diff --git a/LibOneM2M/OneM2M_Pics.ttcn b/LibOneM2M/OneM2M_Pics.ttcn
index 25df247b325a658e96e0d94d994e669b17ef42e4..2f9a1de958e52bae828c689b79e8246f6e66bf7b 100644
--- a/LibOneM2M/OneM2M_Pics.ttcn
+++ b/LibOneM2M/OneM2M_Pics.ttcn
@@ -40,7 +40,13 @@ module OneM2M_Pics {
* @see oneM2M TS-0017 A.5.6.53
*/
modulepar boolean PICS_DYN_AUTH_SUPPORT := true;
-
+
+ /**
+ * @desc Direct Dynamic Authorization resource support
+ * @see oneM2M TS-0017 A.5.6.74
+ */
+ modulepar boolean PICS_DIRECT_DYN_AUTH_SUPPORT := true;
+
/**
* @desc Node role
* @see oneM2M TS-0017 A.5.1.2
diff --git a/OneM2M_Testcases_AE_Release_4.ttcn b/OneM2M_Testcases_AE_Release_4.ttcn
index 214ad2c4abcfeab006047cab3e59b4952fb6c16f..635f9b08fc90dc038c49a14747488bdce5f5c997 100644
--- a/OneM2M_Testcases_AE_Release_4.ttcn
+++ b/OneM2M_Testcases_AE_Release_4.ttcn
@@ -9,7 +9,7 @@
* @desc Module containing test cases for oneM2M
*
*/
-module OneM2M_Testcases_AE_Release_3 {
+module OneM2M_Testcases_AE_Release_4 {
import from OneM2M_TestSystem all;
import from OneM2M_Templates all;
@@ -55,7 +55,7 @@ module OneM2M_Testcases_AE_Release_3 {
group Impersonation_Prevention {
}
-
+
group Dynamic_Authorization {
group Direct_Dynamic_Authorization {
@@ -68,10 +68,6 @@ module OneM2M_Testcases_AE_Release_3 {
}//end group Dynamic_Authorization
- group Indirect_Dynamic_Authorization {
-
- }//end group Indirect_Dynamic_Authorization
-
group Json_Web_Token {
}//end group Json_Web_Token
diff --git a/OneM2M_Testcases_CSE_Release_4.ttcn b/OneM2M_Testcases_CSE_Release_4.ttcn
index 7581152c305032444da83292a7d60cc2c568a548..7ce914dae56a4f982f26429b9a969e9373d89c46 100644
--- a/OneM2M_Testcases_CSE_Release_4.ttcn
+++ b/OneM2M_Testcases_CSE_Release_4.ttcn
@@ -653,6 +653,10 @@ module OneM2M_Testcases_CSE_Release_4 {
setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
stop;
}
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
// Test component configuration
f_cf03Up();
@@ -671,14 +675,14 @@ module OneM2M_Testcases_CSE_Release_4 {
v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
- v_groupIndex := f_cse_createResource(int9, v_groupRequest, v_aeIndex);
+ v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex);
v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
// Test Body
v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
// Alter the 'From' field using AE identifier different that AE1_ID
- v_createRequest.from_ := PX_TS_AE2.appId;
+ v_createRequest.from_ := PX_TS_AE2.appIdStem;
f_send(e_mcaPort, m_request(valueof(v_createRequest)));
tc_ac.start;
@@ -735,6 +739,10 @@ module OneM2M_Testcases_CSE_Release_4 {
setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
stop;
}
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
// Test component configuration
f_cf03Up();
@@ -755,7 +763,7 @@ module OneM2M_Testcases_CSE_Release_4 {
// Test Body
v_request := m_retrieve(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
// Alter the 'From' field using AE identifier different that AE1_ID
- v_request.from_ := PX_TS_AE2.appId;
+ v_request.from_ := PX_TS_AE2.appIdStem;
f_send(e_mcaPort, m_request(valueof(v_request)));
tc_ac.start;
@@ -812,6 +820,10 @@ module OneM2M_Testcases_CSE_Release_4 {
setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
stop;
}
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
// Test component configuration
f_cf03Up();
@@ -832,7 +844,7 @@ module OneM2M_Testcases_CSE_Release_4 {
// Test Body
v_update := m_update(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
// Alter the 'From' field using AE identifier different that AE1_ID
- v_update.from_ := PX_TS_AE2.appId;
+ v_update.from_ := PX_TS_AE2.appIdStem;
f_send(e_mcaPort, m_request(valueof(v_update)));
tc_ac.start;
@@ -887,6 +899,10 @@ module OneM2M_Testcases_CSE_Release_4 {
setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
stop;
}
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
// Test component configuration
f_cf03Up();
@@ -907,7 +923,7 @@ module OneM2M_Testcases_CSE_Release_4 {
// Test Body
v_delete := m_delete(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
// Alter the 'From' field using AE identifier different that AE1_ID
- v_delete.from_ := PX_TS_AE2.appId;
+ v_delete.from_ := PX_TS_AE2.appIdStem;
f_send(e_mcaPort, m_request(valueof(v_delete)));
tc_ac.start;
@@ -941,6 +957,218 @@ module OneM2M_Testcases_CSE_Release_4 {
group Direct_Dynamic_Authorization {
+ group Create {
+
+ /**
+ * @desc Check that the IUT processes properly Direct Dynamic Authorization with no DynamicAuthorizationConsultation attribute (Steps 6-8 not applied)
+ */
+ testcase TC_CSE_SEC_DDA_CRE_001() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_DDA_CRE_001());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_DDA_CRE_001() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_ae1ResourceId;
+ var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+ var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+
+ // Test control
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_DIRECT_DYN_AUTH_SUPPORT) or not(PICS_DYN_AUTH_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": Direct Dynamic Authorization support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ v_aeIndex := f_cse_preamble_registerAe(-, -);
