Loading ttcn/Pki/LibItsPki_Functions.ttcn +91 −1 Original line number Diff line number Diff line Loading @@ -3481,7 +3481,9 @@ module LibItsPki_Functions { in boolean p_check_no_signature := false, in boolean p_check_region_restriction := false, in boolean p_check_signature_content := false, in boolean p_check_app_permissions := false in boolean p_check_app_permissions := false, in boolean p_check_app_ssps := false, in boolean p_check_app_validity_period := false ) return boolean { var CertificateType v_type_ := explicit; var template Signature v_signature_ := ?; Loading Loading @@ -3683,9 +3685,97 @@ module LibItsPki_Functions { } // End of 'for'statement } if (p_check_app_ssps == true) { var integer v_idx, v_jdx; var Certificate v_authorized_certificate; if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) { log("f_verify_rca_certificate: Fail to load p_authorized_certificate"); return false; } log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate); for (v_idx := 0; v_idx < lengthof(p_certificate.toBeSigned.appPermissions); v_idx := v_idx + 1) { log("f_verify_rca_certificate: Processing ", p_certificate.toBeSigned.appPermissions[v_idx]); if (match(p_certificate.toBeSigned.appPermissions[v_idx], mw_appPermissions(-, ?)) == false) { log("f_verify_rca_certificate: appPermissions mismatch"); return false; } // Check that 'ssp' is in the certIssuePermissions component in the issuing certificate for (v_jdx := 0; v_jdx < lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit); v_jdx := v_jdx + 1) { log("f_verify_rca_certificate: compare psid ", v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid, " - ", p_certificate.toBeSigned.appPermissions[v_idx].psid); if (v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid == p_certificate.toBeSigned.appPermissions[v_idx].psid) { break; } } // End of 'for'statement if (v_jdx == lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit)) { log("f_verify_rca_certificate: Psid is not in the list of the issuing certificate"); return false; } else { var BitmapSsp v_ssp_ca := substr(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].sspRange.bitmapSspRange.sspValue, 1, -1 + lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].sspRange.bitmapSspRange.sspValue)); log("f_verify_rca_certificate: v_ssp_ca= ", v_ssp_ca, " - ssp= ", p_certificate.toBeSigned.appPermissions[v_idx].ssp.bitmapSsp); if (v_ssp_ca != p_certificate.toBeSigned.appPermissions[v_idx].ssp.bitmapSsp) { log("f_verify_rca_certificate: SSPs mismatch: CA"); return false; } } } // End of 'for'statement } if (p_check_app_validity_period == true) { var integer v_idx, v_jdx; var Certificate v_authorized_certificate; var UInt32 v_duration, v_duration_ca; if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) { log("f_verify_rca_certificate: Fail to load p_authorized_certificate"); return false; } log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate); // Check start date (indicating X_START_VALIDITY ( X_START_VALIDITY >= X_START_VALIDITY_CA )) if (p_certificate.toBeSigned.validityPeriod.start_ < v_authorized_certificate.toBeSigned.validityPeriod.start_) { log("f_verify_rca_certificate: validityPeriod.start_ mismatch"); return false; } // Check duration (value <= X_START_VALIDITY_CA + X_DURATION_CA - X_START_VALIDITY) v_duration := duration_to_uint32(p_certificate.toBeSigned.validityPeriod.duration); v_duration_ca := duration_to_uint32(v_authorized_certificate.toBeSigned.validityPeriod.duration); if (v_duration > (v_authorized_certificate.toBeSigned.validityPeriod.start_ + v_duration_ca - p_certificate.toBeSigned.validityPeriod.start_)) { log("f_verify_rca_certificate: validityPeriod.duration mismatch"); return false; } } return true; } function duration_to_uint32( in Duration p_duration ) return UInt32 { if (ischosen(p_duration.microseconds)) { return p_duration.microseconds * 1000000; } else if (ischosen(p_duration.milliseconds)) { return p_duration.milliseconds * 1000; } else if (ischosen(p_duration.seconds)) { return p_duration.seconds; } else if (ischosen(p_duration.minutes)) { return p_duration.minutes * 60; } else if (ischosen(p_duration.hours)) { return p_duration.hours * 3600; } else if (ischosen(p_duration.sixtyHours)) { return p_duration.sixtyHours * 60 * 3600; } else if (ischosen(p_duration.sixtyHours)) { return p_duration.sixtyHours * 60 * 3600; } // No choice! return p_duration.years * 31536000; // One calendar common year has 365 days } } // End of group rca group tlm { Loading Loading
