diff --git a/LibOneM2M/OneM2M_Functions.ttcn b/LibOneM2M/OneM2M_Functions.ttcn
index d493bb6eedaf3e6f24240554bed1ced9ac1f39d8..47029b3ec004513d29e8ea6a507031a8aba32dec 100644
--- a/LibOneM2M/OneM2M_Functions.ttcn
+++ b/LibOneM2M/OneM2M_Functions.ttcn
@@ -3413,7 +3413,7 @@ module OneM2M_Functions {
}
f_checkCseSimuStatus();
-
+
}
/**
@@ -3434,7 +3434,7 @@ module OneM2M_Functions {
return v_localResourceIndex;
- }//End of function
+ }//End of function
/**
* @desc Creation of a local resource (Test System simulating a CSE)
@@ -5465,23 +5465,24 @@ module OneM2M_Functions {
log(">>> f_getLocalPoA: ", p_portDesc);
if (ischosen(p_portDesc.binding.httpBindingDesc)) {
- if (ispresent(p_portDesc.binding.httpBindingDesc.bindingDesc.useTls) and (p_portDesc.binding.httpBindingDesc.bindingDesc.useTls == true)) {
- v_poa := "https://" & p_portDesc.binding.httpBindingDesc.bindingDesc.tsAddress;
- } else {
+
+ if (ispresent(p_portDesc.security)) {
+ v_poa := "https://" & p_portDesc.binding.httpBindingDesc.bindingDesc.tsAddress;
+ } else {
v_poa := "http://" & p_portDesc.binding.httpBindingDesc.bindingDesc.tsAddress;
}
if (ispresent(p_portDesc.binding.httpBindingDesc.bindingDesc.localPort)) {
- v_poa := v_poa & ":" & int2str(p_portDesc.binding.httpBindingDesc.bindingDesc.localPort);
- }
+ v_poa := v_poa & ":" & int2str(p_portDesc.binding.httpBindingDesc.bindingDesc.localPort);
+ }
} else if (ischosen(p_portDesc.binding.coapBindingDesc)) {
- if (ispresent(p_portDesc.binding.coapBindingDesc.bindingDesc.useTls) and (p_portDesc.binding.coapBindingDesc.bindingDesc.useTls == true)) {
- v_poa := "coaps://" & p_portDesc.binding.coapBindingDesc.bindingDesc.tsAddress;
- } else {
- v_poa := "coap://" & p_portDesc.binding.coapBindingDesc.bindingDesc.tsAddress;
- }
- if (ispresent(p_portDesc.binding.coapBindingDesc.bindingDesc.localPort)) {
- v_poa := v_poa & ":" & int2str(p_portDesc.binding.coapBindingDesc.bindingDesc.localPort);
- }
+ if (ispresent(p_portDesc.security)) {
+ v_poa := "coaps://" & p_portDesc.binding.coapBindingDesc.bindingDesc.tsAddress;
+ } else {
+ v_poa := "coap://" & p_portDesc.binding.coapBindingDesc.bindingDesc.tsAddress;
+ }
+ if (ispresent(p_portDesc.binding.coapBindingDesc.bindingDesc.localPort)) {
+ v_poa := v_poa & ":" & int2str(p_portDesc.binding.coapBindingDesc.bindingDesc.localPort);
+ }
} else if (ischosen(p_portDesc.binding.mqttBindingDesc)) {
v_poa := "mqtt://" & p_portDesc.binding.mqttBindingDesc.bindingDesc.tsAddress;
if (ispresent(p_portDesc.binding.mqttBindingDesc.bindingDesc.localPort)) {
@@ -5495,7 +5496,8 @@ module OneM2M_Functions {
}
v_poa := v_poa & "/" & p_additionalContext;
- return v_poa;
+ return v_poa;
+
}
/**
@@ -6092,7 +6094,7 @@ module OneM2M_Functions {
p_targetIutAddress := p_sendingPort.binding.wsBindingDesc.bindingDesc.sutAddress & ":" & int2str(p_sendingPort.binding.wsBindingDesc.bindingDesc.remotePort);
}
- if (ischosen(p_receivingPort.binding.httpBindingDesc)) {
+ if (ischosen(p_receivingPort.binding.httpBindingDesc)) {
p_protocolBindingIn := "HTTP";
} else if (ischosen(p_receivingPort.binding.coapBindingDesc)) {
p_protocolBindingIn := "COAP";
@@ -7126,7 +7128,7 @@ module OneM2M_Functions {
in InterfaceIds p_interfaceIds,
in template MsgOut p_msgOut
) runs on Tester {
- log(">>> f_send: ", p_interfaceIds);
+ log(">>> f_send: ", p_interfaceIds, " - ", p_msgOut);
p_msgOut.host := vc_myInterfaces[enum2int(p_interfaceIds)].myHost;
p_msgOut.protocolBinding := vc_myInterfaces[enum2int(p_interfaceIds)].myProtocolBinding;
diff --git a/LibOneM2M/OneM2M_Pics.ttcn b/LibOneM2M/OneM2M_Pics.ttcn
index 00d8b2f7df1cbb57c985043c9e0d8c6b8eebf22c..16e62b44fedfcb515af0b6e9917fbeaf9dd300da 100644
--- a/LibOneM2M/OneM2M_Pics.ttcn
+++ b/LibOneM2M/OneM2M_Pics.ttcn
@@ -31,16 +31,22 @@ module OneM2M_Pics {
/**
