YannGarcia · 956ea968 · 956ea968 · 956ea968 · 956ea968 · 956ea968
--- a/ttcn/BTP/LibItsBtp_Functions.ttcn
+++ b/ttcn/BTP/LibItsBtp_Functions.ttcn
@@ -14,11 +14,8 @@
     
    // LibCommon
    import from LibCommon_Sync all;
-//    import from LibCommon_Time all;
-//    import from LibCommon_VerdictControl all;
    
    // LibItsCommon
-//    import from LibItsCommon_Functions all;
    import from LibItsCommon_TypesAndValues all;
    
    // LibItsBtp
@@ -94,7 +91,7 @@
        /**
         * @desc    Setups default configuration   
         */
-        function f_cfUp() runs on ItsBtp /* TITAN TODO: system ItsBtpSystem */ {
+        function f_cfUp() runs on ItsBtp system ItsBtpSystem {
            
            map(self:utPort, system:utPort);
            map(self:btpPort, system:btpPort);
@@ -105,7 +102,7 @@
        /**
         * @desc    Deletes default configuration 
         */
-        function f_cfDown() runs on ItsBtp /* TITAN TODO: system ItsBtpSystem */ {
+        function f_cfDown() runs on ItsBtp system ItsBtpSystem {
            
            unmap(self:utPort, system:utPort);
            unmap(self:btpPort, system:btpPort);

--- a/ttcn/Http/LibItsHttp_Pics.ttcn
+++ b/ttcn/Http/LibItsHttp_Pics.ttcn
@@ -19,7 +19,8 @@ module LibItsHttp_Pics {
   * @desc 
   */
 modulepar charstring PICS_HEADER_CONTENT_TYPE     := "application/x-its-request";
- modulepar charstring PICS_HEADER_CTL_CONTENT_TYPE := "application/x-its-crl";
+ modulepar charstring PICS_HEADER_CTL_CONTENT_TYPE := "application/x-its-ctl";
+ modulepar charstring PICS_HEADER_CRL_CONTENT_TYPE := "application/x-its-crl";
  
  /**
   * @desc Set to false in TOKEN header shall not be used

--- a/ttcn/Pki/LibItsPki_Functions.ttcn
+++ b/ttcn/Pki/LibItsPki_Functions.ttcn
@@ -2909,11 +2909,11 @@ module LibItsPki_Functions {
  
  group rca {
    
-    function f_verify_rca_response_message(
-                                           in Ieee1609Dot2Data p_ieee1609dot2_signed_data,
-                                           in boolean p_check_security := true,
-                                           out ToBeSignedRcaCtl p_to_be_signed_rca_ctl
-                                           ) return boolean {
+    function f_verify_rca_ctl_response_message(
+                                               in Ieee1609Dot2Data p_ieee1609dot2_signed_data,
+                                               in boolean p_check_security := true,
+                                               out ToBeSignedRcaCtl p_to_be_signed_rca_ctl
+                                               ) return boolean {
      var bitstring v_etsi_ts_102941_data_msg;
      var bitstring v_tbs;
      var Certificate v_certificate;
@@ -2921,10 +2921,10 @@ module LibItsPki_Functions {
      var Oct32 v_issuer;
      var EtsiTs102941Data v_etsi_ts_102941_data;

-      log(">>> f_verify_rca_response_message: p_ieee1609dot2_signed_data= ", p_ieee1609dot2_signed_data);
+      log(">>> f_verify_rca_ctl_response_message: p_ieee1609dot2_signed_data= ", p_ieee1609dot2_signed_data);

