Newer
Older
YannGarcia
committed
geoNetworkingPort.send(valueof(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu)));
return v_securedGnPdu;
} // End of function f_broadcast_delta_ctl
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTLDIST_04_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var GeoNetworkingInd v_geonetworking_message;
var octetstring v_payload;
var Ieee1609Dot2Data v_delta_ctl;
YannGarcia
committed
// Test component configuration
f_cfUp_itss();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) {
tc_ac.stop;
YannGarcia
committed
f_sendUtTriggerUpdateEctl(""); // FIXME Create PIXIT for ETCL URI
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Check that the IUT is boradcasting the Delta CTL
geoNetworkingPort.clear;
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) -> value v_geonetworking_message {
tc_ac.stop;
YannGarcia
committed
if (f_verify_and_extract_payload(v_geonetworking_message.msgIn, -, v_payload) == false) {
log("*** " & testcasename() & ": INCONC: Failed to verifiy payload ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
// TODO Check payload
if (substr(v_payload, 0, 2) == int2oct(2014, 2)) { // TODO Reorganize CAM/DENM/BTP test suites
log("*** " & testcasename() & ": INFO: Delta CTL was successfully broadcasted on the correct BTP port ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Delta CTL was not broadcasted on BTP port 114 ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
// Delta CTL boradcasting from another node
f_broadcast_delta_ctl(cc_ectl_rca_new, v_delta_ctl);
// Check that the IUT stops broadcasting Delta CTL
geoNetworkingPort.clear;
tc_noac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData
)))) -> value v_geonetworking_message {
tc_noac.stop;
YannGarcia
committed
if (f_verify_and_extract_payload(v_geonetworking_message.msgIn, -, v_payload) == false) {
log("*** " & testcasename() & ": INCONC: Failed to verifiy payload ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
} else {
// TODO Check payload
if (substr(v_payload, 0, 2) == int2oct(2014, 2)) { // TODO Reorganize CAM/DENM/BTP test suites
log("*** " & testcasename() & ": FAIL: The IUT shall not continue Delta CTL broadcasting ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
} else {
tc_noac.start;
repeat;
}
}
}
[] tc_noac.timeout {
log("*** " & testcasename() & ": PASS: IUT stops broadcasting Delta CTL ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
} // End of 'alt' statement
YannGarcia
committed
// Postamble
f_cfDown_itss();
YannGarcia
committed
} // End of function TC_SECPKI_ITSS_CTLDIST_04_BV_itss
YannGarcia
committed
function f_TC_SECPKI_ITSS_CTLDIST_04_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
// Local variable
var HttpMessage v_response;
var Headers v_headers;
// Test component configuration
f_cfHttpUp_tlm();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
tc_ac.start;
alt {
[] a_await_cpoc_http_request_from_iut(
mw_http_request(
mw_http_request_get(
YannGarcia
committed
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
)),
v_response
) {
var HashedId8 v_rca_hashed_id8; // Used for signature
var Oct32 v_rca_private_key;
var EtsiTs103097Certificate v_rca_new; // The CERT_RCA_NEW
var bitstring v_enc_msg;
var ToBeSignedData v_tbs;
var bitstring v_tbs_enc;
var Oct32 v_tbs_signed;
var Signature v_signature;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
tc_ac.stop;
// Read certificates
f_getCertificateHash(PICS_IUT_CA_CERTIFICATE_ID, v_rca_hashed_id8);
f_readSigningKey(PICS_IUT_CA_CERTIFICATE_ID, v_rca_private_key);
f_readCertificate(cc_ectl_rca_new, v_rca_new);
// Build the ToBeSignedTlmCtl data structure
v_enc_msg := encvalue(
valueof(
m_to_be_signed_tlm_full_ctl(
f_getCurrentTime() / 1000 + 3600,
10,
{
m_ctrl_command_add(
m_ctl_entry_rca(
m_root_ca_entry(
v_rca_new
)))
}
)));
v_tbs := valueof(
m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(bit2oct(v_enc_msg))
),
m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
));
v_tbs_enc := encvalue(v_tbs);
// Sign the certificate
v_tbs_signed := f_signWithEcdsa(bit2oct(v_tbs_enc), v_rca_hashed_id8, v_rca_private_key);
v_signature := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)));
log(testcasename() & ": v_signature= ", v_signature);
v_ieee1609dot2_signed_data := valueof(
m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_tbs,
m_signerIdentifier_digest(v_rca_hashed_id8),
v_signature
)));
// Send response with CERT_RCA_NEW
f_init_default_headers_list(-, "tlm_ectl", v_headers);
f_http_send(
v_headers,
m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_data
)),
v_headers
)));
YannGarcia
committed
log("*** " & testcasename() & ": INFO: CERT_RCA_NEW was sent to the IUT ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
YannGarcia
committed
// Test Body
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
YannGarcia
committed
// Postamble
f_cfHttpDown_tlm();
} // End of function f_TC_SECPKI_ITSS_CTLDIST_04_BV_pki
} // End of group f_TC_SECPKI_ITSS_CTLDIST_04_BV
YannGarcia
committed
} // End of group itss_ctl_distribution
YannGarcia
committed
group itss_crl_handling {
// TODO To be done after validation of itss_ctl_handling group as CTL and CRL are close
} // End of group itss_crl_handling
YannGarcia
committed
group itss_crl_distribution {
// TODO To be done after validation of itss_ctl_distribution group as CTL and CRL are close
} // End of group itss_crl_distribution
YannGarcia
committed
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
} // End of group itss_behavior
group ca_behaviour {
/**
* @desc Check that the issuing certificate has version 3
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating value 3
