dexter has submitted this change. (
https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/41270?usp=email )
Change subject: smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn
......................................................................
smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn
In smdp_Tests.ttcn, the ES9+ and ES2+ interface are intermingled. This
is a problem since ES2+ and ES9+ are two independed interfaces and they
may use different certificates and may even be reachable under a different
FQDN from a different network interface.
To untable ES2+ and ES9+ we can move the ES2+ code from ES2Plus_Tests.ttcn
to smdpp_Tests.ttcn. Since ES2Plus_Tests.ttcn inherits from smdpp_Tests.ttcn
the ES2+ code will still be available to ES2Plus_Tests.ttcn.
This change will add the flexibility of ES2Plus_Tests.ttcn to
smdpp_Tests.ttcn. This means we can now freely configure the FQDN and the
certificates used with ES2+.
Related: SYS#7339
Change-Id: Ib59568379a9d454ea99d66550d6da8fd203681db
---
M smdpp/ES2Plus_Tests.cfg
M smdpp/ES2Plus_Tests.ttcn
M smdpp/smdpp_Tests.cfg
M smdpp/smdpp_Tests.ttcn
4 files changed, 188 insertions(+), 178 deletions(-)
Approvals:
osmith: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/smdpp/ES2Plus_Tests.cfg b/smdpp/ES2Plus_Tests.cfg
index 91463c6..19b9b78 100644
--- a/smdpp/ES2Plus_Tests.cfg
+++ b/smdpp/ES2Plus_Tests.cfg
@@ -8,11 +8,11 @@
[MODULE_PARAMETERS]
# ES2+ specific parameters
-# ES2Plus_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must
match the hostname of the server SSL certificate!
-# ES2Plus_Tests.mp_es2plus_server_port := 8000
-# ES2Plus_Tests.mp_es2plus_operator_id := "test.operator.com"
-# ES2Plus_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
-# ES2Plus_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
+# smdpp_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must
match the hostname of the server SSL certificate!
+# smdpp_Tests.mp_es2plus_server_port := 8000
+# smdpp_Tests.mp_es2plus_operator_id := "test.operator.com"
+# smdpp_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
+# smdpp_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
[EXECUTE]
ES2Plus_Tests.control
\ No newline at end of file
diff --git a/smdpp/ES2Plus_Tests.ttcn b/smdpp/ES2Plus_Tests.ttcn
index c6765f4..e2f034e 100644
--- a/smdpp/ES2Plus_Tests.ttcn
+++ b/smdpp/ES2Plus_Tests.ttcn
@@ -34,41 +34,13 @@
const charstring c_wrong_cert_path :=
"./sgp26/eUICC/CERT_EUICC_ECDSA_NIST.der";
const charstring c_wrong_key_path := "./sgp26/eUICC/SK_EUICC_ECDSA_NIST.pem";
-// The external function ext_RSPClient_create requires a path and a name
filter as input to load test certificates.
-// While those certificates are required for the ES9+ interface related tests
(smdpp_Tests.ttcn), for the ES2+
-// interface tests those certificates have no relevance.
-const charstring c_es2plus_cert_path := "./sgp26/";
-const charstring c_es2plus_cert_name_filter := "NIST";
-
// Module parameters
-modulepar {
- // The SMDP server host name (FQDN) must match the host name of the SSL
certificate of the server. To resolve the
- // server host name to an IP address, an entry in /etc/hosts is
sufficient. It should also be pointed out that this
- // testsuite (libcurl) will also verify the presented server certificate
against the related CA. To ensure that
- // the server certificate verification is possible, ensure that the
related CA certificates are made available in
- // /etc/ssl/certs
- charstring mp_es2plus_server_fqdn := "testsmdpplus1.example.com";
-
- // Sets the server port of the ES2+ server (SM-DP+).
- integer mp_es2plus_server_port := 8000;
-
- // Sets the client certificate to be used to authenticate towards the ES2+
server (SM-DP+)
- charstring mp_es2plus_client_cert_path :=
"./test_certs/CERT_MNO_ECDSA_NIST.pem";
-
- // Sets the private key to be used to authenticate towards the ES2+ server
(SM-DP+)
- charstring mp_es2plus_client_key_path :=
"./test_certs/SK_MNO_ECDSA_NIST.pem";
-
- // Sets the operator ID to be used on the ES2+ interface. (this parameter
has no relation to SSL/TLS)
- charstring mp_es2plus_operator_id := "test.operator.com";
-
- // ES2+ normally uses SSL with client authentication, however for debug
purposes it is possible to disable
- // mutual authentication.