      // 1. Verify signature
-      log("f_verify_rca_response_message: p_ieee1609dot2_signed_data.content.signedData.tbsData= ", p_ieee1609dot2_signed_data.content.signedData.tbsData);
+      log("f_verify_rca_ctl_response_message: p_ieee1609dot2_signed_data.content.signedData.tbsData= ", p_ieee1609dot2_signed_data.content.signedData.tbsData);
      v_tbs := encvalue(p_ieee1609dot2_signed_data.content.signedData.tbsData);
      if (f_getCertificateFromDigest(p_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) {
        if (p_check_security == true) {
@@ -2939,17 +2939,77 @@ module LibItsPki_Functions {
      }
      v_etsi_ts_102941_data_msg := oct2bit(p_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
      if (decvalue(v_etsi_ts_102941_data_msg, v_etsi_ts_102941_data) != 0) {
-        log("f_verify_rca_response_message: Failed to decode EtsiTs102941Data");
+        log("f_verify_rca_ctl_response_message: Failed to decode EtsiTs102941Data");
        return false;
      } else {
-        log("f_verify_rca_response_message: v_etsi_ts_102941_data= ", v_etsi_ts_102941_data);
+        log("f_verify_rca_ctl_response_message: v_etsi_ts_102941_data= ", v_etsi_ts_102941_data);
        log("f_verify_pki_response_message: RcaCertificateTrustListMessage matching= ", match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_rca_ctl));
        if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_rca_ctl) == false) {
-          log("f_verify_rca_response_message: Failed to decode certificateTrustListRca");
+          log("f_verify_rca_ctl_response_message: Failed to decode certificateTrustListRca");
          return false;
        } else {
          p_to_be_signed_rca_ctl := v_etsi_ts_102941_data.content.certificateTrustListRca;
-          log("f_verify_rca_response_message: p_to_be_signed_rca_ctl= ", p_to_be_signed_rca_ctl);
+          log("f_verify_rca_ctl_response_message: p_to_be_signed_rca_ctl= ", p_to_be_signed_rca_ctl);
+          if (p_to_be_signed_rca_ctl.nextUpdate <= f_getCurrentTime() / 1000) {
+            log("f_verify_rca_ctl_response_message: Invalid nextUpdate value: compared values=", p_to_be_signed_rca_ctl.nextUpdate, "/", f_getCurrentTime() / 1000);
+            return false;
+          }
+        }
+      }
+
+      return true;
+    }
+
+    function f_verify_rca_crl_response_message(
+                                               in Ieee1609Dot2Data p_ieee1609dot2_signed_data,
+                                               in boolean p_check_security := true,
+                                               out ToBeSignedCrl p_to_be_signed_crl
+                                               ) return boolean {
+      var bitstring v_etsi_ts_102941_data_msg;
+      var bitstring v_tbs;
+      var Certificate v_certificate;
+      var charstring v_certificate_id;
+      var Oct32 v_issuer;
+      var EtsiTs102941Data v_etsi_ts_102941_data;
+
+      log(">>> f_verify_rca_crl_response_message: p_ieee1609dot2_signed_data= ", p_ieee1609dot2_signed_data);
+
+      // 1. Verify signature
+      log("f_verify_rca_crl_response_message: p_ieee1609dot2_signed_data.content.signedData.tbsData= ", p_ieee1609dot2_signed_data.content.signedData.tbsData);
+      v_tbs := encvalue(p_ieee1609dot2_signed_data.content.signedData.tbsData);
+      if (f_getCertificateFromDigest(p_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) {
+        if (p_check_security == true) {
+          return false;
+        }
+      }
+      f_getCertificateHash256(v_certificate_id, v_issuer);
+      if (f_verifyEcdsa(bit2oct(v_tbs), v_issuer, p_ieee1609dot2_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
+        if (p_check_security == true) {
+          return false;
+        }
+      }
+      v_etsi_ts_102941_data_msg := oct2bit(p_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
+      if (decvalue(v_etsi_ts_102941_data_msg, v_etsi_ts_102941_data) != 0) {
+        log("f_verify_rca_crl_response_message: Failed to decode EtsiTs102941Data");
+        return false;
+      } else {
+        log("f_verify_rca_crl_response_message: v_etsi_ts_102941_data= ", v_etsi_ts_102941_data);
+        log("f_verify_pki_response_message: CertificateRevocationList matching= ", match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_crl));
+        if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_crl) == false) {
+          log("f_verify_rca_crl_response_message: Failed to decode certificateRevocationList");
+          return false;
+        } else {
+          var Time32 v_time := f_getCurrentTime() / 1000;
+          p_to_be_signed_crl := v_etsi_ts_102941_data.content.certificateRevocationList;
+          log("f_verify_rca_crl_response_message: p_to_be_signed_crl= ", p_to_be_signed_crl);
+          if (p_to_be_signed_crl.thisUpdate >= v_time) {
+            log("f_verify_rca_crl_response_message: Invalid thisUpdate value");
+            return false;
+          }
+          if (p_to_be_signed_crl.nextUpdate <= v_time) {
+            log("f_verify_rca_crl_response_message: Invalid nextUpdate value");
+            return false;
+          }
        }
      }