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_01_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
YannGarcia
committed
// Postamble
f_disconnect4SelfOrClientSync();
YannGarcia
committed
} // End of testcase TC_SECPKI_CA_CERTGEN_01_BV
YannGarcia
committed
/**
* @desc Check that the issuing certificate has type explicit
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_A_RCA)
YannGarcia
committed
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating value 3
* and containing type
* indicating 'explicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* and containing signature
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_02_BV_01
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_02_BV_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BV_01
/**
* @desc Check that the CA, been authorized using explicit certificate, is able to issue an implicit certificate
YannGarcia
committed
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES
YannGarcia
committed
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_A_RCA)
* }
* Expected behaviour:
* ensure that {
* when {
YannGarcia
committed
* the CA is requested to issue the implicit certificate
YannGarcia
committed
* this certificate is of type EtsiTs103097Certificate
YannGarcia
committed
* indicating value 3
* and containing type
* indicating 'implicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing reconstructionValue
* and not containing signature
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_02_BV_02
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
YannGarcia
committed
testcase TC_SECPKI_CA_CERTGEN_02_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
YannGarcia
committed
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) or not(PICS_SEC_IMPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, true, true, true) == false) { // implicit, reconstructionKey and no signature
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BV_02
/**
* @desc Check that the CA, been authorized using explicit certificate, is able to issue an implicit certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_I_AA)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the implicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating value 3
* and containing type
* indicating 'implicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing reconstructionValue
* and not containing signature
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_02_BV_03
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
testcase TC_SECPKI_CA_CERTGEN_02_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) or not(PICS_SEC_IMPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate("CERT_IUT_I_AA", -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate("CERT_IUT_I_AA", v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BV_03
YannGarcia
committed
/**
* @desc Check that the CA, been authorized using implicit certificate, does not issue an explicit certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_I_AA)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* the CA doesn’t issue the certificate
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_02_BO_01
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
* IEEE Std 1609.2 [3], clause 6.4.3
*/
testcase TC_SECPKI_CA_CERTGEN_02_BO_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if ((not PICS_IUT_CA_ROLE) or not(PICS_SEC_EXPLICIT_CERTIFICATES) or not(PICS_SEC_IMPLICIT_CERTIFICATES)) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_EXPLICIT_CERTIFICATES and PICS_SEC_IMPLICIT_CERTIFICATES required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
YannGarcia
committed
// Test Body
v_result := f_get_root_ca_certificate("CERT_IUT_I_AA", true, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": PASS: No root certificate was generated ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": FAIL: Root certificate shall not be generated ***");
YannGarcia
committed
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
YannGarcia
committed
// Postamble
f_disconnect4SelfOrClientSync();
YannGarcia
committed
} // End of testcase TC_SECPKI_CA_CERTGEN_02_BO_01
YannGarcia
committed
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
/**
* @desc Check that CA issues certificate conformed to ETSI TS 103 097 [1], clause 6
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (CERT_IUT_I_AA)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBesigned
* containing id
* indicating 'none' or 'name'
* and containing cracaId
* indicating '000000'H
* and containing crlSeries
* indicating '0'D
* and not containing certRequestPermissions
* and not containing canRequestRollover
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_03_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
*/
testcase TC_SECPKI_CA_CERTGEN_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate("CERT_IUT_I_AA", -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate("CERT_IUT_I_AA", v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_03_BV
YannGarcia
committed
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
/**
* @desc Check that the certificate issuer of certificates is referenced using digest
* Check that right digest field is used to reference to the certificate
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE
* Initial conditions:
* with {
* CA is in 'operational' state
* CA is initialized with the explicit certificate (C_ISSUER)
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the explicit certificate
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* containing self
* or containing X_DIGEST
* indicating last 8 bytes of the hash of the certificate calculated using X_ALGORITHM
* referenced to certificate
