Finalyze Security TCs

      loggers::get_instance().log("xml_codec::encode: Apply TITAN workaround");

      std::string s(static_cast<const unsigned char*>(data), data.lengthof() + static_cast<const unsigned char*>(data));

      size_t idx = 0;

      std::string f("\"agent:Organization\"");

      std::string t("\"xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"ns4:Organization\"");

      std::string f(" xsi:type=\"agent:Organization\"");

      std::string t("");

      // std::string f("\"agent:Organization\"");

      // std::string t("\"xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"ns4:Organization\"");

      loggers::get_instance().log("xml_codec::encode: Apply TITAN workaround: %s --> %s", f.c_str(), t.c_str());

      while ((idx = s.find(f)) != std::string::npos) {

        s.replace(idx, f.length(), t);

[TESTPORT_PARAMETERS]

# In this section you can specify parameters that are passed to Test Ports.

# Unsecured

# I1 interface

## Unsecured

system.httpPort.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server=172.25.1.54,port=8200)"

system.httpPort_notif.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server_mode=1,local_port=8300)"

# For multiple component 

#### For multiple component 

CISEAdapter1.httpPort.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server=172.25.1.54,port=8200)"

CISEAdapter1.httpPort_notif.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server_mode=1,local_port=8310)"

CISEAdapter2.httpPort.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server=172.25.1.54,port=8200)"

CISEAdapter2.httpPort_notif.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server_mode=1,local_port=8311)"

# TLS

## TLS

#system.httpPort.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server=172.25.1.54,port=443,use_ssl=1,trusted_ca_list=/home/y.garcia/var/ssl/archive/yanngarcia.ddns.net/fullchain1.pem,privkey=/home/y.garcia/var/ssl/archive/yanngarcia.ddns.net/privkey1.pem,certificate=/home/y.garcia/var/ssl/archive/yanngarcia.ddns.net/fullchain1.pem)"

#system.httpPort_notif.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server_mode=1,local_port=443,use_ssl=1,mutual_auth=1,mutual_tls=1,trusted_ca_list=/home/y.garcia/var/ssl/archive/yanngarcia.ddns.net/fullchain1.pem,privkey=/home/y.garcia/var/ssl/archive/yanngarcia.ddns.net/privkey1.pem,certificate=/home/y.garcia/var/ssl/archive/yanngarcia.ddns.net/fullchain1.pem)"

# I2 interface

CISEAdapter.httpPort.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server=172.25.1.54,port=8200)"

CISEAdapter.httpPort_notif.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server_mode=1,local_port=8300)"

CISENetwork.httpPort.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server=172.25.1.54,port=8210)"

CISENetwork.httpPort_notif.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server_mode=1,local_port=8310)"

# UpperTester port

# UpperTester port (Adaptor)

system.utPort.params := "HTTP(codecs=xml:xml_codec;json:json_codec)/TCP(debug=1,server=172.25.1.58,port=14000)"

[DEFINE]

## cise_node_i1

# Check that the IUT responds with an HTTP 200 OK Acknowledgment response when receiving a PullRequest for Vessel service - no Acknowledgment required

#AtsCise_TestCases.TC_CDM_NODE_PULL_REQUEST_BV_01_01

# Check that the IUT sends a PullResponse before reponse timout expiry when receiving a PullRequest with timeout on response - no Acknowledgment required

#AtsCise_TestCases.TC_CDM_NODE_PULL_REQUEST_BV_01_02

# Check that the IUT responds with an HTTP 200 OK Acknowledgment response when receiving a PullRequest for a unknown vessel - no Acknowledgment required

#AtsCise_TestCases.TC_CDM_NODE_PULL_REQUEST_BV_01_03

# Check that the IUT responds with an HTTP 200 OK Acknowledgment response when receiving a PullRequest for Action service - no Acknowledgment required

AtsCise_TestCases.TC_CDM_NODE_PULL_REQUEST_BV_02_01

# Check that the IUT responds with an HTTP 200 OK Acknowledgment response when receiving a PullRequest for Action service - no Acknowledgment required

#AtsCise_TestCases.TC_CDM_NODE_PULL_REQUEST_BV_02_02

# Check that the IUT responds with an HTTP 200 OK Acknowledgment response when receiving multiple PullRequest for Vessel service - no Acknowledgment required

#AtsCise_TestCases.TC_CDM_NODE_MULTI_PULL_REQ_BV_01

## security

# Check that the IUT responds with an HTTP 200 OK Acknowledgment with Success when it receives a sign message

#AtsCise_TestCases.TC_CDM_NODE_SEC_BV_01

# Check that the IUT responds with an HTPP 200 OK Acknowledgment with InvalidSignature when it receives a message with a corrupted signature

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_01

# Check that the IUT responds with an HTPP 200 OK Acknowledgment with InvalidSignature when it receives a message with a corrupted certificate

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_02

# Check that the IUT responds with an HTPP 200 OK Acknowledgment with InvalidSignature when it receives a message sign with corrupted digest