* @desc End-to-End Certificate-based Key Establishment Procedure support
- * @see oneM2M TS-0003
+ * @see oneM2M TS-0003 Clause 8.2.2.2
*/
modulepar boolean PICS_ESC_SUPPORT := true;
-
+
/**
* @desc Dynamic Authorization resource support
* @see oneM2M TS-0017 A.5.6.53
*/
modulepar boolean PICS_DYN_AUTH_SUPPORT := true;
-
+
+ /**
+ * @desc Direct Dynamic Authorization resource support
+ * @see oneM2M TS-0017 A.5.6.74
+ */
+ modulepar boolean PICS_DIRECT_DYN_AUTH_SUPPORT := true;
+
/**
* @desc Node role
* @see oneM2M TS-0017 A.5.1.2
diff --git a/LibOneM2M/OneM2M_Pixits.ttcn b/LibOneM2M/OneM2M_Pixits.ttcn
index 597b9c11ba2a2ca75e53a62c95a25a9369206d40..5908df6ef1a671f2c58762a559fbc5033e6878f9 100644
--- a/LibOneM2M/OneM2M_Pixits.ttcn
+++ b/LibOneM2M/OneM2M_Pixits.ttcn
@@ -185,6 +185,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
},
mcaPortIn := {
@@ -200,6 +201,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
}
};
@@ -219,6 +221,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
},
mcaPortIn := {
@@ -234,6 +237,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
}
};
@@ -256,6 +260,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
},
mcaPortIn := {
@@ -271,6 +276,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
},
mccPort := {
@@ -286,6 +292,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
},
mccPortIn := {
@@ -301,6 +308,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
}
};
@@ -323,6 +331,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "json"
},
mcaPortIn := {
@@ -338,6 +347,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "json"
},
mccPort := {
@@ -353,6 +363,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "json"
},
mccPortIn := {
@@ -368,6 +379,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "json"
}
};
@@ -390,6 +402,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
},
mcaPortIn := {
@@ -405,6 +418,7 @@ module OneM2M_Pixits {
}
}
},
+ security := omit,
serialization := "xml"
}
};
diff --git a/LibOneM2M/OneM2M_TypesAndValues.ttcn b/LibOneM2M/OneM2M_TypesAndValues.ttcn
index 231c54bebb7df8d84bcf5bc037e2aa0999eaea05..dbe01b90471c25b44e8eec3926c4d365f6f1615f 100644
--- a/LibOneM2M/OneM2M_TypesAndValues.ttcn
+++ b/LibOneM2M/OneM2M_TypesAndValues.ttcn
@@ -4585,8 +4585,32 @@ group OtherTypes {
*/
type record PortDesc {
BindingProtocolsSelect binding,
+ TransportSecurity security optional,
SerializationRepresentations serialization
}
+
+ /**
+ * @desc Transport Layer security description
+ * Apply for both TSL and DTLS
+ * @member rootCert Test System root ca or internmediate root CA
+ * @member trustedCerts IUT cerver certificate, including IUT root ca or internmediate root CA
+ * @member serverSign Signature Test System certificate for the server side
+ * @member serverEnc Encryption Test System certificate for the server side
+ * @member clientSign Signature Test System certificate for the client side
+ * @member clientEnc Encryption Test System certificate for the client side
+ * @member psk_identity TLS-PSK identity
+ * @member psk_key TLS-PSK shared secret
+ */
+ type record TransportSecurity {
+ charstring rootCert,
+ charstring trustedCerts,
+ charstring serverSign,
+ charstring serverEnc,
+ charstring clientSign,
+ charstring clientEnc,
+ octetstring psk_identity optional,
+ octetstring psk_key optional
+ }
/**
* @desc UpperTester component settings
diff --git a/OneM2M_Testcases_AE_Release_4.ttcn b/OneM2M_Testcases_AE_Release_4.ttcn
new file mode 100644
index 0000000000000000000000000000000000000000..8a406c1e8ebc00afe9f297ce2b5cd311cc94e4bf
--- /dev/null
+++ b/OneM2M_Testcases_AE_Release_4.ttcn
@@ -0,0 +1,206 @@
+/**
+ * Copyright Notification
+ * No part of this document may be reproduced, in an electronic retrieval system or otherwise, except as authorized by written permission.
