Review TC_SECPKI_AA_AUTHVAL_RCV_01_BV

1c22c3f6 · YannGarcia · 81624a5e · 1c22c3f6 · 1c22c3f6 · 1c22c3f6
Commit 1c22c3f6 authored Oct 12, 2019 by YannGarcia
--- a/ttcn/Pki/LibItsPki_Functions.ttcn
+++ b/ttcn/Pki/LibItsPki_Functions.ttcn
@@ -65,17 +65,29 @@ module LibItsPki_Functions {
  
  group pkiConfigurationFunctions {

-    function f_cfMtcUp(
-                       out ItsPkiItss p_itss,
-                       out ItsPkiHttp p_pki
-                       ) runs on ItsMtc {
+    function f_cfMtcUp01(
+                         out ItsPkiItss p_itss,
+                         out ItsPkiHttp p_pki
+                         ) runs on ItsMtc {
      p_itss := ItsPkiItss.create("IUT") alive;
      p_pki := ItsPkiHttp.create("TS") alive;
      
      connect(self:syncPort, mtc:syncPort);
      connect(p_itss:syncPort, self:syncPort);
      connect(p_pki:syncPort, self:syncPort);
-    }
+    } // End of function f_cfMtcUp01
+    
+    function f_cfMtcUp02(
+                         out ItsPkiHttp p_itss,
+                         out ItsPkiHttp p_ea
+                         ) runs on ServerSyncComp {
+      p_itss := ItsPkiItss.create("ITS-S") alive;
+      p_ea := ItsPkiHttp.create("EA") alive;
+      
+      connect(self:syncPort, mtc:syncPort);
+      connect(p_itss:syncPort, self:syncPort);
+      connect(p_ea:syncPort, self:syncPort);
+    } // End of function f_cfMtcUp02
    
    /**
     * @desc    Setups default configuration
@@ -128,6 +140,100 @@ module LibItsPki_Functions {
      }
    } // End of function f_cfHttpUp
    
+    /**
+     * @desc    Setups default configuration
+     * @param   p_certificate_id The certificate identifier the TA shall use in case of secured IUT
+     */
+    function f_cfHttpUp_itss(
+                             in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant
+                             in charstring p_aa_certificate_id := "CERT_TS_A_AA"
+                             ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
+
+      if (PICS_MULTIPLE_END_POINT == false) {
+        map(self:httpPort, system:httpPort);
+      } else {
+        map(self:httpEcPort, system:httpEcPort);
+      }
+
+      f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???
+
+      // Setup EA certificate shared with PKI EA entity
+      f_readCertificate(p_ea_certificate_id, vc_eaCertificate);
+      f_readSigningKey(p_ea_certificate_id, vc_eaPrivateKey); // TODO To be removed
+      f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey);
+      f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8);
+      f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash);
+      log("f_cfHttpUp_itss: vc_eaPrivateKey= ", vc_eaPrivateKey);
+      log("f_cfHttpUp_itss: vc_eaPrivateEncKey= ", vc_eaPrivateEncKey);
+      log("f_cfHttpUp_itss: vc_eaHashedId8= ", vc_eaHashedId8);
+      log("f_cfHttpUp_itss: vc_eaWholeHash= ", vc_eaWholeHash);
+      
+      // Setup AA certificate shared with PKI AA entity
+      f_readCertificate(p_aa_certificate_id, vc_aaCertificate);
+      f_readSigningKey(p_aa_certificate_id, vc_aaPrivateKey); // Required for AuthorizationValidation request
+      f_readEncryptingKey(p_aa_certificate_id, vc_aaPrivateEncKey);
+      f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);
+      f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);
+      log("f_cfHttpUp_itss: vc_aaPrivateKey= ", vc_aaPrivateKey);
+      log("f_cfHttpUp_itss: vc_aaPrivateEncKey= ", vc_aaPrivateEncKey);
+      log("f_cfHttpUp_itss: vc_aaHashedId8= ", vc_aaHashedId8);
+      log("f_cfHttpUp_itss: vc_aaWholeHash= ", vc_aaWholeHash);
+
+      if (PICS_MULTIPLE_END_POINT == false) {
+        activate(a_default_pki_http());
+      } else {
+        activate(a_default_pki_http_ec());
+      }
+    } // End of function f_cfHttpUp_itss
+    
+    /**
+     * @desc    Setups default configuration
+     * @param   p_certificate_id The certificate identifier the TA shall use in case of secured IUT
+     */
+    function f_cfHttpUp_ea(
+                             in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant
+                             in charstring p_aa_certificate_id := "CERT_TS_A_AA"
+                             ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
+
+      if (PICS_MULTIPLE_END_POINT == false) {
+        map(self:httpPort, system:httpPort);
+      } else {
+        map(self:httpAtVPort, system:httpAtVPort);
+        map(self:httpAtPort, system:httpAtPort);
+      }
+
+      f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???
+
+      // Setup EA certificate shared with PKI EA entity
+      f_readCertificate(p_ea_certificate_id, vc_eaCertificate);
+      f_readSigningKey(p_ea_certificate_id, vc_eaPrivateKey); // TODO To be removed
+      f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey);
+      f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8);
+      f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash);
+      log("f_cfHttpUp_ea: vc_eaPrivateKey= ", vc_eaPrivateKey);
+      log("f_cfHttpUp_ea: vc_eaPrivateEncKey= ", vc_eaPrivateEncKey);
+      log("f_cfHttpUp_ea: vc_eaHashedId8= ", vc_eaHashedId8);
+      log("f_cfHttpUp_ea: vc_eaWholeHash= ", vc_eaWholeHash);
+      
+      // Setup AA certificate shared with PKI AA entity
+      f_readCertificate(p_aa_certificate_id, vc_aaCertificate);
+      f_readSigningKey(p_aa_certificate_id, vc_aaPrivateKey); // Required for AuthorizationValidation request
+      f_readEncryptingKey(p_aa_certificate_id, vc_aaPrivateEncKey);
+      f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);
+      f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);
+      log("f_cfHttpUp_ea: vc_aaPrivateKey= ", vc_aaPrivateKey);
+      log("f_cfHttpUp_ea: vc_aaPrivateEncKey= ", vc_aaPrivateEncKey);
+      log("f_cfHttpUp_ea: vc_aaHashedId8= ", vc_aaHashedId8);
+      log("f_cfHttpUp_ea: vc_aaWholeHash= ", vc_aaWholeHash);
+
+      if (PICS_MULTIPLE_END_POINT == false) {
+        activate(a_default_pki_http());
+      } else {
+        activate(a_default_pki_http_atv());
+        activate(a_default_pki_http_at());
+      }
+    } // End of function f_cfHttpUp_ea
+    
    function f_cfUp_itss(
                         in charstring p_certificate_id := "CERT_TS_A_EA" // TODO Use a constant
                         ) runs on ItsPkiItss /* TITAN TODO: system ItsPkiItssSystem */ {
@@ -144,10 +250,10 @@ module LibItsPki_Functions {
    /**
     * @desc    Deletes default configuration 
     */
-    function f_cfMtcDown(
-                         inout ItsPkiItss p_itss,
-                         inout ItsPkiHttp p_pki
-                         ) runs on ItsMtc {
+    function f_cfMtcDown01(
+                           inout ItsPkiItss p_itss,
+                           inout ItsPkiHttp p_pki
+                           ) runs on ItsMtc {
      disconnect(self:syncPort, mtc:syncPort);
      disconnect(p_itss:syncPort, self:syncPort);
      disconnect(p_pki:syncPort, self:syncPort);
@@ -156,6 +262,18 @@ module LibItsPki_Functions {
      p_pki.done;
    }
    