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_03

# Check that the IUT responds with an HTPP 200 OK Acknowledgment with InvalidSignature when it receives a message sign with an unsupported signature algorithm

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_04

# Check that the IUT responds with an HTPP 200 OK Acknowledgment with InvalidSignature when it receives a message sign with an unsupported digest signature algorithm

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_05

# Check that the IUT responds with an HTPP 200 OK Acknowledgment with InvalidSignature when it receives a message sign with an expired certificate

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_06

# Check that the IUT responds with an HTPP 200 OK Acknowledgment with InvalidSignature when it receives a message sign with a certificate valid in the future

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_07

# Check that the IUT responds with an HTPP 200 OK Acknowledgment response with  InvalidSignature when it receives a message not signed

#AtsCise_TestCases.TC_CDM_NODE_SEC_BO_08

[GROUPS]

# In this section you can specify groups of hosts. These groups can be used inside the

      return 0;

    } // End of function f_sign_pull_request

    function f_sign_pull_request_bo(

                                    in PullRequest_1 p_pull_request, 

                                    in HashAlgorithm p_hash_algorithm, 

                                    in charstring p_certificate_name, 

                                    in charstring p_private_key_name, 

                                    in charstring p_private_key_passwd,

                                    in boolean p_alter_signature := false, 

                                    in boolean p_alter_certificate := false,

                                    in boolean p_alter_digest := false, 

                                    in boolean p_alter_signature_alg := false,  

                                    in boolean p_alter_signature_digest := false, 

                                    in boolean p_certificate_past := false,

                                    in boolean p_certificate_future := false,

                                    out octetstring p_signed_pull_request,

                                    out charstring p_pull_request_canonicalized

                                    ) return integer {

      var octetstring v_encoded_pull_request;

      var Signature.signedInfo v_to_be_signed;

      var octetstring v_empty_signature;

      var octetstring v_digest;

      var octetstring v_signature;

      var charstring v_x509_certificate_subject;

      var charstring v_x509_certificate_pem;

      var octetstring v_h := char2oct("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\" ?>\n");

      // Encode the pull request

      v_encoded_pull_request := bit2oct(encvalue(p_pull_request));

      log("f_sign_pull_request_bo: v_encoded_pull_request: ", v_encoded_pull_request);

      // Encode empty signature

      v_to_be_signed := valueof(m_to_be_signed);

      if (p_alter_signature_alg) {

        v_to_be_signed.signatureMethod.algorithm := PICS_CISE_INVALID_SIGNATURE_ALGORITHM;

      }

      if (p_alter_signature_digest) {

        v_to_be_signed.reference.digestMethod.algorithm := PICS_CISE_INVALID_DIGEST_ALGORITHM;

      }

      log("f_sign_pull_request_bo: v_to_be_signed: ", v_to_be_signed);

      v_empty_signature := bit2oct(encvalue(valueof(v_to_be_signed)));

      log("f_sign_pull_request_bo: Empty signature: ", v_empty_signature);

      // Sign the XML document (envelopped signature)

      if (p_certificate_past) {

        p_certificate_name := PICS_CISE_IUT_CERTIFICATE_PAST;

      }

      if (p_certificate_future) {

        p_certificate_name := PICS_CISE_IUT_CERTIFICATE_FUTURE;

      }

      if (f_sign(v_encoded_pull_request, v_empty_signature, p_certificate_name, p_private_key_name, p_private_key_passwd, v_signature, v_digest, v_x509_certificate_subject, v_x509_certificate_pem, p_pull_request_canonicalized) == -1) {

        log("f_sign_pull_request: failed to sign PullRequest");

        return -1;

      }

      log("f_sign_pull_request: Raw signature: ", v_signature);

      if (p_alter_signature) {

        v_signature[0] := '54'O;

        v_signature[1] := '4F'O;

        v_signature[1] := '54'O;

        v_signature[1] := '4F'O;

      }

      log("f_sign_pull_request: Altererd v_signature: ", v_signature);

      if (p_alter_certificate) {

        v_x509_certificate_pem[0] := "z";

        v_x509_certificate_pem[1] := "z";

        v_x509_certificate_pem[2] := "z";

        v_x509_certificate_pem[3] := "z";

      }

      log("f_sign_pull_request: Altererd v_x509_certificate_pem: ", v_x509_certificate_pem);

      if (p_alter_digest) {

        v_digest[0] := '54'O;

        v_digest[1] := '4F'O;

        v_digest[2] := '54'O;

        v_digest[3] := '4F'O;

      }

      log("f_sign_pull_request: Altererd v_digest: ", v_digest);

      // Create the XML envelopped signature

      if (f_xml_build_envolopped_signature_bo(v_encoded_pull_request, v_signature, v_digest, v_x509_certificate_subject, "<PullType", v_x509_certificate_pem, p_alter_signature_alg, p_alter_signature_digest, p_signed_pull_request) == -1) {

        log("f_sign_pull_request_bo: failed to sign PullRequest");

        return -1;

      }log("f_sign_pull_request_bo: p_signed_pull_request: ", p_signed_pull_request);