+ * The copyright and the foregoing restriction extend to reproduction in all media.
+ * © 2016, oneM2M Partners Type 1 (ARIB, ATIS, CCSA, ETSI, TIA, TSDSI, TTA, TTC).
+ * All rights reserved.
+ *
+ * @author oneM2M/ETSI
+ * @desc Module containing test cases for oneM2M
+ *
+ */
+module OneM2M_Testcases_AE_Release_4 {
+
+ import from OneM2M_TestSystem all;
+ import from OneM2M_Templates all;
+ import from OneM2M_Types all;
+ import from OneM2M_Types_homeDevice all;
+ import from OneM2M_TypesAndValues all;
+ import from OneM2M_Pixits all;
+ import from OneM2M_Pics all;
+ import from OneM2M_Functions all;
+ import from OneM2M_PermutationFunctions all;
+ import from XSD all;
+
+ group AE {
+
+ group HAIM {
+ } //end group HAIM
+
+ group Security {
+
+ group authentication {
+
+ group ESPrim {
+
+ group Notify {
+ } //end group Notify
+
+ group Retrieve {
+ } //end group Retrieve
+
+ } //end group ESCertKE
+
+ group ESCertKE {
+
+ group Notify {
+ } //end group Notify
+
+ } //end group ESCertKE
+
+ } // End of group authentication
+
+ group authorization {
+
+ group Impersonation_Prevention {
+
+ }
+
+ group Dynamic_Authorization {
+
+ group Direct_Dynamic_Authorization {
+
+ /**
+ * @desc Check that the IUT processes properly basic Indirect Dynamic Authorization (Only mandatories steps applied)
+ */
+ testcase TC_AE_SEC_DDA_CRE_001() runs on Tester system AeSystem {
+
+ var CseSimu v_cse1 := CseSimu.create("CSE1") alive;
+
+ v_cse1.start(f_AE_SEC_DDA_CRE_001(e_absolute));
+ v_cse1.done;
+ }
+
+ function f_AE_SEC_DDA_CRE_001(PrimitiveScope p_primitiveScope) runs on CseSimu system AeSystem {
+
+ var template UtTriggerPrimitive v_utRequest := m_utCreateContainer;
+ var integer v_resourceIndex := -1;
+ var MsgIn v_request;
+ var universal charstring v_action := __SCOPE__ & ": Please, send a valid CREATE Request for container to ";
+
+ if (not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+ if (not(PICS_DIRECT_DYN_AUTH_SUPPORT) or not(PICS_DYN_AUTH_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": Direct Dynamic Authorization support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+ v_utRequest.requestPrimitive.to_ := f_getLocalResourceAddress(-, e_nonHierarchical, p_primitiveScope);
+ f_ae_sendUtPrimitive(v_utRequest, v_action & f_getLocalResourceAddress(-, e_nonHierarchical, p_primitiveScope));
+
+ // Test body
+ tc_ac.start;
+ alt {
+ [] mcaPortIn.receive(mw_request(mw_createContainer(-,v_utRequest.requestPrimitive.to_))) -> value v_request {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & " : Container creation request received successfuly");
+ v_resourceIndex := f_processCreateRequestPrimitive(v_request.primitive.requestPrimitive);
+ f_send(e_mcaPortIn, m_response(vc_response.primitive.responsePrimitive));
+ }
+ [] mcaPortIn.receive(mw_request(mw_createContainer())) -> value v_request {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & " : Create Request with unexpected target");
+ f_send(e_mcaPortIn, m_response(valueof(m_responsePrimitive(int4004, v_request.primitive.requestPrimitive.requestIdentifier, omit))));
+ stop;
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & " : No answer while creating resource");
+ stop;
+ }
+ }
+
+ // Postamble
+ f_cf03Down();
+ }
+
+ }//end group DirectDynamic_Authorization
+
+ group Indirect_Dynamic_Authorization {
+
+ /**
+ * @desc Check that the IUT processes properly basic Indirect Dynamic Authorization (Only mandatories steps applied)
+ */
+ testcase TC_AE_SEC_IDA_CRE_001() runs on Tester system AeSystem {
+
+ var CseSimu v_cse1 := CseSimu.create("CSE1") alive;
+
+ v_cse1.start(f_AE_SEC_IDA_CRE_001(e_absolute));
+ v_cse1.done;
+ }
+
+ function f_AE_SEC_IDA_CRE_001(PrimitiveScope p_primitiveScope) runs on CseSimu system AeSystem {
+
+ var template UtTriggerPrimitive v_utRequest := m_utCreateContainer;
+ var integer v_resourceIndex := -1;
+ var MsgIn v_request;
+ var universal charstring v_action := __SCOPE__ & ": Please, send a valid CREATE Request for container to ";
+