- boolean mp_es2plus_use_mutual_tls := true;
-}
+// This module has no own module parameters (yet), for the ES2+ related
settings, it inherets the module parameters
+// (mp_es2plus_) from the smdpp_ConnHdlr
// Test component - extend smdpp_ConnHdlr to reuse RSPClient functionality
type component ES2Plus_ConnHdlr extends smdpp_ConnHdlr {
- // Inherits g_rsp_client_handle from smdpp_ConnHdlr
+ // Inherits g_rsp_client_handle_es2p from smdpp_ConnHdlr
}
// Parameter structures for test cases
@@ -135,7 +107,7 @@
// Send request using pre-configured authentication
response := smdpp_Tests.ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
url,
oct2char(req_enc),
mp_es2plus_server_port,
@@ -187,35 +159,6 @@
return true;
}
-// Initialize RSP client for ES2+
-function f_init_es2plus() runs on ES2Plus_ConnHdlr {
- // Initialize RSP client using imported function from smdpp_Tests
- g_rsp_client_handle := smdpp_Tests.ext_RSPClient_create(
- mp_es2plus_server_fqdn,
- mp_es2plus_server_port,
- c_es2plus_cert_path,
- c_es2plus_cert_name_filter
- );
-
- if (g_rsp_client_handle < 0) {
- setverdict(fail, "Failed to initialize RSP client for ES2+");
- mtc.stop;
- }
-
- // Set authentication parameters once for all ES2+ operations
- var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
- mp_es2plus_use_mutual_tls,
- mp_es2plus_client_cert_path,
- mp_es2plus_client_key_path
- );
-
- if (result != 0) {
- setverdict(fail, "Failed to set RSP client authentication parameters
for ES2+");
- mtc.stop;
- }
-}
-
/***********************************************************************
* Generic Test Functions
***********************************************************************/
@@ -978,7 +921,7 @@
// Temporarily set wrong authentication parameters
var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
mp_es2plus_use_mutual_tls,
c_wrong_cert_path, // Using wrong certificate
c_wrong_key_path // Using wrong key
@@ -995,7 +938,7 @@
log("ES2+ Request with WRONG certificate to ", url);
response := smdpp_Tests.ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
url,
oct2char(req_enc),
mp_es2plus_server_port,
@@ -1011,7 +954,7 @@
// Restore correct auth params for cleanup
smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
mp_es2plus_use_mutual_tls,
mp_es2plus_client_cert_path,
mp_es2plus_client_key_path
diff --git a/smdpp/smdpp_Tests.cfg b/smdpp/smdpp_Tests.cfg
index 60ad49e..1b4fd99 100644
--- a/smdpp/smdpp_Tests.cfg
+++ b/smdpp/smdpp_Tests.cfg
@@ -18,9 +18,16 @@
[TESTPORT_PARAMETERS]
[MODULE_PARAMETERS]
+# ES2+ specific parameters
# smdpp_Tests.mp_es9plus_server_port_nist := 8000
# smdpp_Tests.mp_es9plus_server_port_brp := 8001
+
+# ES2+ specific parameters
+# smdpp_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must
match the hostname of the server SSL certificate!
# smdpp_Tests.mp_es2plus_server_port := 8000
+# smdpp_Tests.mp_es2plus_operator_id := "test.operator.com"
+# smdpp_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
+# smdpp_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
[MAIN_CONTROLLER]
diff --git a/smdpp/smdpp_Tests.ttcn b/smdpp/smdpp_Tests.ttcn
index 339dfe3..c268e0e 100644
--- a/smdpp/smdpp_Tests.ttcn
+++ b/smdpp/smdpp_Tests.ttcn
@@ -34,13 +34,41 @@
import from esx_header_Types_JSON all;
import from ES2Plus_Tests all;
+/* The external function ext_RSPClient_create requires a path and a name
filter as input to load test certificates.
