Skip to content
ItsPki_TestCases.ttcn 861 KiB
Newer Older
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          f_cfUp_itss();
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } 
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          // Re-enrolment
          for (var integer v_i := 0; v_i < PX_RE_ENROLMENT_COUNTER; v_i := v_i + 1) {
            f_sendUtTriggerEnrolmentRequestPrimitive();
            f_sleep(PX_RE_ENROLMENT_DELAY);
          } // End of 'for' statement
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] tc_noac.timeout {
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_06_BV_itss
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_06_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var integer v_counter := 0;
          var Headers v_headers;
          var HttpMessage v_request;
          var HttpMessage v_response;
          var InnerEcRequest v_inner_ec_request;
          var InnerEcResponse v_inner_ec_response;
          var ListOfPublicVerificationKey v_generated_keys;
          var integer v_result;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          f_cfHttpUp();
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          // Wait for the first enrolment response
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                v_generated_keys[v_counter] := v_inner_ec_request.publicKeys.verificationKey;
                v_counter := v_counter + 1;
                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                              mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                                v_request
                                                ) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_ec_request.publicKeys.verificationKey)), "***");
                if (match(v_generated_keys, superset(v_inner_ec_request.publicKeys.verificationKey)) == true) {
                  v_generated_keys[v_counter] := v_inner_ec_request.publicKeys.verificationKey;
                  v_counter := v_counter + 1;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              if (v_counter == PX_RE_ENROLMENT_COUNTER) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received with different key pairs ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_06_BV_pki
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of f_TC_SECPKI_ITSS_ENR_06_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc Within the InnerECRequest, the requestedSubjectAttributes shall not contain a certIssuePermissions field.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing requestedSubjectAttributes
       *                                     not containing certIssuePermissions 
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_07_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_07_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_public_key_x;
        var Oct32      v_public_key_y;
        var Oct32      v_public_compressed_key;
        var integer    v_compressed_mode;
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of TC_SECPKI_ITSS_ENR_07_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc In the headerInfo of the tbsData of the InnerECRequestSignedForPOP all other components 
       *       of the component tbsdata.headerInfo except generationTime and psid are not used and absent. 
       *       The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and 
       *       the generationTime shall be present.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing headerInfo
       *                                     containing psid
       *                                         indicating AID_CERT_REQ
       *                                     and containing generationTime
       *                                     and not containing any other component of tbsdata.headerInfo
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_08_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_08_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of TC_SECPKI_ITSS_ENR_08_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc In the headerInfo of the tbsData of the outer EtsiTs102941Data-Signed all other components 
       *       of the component tbsdata.headerInfo except generationTime and psid are not used and absent. 
       *       The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and 
       *       the generationTime shall be present.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing headerInfo
       *                                     containing psid
       *                                         indicating AID_CERT_REQ
       *                                     and containing generationTime
       *                                     and not containing any other component of tbsdata.headerInfo
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_09_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_09_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of TC_SECPKI_ITSS_ENR_09_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc The EtsiTs103097Data-Encrypted containing the correctly encrypted ciphertext and a recipients 
       *       component containing one instance of RecipientInfo of choice certRecipInfo containing the 
       *       hashedId8 of the EA certificate in recipientId and the encrypted data encryption key in encKey. 
       *       The data encryption key is encrypted using the public key found in the EA certificate referenced 
       *       in the recipientId.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing recipients
       *                     containing exactly one instance of RecipientInfo of choice certRecipInfo
       *                         containing recipientId
       *                             indicating the hashedId8
       *                                 referencing to the EA certificate
       *                                     containing encryptionKey (KEY)
       *                      and containing encKey
       *                          being a symmetric key (SYMKEY) encrypted using the key KEY
       *                  containing ciphertext
       *                      which is encrypted using the symmetric key SYMKEY contained in encKey
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_10_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_10_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of TC_SECPKI_ITSS_ENR_10_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc In the inner signed data structure (InnerECRequestSignedForPOP), the signature is computed 
       *       on InnerECRequest with the private key corresponding to the new verificationKey to prove 
       *       possession of the generated verification key pair.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing InnerEcRequest
       *                                     containing verificationKey (VKEY)
       *                              containing signature
       *                                  computed on InnerECRequest
       *                                      using the private key corresponding to VKEY
       *                                          contained in InnerECRequest
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_11_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_11_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of TC_SECPKI_ITSS_ENR_11_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc Check that signing of Enrolment HttpRequest message is permitted by the EC certificate.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing signer
       *                         containing digest
       *                             indicating HashedId8 of the EC certificate
       *                                 containing appPermissions
       *                                     containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version) 
       *                                                 indicating 1
       *                                             containing opaque[1] (value) 
       *                                                 indicating "Enrolment Request" (bit 1) set to 1
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_12_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_12_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_REENROLMENT ) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_03_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_03_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of TC_SECPKI_ITSS_ENR_12_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
    } // End of group itss_enrolment_request
ASN.1 Documenter's avatar
ASN.1 Documenter committed
    group itss_enrolment_response {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc If an enrolment request fails, the IUT returns to the state 'initialized'.