+ if (not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+ if (PICS_DIRECT_DYN_AUTH_SUPPORT or not(PICS_DYN_AUTH_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": Indirect Dynamic Authorization support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+ v_utRequest.requestPrimitive.to_ := f_getLocalResourceAddress(-, e_nonHierarchical, p_primitiveScope);
+ v_utRequest.requestPrimitive.primitiveContent.securityInfo.dasRequest.tokenIDs := { fx_assign_originatorToken() };
+ f_ae_sendUtPrimitive(v_utRequest, v_action & f_getLocalResourceAddress(-, e_nonHierarchical, p_primitiveScope));
+
+ // Test body
+ tc_ac.start;
+ alt {
+ [] mcaPortIn.receive(mw_request(mw_createContainer(-,v_utRequest.requestPrimitive.to_))) -> value v_request {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & " : Container creation request received successfuly");
+ v_resourceIndex := f_processCreateRequestPrimitive(v_request.primitive.requestPrimitive);
+ f_send(e_mcaPortIn, m_response(vc_response.primitive.responsePrimitive));
+ }
+ [] mcaPortIn.receive(mw_request(mw_createContainer())) -> value v_request {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & " : Create Request with unexpected target");
+ f_send(e_mcaPortIn, m_response(valueof(m_responsePrimitive(int4004, v_request.primitive.requestPrimitive.requestIdentifier, omit))));
+ stop;
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & " : No answer while creating resource");
+ stop;
+ }
+ }
+
+ // Postamble
+ f_cf03Down();
+ }
+
+ }//end group IndirectDynamic_Authorization
+
+ }//end group Dynamic_Authorization
+
+ group Json_Web_Token {
+
+ }//end group Json_Web_Token
+
+ group Distributed_Authorization {
+
+ }//end group Distributed_Authorization
+
+ } // End of group authorization
+
+ }//end group Security
+
+ }//end group AE
+
+}
diff --git a/OneM2M_Testcases_CSE_Release_3.ttcn b/OneM2M_Testcases_CSE_Release_3.ttcn
index 12a7e215a580fc068068f0e58e7da242c346fa08..7a589711a062e8c93ee9ba874a4d71e6f22d6b0c 100644
--- a/OneM2M_Testcases_CSE_Release_3.ttcn
+++ b/OneM2M_Testcases_CSE_Release_3.ttcn
@@ -115,7 +115,7 @@ module OneM2M_Testcases_CSE_Release_3 {
testcase TC_CSE_REG_CRE_012_AE_NL() runs on Tester system CseSystem {
var AeSimu v_ae1 := AeSimu.create("AE1") alive;
var template RequestPrimitive v_create := m_createAe(PX_TS_AE1.appId, omit, omit);
- v_create.primitiveContent.aE.nodeLink := "http://127.0.0.1/";
+ v_create.primitiveContent.aE.nodeLink := f_getLocalPoA(PX_TS_AE1.mcaPortIn);//"http://127.0.0.1/";
v_ae1.start(f_CSE_REG_CRE_012(v_create));
v_ae1.done;
@@ -242,7 +242,7 @@ module OneM2M_Testcases_CSE_Release_3 {
var template RequestPrimitive v_createRequest := m_createAe(PX_TS_AE1.appId);
var template PrimitiveContent v_contentResponse;
- v_createRequest.primitiveContent.aE.nodeLink := "http://127.0.0.1/";
+ v_createRequest.primitiveContent.aE.nodeLink := f_getLocalPoA(PX_TS_AE1.mcaPortIn);//"http://127.0.0.1/";
v_contentResponse.aE := mw_contentAeBase;
v_contentResponse.aE.nodeLink := ?;
diff --git a/OneM2M_Testcases_CSE_Release_4.ttcn b/OneM2M_Testcases_CSE_Release_4.ttcn
index 220b076edbbf3ef050afde41fafc0aabbe3b3a83..a868407dc5d9796f4cc33a17ecb66a62fd934f98 100644
--- a/OneM2M_Testcases_CSE_Release_4.ttcn
+++ b/OneM2M_Testcases_CSE_Release_4.ttcn
@@ -1,14 +1,14 @@
/**
- * Copyright Notification
- * No part of this document may be reproduced, in an electronic retrieval system or otherwise, except as authorized by written permission.
- * The copyright and the foregoing restriction extend to reproduction in all media.
- * © 2016, oneM2M Partners Type 1 (ARIB, ATIS, CCSA, ETSI, TIA, TSDSI, TTA, TTC).
- * All rights reserved.
- *
- * @author ETSI
- * @version $URL: https://oldforge.etsi.org/svn/oneM2M/branches/Release1/ttcn/OneM2M_Testcases.ttcn $
- * $Id: OneM2M_Testcases.ttcn 347 2017-08-11 08:48:20Z reinaortega $
- * @desc Module containing test cases for oneM2M
+ * Copyright Notification
+ * No part of this document may be reproduced, in an electronic retrieval system or otherwise, except as authorized by written permission.
