Loading ttcn/Pki/LibItsPki_Functions.ttcn +50 −2 Original line number Original line Diff line number Diff line /** f_verify_rca_certificate/** * @author ETSI / STF544 * @author ETSI / STF544 * @version $Url$ * @version $Url$ * $Id$ * $Id$ Loading Loading @@ -3480,7 +3480,8 @@ module LibItsPki_Functions { in boolean p_check_reconstruction_value := false, in boolean p_check_reconstruction_value := false, in boolean p_check_no_signature := false, in boolean p_check_no_signature := false, in boolean p_check_region_restriction := false, in boolean p_check_region_restriction := false, in boolean p_check_signature_content := false in boolean p_check_signature_content := false, in boolean p_check_app_permissions := false ) return boolean { ) return boolean { var CertificateType v_type_ := explicit; var CertificateType v_type_ := explicit; var template Signature v_signature_ := ?; var template Signature v_signature_ := ?; Loading Loading @@ -3634,6 +3635,53 @@ module LibItsPki_Functions { return false; return false; } } } } // Check appPermissions if (p_check_app_permissions == true) { var integer v_idx, v_jdx; var charstring v_psid := ""; // 'psid' currently processed var charstring v_psidsFound := ";"; // Used to build the list of the 'psid' already processed var template charstring m_found_pattern; // Used in regex to verify that 'psid' was not found before var Certificate v_authorized_certificate; if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) { log("f_verify_rca_certificate: Fail to load p_authorized_certificate"); return false; } log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate); if (match(v_authorized_certificate.toBeSigned.certIssuePermissions, { mw_psidGroupPermissions }) == false) { log("f_verify_rca_certificate: eeType mismatch"); return false; } for (v_idx := 0; v_idx < lengthof(p_certificate.toBeSigned.appPermissions); v_idx := v_idx + 1) { log("f_verify_rca_certificate: Processing ", p_certificate.toBeSigned.appPermissions[v_idx]); if (match(p_certificate.toBeSigned.appPermissions[v_idx], mw_appPermissions) == false) { log("f_verify_rca_certificate: PsidSsp mismatch"); return false; } // Check uniqueness of PSIDs v_psid := int2str(p_certificate.toBeSigned.appPermissions[v_idx].psid); m_found_pattern := pattern "*({v_psid})*"; if (regexp(v_psidsFound, m_found_pattern, 0) == v_psid) { log("f_verify_rca_certificate: Psid uniqueness is not verified"); return false; // v_psid exist at least 2 times, uniqueness is not verified } // v_psid non found, add it into the built list v_psidsFound := v_psidsFound & v_psid & ";"; // Check that 'psid' is in the certIssuePermissions component in the issuing certificate if (match(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions, mw_subjectPermissions_explicit) == false) { for (v_jdx := 0; v_jdx < lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit); v_jdx := v_jdx + 1) { if (int2str(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid) == v_psid) { break; } } // End of 'for'statement if (v_jdx == lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit)) { log("f_verify_rca_certificate: Psid is not in the list of the issuing certificate"); return false; } } } // End of 'for'statement } return true; return true; } } Loading ttcn/Security/LibItsSecurity_Templates.ttcn +2 −2 File changed.Contains only whitespace changes. Show changes Loading
ttcn/Pki/LibItsPki_Functions.ttcn +50 −2 Original line number Original line Diff line number Diff line /** f_verify_rca_certificate/** * @author ETSI / STF544 * @author ETSI / STF544 * @version $Url$ * @version $Url$ * $Id$ * $Id$ Loading Loading @@ -3480,7 +3480,8 @@ module LibItsPki_Functions { in boolean p_check_reconstruction_value := false, in boolean p_check_reconstruction_value := false, in boolean p_check_no_signature := false, in boolean p_check_no_signature := false, in boolean p_check_region_restriction := false, in boolean p_check_region_restriction := false, in boolean p_check_signature_content := false in boolean p_check_signature_content := false, in boolean p_check_app_permissions := false ) return boolean { ) return boolean { var CertificateType v_type_ := explicit; var CertificateType v_type_ := explicit; var template Signature v_signature_ := ?; var template Signature v_signature_ := ?; Loading Loading @@ -3634,6 +3635,53 @@ module LibItsPki_Functions { return false; return false; } } } } // Check appPermissions if (p_check_app_permissions == true) { var integer v_idx, v_jdx; var charstring v_psid := ""; // 'psid' currently processed var charstring v_psidsFound := ";"; // Used to build the list of the 'psid' already processed var template charstring m_found_pattern; // Used in regex to verify that 'psid' was not found before var Certificate v_authorized_certificate; if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) { log("f_verify_rca_certificate: Fail to load p_authorized_certificate"); return false; } log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate); if (match(v_authorized_certificate.toBeSigned.certIssuePermissions, { mw_psidGroupPermissions }) == false) { log("f_verify_rca_certificate: eeType mismatch"); return false; } for (v_idx := 0; v_idx < lengthof(p_certificate.toBeSigned.appPermissions); v_idx := v_idx + 1) { log("f_verify_rca_certificate: Processing ", p_certificate.toBeSigned.appPermissions[v_idx]); if (match(p_certificate.toBeSigned.appPermissions[v_idx], mw_appPermissions) == false) { log("f_verify_rca_certificate: PsidSsp mismatch"); return false; } // Check uniqueness of PSIDs v_psid := int2str(p_certificate.toBeSigned.appPermissions[v_idx].psid); m_found_pattern := pattern "*({v_psid})*"; if (regexp(v_psidsFound, m_found_pattern, 0) == v_psid) { log("f_verify_rca_certificate: Psid uniqueness is not verified"); return false; // v_psid exist at least 2 times, uniqueness is not verified } // v_psid non found, add it into the built list v_psidsFound := v_psidsFound & v_psid & ";"; // Check that 'psid' is in the certIssuePermissions component in the issuing certificate if (match(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions, mw_subjectPermissions_explicit) == false) { for (v_jdx := 0; v_jdx < lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit); v_jdx := v_jdx + 1) { if (int2str(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid) == v_psid) { break; } } // End of 'for'statement if (v_jdx == lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit)) { log("f_verify_rca_certificate: Psid is not in the list of the issuing certificate"); return false; } } } // End of 'for'statement } return true; return true; } } Loading
ttcn/Security/LibItsSecurity_Templates.ttcn +2 −2 File changed.Contains only whitespace changes. Show changes
