response: ", v_response);
              
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                var octetstring v_msg;
                var octetstring v_hashed_id8;

                log("*** " & testcasename() & ": PASS: InnerAtResponse received ***");
                v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
                if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
                  v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
                } else {
                  v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
                }
                infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement

          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_14_BV_pki

      } // End of group f_TC_SECPKI_ITSS_AUTH_14_BV

      /**
       * @desc Check that the ecSignature of the Authorization request is not encrypted
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT in 'enrolled' state