+ * The copyright and the foregoing restriction extend to reproduction in all media.
+ * © 2016, oneM2M Partners Type 1 (ARIB, ATIS, CCSA, ETSI, TIA, TSDSI, TTA, TTC).
+ * All rights reserved.
+ *
+ * @author ETSI
+ * @version $URL: https://oldforge.etsi.org/svn/oneM2M/branches/Release1/ttcn/OneM2M_Testcases.ttcn $
+ * $Id: OneM2M_Testcases.ttcn 347 2017-08-11 08:48:20Z reinaortega $
+ * @desc Module containing test cases for oneM2M
*
*/
module OneM2M_Testcases_CSE_Release_4 {
@@ -37,12 +37,12 @@ module OneM2M_Testcases_CSE_Release_4 {
var RequestPrimitive v_request;
map(self:mcaPort, system:mcaPort) param (PX_TS_AE1.mcaPort);
- for (i:=0; i<lengthof(PX_RESOURCES_TO_BE_DELETED); i:= i+1) {
+ for (i:=0; i<lengthof(PX_RESOURCES_TO_BE_DELETED); i:= i+1) {
v_resourceAddress := f_getResourceAddress() & "/" & PX_RESOURCES_TO_BE_DELETED[i];
v_request := valueof(m_delete(v_resourceAddress, PX_SUPER_AE_ID));
-
+
f_send(e_mcaPort, m_request(v_request));
t_ac.start;
@@ -98,7 +98,7 @@ module OneM2M_Testcases_CSE_Release_4 {
group Registration {
-
+
}//end Registration
group Data_Management_and_Repository {
@@ -385,7 +385,7 @@ module OneM2M_Testcases_CSE_Release_4 {
group Update {
group g_CSE_DMR_UPD_015{
-
+
/**
* @desc Check that the IUT updates successfully the value of the optional attribute OPTIONAL_ATTRIBUTE of the RESOURCE_TYPE resource under CSEBase
*/
@@ -416,10 +416,10 @@ module OneM2M_Testcases_CSE_Release_4 {
v_primitiveContentRetrieveResource := f_getPrimitiveContentRetrievedResource(v_ae1);
//Check that the resource has been udpated correctly
- if(ischosen(v_primitiveContentRetrieveResource.node)) {
- if(v_primitiveContentRetrieveResource.node.labels != v_labels){
+ if(ischosen(v_primitiveContentRetrieveResource.node)) {
+ if(v_primitiveContentRetrieveResource.node.labels != v_labels){
setverdict(fail, __SCOPE__ & ": Error: Labels attribute not updated correctly")
- }
+ }
}
}
}
@@ -453,10 +453,10 @@ module OneM2M_Testcases_CSE_Release_4 {
v_primitiveContentRetrieveResource := f_getPrimitiveContentRetrievedResource(v_ae1);
//Check that the resource has been udpated correctly
- if(ischosen(v_primitiveContentRetrieveResource.node)) {
- if(v_primitiveContentRetrieveResource.node.accessControlPolicyIDs != valueof(v_updateRequestPrimitive.primitiveContent.node.accessControlPolicyIDs)){
+ if(ischosen(v_primitiveContentRetrieveResource.node)) {
+ if(v_primitiveContentRetrieveResource.node.accessControlPolicyIDs != valueof(v_updateRequestPrimitive.primitiveContent.node.accessControlPolicyIDs)){
setverdict(fail, __SCOPE__ & ": Error: Access Control Policy attribute not updated correctly")
- }
+ }
}
}
}
@@ -467,9 +467,9 @@ module OneM2M_Testcases_CSE_Release_4 {
}
} // end group g_CSE_DMR_UPD_015
-
+
group g_CSE_DMR_UPD_016 {
-
+
/**
* @desc Check that the IUT updates successfully the value of the attribute MANDATORY_ATTRIBUTE of the RESOURCE_TYPE resource under CSEBase
*/
@@ -499,12 +499,12 @@ module OneM2M_Testcases_CSE_Release_4 {
}
v_primitiveContentRetrieveResource := f_getPrimitiveContentRetrievedResource(v_ae1);
- //Check that the resource has been udpated correctly
- if(ischosen(v_primitiveContentRetrieveResource.node)) {
+ //Check that the resource has been udpated correctly
+ if(ischosen(v_primitiveContentRetrieveResource.node)) {
if(v_primitiveContentRetrieveResource.node.expirationTime != v_expirationTime){
- setverdict(fail, __SCOPE__ & ": Error: Expiration time attribute not updated correctly")
+ setverdict(fail, __SCOPE__ & ": Error: Expiration time attribute not updated correctly")
+ }
}
- }
}
}
@@ -536,9 +536,9 @@ module OneM2M_Testcases_CSE_Release_4 {
//Check that the resource has been udpated correctly
if(ischosen(v_primitiveContentRetrieveResource.node)) {
- if(v_primitiveContentRetrieveResource.node.nodeID != v_targetId){
+ if(v_primitiveContentRetrieveResource.node.nodeID != v_targetId){
setverdict(fail, __SCOPE__ & ": Error: NodeID attribute not updated correctly")
- }
+ }
}
}
}
@@ -1258,60 +1258,773 @@ module OneM2M_Testcases_CSE_Release_4 {
group Security {
- group ESPrim {
+ group authentication {
- group Notify{
+ group ESPrim {
+
+ group Notify{
+
+
+ }//end group Notify
+
+ }//end group ESPrim
-
- }//end group Notify
+ group Role_Based_Access_Control { // TODO To be moved to authorization group
+
+ group Create{
+
+ }//end group Create
+
+ group Retrieve {
+
+ }// end of group Retrieve
+
+ group Update {
+
+ }//end group Update
+
+ group Notify {
+
+ }//end group Notify
+
+ }//end group Role_Based_Access_Control
+
+ group ESCertKE {
+
+ group Notify {
+
+ }// end of group Notify
+
+ }// end of group ESCertKE
+
+ group Access_Control_Policy { // TODO To be moved to authorization group
+
+ }//end group AccessControlPolicy
- }//end group ESPrim
+ } // End of group authentication
- group Roles {
-
- group Create{
+ group authorization {
+
+ group Impersonation_Prevention {
- }//end group Create
-
- group Retrieve {
+ group Create {
+
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_CRE_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_CRE_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_CRE_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_ae1ResourceId;
+ var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+ var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf02Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ v_aeIndex := f_cse_preamble_registerAe(-, -);
