Start implementation of TCs for TS-0018 Clause 7.3.2.2 Direct Dynamic Authorization

LibOneM2M/OneM2M_Pics.ttcn

@@ -40,7 +40,13 @@ module OneM2M_Pics {
 	 * @see  oneM2M TS-0017 A.5.6.53
 	 */
 	modulepar boolean PICS_DYN_AUTH_SUPPORT := true;
-
+	
+	/**
+	 * @desc Direct Dynamic Authorization resource support 
+	 * @see  oneM2M TS-0017 A.5.6.74
+	 */
+	modulepar boolean PICS_DIRECT_DYN_AUTH_SUPPORT := true;
+	
 	/**
 	 * @desc Node role 
 	 * @see  oneM2M TS-0017 A.5.1.2

OneM2M_Testcases_AE_Release_4.ttcn

@@ -9,7 +9,7 @@
  *	@desc			 Module containing test cases for oneM2M
  *
  */
-module OneM2M_Testcases_AE_Release_3 {
+module OneM2M_Testcases_AE_Release_4 {
 
 	import from OneM2M_TestSystem all;
 	import from OneM2M_Templates all;
@@ -55,7 +55,7 @@ module OneM2M_Testcases_AE_Release_3 {
 					group Impersonation_Prevention {
 						
 					}
-				
+					
 					group Dynamic_Authorization {
 							
 							group Direct_Dynamic_Authorization {
@@ -68,10 +68,6 @@ module OneM2M_Testcases_AE_Release_3 {
 							
 					}//end group Dynamic_Authorization
 					
-					group Indirect_Dynamic_Authorization {
-							
-					}//end group Indirect_Dynamic_Authorization
-					
 					group Json_Web_Token {
 							
 					}//end group Json_Web_Token

OneM2M_Testcases_CSE_Release_4.ttcn

@@ -653,6 +653,10 @@ module OneM2M_Testcases_CSE_Release_4 {
 									setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
 									stop;
 								}
+								if(not(PICS_ACP_SUPPORT)) {
+								  setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+								  stop;
+								}
 								
 								// Test component configuration
 								f_cf03Up();
@@ -671,14 +675,14 @@ module OneM2M_Testcases_CSE_Release_4 {
 		
 								v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
 								
-								v_groupIndex := f_cse_createResource(int9, v_groupRequest, v_aeIndex); 
+								v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex); 
 		
 								v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
 								
 								// Test Body
 								v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
 								// Alter the 'From' field using AE identifier different that AE1_ID
-								v_createRequest.from_ := PX_TS_AE2.appId;
+								v_createRequest.from_ := PX_TS_AE2.appIdStem;
 								
 								f_send(e_mcaPort, m_request(valueof(v_createRequest)));
 								tc_ac.start;
@@ -735,6 +739,10 @@ module OneM2M_Testcases_CSE_Release_4 {
 									setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
 									stop;
 								}
+								if(not(PICS_ACP_SUPPORT)) {
+								  setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+								  stop;
+								}
 								
 								// Test component configuration
 								f_cf03Up();
@@ -755,7 +763,7 @@ module OneM2M_Testcases_CSE_Release_4 {
 								// Test Body
 								v_request := m_retrieve(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
 								// Alter the 'From' field using AE identifier different that AE1_ID
-								v_request.from_ := PX_TS_AE2.appId;
+								v_request.from_ := PX_TS_AE2.appIdStem;
 								
 								f_send(e_mcaPort, m_request(valueof(v_request)));
 								tc_ac.start;
@@ -812,6 +820,10 @@ module OneM2M_Testcases_CSE_Release_4 {
 									setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
 									stop;
 								}
+								if(not(PICS_ACP_SUPPORT)) {
+								  setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+								  stop;
+								}
 								
 								// Test component configuration
 								f_cf03Up();
@@ -832,7 +844,7 @@ module OneM2M_Testcases_CSE_Release_4 {
 								// Test Body
 								v_update := m_update(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
 								// Alter the 'From' field using AE identifier different that AE1_ID
-								v_update.from_ := PX_TS_AE2.appId;
+								v_update.from_ := PX_TS_AE2.appIdStem;
 								
 								f_send(e_mcaPort, m_request(valueof(v_update)));
 								tc_ac.start;
@@ -887,6 +899,10 @@ module OneM2M_Testcases_CSE_Release_4 {
 									setverdict(inconc, __SCOPE__ & ": End-to-End Certificate-based Key Establishment Procedure support is required to run this test case");
 									stop;
 								}
+								if(not(PICS_ACP_SUPPORT)) {
+								  setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+								  stop;
+								}
 								