* and containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_04_BV
YannGarcia
committed
* @reference ETSI TS 103 097 [2], clause 6
*/
testcase TC_SECPKI_CA_CERTGEN_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var charstring v_authorized_certificate;
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_SHA256 and not PICS_SEC_BRAINPOOL_P256R1 and not PICS_SEC_BRAINPOOL_P384R1) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and (PICS_SEC_SHA256 or PICS_SEC_BRAINPOOL_P256R1 or PICS_SEC_BRAINPOOL_P384R1 required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
YannGarcia
committed
// Preamble
v_authorized_certificate := "CERT_IUT_I_AA";
v_result := f_get_root_ca_certificate(v_authorized_certificate, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(v_authorized_certificate, v_root_certificate) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_04_BV
YannGarcia
committed
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
/**
* @desc Check that the CA is able to issue the certificate with the well-formed circular region validity restriction
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_CIRCULAR_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing circular region restriction
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing circularRegion
* containing center
* indicating a point inside the REGION
* and containing radius
* indicating a value when all points of the circle are inside the REGION
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_05_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.20, 6.4.17, 5.1.2.4
*/
testcase TC_SECPKI_CA_CERTGEN_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_CIRCULAR_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_CIRCULAR_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_05_BV
YannGarcia
committed
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
/**
* @desc Check that the CA is able to issue the certificate with the well-formed rectangular region validity restriction
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_RECTANGULAR_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing rectangular region restriction
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing items of type RectangularRegion
* containing northwest
* indicating a point inside the REGION
* and containing southeast
* indicating a point on the south and east from northwest
* and inside the REGION
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_06_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.20, 6.4.17, 5.1.2.4
*/
testcase TC_SECPKI_CA_CERTGEN_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_RECTANGULAR_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_RECTANGULAR_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_06_BV
YannGarcia
committed
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
/**
* @desc Check that the CA is able to issue the certificate with the well-formed polygonal region validity restriction
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_POLYGONAL_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing polygonal region restriction
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing more than 2 items of type TwoDLocation
* indicating points inside the REGION
* and indicating unintercepting segments
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.2.2 SECPKI_CA_CERTGEN_07_BV
YannGarcia
committed
* @reference IEEE Std 1609.2 [2], clauses 6.4.20, 6.4.17, 5.1.2.4
*/
testcase TC_SECPKI_CA_CERTGEN_07_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
// Local variables
var integer v_result;
var Certificate v_root_certificate;
YannGarcia
committed
// Test control
if (not PICS_IUT_CA_ROLE and not PICS_SEC_POLYGONAL_REGION) {
log("*** " & testcasename() & ": PICS_IUT_CA_ROLE and PICS_SEC_POLYGONAL_REGION required for executing the TC ***");
setverdict(inconc);
stop;
}
YannGarcia
committed
// Test component configuration
f_connect4SelfOrClientSync();
YannGarcia
committed
// Test adapter configuration
if (not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
YannGarcia
committed
// Preamble
v_result := f_get_root_ca_certificate(-, -, v_root_certificate);
if (v_result == -1) {
log("*** " & testcasename() & ": INCONC: Fail to retrive the RCA ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
} else {
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
}
YannGarcia
committed
// Test Body
if (f_verify_rca_certificate(-, v_root_certificate, -, -, -, true) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: ToBeSignedRcaCtl received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_disconnect4SelfOrClientSync();
} // End of testcase TC_SECPKI_CA_CERTGEN_07_BV
YannGarcia
committed
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
/**
* @desc Check that the CA is able to issue the certificate with identified region validity restriction contains values that correspond to numeric country codes as defined by United Nations Statistics Division [5]
* <pre>
* Pics Selection: PICS_IUT_CA_ROLE and PICS_SEC_IDENTIFIED_REGION
* Initial conditions:
* with {
* CA is in 'operational' state
* the CA is authorized with CA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the CA is requested to issue the certificate
* containing identified region validity restriction
* indicating country or area COUNTRY
* }
* then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing identifiedRegion
* containing 1 entry of type IdentifiedRegion
* containing countryOnly
* indicating integer representation of the identifier of country or area COUNTRY
* or containing countryAndRegions
* containing countryOnly
* indicating integer representation of the identifier of country or area COUNTRY
* or containing countryAndSubregions