+
+ vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+ f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+
+ v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_cseRelative);
+
+ v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+
+ v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex);
+
+ v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+
+ // Test Body
+ v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_createRequest.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf02Down();
+
+ }//end TC_CSE_SEC_IP_CRE_001
+
+ }// end of group Create
+
+ group Retrieve {
+
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_RET_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_RET_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_RET_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var integer v_parentIndex;
+ var integer v_resourceIndex;
+ var template RequestPrimitive v_request;
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf02Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ f_cse_createAccessControlPolicyAux();
+
+ v_aeIndex := f_cse_createResource_withAcpAux(int2, m_createAe(vc_aeSimuDesc.appId, -, vc_aeSimuDesc.aeIdStem, c_defaultAe1ResourceName, {f_getLocalPoA(vc_aeSimuDesc.mcaPortIn, "")}), -1); // AE1 is registred
+
+ v_parentIndex := f_cse_createResource(int3, m_createContainerBase, v_aeIndex);
+
+ v_resourceIndex := f_cse_createResource(int4, m_createContainerBase, v_parentIndex);
+
+ // Test Body
+ v_request := m_retrieve(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_request.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_request)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf02Down();
+
+ }//end TC_CSE_SEC_IP_RET_001
+
+ }// end of group Retrieve
+
+ group Update {
+
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_UPD_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_UPD_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_UPD_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var integer v_parentIndex;
+ var integer v_resourceIndex;
+ var template RequestPrimitive v_update := valueof(m_update);
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf02Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ f_cse_createAccessControlPolicyAux();
+
+ v_aeIndex := f_cse_createResource_withAcpAux(int2, m_createAe(vc_aeSimuDesc.appId, -, vc_aeSimuDesc.aeIdStem, c_defaultAe1ResourceName, {f_getLocalPoA(vc_aeSimuDesc.mcaPortIn, "")}), -1); // AE1 is registred
+
+ v_parentIndex := f_cse_createResource(int3, m_createContainerBase, v_aeIndex);
+
+ v_resourceIndex := f_cse_createResource(int4, m_createContainerBase, v_parentIndex);
+
+ // Test Body
+ v_update := valueof(m_update);
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_update.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_update)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf02Down();
+
+ }//end TC_CSE_SEC_IP_UPD_001
+
+ }// end of group Update
+
+ group Delete {
+
+ /**
+ * @desc Check that the IUT processes properly AE Impersonation attacks
+ */
+ testcase TC_CSE_SEC_IP_DEL_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IP_DEL_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IP_DEL_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_parentIndex;
+ var integer v_resourceIndex;
+ var template RequestPrimitive v_delete;
+
+ // Test control
+ if (not PICS_ESC_SUPPORT) {
+ setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf02Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ f_cse_createAccessControlPolicyAux();
+
+ v_aeIndex := f_cse_createResource_withAcpAux(int2, m_createAe(vc_aeSimuDesc.appId, -, vc_aeSimuDesc.aeIdStem, c_defaultAe1ResourceName, {f_getLocalPoA(vc_aeSimuDesc.mcaPortIn, "")}), -1); // AE1 is registred
+
+ v_parentIndex := f_cse_createResource(int3, m_createContainerBase, v_aeIndex);
+
+ v_resourceIndex := f_cse_createResource(int4, m_createContainerBase, v_parentIndex);
+
+ // Test Body
+ v_delete := m_delete(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
+ // Alter the 'From' field using AE identifier different that AE1_ID
+ v_delete.from_ := PX_TS_AE2.appId;
+
+ f_send(e_mcaPort, m_request(valueof(v_delete)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int4106))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": AE impersonation attack detected");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf02Down();
+
+ }//end TC_CSE_SEC_IP_DEL_001
+
+ }// end of group Delete
+
+ }//end group Impersonation_Prevention
- }// end of group Retrieve
-
- group Update {
+ group Dynamic_Authorization {
+
+ group Direct_Dynamic_Authorization {
+
+ group Create {
- }//end group Update
+ /**
+ * @desc Check that the IUT processes properly Direct Dynamic Authorization with no DynamicAuthorizationConsultation attribute (Steps 6-8 not applied)
+ */
+ testcase TC_CSE_SEC_DDA_CRE_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_DDA_CRE_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_DDA_CRE_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_ae1ResourceId;
+ var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+ var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+
+ // Test control