 								// Test component configuration
 								f_cf03Up();
@@ -907,7 +923,7 @@ module OneM2M_Testcases_CSE_Release_4 {
 								// Test Body
 								v_delete := m_delete(f_getResourceAddress(v_resourceIndex), f_getOriginator(v_resourceIndex));
 								// Alter the 'From' field using AE identifier different that AE1_ID
-								v_delete.from_ := PX_TS_AE2.appId;
+								v_delete.from_ := PX_TS_AE2.appIdStem;
 								
 								f_send(e_mcaPort, m_request(valueof(v_delete)));
 								tc_ac.start;
@@ -941,6 +957,218 @@ module OneM2M_Testcases_CSE_Release_4 {
 							
 							group Direct_Dynamic_Authorization {
 								
+								group Create {
+					
+									/**
+									 * @desc	Check that the IUT processes properly Direct Dynamic Authorization with no DynamicAuthorizationConsultation attribute (Steps 6-8 not applied)
+									 */
+									testcase TC_CSE_SEC_DDA_CRE_001() runs on Tester system CseSystem {
+									
+										var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+													
+										v_ae1.start(f_CSE_SEC_DDA_CRE_001());
+										
+										v_ae1.done;
+										
+									}
+												
+									function f_CSE_SEC_DDA_CRE_001() runs on AeSimu system CseSystem {
+										// Local variables
+										var integer v_aeIndex := -1;
+										var integer v_acpIndex := -1;
+										var integer v_groupIndex := -1;
+										var XSD.ID v_ae1ResourceId;
+										var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+										var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+										
+										// Test control
+										if(not(PICS_ACP_SUPPORT)) {
+										  setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+										  stop;
+										}
+										if(not(PICS_DIRECT_DYN_AUTH_SUPPORT) or not(PICS_DYN_AUTH_SUPPORT)) {
+										  setverdict(inconc, __SCOPE__ & ": Direct Dynamic Authorization support is required to run this test case");
+										  stop;
+										}
+										
+										// Test component configuration
+										f_cf03Up();
+				
+										// Test adapter configuration
+				
+										// Preamble
+										// FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+										
+										v_aeIndex := f_cse_preamble_registerAe(-, -);
+				
+										vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+										f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+										
+										v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_absolute);
+				
+										v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+										
+										v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex); 
+				
+										v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+										
+										// Test Body
+										v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+										
+										f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+										tc_ac.start;
+										alt {
+											[] mcaPort.receive(mw_response(mw_responsePrimitive(int2001))) -> value vc_response {
+												tc_ac.stop;
+												//Check mandatory fields
+												if (ischosen(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo)) {
+													if(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.securityInfoType != int2) { // Dynamic Authorization Response
+														setverdict(fail, __SCOPE__ & ": SecurityInfoType element is not set to '2' (Dynamic Authorization Response)");
+													}
+													if(
+														ispresent(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo) and 
+														(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo == true)
+													) {
+														setverdict(fail, __SCOPE__ & ": authorSignReqInfo element is not set to 'false' (Steps 6-8 not applied)");
+													}
+													if (
+														ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse) and 
+														(
+															ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens) or
+															ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs)
+														)
+													) {
+														setverdict(pass, __SCOPE__ & ": Tokens/TokenIDs were created");
+													} else {
+														setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+													}
+												} else {
+													setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+												}
+											}
+											[] mcaPort.receive(mw_response) -> value vc_response {
+												tc_ac.stop;
+												setverdict(fail, __SCOPE__ & ": Wrong response status code");
+											}
+											[] tc_ac.timeout {
+												setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+											}
+										}
+				
+										//Postamble
+										f_cse_postamble_deleteResources();
+				
+										//Tear down
+										f_cf03Down();
+				
+									}//end TC_CSE_SEC_DDA_CRE_001
+									
+									/**
+									 * @desc	Check that the IUT processes properly Direct Dynamic Authorization with no DynamicAuthorizationConsultation attribute (Steps 6-8 applied)