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *             and the EnrolmentResponseMessage is received
       *                 containing a responseCode different than 0
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_RECV_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_RECV_01_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start components
        v_itss.start(f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of TC_SECPKI_ITSS_ENR_RECV_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      group f_TC_SECPKI_ITSS_ENR_RECV_01_BV {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          var boolean                 v_iut_state_ok := false;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          tc_ac.start; // TDOD To refined, use altstep
          alt {
            [] utPort.receive(UtPkiTriggerInd: { state := 0 }) {
              tc_ac.stop;
              v_iut_state_ok := true;
              log("*** " & testcasename() & "_itss: INFO: IUT is in initialized state ***");
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
              //f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] tc_noac.timeout {
              if (v_iut_state_ok == true) {
                log("*** " & testcasename() & "_itss: : PASS: Enrolment trigger processed succesfully ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("Did not receive IUT state update");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers     v_headers;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          var HttpMessage v_request;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          tc_ac.start;
          alt {
            [] a_await_ec_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                                             { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                             mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                             )))))),
                                                v_request
                                                ) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              var HttpMessage v_response;
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              var InnerEcResponse v_inner_ec_response;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result, -, -, cantparse);
              // Send response forcing error code
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of group f_TC_SECPKI_ITSS_ENR_RECV_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc The IUT is capable of parsing and handling of positive EnrolmentResponse messages 
       *       containing the requested EC. In case of a successful enrolment, the IUT switches 
       *       to the state 'enrolled'.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an initial EnrolmentRequestMessage
       *             and when the IUT receives a subsequent EnrolmentResponseMessage as an answer of the EA
       *                 containing a responseCode
       *                     indicating 0
       *                 and containing an enrolment certificate
       *         }
       *         then {
       *             the IUT switches to the "enrolled" state
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_ENR_RECV_02_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_RECV_02_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_ENR_RECV_02_BV_itss());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        v_ea.start(f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_ENR_RECV_02_BV

      group f_TC_SECPKI_ITSS_ENR_RECV_02_BV {
        function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          var boolean                 v_iut_state_ok := false;
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          // Test adapter configuration
          // Preamble
          // Initial state: No CAM shall be emitted
          geoNetworkingPort.clear;
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            }
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
          } // End of 'alt' statement
          // Test Body
          tc_ac.start; // TDOD To refined, use altstep
          alt {
            [] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
              tc_ac.stop;
              v_iut_state_ok := true;
              log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
              //f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          tc_noac.start;
          alt {
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] tc_noac.timeout {
              if (v_iut_state_ok == true) {
                log("*** " & testcasename() & "_itss: : PASS: Enrolment trigger processed succesfully ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("Did not receive IUT state update");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
          } // End of 'alt' statement
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_itss
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          tc_ac.start;
          alt {
            [] a_await_ec_http_request_from_iut(
                                                mw_http_request(
                                                                mw_http_request_post(
                                                                                     PICS_HTTP_POST_URI_EC,
                                                                                     -,
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                                             { *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
                                                                                                                                                                                             mw_symmetricCiphertext_aes128ccm
                                                                                                                                                                                             )))))),
                                                v_request
                                                ) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              var HttpMessage v_response;
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              var InnerEcResponse v_inner_ec_response;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
              // Send response forcing error code
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of group f_TC_SECPKI_ITSS_ENR_RECV_02_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
    } // End of group itss_enrolment_response

    group itss_authorization_request {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      /**
       * @desc Check that the ITS-S send the Authorization HttpRequest message to the Authorization Authority (AA) to request an authorization ticket.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v1.2.2 SECPKI_ITSS_AUTH_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.0
       */
      testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc system ItsPkiItssSystem {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Test component configuration
        f_cfMtcUp01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        // Cleanup
        f_cfMtcDown01(v_itss, v_ea);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      } // End of testcase TC_SECPKI_ITSS_AUTH_01_BV
ASN.1 Documenter's avatar
ASN.1 Documenter committed
      group f_TC_SECPKI_ITSS_AUTH_01_BV {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_AUTH_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          var InfoPortData            v_info_port_data;
          var boolean                 v_start_awaiting := false;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          // Initial state: No CAM shall be emitted
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          tc_noac.start;
ASN.1 Documenter's avatar
ASN.1 Documenter committed
            [] geoNetworkingPort.receive {
              log("No CA message expected");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
            [] tc_noac.timeout {
              f_sendUtTriggerEnrolmentRequestPrimitive();
              tc_ac.start; // TDOD To refined, use altstep
              alt {
                [] utPort.receive(UtPkiTriggerInd: { state := 1 }) {
                  tc_ac.stop;
                  log("*** " & testcasename() & "_itss: INFO: IUT is in enrol state ***");
                }
                [] tc_ac.timeout {
                  log("*** " & testcasename() & "_itss: DBG: IUT state update not recieved ***");
                  f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
                }
              } // End of 'alt' statement
              log("*** " & testcasename() & "_itss: : INFO: No CA message received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test Body
          f_sendUtTriggerAuthorizationRequestPrimitive();
          tc_ac.start;
          alt {
            [v_start_awaiting == true] a_await_cam_with_current_cert(
                                                                     v_info_port_data.at_certificate
            ) {
              log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
            [] geoNetworkingPort.receive { 
              log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
              log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
              v_start_awaiting := true;
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & "_itss: : PASS: No CA message received ***");
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_itss
ASN.1 Documenter's avatar
ASN.1 Documenter committed
        function f_TC_SECPKI_ITSS_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
          // Local variable
          var Headers v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Test adapter configuration
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
ASN.1 Documenter's avatar
ASN.1 Documenter committed
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_response, v_request) == true) {
ASN.1 Documenter's avatar
ASN.1 Documenter committed
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);