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_DIRECT_DYN_AUTH_SUPPORT) or not(PICS_DYN_AUTH_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": Direct Dynamic Authorization support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf02Up();
- group Notify {
-
- }//end group Notify
+ // Test adapter configuration
- }//end group Roles
-
- group ESCertKE {
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ v_aeIndex := f_cse_preamble_registerAe(-, -);
- group Notify {
-
- }// end of group Notify
+ vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+ f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+
+ v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_absolute);
- }// end of group ESCertKE
-
- group Access_Control_Policy {
+ v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+
+ v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex);
- }//end group AccessControlPolicy
-
- }//end group Security
-
+ v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+
+ // Test Body
+ v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+
+ f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int2001))) -> value vc_response {
+ tc_ac.stop;
+ //Check mandatory fields
+ if (ischosen(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo)) {
+ if(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.securityInfoType != int2) { // Dynamic Authorization Response
+ setverdict(fail, __SCOPE__ & ": SecurityInfoType element is not set to '2' (Dynamic Authorization Response)");
+ }
+ if (ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse)) {
+ if(
+ ispresent(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.authorSignReqInfo) and
+ (vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.authorSignReqInfo == true)
+ ) {
+ setverdict(fail, __SCOPE__ & ": authorSignReqInfo element is not set to 'false' (Steps 6-8 not applied)");
+ }
+ if (
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens) or
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs)
+ ) {
+ setverdict(pass, __SCOPE__ & ": Tokens/TokenIDs were created");
+ } else {
+ setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": 'dynAuthRelMapResponse' field not present");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": 'securityInfo' field not present");
+ }
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf02Down();
+
+ }//end TC_CSE_SEC_DDA_CRE_001
+
+ /**
+ * @desc Check that the IUT processes properly Direct Dynamic Authorization with no DynamicAuthorizationConsultation attribute (Steps 6-8 applied)
+ */
+ testcase TC_CSE_SEC_DDA_CRE_002() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_DDA_CRE_002());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_DDA_CRE_002() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_ae1ResourceId;
+ var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+ var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+ var integer v_state := 0; // Sequencing of received message
+
+ // Test control
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_DIRECT_DYN_AUTH_SUPPORT) or not(PICS_DYN_AUTH_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": Direct Dynamic Authorization support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf02Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ v_aeIndex := f_cse_preamble_registerAe(-, -);
+
+ vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+ f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+
+ v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_absolute);
+
+ v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+
+ v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex);
+
+ v_createRequest := m_createDynamicAuthorizationConsultationBase(omit, true); //dynamicAuthorizationEnable set to TRUE
+ v_createRequest.primitiveContent.dynamicAuthorizationConsultation.dynamicAuthorizationPoA := {f_getResourceAddress(v_aeIndex)};
+
+ // Test Body
+ v_createRequest := f_getCreateRequestPrimitive(int34, v_createRequest, v_aeIndex); // dynamicAuthorizationConsultation, TS-0004 Table 6.3.4.2.1 1: Interpretation of resourceType
+
+ f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+ tc_ac.start;
+ alt {
+ [v_state == 0] mcaPort.receive(mw_response(mw_responsePrimitiveOK)) -> value vc_response {
+ tc_ac.stop;
+ //Check mandatory fields
+ if (ischosen(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo)) {
+ if(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.securityInfoType != int2) { // Dynamic Authorization Response
+ setverdict(fail, __SCOPE__ & ": SecurityInfoType element is not set to '2' (Dynamic Authorization Response)");
+ }
+ if (ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse)) {
+ if(
+ ispresent(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.authorSignReqInfo) and
+ (vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.authorSignReqInfo == false)
+ ) {
+ setverdict(fail, __SCOPE__ & ": authorSignReqInfo element is not set to 'true' (Steps 6-8 not applied)");
+ }
+ if (
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens) or
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs)
+ ) {
+ var SignatureList v_authorSigns;
+ var template RequestPrimitive v_notifyRequest := m_notifyNotification(f_getResourceAddress(v_aeIndex), m_contentCreateNotification({ uRI := "" }, omit, omit, omit));
+
+ setverdict(pass, __SCOPE__ & ": Tokens/TokenIDs were created");
+ v_state := v_state + 1;
+ // TODO Process signature of MIC???
