Loading ttcn/Http/LibItsHttp_Templates.ttcn +1 −1 Original line number Original line Diff line number Diff line Loading @@ -157,7 +157,7 @@ module LibItsHttp_Templates { version_major := 1, version_major := 1, version_minor := 1, version_minor := 1, statuscode := 200, statuscode := 200, statustext := "OK", statustext := ?, header := p_header, header := p_header, body := p_body body := p_body } // End of template mw_http_response_ok } // End of template mw_http_response_ok Loading ttcn/Pki/LibItsPki_Functions.ttcn +12 −1 Original line number Original line Diff line number Diff line Loading @@ -3373,6 +3373,10 @@ module LibItsPki_Functions { // TODO Check that requested information are present // TODO Check that requested information are present if (f_verifySspPermissions(p_ec_certificate.toBeSigned.appPermissions, p_ea_certificate.toBeSigned.appPermissions) == false) { log("f_verify_ec_certificate: Ssp permissions not verified"); return false; } return true; return true; } // End of function f_verify_ec_certificate } // End of function f_verify_ec_certificate Loading Loading @@ -3412,6 +3416,13 @@ module LibItsPki_Functions { return false; return false; } } // TODO Check that requested information are present if (f_verifySspPermissions(p_aa_certificate.toBeSigned.appPermissions, p_at_certificate.toBeSigned.appPermissions) == false) { log("f_verify_ec_certificate: Ssp permissions not verified"); return false; } return true; return true; } // End of function f_verify_at_certificate } // End of function f_verify_at_certificate Loading ttcn/Pki/LibItsPki_Pics.ttcn +10 −0 Original line number Original line Diff line number Diff line Loading @@ -95,6 +95,16 @@ module LibItsPki_Pics { */ */ modulepar boolean PICS_ITS_S_WITH_PRIVACY := true; modulepar boolean PICS_ITS_S_WITH_PRIVACY := true; /** * @desc Set to true if the PKI configuration authorize to configure an external EA entity */ modulepar boolean PICS_SIMULTE_EA_ENTITY := false; /** * @desc Set to true if the PKI configuration authorize to configure an external AA entity */ modulepar boolean PICS_SIMULTE_AA_ENTITY := false; /** /** * @desc HTTP POST URI for InnerECRequest * @desc HTTP POST URI for InnerECRequest */ */ Loading ttcn/Security/LibItsSecurity_Functions.ttcn +61 −1 Original line number Original line Diff line number Diff line Loading @@ -1993,7 +1993,7 @@ module LibItsSecurity_Functions { log(">>> f_verifyGnSecuredMessageSignatureWithCertificate: p_certificate=", p_certificate); log(">>> f_verifyGnSecuredMessageSignatureWithCertificate: p_certificate=", p_certificate); if (f_getCertificateHash(valueof(p_certificate_id), v_issuer) == false) { if (f_getCertificateHash(valueof(p_certificate_id), v_issuer) == false) { log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate id: " & p_certificate_id); log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate id: " & valueof(p_certificate_id)); return false; return false; } } if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) { if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) { Loading @@ -2009,6 +2009,66 @@ module LibItsSecurity_Functions { } // End of group deviceSignatureHelpers } // End of group deviceSignatureHelpers group sspPermissions { function f_verifySspPermissions( in SequenceOfPsidSsp p_issuer_ssp_permissions, in SequenceOfPsidSsp p_subordinate_ssp_permissions ) return boolean { // Local variables var integer v_idx := 0; for (v_idx := 0; v_idx < lengthof(p_issuer_ssp_permissions); v_idx := v_idx + 1) { var PsidSsp v_issuerPsidSsp := p_issuer_ssp_permissions[v_idx]; var PsidSsp v_subordinatePsidSsp; var boolean v_found := false; var integer v_jdx := 0; // 1. Check permission