+ * While those certificates are required for the ES9+ interface related tests
(smdpp_Tests.ttcn), for the ES2+
+ * interface tests those certificates have no relevance. */
+const charstring c_es2plus_cert_path := "./sgp26/";
+const charstring c_es2plus_cert_name_filter := "NIST";
+
/* Module Parameters */
modulepar {
+ /* The SMDP server host name (FQDN) must match the host name of the SSL
certificate of the server. To resolve the
+ * server host name to an IP address, an entry in /etc/hosts is
sufficient. It should also be pointed out that this
+ * testsuite (libcurl) will also verify the presented server certificate
against the related CA. To ensure that
+ * the server certificate verification is possible, ensure that the
related CA certificates are made available in
+ * /etc/ssl/certs */
+ charstring mp_es2plus_server_fqdn := "testsmdpplus1.example.com";
+
+ /* Sets the server port of the ES2+ server (SM-DP+). */
+ integer mp_es2plus_server_port := 8000;
+
+ /* Sets the client certificate to be used to authenticate towards the ES2+
server (SM-DP+) */
+ charstring mp_es2plus_client_cert_path :=
"./test_certs/CERT_MNO_ECDSA_NIST.pem";
+
+ /* Sets the private key to be used to authenticate towards the ES2+ server
(SM-DP+) */
+ charstring mp_es2plus_client_key_path :=
"./test_certs/SK_MNO_ECDSA_NIST.pem";
+
+ /* Sets the operator ID to be used on the ES2+ interface. (this parameter
has no relation to SSL/TLS) */
+ charstring mp_es2plus_operator_id := "test.operator.com";
+
+ /* ES2+ normally uses SSL with client authentication, however for debug
purposes it is possible to disable
+ * mutual authentication. */
+ boolean mp_es2plus_use_mutual_tls := true;
+
boolean mp_use_custom_tls_cert := true;
charstring mp_custom_tls_cert_path := ""; // Empty means use cert pool
only
integer mp_es9plus_server_port_nist := 8000;
integer mp_es9plus_server_port_brp := 8001;
- integer mp_es2plus_server_port := 8000;
}
/* C++ handles only crypto, TTCN-3 handles ASN.1 encoding/decoding most of the
time */
@@ -349,7 +377,8 @@
var template integer g_http_client_id_es2p := omit;
/* C++ RSP client handle */
- var integer g_rsp_client_handle := -1;
+ var integer g_rsp_client_handle_es9p := -1;
+ var integer g_rsp_client_handle_es2p := -1;
/* Session state */
var octetstring g_transactionId := ''O;
@@ -371,7 +400,7 @@
type record smdpp_ConnHdlrPars {
charstring smdp_server_fqdn,
integer smdp_es9p_server_port,
- integer smdp_es2p_server_port,
+ integer smdp_es2p_server_port,
charstring cert_path,
charstring cert_name_filter,
charstring euicc_cert_path,
@@ -460,28 +489,61 @@
/* RSP CLIENT WRAPPER FUNCTIONS */
+// Initialize RSP client for ES2+
+function f_init_es2plus() runs on smdpp_ConnHdlr return boolean {
+ // Initialize RSP client using imported function from smdpp_Tests
+ g_rsp_client_handle_es2p := smdpp_Tests.ext_RSPClient_create(
+ mp_es2plus_server_fqdn,
+ mp_es2plus_server_port,
+ c_es2plus_cert_path,
+ c_es2plus_cert_name_filter
+ );
+
+ if (g_rsp_client_handle_es2p < 0) {
+ setverdict(fail, "Failed to initialize RSP client for ES2+");
+ mtc.stop;
+ }
+
+ // Set authentication parameters once for all ES2+ operations
+ var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
+ g_rsp_client_handle_es2p,
+ mp_es2plus_use_mutual_tls,
+ mp_es2plus_client_cert_path,
+ mp_es2plus_client_key_path
+ );
+
+ if (result != 0) {
+ setverdict(fail, "Failed to set RSP client authentication parameters
for ES2+");
+ mtc.stop;
+ }
+
+ ext_logInfo("HTTP client (ES2+) configured");
+
+ return true;
+}
+
private function f_rsp_client_init() runs on smdpp_ConnHdlr return boolean {
ext_logInfo("Initializing RSP client");
- g_rsp_client_handle := ext_RSPClient_create(
+ g_rsp_client_handle_es9p := ext_RSPClient_create(
g_pars_smdpp.smdp_server_fqdn,
g_pars_smdpp.smdp_es9p_server_port,
g_pars_smdpp.cert_path,
g_pars_smdpp.cert_name_filter
);
- if (g_rsp_client_handle < 0) {
+ if (g_rsp_client_handle_es9p < 0) {
ext_logError("Failed to create RSP client");
return false;
}
- if (ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle,
g_pars_smdpp.euicc_cert_path) != 0) {
+ if (ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p,