+ // TODO Send Notify to the IUT (step 6.1 & 6.2)
+ //fx_generateAuthorSignForTokens(vc_response.primitive.responsePrimitive, v_authorSigns);
+ v_notifyRequest.authorSigns := v_authorSigns;
+ v_notifyRequest.tokens := vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens;
+ v_notifyRequest.tokenIDs := vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs;
+ v_notifyRequest.authorSignIndicator := true;
+ f_send(e_mcaPort, m_request(valueof(v_notifyRequest)));
+ tc_ac.start;
+ repeat;
+ } else {
+ setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": 'dynAuthRelMapResponse' field not present");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": 'securityInfo' field not present");
+ }
+ }
+ [v_state == 1] mcaPort.receive(mw_response(mw_responseNotify(int2000))) -> value vc_response {
+ tc_ac.stop;
+ setverdict(pass, __SCOPE__ & ": Step 6-8 were applied");
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf02Down();
+
+ }//end TC_CSE_SEC_DDA_CRE_002
+
+ /**
+ * @desc Check that the IUT processes properly Direct Dynamic Authorization with no DynamicAuthorizationConsultation attribute (Steps 6-8 not applied)
+ */
+ testcase TC_CSE_SEC_DDA_CRE_003() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_DDA_CRE_003());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_DDA_CRE_003() runs on AeSimu system CseSystem {
+ // TODO
+ }//end TC_CSE_SEC_DDA_CRE_003
+
+ }// end of group Create
+
+ }//end group DirectDynamic_Authorization
+
+ group Indirect_Dynamic_Authorization {
+
+ group Create {
+
+ /**
+ * @desc Check that the IUT processes properly basic Indirect Dynamic Authorization (Only mandatories steps applied)
+ */
+ testcase TC_CSE_SEC_IDA_CRE_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_IDA_CRE_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_IDA_CRE_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_ae1ResourceId;
+ var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+ var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+
+ // Test control
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+ if(PICS_DIRECT_DYN_AUTH_SUPPORT or not(PICS_DYN_AUTH_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": Indirect Dynamic Authorization support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf02Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ v_aeIndex := f_cse_preamble_registerAe(-, -);
+
+ vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+ f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+
+ v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_absolute);
+
+ v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+
+ v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex);
+
+ v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+
+ // Test Body
+ v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+ v_createRequest.primitiveContent.securityInfo.dynAuthRelMapRequest.tokenIDs := { fx_assign_originatorToken() };
+
+ f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int2001))) -> value vc_response {
+ tc_ac.stop;
+ //Check mandatory fields
+ if (ischosen(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo)) {
+ if(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.securityInfoType != int2) { // Dynamic Authorization Response
+ setverdict(fail, __SCOPE__ & ": SecurityInfoType element is not set to '2' (Dynamic Authorization Response)");
+ }
+ if (ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse)) {
+ if(
+ ispresent(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.authorSignReqInfo) and
+ (vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.authorSignReqInfo == true)
+ ) {
+ setverdict(fail, __SCOPE__ & ": authorSignReqInfo element is not set to 'false' (Steps 6-8 not applied)");
+ }
+ if (
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens) or
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs)
+ ) {
+ setverdict(pass, __SCOPE__ & ": Tokens/TokenIDs were created");
+ } else {
+ setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": 'dynAuthRelMapResponse' field is not present");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": 'securityInfo' field is not present");
+ }
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf02Down();
+
+ }//end TC_CSE_SEC_IDA_CRE_001
+
+ }// end of group Create
+
+ }//end group IndirectDynamic_Authorization
+
+ }//end group Dynamic_Authorization
+
+ group Json_Web_Token {
+
+ }//end group Json_Web_Token
+
+ group Distributed_Authorization {
+
+ }//end group Distributed_Authorization
+
+ } // End of group authorization
+ }//end group Security
group Device_Management {
}//end group dataManagement
- group Dynamic_Authorization {
-
- }//end group Dynamic_Authorization
-
-
group InitialServiceProvisioning{
}// end group InitialServiceProvisioning