from issuer is present for (v_jdx := 0; v_jdx < lengthof(p_subordinate_ssp_permissions); v_jdx := v_jdx + 1) { if (match(v_issuerPsidSsp, m_appPermissions(p_subordinate_ssp_permissions[v_jdx].psid, p_subordinate_ssp_permissions[v_jdx].ssp)) == true) { v_subordinatePsidSsp := p_subordinate_ssp_permissions[v_jdx]; v_found := true; break; } } // End of 'for' statement if (v_found == false) { log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp) return false; } // 2. Validate bits mask if (ispresent(v_issuerPsidSsp.ssp)) { if (ispresent(v_subordinatePsidSsp.ssp) == false) { log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp) return false; } if ((ischosen(v_issuerPsidSsp.ssp.bitmapSsp) == false) or (ischosen(v_subordinatePsidSsp.ssp.bitmapSsp) == false)) { log("f_verifySspPermissions: Wrong variant : ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp); return false; } if (lengthof(v_issuerPsidSsp.ssp.bitmapSsp) < lengthof(v_subordinatePsidSsp.ssp.bitmapSsp)) { log("f_verifySspPermissions: Ssp not be compliant: ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp); return false; } else { var charstring v_issuerSsp := bit2str(oct2bit(v_issuerPsidSsp.ssp.bitmapSsp)); var charstring v_subordinateSsp := bit2str(oct2bit(v_subordinatePsidSsp.ssp.bitmapSsp)); for (var integer i := 0; i < lengthof(v_issuerSsp); i := i + 1) { if (v_issuerSsp[i] == "1") { // TODO How to check Permission using SspBitmask/SspValue if (v_subordinateSsp[i] != "1") { log("f_verifySspPermissions: Ssp bitmask mismatch at index: ", i); return false; } } // else, no restriction, subordinate certificate can have any value. } // End of 'for' statement } } } // End of 'for' statement return true; } // End of function f_verifySspPermissions } // End of group sspPermissions group messageGetters { group messageGetters { /** /** Loading Loading
ttcn/Http/LibItsHttp_Templates.ttcn +1 −1 Original line number Original line Diff line number Diff line Loading @@ -157,7 +157,7 @@ module LibItsHttp_Templates { version_major := 1, version_major := 1, version_minor := 1, version_minor := 1, statuscode := 200, statuscode := 200, statustext := "OK", statustext := ?, header := p_header, header := p_header, body := p_body body := p_body } // End of template mw_http_response_ok } // End of template mw_http_response_ok Loading
ttcn/Pki/LibItsPki_Functions.ttcn +12 −1 Original line number Original line Diff line number Diff line Loading @@ -3373,6 +3373,10 @@ module LibItsPki_Functions { // TODO Check that requested information are present // TODO Check that requested information are present if (f_verifySspPermissions(p_ec_certificate.toBeSigned.appPermissions, p_ea_certificate.toBeSigned.appPermissions) == false) { log("f_verify_ec_certificate: Ssp permissions not verified"); return false; } return true; return true; } // End of function f_verify_ec_certificate } // End of function f_verify_ec_certificate Loading Loading @@ -3412,6 +3416,13 @@ module LibItsPki_Functions { return false; return false; } } // TODO Check that requested information are present if (f_verifySspPermissions(p_aa_certificate.toBeSigned.appPermissions, p_at_certificate.toBeSigned.appPermissions) == false) { log("f_verify_ec_certificate: Ssp permissions not verified"); return false; } return true; return true; } // End of function f_verify_at_certificate } // End of function f_verify_at_certificate Loading