g_pars_smdpp.euicc_cert_path) != 0) {
ext_logError("Failed to load eUICC certificate");
f_rsp_client_cleanup();
return false;
}
- if (ext_RSPClient_loadEUICCKeyPair(g_rsp_client_handle,
g_pars_smdpp.euicc_key_path) != 0) {
+ if (ext_RSPClient_loadEUICCKeyPair(g_rsp_client_handle_es9p,
g_pars_smdpp.euicc_key_path) != 0) {
ext_logError("Failed to load eUICC private key");
f_rsp_client_cleanup();
return false;
@@ -489,7 +551,7 @@
// Configure HTTP client
var integer result := ext_RSPClient_configureHttpClient(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
mp_use_custom_tls_cert,
mp_custom_tls_cert_path
);
@@ -510,9 +572,13 @@
}
private function f_rsp_client_cleanup() runs on smdpp_ConnHdlr {
- if (g_rsp_client_handle >= 0) {
- ext_RSPClient_destroy(g_rsp_client_handle);
- g_rsp_client_handle := -1;
+ if (g_rsp_client_handle_es9p >= 0) {
+ ext_RSPClient_destroy(g_rsp_client_handle_es9p);
+ g_rsp_client_handle_es9p := -1;
+ }
+ if (g_rsp_client_handle_es2p >= 0) {
+ ext_RSPClient_destroy(g_rsp_client_handle_es2p);
+ g_rsp_client_handle_es2p := -1;
}
}
@@ -538,7 +604,7 @@
var charstring func_call_id := "TTCN3-" & oct2str(rnd_oct);
var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
true, // useMutualTLS
c_cert_path,
c_key_path
@@ -553,7 +619,7 @@
var JSON_ES2p_Request dl_req := {
downloadOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := func_call_id & "-DL"
},
eid := eid,
@@ -565,7 +631,7 @@
var octetstring req_enc := enc_JSON_ES2p_Request(dl_req);
var integer status_code;
var charstring response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_download_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -590,7 +656,7 @@
var JSON_ES2p_Request conf_req := {
confirmOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := func_call_id & "-CF"
},
iccid := new_iccid,
@@ -608,7 +674,7 @@
req_enc := enc_JSON_ES2p_Request(conf_req);
response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_confirm_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -680,7 +746,7 @@
private function f_create_initiate_authentication_request() runs on
smdpp_ConnHdlr
return RemoteProfileProvisioningRequest {
- g_euiccChallenge :=
ext_RSPClient_generateChallenge(g_rsp_client_handle);
+ g_euiccChallenge :=
ext_RSPClient_generateChallenge(g_rsp_client_handle_es9p);
ext_logInfo("Generated eUICC challenge: " &
ext_bytesToHex(g_euiccChallenge));
/* Create EUICC_INFO1 using TTCN-3 native types */
@@ -734,7 +800,7 @@
return false;
}
- if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle,
enc_ServerSigned1(authOk.serverSigned1), authOk.serverSignature1,
g_serverCert)) {
+ if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p,
enc_ServerSigned1(authOk.serverSigned1), authOk.serverSignature1,
g_serverCert)) {
ext_logError("Server signature validation failed");
return false;
}
@@ -762,7 +828,7 @@
private function f_create_get_bound_profile_package_request(octetstring
smdpSignature2) runs on smdpp_ConnHdlr
return RemoteProfileProvisioningRequest {
- var octetstring euiccOtpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euiccOtpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
@@ -771,7 +837,7 @@
};
// Add confirmation code hash if required
- var octetstring ccHash :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring ccHash :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
ext_logInfo("Checking confirmation code hash, length: " &
int2str(lengthof(ccHash)));
if (lengthof(ccHash) == 32) {
euiccSigned2.hashCc := ccHash;
@@ -784,7 +850,7 @@
var octetstring euiccSigned2Data := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2Data & smdpSignature2;
- var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepareDownloadResponse := {
downloadResponseOk := {
@@ -811,7 +877,7 @@
hashCc := omit /* No confirmation code for nominal case */
};
- var octetstring ccHash :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring ccHash :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
if (lengthof(ccHash) == 32) {
euiccSigned2.hashCc := ccHash;
ext_logInfo("Added confirmation code hash to
PrepareDownloadResponse: " & oct2str(ccHash));
@@ -821,7 +887,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepareDownloadResponse := {
downloadResponseOk := {
@@ -918,7 +984,7 @@
var integer http_status;
var charstring response_body := ext_RSPClient_sendHttpsPost(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
g_last_es9p_endpoint,
g_last_es9p_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -977,7 +1043,7 @@
var integer http_status;
var charstring response_body := ext_RSPClient_sendHttpsPost(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
g_last_es9p_endpoint,
g_last_es9p_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -1012,7 +1078,7 @@
var integer http_status;
ext_logInfo("Sending ASN.1 request to /gsma/rsp2/asn1 on port " &
int2str(g_pars_smdpp.smdp_es9p_server_port));
var octetstring response_body := ext_RSPClient_sendHttpsPostBinary(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
"/gsma/rsp2/asn1",
asn1_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -1237,14 +1303,14 @@
private function f_get_certificate_pair() runs on smdpp_ConnHdlr return
CertificatePair {
return {
- euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
- eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+ euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+ eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
};
}
private function f_sign_euicc_signed1(EuiccSigned1 euiccSigned1) runs on
smdpp_ConnHdlr return octetstring {
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- return ext_RSPClient_signDataWithEUICC(g_rsp_client_handle,
euiccSigned1_raw);
+ return ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p,
euiccSigned1_raw);
}
private function f_build_authenticate_client_request(
@@ -1359,7 +1425,7 @@
AuthenticateClientOk auok,
RemoteProfileProvisioningRequest
packageRequest)
runs on smdpp_ConnHdlr return boolean {
- var octetstring euiccOtpk :=
ext_RSPClient_getEUICCOtpk(g_rsp_client_handle);
+ var octetstring euiccOtpk :=
ext_RSPClient_getEUICCOtpk(g_rsp_client_handle_es9p);
if (not ext_CertificateUtil_verifyECDHCompatible(euiccOtpk,
iscReq.smdpOtpk)) {
ext_logError("eUICC and SM-DP+ public keys are not ECDH compatible");
return false;
@@ -1376,7 +1442,7 @@
var octetstring encsecr :=
encode_DER_InitialiseSecureChannelRequest_ver(toencsec);
var octetstring trunc_initsec := substr(encsecr, 4, lengthof(encsecr)-4);
- if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle,
trunc_initsec,
+ if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p,
trunc_initsec,
iscReq.smdpSign,
enc_Certificate(auok.smdpCertificate))) {
ext_logError("InitialiseSecureChannelRequest signature validation
failed");
return false;
@@ -1482,7 +1548,7 @@
var integer http_status;
var charstring response_body := ext_RSPClient_sendHttpsPost(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
g_last_es9p_endpoint,
g_last_es9p_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -1591,7 +1657,7 @@
}
var octetstring full_encoded :=
encode_DER_profileInstallationResultData(pirData);
- var octetstring euiccSignPIR :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, full_encoded);
+ var octetstring euiccSignPIR :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, full_encoded);
var ProfileInstallationResult pir := {
profileInstallationResultData := pirData,
@@ -1668,10 +1734,10 @@
};
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
- var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
return {
authenticateClientRequest := {
@@ -1856,7 +1922,7 @@
};
var octetstring cancelSignedData :=
enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -1891,10 +1957,10 @@
var EuiccSigned1 euiccSigned1 := f_create_euicc_signed1(euiccInfo2,
ctxParams);
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
- var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
var RemoteProfileProvisioningRequest authReq := {
authenticateClientRequest := {
@@ -1915,7 +1981,7 @@
private function f_create_prepare_download_response(octetstring
smdpSignature2) runs on smdpp_ConnHdlr return PrepareDownloadResponse {
- var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
@@ -1923,7 +1989,7 @@
hashCc := omit
};
- var octetstring ccHash :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring ccHash :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