+
+ vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+ f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+
+ v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_absolute);
+
+ v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+
+ v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex);
+
+ v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+
+ // Test Body
+ v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+
+ f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int2001))) -> value vc_response {
+ tc_ac.stop;
+ //Check mandatory fields
+ if (ischosen(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo)) {
+ if(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.securityInfoType != int2) { // Dynamic Authorization Response
+ setverdict(fail, __SCOPE__ & ": SecurityInfoType element is not set to '2' (Dynamic Authorization Response)");
+ }
+ if(
+ ispresent(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo) and
+ (vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo == true)
+ ) {
+ setverdict(fail, __SCOPE__ & ": authorSignReqInfo element is not set to 'false' (Steps 6-8 not applied)");
+ }
+ if (
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse) and
+ (
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens) or
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs)
+ )
+ ) {
+ setverdict(pass, __SCOPE__ & ": Tokens/TokenIDs were created");
+ } else {
+ setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+ }
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf03Down();
+
+ }//end TC_CSE_SEC_DDA_CRE_001
+
+ /**
+ * @desc Check that the IUT processes properly Direct Dynamic Authorization with no DynamicAuthorizationConsultation attribute (Steps 6-8 applied)
+ */
+ testcase TC_CSE_SEC_DDA_CRE_002() runs on Tester system CseSystem {
+
+ var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+
+ v_ae1.start(f_CSE_SEC_DDA_CRE_002());
+
+ v_ae1.done;
+
+ }
+
+ function f_CSE_SEC_DDA_CRE_002() runs on AeSimu system CseSystem {
+ // Local variables
+ var integer v_aeIndex := -1;
+ var integer v_acpIndex := -1;
+ var integer v_groupIndex := -1;
+ var XSD.ID v_ae1ResourceId;
+ var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+ var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+
+ // Test control
+ if(not(PICS_ACP_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+ stop;
+ }
+ if(not(PICS_DIRECT_DYN_AUTH_SUPPORT) or not(PICS_DYN_AUTH_SUPPORT)) {
+ setverdict(inconc, __SCOPE__ & ": Direct Dynamic Authorization support is required to run this test case");
+ stop;
+ }
+
+ // Test component configuration
+ f_cf03Up();
+
+ // Test adapter configuration
+
+ // Preamble
+ // FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+
+ v_aeIndex := f_cse_preamble_registerAe(-, -);
+
+ vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+ f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+
+ v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_absolute);
+
+ v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+
+ v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex);
+
+ v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+
+ // Test Body
+ v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+
+ f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+ tc_ac.start;
+ alt {
+ [] mcaPort.receive(mw_response(mw_responsePrimitive(int2001))) -> value vc_response {
+ tc_ac.stop;
+ //Check mandatory fields
+ if (ischosen(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo)) {
+ if(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.securityInfoType != int2) { // Dynamic Authorization Response
+ setverdict(fail, __SCOPE__ & ": SecurityInfoType element is not set to '2' (Dynamic Authorization Response)");
+ }
+ if(
+ ispresent(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo) and
+ (vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo == false)
+ ) {
+ setverdict(fail, __SCOPE__ & ": authorSignReqInfo element is not set to 'true' (Steps 6-8 not applied)");
+ }
+ if (
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dasResponse) and
+ (
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens) or
+ ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs)
+ )
+ ) {
+ setverdict(pass, __SCOPE__ & ": Tokens/TokenIDs were created");
+ } else {
+ setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+ }
+ } else {
+ setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+ }
+ }
+ [] mcaPort.receive(mw_response) -> value vc_response {
+ tc_ac.stop;
+ setverdict(fail, __SCOPE__ & ": Wrong response status code");
+ }
+ [] tc_ac.timeout {
+ setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+ }
+ }
+
+ //Postamble
+ f_cse_postamble_deleteResources();
+
+ //Tear down
+ f_cf03Down();
+
+ }//end TC_CSE_SEC_DDA_CRE_002
+
+ }// end of group Create
+
}//end group DirectDynamic_Authorization
group Indirect_Dynamic_Authorization {
@@ -949,10 +1177,6 @@ module OneM2M_Testcases_CSE_Release_4 {
}//end group Dynamic_Authorization
- group Indirect_Dynamic_Authorization {
-
- }//end group Indirect_Dynamic_Authorization
-
group Json_Web_Token {
}//end group Json_Web_Token