      // Add XML header, not part of the sugnature

      p_signed_pull_request := v_h & p_signed_pull_request;

      return 0;

    } // End of function f_sign_pull_request_bo

    function f_verify_sign_pull_request(

                                        in XmlBody p_xml_body,

                                        in charstring p_debug_message

      return 0;

    }

    function f_xml_build_envolopped_signature_bo(

                                                 in octetstring p_encoded_message, 

                                                 in octetstring p_base64_signature,

                                                 in octetstring p_base64_digest,

                                                 in charstring p_x509_certificate_subject,

                                                 in charstring p_before_node,

                                                 in charstring p_x509_certificate_pem, 

                                                 in boolean p_alter_signature_alg := false,  

                                                 in boolean p_alter_signature_digest := false, 

                                                 out octetstring p_signed_message

                                                 ) return integer {

      var Signature v_xml_signature;

      var octetstring v_signature;

      var octetstring v_pattern := char2oct(p_before_node);

      var integer v_pattern_length := lengthof(v_pattern);

      var octetstring v_p2;

      var integer i;

      // Add the signature node in the encoded message. Don't use XSLT!!

      v_xml_signature := valueof(

                                 m_signature(

                                             p_base64_signature,

                                             p_base64_digest,

                                             p_x509_certificate_subject, 

                                             p_x509_certificate_pem

                                             ));

      log("f_xml_build_envolopped_signature_bo: v_xml_signature: ", v_xml_signature);

      if (p_alter_signature_alg) {

        v_xml_signature.signedInfo.signatureMethod.algorithm := PICS_CISE_INVALID_SIGNATURE_ALGORITHM;

      }

      if (p_alter_signature_digest) {

        v_xml_signature.signedInfo.reference.digestMethod.algorithm := PICS_CISE_INVALID_DIGEST_ALGORITHM;

      }

      log("f_xml_build_envolopped_signature_bo: Altered v_xml_signature: ", v_xml_signature);

      // Encode signature

      v_signature := bit2oct(encvalue(v_xml_signature));

      //v_signature := fx_enc_xmldsig(v_xml_signature);

      log("f_xml_build_envolopped_signature_bo: v_signature (1): ", v_signature);

      // Remove latest \n

      for (i := lengthof(v_signature) - 1; i > 0 and v_signature[i] == '0A'O; i := i - 1) {};

      v_signature := substr(v_signature, 0, i + 1);

      log("f_xml_build_envolopped_signature_bo: v_signature (2): ", v_signature);

      // find last <

      for (i := lengthof(p_encoded_message) - v_pattern_length - 1; i > v_pattern_length and substr(p_encoded_message, i, v_pattern_length) != v_pattern; i := i - 1) {};

      log("f_xml_build_envolopped_signature_bo: i: ", i);

      log("f_xml_build_envolopped_signature_bo: p_encoded_message[i]: ", p_encoded_message[i]);

      p_signed_message := substr(p_encoded_message, 0, i);

      v_p2 := substr(p_encoded_message, i, lengthof(p_encoded_message) - i);

      log("f_xml_build_envolopped_signature_bo: p_signed_message: ", p_signed_message);

      log("f_xml_build_envolopped_signature_bo: v_p2: ", v_p2);

      p_signed_message := p_signed_message & v_signature & v_p2;

      log("<<< f_xml_build_envolopped_signature_bo: p_signed_message: ", p_signed_message);

      return 0;

    }

    /**

     * @desc Generate a new UUID

     * @return The UUID in string format on success, a null string otherwise 

   */

  modulepar charstring PICS_CISE_IUT_CERTIFICATE := "cert.pem";

  /**

   * @desc Full path name of the certificate to be used the IUT

   */

  modulepar charstring PICS_CISE_IUT_CERTIFICATE_PAST := "cert_past.pem";

  /**

   * @desc Full path name of the certificate to be used the IUT

   */

  modulepar charstring PICS_CISE_IUT_CERTIFICATE_FUTURE := "cert_future.pem";

  /**

   * @desc Full path name of the certificate's signing private key to be used the IUT

   */

  modulepar charstring PICS_CISE_DIGEST_ALGORITHM := "http://www.w3.org/2000/09/xmldsig#sha1";

  modulepar charstring PICS_CISE_INVALID_DIGEST_ALGORITHM := "http://www.w3.org/2000/09/xmldsig#sha512";

  modulepar charstring PICS_CISE_SIGNATURE_ALGORITHM := "http://www.w3.org/2000/09/xmldsig#rsa-sha1";

  modulepar charstring PICS_CISE_INVALID_SIGNATURE_ALGORITHM := "http://www.w3.org/2000/09/xmldsig#rsa-sha256";

  modulepar charstring PICS_CISE_TRANSFORM_ALGORITHM := "http://www.w3.org/TR/1999/REC-xslt-19991116";

  modulepar charstring PICS_CISE_TRANSFORM_TYPE_ALGORITHM := "http://www.w3.org/2000/09/xmldsig#enveloped-signature";