+    function f_cfMtcDown02(
+                           inout ItsPkiHttp p_itss,
+                           inout ItsPkiHttp p_ea
+                           ) runs on ServerSyncComp {
+      disconnect(self:syncPort, mtc:syncPort);
+      disconnect(p_itss:syncPort, self:syncPort);
+      disconnect(p_ea:syncPort, self:syncPort);
+      
+      p_itss.done;
+      p_ea.done;
+    }
+    
    /**
     * @desc    Deletes default configuration 
     */
@@ -171,6 +289,33 @@ module LibItsPki_Functions {
      f_uninitialiseSecuredMode();
    } // End of function f_cfHttpDown
    
+    /**
+     * @desc    Deletes default configuration 
+     */
+    function f_cfHttpDown_itss() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
+      if (PICS_MULTIPLE_END_POINT == false) {
+        unmap(self:httpPort, system:httpPort);
+      } else {
+        unmap(self:httpEcPort, system:httpEcPort);
+      }
+      f_disconnect4SelfOrClientSync();
+      f_uninitialiseSecuredMode();
+    } // End of function f_cfHttpDown_itss
+    
+    /**
+     * @desc    Deletes default configuration 
+     */
+    function f_cfHttpDown_ea() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
+      if (PICS_MULTIPLE_END_POINT == false) {
+        unmap(self:httpPort, system:httpPort);
+      } else {
+        unmap(self:httpAtVPort, system:httpAtVPort);
+        unmap(self:httpAtPort, system:httpAtPort);
+      }
+      f_disconnect4SelfOrClientSync();
+      f_uninitialiseSecuredMode();
+    } // End of function f_cfHttpDown_ea
+    
    /**
     * @desc    Deletes default configuration 
     */

--- a/ttcn/Pki/LibItsPki_TestSystem.ttcn
+++ b/ttcn/Pki/LibItsPki_TestSystem.ttcn
@@ -82,7 +82,7 @@ module LibItsPki_TestSystem {
      var octetstring vc_aaPrivateEncKey;     /** Test Adapter AA private key for encryption */
      var HashedId8   vc_aaHashedId8;         /** Test Adapter AA HashedId8 for decryption of IUT's response */
      var octetstring vc_aaWholeHash;         /** Test Adapter AA whole-hash for signature check */
-    } // End of component ItsPki
+    } // End of component ItsPkiHttp
    
    /**
     * @desc Test component for ITS-S entity

--- a/ttcn/Security/LibItsSecurity_Functions.ttcn
+++ b/ttcn/Security/LibItsSecurity_Functions.ttcn
@@ -1993,7 +1993,7 @@ module LibItsSecurity_Functions {
                log(">>> f_verifyGnSecuredMessageSignatureWithCertificate: p_certificate=", p_certificate);
                
                if (f_getCertificateHash(valueof(p_certificate_id), v_issuer) == false) {
-                  log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate id: " & p_certificate_id);
+                  log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate id: " & valueof(p_certificate_id));
                  return false;
                }
                if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) {