ttcn/Pki/LibItsPki_Functions.ttcn +91 −1 Original line number Diff line number Diff line Loading @@ -3481,7 +3481,9 @@ module LibItsPki_Functions { in boolean p_check_no_signature := false, in boolean p_check_region_restriction := false, in boolean p_check_signature_content := false, in boolean p_check_app_permissions := false in boolean p_check_app_permissions := false, in boolean p_check_app_ssps := false, in boolean p_check_app_validity_period := false ) return boolean { var CertificateType v_type_ := explicit; var template Signature v_signature_ := ?; Loading Loading @@ -3683,9 +3685,97 @@ module LibItsPki_Functions { } // End of 'for'statement } if (p_check_app_ssps == true) { var integer v_idx, v_jdx; var Certificate v_authorized_certificate; if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) { log("f_verify_rca_certificate: Fail to load p_authorized_certificate"); return false; } log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate); for (v_idx := 0; v_idx < lengthof(p_certificate.toBeSigned.appPermissions); v_idx := v_idx + 1) { log("f_verify_rca_certificate: Processing ", p_certificate.toBeSigned.appPermissions[v_idx]); if (match(p_certificate.toBeSigned.appPermissions[v_idx], mw_appPermissions(-, ?)) == false) { log("f_verify_rca_certificate: appPermissions mismatch"); return false; } // Check that 'ssp' is in the certIssuePermissions component in the issuing certificate for (v_jdx := 0; v_jdx < lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit); v_jdx := v_jdx + 1) { log("f_verify_rca_certificate: compare psid ", v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid, " - ", p_certificate.toBeSigned.appPermissions[v_idx].psid); if (v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid == p_certificate.toBeSigned.appPermissions[v_idx].psid) { break; } } // End of 'for'statement if (v_jdx == lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit)) { log("f_verify_rca_certificate: Psid is not in the list of the issuing certificate"); return false; } else { var BitmapSsp v_ssp_ca := substr(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].sspRange.bitmapSspRange.sspValue, 1, -1 + lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].sspRange.bitmapSspRange.sspValue)); log("f_verify_rca_certificate: v_ssp_ca= ", v_ssp_ca, " - ssp= ", p_certificate.toBeSigned.appPermissions[v_idx].ssp.bitmapSsp); if (v_ssp_ca != p_certificate.toBeSigned.appPermissions[v_idx].ssp.bitmapSsp) { log("f_verify_rca_certificate: SSPs mismatch: CA"); return false; } } } // End of 'for'statement } if (p_check_app_validity_period == true) { var integer v_idx, v_jdx; var Certificate v_authorized_certificate; var UInt32 v_duration, v_duration_ca; if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) { log("f_verify_rca_certificate: Fail to load p_authorized_certificate"); return false; } log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate); // Check start date (indicating X_START_VALIDITY ( X_START_VALIDITY >= X_START_VALIDITY_CA )) if (p_certificate.toBeSigned.validityPeriod.start_ < v_authorized_certificate.toBeSigned.validityPeriod.start_) { log("f_verify_rca_certificate: validityPeriod.start_ mismatch"); return false; } // Check duration (value <= X_START_VALIDITY_CA + X_DURATION_CA - X_START_VALIDITY) v_duration := duration_to_uint32(p_certificate.toBeSigned.validityPeriod.duration); v_duration_ca := duration_to_uint32(v_authorized_certificate.toBeSigned.validityPeriod.duration); if (v_duration > (v_authorized_certificate.toBeSigned.validityPeriod.start_ + v_duration_ca - p_certificate.toBeSigned.validityPeriod.start_)) { log("f_verify_rca_certificate: validityPeriod.duration mismatch"); return false; } } return true; } function duration_to_uint32( in Duration p_duration ) return UInt32 { if (ischosen(p_duration.microseconds)) { return p_duration.microseconds * 1000000; } else if (ischosen(p_duration.milliseconds)) { return p_duration.milliseconds * 1000; } else if (ischosen(p_duration.seconds)) { return p_duration.seconds; } else if (ischosen(p_duration.minutes)) { return p_duration.minutes * 60; } else if (ischosen(p_duration.hours)) { return p_duration.hours * 3600; } else if (ischosen(p_duration.sixtyHours)) { return p_duration.sixtyHours * 60 * 3600; } else if (ischosen(p_duration.sixtyHours)) { return p_duration.sixtyHours * 60 * 3600; } // No choice! return p_duration.years * 31536000; // One calendar common year has 365 days } } // End of group rca group tlm { Loading