ttcn/Pki/LibItsPki_Pics.ttcn +10 −0 Original line number Original line Diff line number Diff line Loading @@ -95,6 +95,16 @@ module LibItsPki_Pics { */ */ modulepar boolean PICS_ITS_S_WITH_PRIVACY := true; modulepar boolean PICS_ITS_S_WITH_PRIVACY := true; /** * @desc Set to true if the PKI configuration authorize to configure an external EA entity */ modulepar boolean PICS_SIMULTE_EA_ENTITY := false; /** * @desc Set to true if the PKI configuration authorize to configure an external AA entity */ modulepar boolean PICS_SIMULTE_AA_ENTITY := false; /** /** * @desc HTTP POST URI for InnerECRequest * @desc HTTP POST URI for InnerECRequest */ */ Loading
ttcn/Security/LibItsSecurity_Functions.ttcn +61 −1 Original line number Original line Diff line number Diff line Loading @@ -1993,7 +1993,7 @@ module LibItsSecurity_Functions { log(">>> f_verifyGnSecuredMessageSignatureWithCertificate: p_certificate=", p_certificate); log(">>> f_verifyGnSecuredMessageSignatureWithCertificate: p_certificate=", p_certificate); if (f_getCertificateHash(valueof(p_certificate_id), v_issuer) == false) { if (f_getCertificateHash(valueof(p_certificate_id), v_issuer) == false) { log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate id: " & p_certificate_id); log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate id: " & valueof(p_certificate_id)); return false; return false; } } if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) { if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) { Loading @@ -2009,6 +2009,66 @@ module LibItsSecurity_Functions { } // End of group deviceSignatureHelpers } // End of group deviceSignatureHelpers group sspPermissions { function f_verifySspPermissions( in SequenceOfPsidSsp p_issuer_ssp_permissions, in SequenceOfPsidSsp p_subordinate_ssp_permissions ) return boolean { // Local variables var integer v_idx := 0; for (v_idx := 0; v_idx < lengthof(p_issuer_ssp_permissions); v_idx := v_idx + 1) { var PsidSsp v_issuerPsidSsp := p_issuer_ssp_permissions[v_idx]; var PsidSsp v_subordinatePsidSsp; var boolean v_found := false; var integer v_jdx := 0; // 1. Check permission from issuer is present for (v_jdx := 0; v_jdx < lengthof(p_subordinate_ssp_permissions); v_jdx := v_jdx + 1) { if (match(v_issuerPsidSsp, m_appPermissions(p_subordinate_ssp_permissions[v_jdx].psid, p_subordinate_ssp_permissions[v_jdx].ssp)) == true) { v_subordinatePsidSsp := p_subordinate_ssp_permissions[v_jdx]; v_found := true; break; } } // End of 'for' statement if (v_found == false) { log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp) return false; } // 2. Validate bits mask if (ispresent(v_issuerPsidSsp.ssp)) { if (ispresent(v_subordinatePsidSsp.ssp) == false) { log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp) return false; } if ((ischosen(v_issuerPsidSsp.ssp.bitmapSsp) == false) or (ischosen(v_subordinatePsidSsp.ssp.bitmapSsp) == false)) { log("f_verifySspPermissions: Wrong variant : ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp); return false; } if (lengthof(v_issuerPsidSsp.ssp.bitmapSsp) < lengthof(v_subordinatePsidSsp.ssp.bitmapSsp)) { log("f_verifySspPermissions: Ssp not be compliant: ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp); return false; } else { var charstring v_issuerSsp := bit2str(oct2bit(v_issuerPsidSsp.ssp.bitmapSsp)); var charstring v_subordinateSsp := bit2str(oct2bit(v_subordinatePsidSsp.ssp.bitmapSsp)); for (var integer i := 0; i < lengthof(v_issuerSsp); i := i + 1) { if (v_issuerSsp[i] == "1") { // TODO How to check Permission using SspBitmask/SspValue if (v_subordinateSsp[i] != "1") { log("f_verifySspPermissions: Ssp bitmask mismatch at index: ", i); return false; } } // else, no restriction, subordinate certificate can have any value. } // End of 'for' statement } } } // End of 'for' statement return true; } // End of function f_verifySspPermissions } // End of group sspPermissions group messageGetters { group messageGetters { /** /** Loading