+									 */
+									testcase TC_CSE_SEC_DDA_CRE_002() runs on Tester system CseSystem {
+									
+										var AeSimu v_ae1 := AeSimu.create("AE1") alive;
+													
+										v_ae1.start(f_CSE_SEC_DDA_CRE_002());
+										
+										v_ae1.done;
+										
+									}
+												
+									function f_CSE_SEC_DDA_CRE_002() runs on AeSimu system CseSystem {
+										// Local variables
+										var integer v_aeIndex := -1;
+										var integer v_acpIndex := -1;
+										var integer v_groupIndex := -1;
+										var XSD.ID v_ae1ResourceId;
+										var template RequestPrimitive v_groupRequest := m_createGroup(1, -, omit, int2, -, -, -);
+										var template RequestPrimitive v_createRequest := valueof(m_createAcpBase);
+										
+										// Test control
+										if(not(PICS_ACP_SUPPORT)) {
+										  setverdict(inconc, __SCOPE__ & ": AccessControlPolicy support is required to run this test case");
+										  stop;
+										}
+										if(not(PICS_DIRECT_DYN_AUTH_SUPPORT) or not(PICS_DYN_AUTH_SUPPORT)) {
+										  setverdict(inconc, __SCOPE__ & ": Direct Dynamic Authorization support is required to run this test case");
+										  stop;
+										}
+										
+										// Test component configuration
+										f_cf03Up();
+				
+										// Test adapter configuration
+				
+										// Preamble
+										// FIXME Security association establishment may be performed using AE1, E.g. TLS using AE1_ID
+										
+										v_aeIndex := f_cse_preamble_registerAe(-, -);
+				
+										vc_ae1.start(f_cse_createResource(int2, m_createAe(PX_TS_AE1.appId, -, PX_TS_AE1.aeIdStem, c_defaultAe1ResourceName, omit), -1)); // AE1 is registred
+										f_aeSimu_checkComponentDoneAndGetVerdict(vc_ae1);
+										
+										v_ae1ResourceId := f_getLatestResourceAddress(vc_ae1, e_nonHierarchical, e_absolute);
+				
+										v_groupRequest.primitiveContent.group_.memberIDs := {v_ae1ResourceId};
+										
+										v_groupIndex := f_cse_createResource(int3, v_groupRequest, v_aeIndex); 
+				
+										v_createRequest := m_createAcp(-, {f_getResourceId(vc_resourcesList[v_groupIndex].resource)} , -);
+										
+										// Test Body
+										v_createRequest := f_getCreateRequestPrimitive(int1, v_createRequest, v_aeIndex);
+										
+										f_send(e_mcaPort, m_request(valueof(v_createRequest)));
+										tc_ac.start;
+										alt {
+											[] mcaPort.receive(mw_response(mw_responsePrimitive(int2001))) -> value vc_response {
+												tc_ac.stop;
+												//Check mandatory fields
+												if (ischosen(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo)) {
+													if(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.securityInfoType != int2) { // Dynamic Authorization Response
+														setverdict(fail, __SCOPE__ & ": SecurityInfoType element is not set to '2' (Dynamic Authorization Response)");
+													}
+													if(
+														ispresent(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo) and 
+														(vc_request.primitive.requestPrimitive.primitiveContent.securityInfo.authorSignReqInfo == false)
+													) {
+														setverdict(fail, __SCOPE__ & ": authorSignReqInfo element is not set to 'true' (Steps 6-8 not applied)");
+													}
+													if (
+														ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dasResponse) and 
+														(
+															ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokens) or
+															ispresent(vc_response.primitive.responsePrimitive.primitiveContent.securityInfo.dynAuthRelMapResponse.tokenIDs)
+														)
+													) {
+														setverdict(pass, __SCOPE__ & ": Tokens/TokenIDs were created");
+													} else {
+														setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+													}
+												} else {
+													setverdict(fail, __SCOPE__ & ": Direct Dynamic Authorization failure");
+												}
+											}
+											[] mcaPort.receive(mw_response) -> value vc_response {
+												tc_ac.stop;
+												setverdict(fail, __SCOPE__ & ": Wrong response status code");
+											}
+											[] tc_ac.timeout {
+												setverdict(fail, __SCOPE__ & ": No answer while creating resource");
+											}
+										}
+				
+										//Postamble
+										f_cse_postamble_deleteResources();
+				
+										//Tear down
+										f_cf03Down();
+				
+									}//end TC_CSE_SEC_DDA_CRE_002
+									
+								}// end of group Create
+								
 							}//end group DirectDynamic_Authorization
 							
 							group Indirect_Dynamic_Authorization {
@@ -949,10 +1177,6 @@ module OneM2M_Testcases_CSE_Release_4 {
 							
 					}//end group Dynamic_Authorization
 					
-					group Indirect_Dynamic_Authorization {
-							
-					}//end group Indirect_Dynamic_Authorization
-					
 					group Json_Web_Token {
 							
 					}//end group Json_Web_Token