@@ -2985,6 +3045,27 @@ module LibItsPki_Functions {
      return true;
    }

+    function f_verify_full_crl(
+                               in ToBeSignedCrl p_to_be_signed_crl
+                               ) return boolean {
+      log(">>> f_verify_full_crl: p_to_be_signed_crl= ", p_to_be_signed_crl);
+
+      // 1. Check mandatory fields
+      log("f_verify_full_crl matching= ", match(p_to_be_signed_crl, mw_to_be_signed_crl));
+      if (match(p_to_be_signed_crl, mw_to_be_signed_crl) == false) {
+        return false;
+      }
+
+      log("f_verify_full_crl: entries length: ", lengthof(p_to_be_signed_crl.entries));
+      for (var integer v_i := 0;  v_i < lengthof(p_to_be_signed_crl.entries); v_i := v_i + 1) {
+        var CrlEntry v_crl_entry := p_to_be_signed_crl.entries[v_i];
+
+        log("f_verify_full_crl: crlEntry: v_crl_entry");
+      } // End of 'for' statements
+      
+      return true;
+    }
+
    function f_verify_ctl_entry(
                                in CtlEntry p_ctl_entry
                                ) return boolean {

--- a/ttcn/Pki/LibItsPki_Pics.ttcn
+++ b/ttcn/Pki/LibItsPki_Pics.ttcn
@@ -150,6 +150,11 @@ module LibItsPki_Pics {
   * @desc HTTP GET URI for Certificate Trusted List
   */
  modulepar charstring PICS_HTTP_GET_URI_CTL := "/dc/getctl";
+
+  /**
+   * @desc HTTP GET URI for Certificate Trusted List
+   */
+  modulepar charstring PICS_HTTP_GET_URI_CRL := "/dc/getcrl";
  
  /**
   * @desc Factory private key for verification Nist P256

--- a/ttcn/Pki/LibItsPki_Templates.ttcn
+++ b/ttcn/Pki/LibItsPki_Templates.ttcn
@@ -140,6 +140,15 @@ module LibItsPki_Templates {
    }
  } // End of template mw_etsiTs102941Data_to_be_signed_rca_ctl

+  template (present) EtsiTs102941Data mw_etsiTs102941Data_to_be_signed_crl(
+                                                                           template (present) ToBeSignedCrl p_to_be_signed_crl := ?
+                                                                           ) := {
+    version := PkiProtocolVersion,
+    content := {
+      certificateRevocationList := p_to_be_signed_crl
+    }
+  } // End of template mw_etsiTs102941Data_to_be_signed_crl
+
  template (value) AuthorizationRequestMessage m_authorizationRequestMessage(
                                                                             in template (value) EncryptedData p_encryptedData
                                                                             ) modifies m_etsiTs103097Data_encrypted := {
@@ -546,6 +555,13 @@ module LibItsPki_Templates {
    ctlCommands := ?
  } // End of template mw_to_be_signed_rca_delta_ctl

+  template (present) ToBeSignedCrl mw_to_be_signed_crl := {
+    version     := 1,
+    thisUpdate  := ?,
+    nextUpdate  := ?,
+    entries     := ?
+  } // End of template mw_to_be_signed_crl
+
  template (present) TlmEntry mw_tlm_entry(
                                           template (present) EtsiTs103097Certificate p_selfSignedTLMCertificate := ?,
                                           template (present) Url p_accessPoint := ?