if (lengthof(ccHash) == 32) {
euiccSigned2.hashCc := ccHash;
ext_logInfo("Added confirmation code hash to
PrepareDownloadResponse: " & oct2str(ccHash));
@@ -1933,7 +1999,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepDownloadResp := {
downloadResponseOk := {
@@ -2038,7 +2104,7 @@
/* Sign the data */
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
/* Apply signature error if specified */
if (ischosen(err_injection.sig_error) and
err_injection.sig_error.corrupt_signature) {
@@ -2050,23 +2116,23 @@
select (err_injection.cert_error.error_type) {
case (INVALID_EUM_SIGNATURE) {
/* Load invalid (self-signed) EUM certificate */
- ext_RSPClient_loadEUMCertificate(g_rsp_client_handle,
"./InvalidTestCases/CERT_EUM_ECDSA_NIST_INVALID.der");
+ ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p,
"./InvalidTestCases/CERT_EUM_ECDSA_NIST_INVALID.der");
}
case (EXPIRED_EUM) {
/* Load expired EUM certificate */
- ext_RSPClient_loadEUMCertificate(g_rsp_client_handle,
"./InvalidTestCases/CERT_EUM_ECDSA_NIST_EXPIRED.der");
+ ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p,
"./InvalidTestCases/CERT_EUM_ECDSA_NIST_EXPIRED.der");
}
case (INVALID_EUICC_SIGNATURE) {
/* Load invalid (self-signed) eUICC certificate */
- ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle,
"./InvalidTestCases/CERT_EUICC_ECDSA_NIST_INVALID.der");
+ ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p,
"./InvalidTestCases/CERT_EUICC_ECDSA_NIST_INVALID.der");
}
case (EXPIRED_EUICC) {
/* Load expired eUICC certificate */
- ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle,
"./InvalidTestCases/CERT_EUICC_ECDSA_NIST_EXPIRED.der");
+ ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p,
"./InvalidTestCases/CERT_EUICC_ECDSA_NIST_EXPIRED.der");
}
case (UNKNOWN_CI_KEY) {
/* Load EUM certificate signed by unknown CI */
- ext_RSPClient_loadEUMCertificate(g_rsp_client_handle,
"./InvalidTestCases/CERT_EUM_ECDSA_NIST_UNKNOWN_CI.der");
+ ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p,
"./InvalidTestCases/CERT_EUM_ECDSA_NIST_UNKNOWN_CI.der");
}
case else {
setverdict(fail, "Unsupported certificate error type");
@@ -2076,8 +2142,8 @@
}
/* Get certificates from RSP client */
- var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
/* Build the request */
var RemoteProfileProvisioningRequest authClientReq := {
@@ -2147,7 +2213,7 @@
/* Step 3: PrepareDownloadResponse with error injection */
var octetstring smdpSignature2 := authClientOk.smdpSignature2;
- var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
/* Build EUICCSigned2 */
var EUICCSigned2 euiccSigned2 := {
@@ -2163,9 +2229,9 @@
if (server_requires_cc and not ischosen(err_injection.cc_error)) {
/* Set confirmation code and get hash */
var charstring confirmationCode := "12345678"; /* Default test code
matching server */
- var integer result :=
ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+ var integer result :=
ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
if (result == 0) {
- euiccSigned2.hashCc :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ euiccSigned2.hashCc :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
ext_logInfo("Using confirmation code hash: " &
oct2str(euiccSigned2.hashCc));
}
}
@@ -2211,7 +2277,7 @@
/* Sign EUICCSigned2 */
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
/* Apply signature corruption if needed */
if (ischosen(err_injection.sig_error) and
err_injection.sig_error.corrupt_signature) {
@@ -2286,7 +2352,7 @@
}
var octetstring serverCert := enc_Certificate(authOk.serverCertificate);
- if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle,
+ if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p,
enc_ServerSigned1(authOk.serverSigned1),
authOk.serverSignature1,
serverCert)) {
@@ -2495,10 +2561,10 @@
var EuiccSigned1 euiccSigned1 := f_create_euicc_signed1(euiccInfo2,
ctxParams);
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
- var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
var RemoteProfileProvisioningRequest authReq := {
authenticateClientRequest := {
@@ -2535,7 +2601,7 @@
if (params.testMode == BPP_RETRY_SAME_OTPK and iter == 0) {
/* First iteration: generate and save OTPK */
- euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
saved_euicc_otpk := euicc_otpk;
ext_logInfo("Generated and saved eUICC OTPK: " &
oct2str(euicc_otpk));
} else if (params.testMode == BPP_RETRY_SAME_OTPK and iter == 1) {
@@ -2544,7 +2610,7 @@
ext_logInfo("Reusing saved eUICC OTPK: " &
oct2str(euicc_otpk));
} else {
/* Generate new OTPK for all other cases */
- euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
if (params.testMode == BPP_RETRY_DIFFERENT_OTPK and iter == 1)
{
ext_logInfo("Generated new eUICC OTPK for retry: " &
oct2str(euicc_otpk));
}
@@ -2711,17 +2777,17 @@
var RemoteProfileProvisioningRequest packageReq;
if (requireCC) {
- var octetstring euiccOtpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euiccOtpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
euiccOtpk := euiccOtpk,
- hashCc :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle)
+ hashCc :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p)
};
var octetstring euiccSigned2Data :=
enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2Data &
authClientOk.smdpSignature2;
- var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepDownloadResp := {
downloadResponseOk := {
@@ -2868,7 +2934,7 @@
ext_logInfo("Step 3: Testing GetBoundProfilePackage with OTPK reuse");
/* simulate reuse from cancelled session */
- var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var octetstring smdpSignature2 := authClientResp2.smdpSignature2;
var PrepareDownloadResponse prepDownloadResp :=
f_create_prepare_download_response_with_otpk(smdpSignature2, euicc_otpk);
@@ -2941,7 +3007,7 @@
};
var octetstring cancelSignedData :=
enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -2992,7 +3058,7 @@
}
if (with_cc) {
- ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "12345678");
+ ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p,
"12345678");
}
/* Step 3: Prepare retry based on OTPK mode */
@@ -3001,7 +3067,7 @@
if (otpk_mode == RETRY_REUSE_SAME_OTPK) {
/* Reuse OTPK from cancelled session */
- var octetstring euicc_otpk :=
ext_RSPClient_getEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk :=
ext_RSPClient_getEUICCOtpk(g_rsp_client_handle_es9p);
ext_logInfo("Step 3: GetBoundProfilePackage retry with SAME eUICC
otPK");
ext_logInfo("Reusing SAME eUICC otPK");
prepDownloadResp := f_create_prepare_download_response_with_otpk(
@@ -3009,7 +3075,7 @@
otpk_description := "same";
} else if (otpk_mode == RETRY_SEND_NEW_OTPK) {
/* Generate new OTPK to simulate eUICC rejection */
- var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
ext_logInfo("Step 3: GetBoundProfilePackage retry with NEW eUICC
otPK");
ext_logInfo("Using NEW eUICC otPK");
prepDownloadResp := f_create_prepare_download_response_with_otpk(
@@ -3175,7 +3241,7 @@
/* Set transaction ID for confirmation code hash computation */
ext_logInfo("Setting transaction ID: " & oct2str(g_transactionId));
- var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle,
g_transactionId);
+ var integer result :=
ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, g_transactionId);
if (result != 0) {
setverdict(fail, "Failed to set transaction ID");
f_rsp_client_cleanup();
@@ -3184,7 +3250,7 @@
/* First attempt with wrong confirmation code */
ext_logInfo("First attempt with wrong confirmation code");
- ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "00000000"); /*
Wrong code */
+ ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "00000000");
/* Wrong code */
var PrepareDownloadResponse prepDownloadResp :=
f_create_prepare_download_response(authClientOk.smdpSignature2);
var RemoteProfileProvisioningRequest packageReq := {
@@ -3207,7 +3273,7 @@
/* Second attempt with correct confirmation code */
ext_logInfo("Second attempt with correct confirmation code");
- ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "12345678"); /*
Correct code */
+ ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "12345678");
/* Correct code */
prepDownloadResp :=
f_create_prepare_download_response(authClientOk.smdpSignature2);
packageReq.getBoundProfilePackageRequest.prepareDownloadResponse :=
prepDownloadResp;
@@ -3285,7 +3351,7 @@
};
var octetstring cancelSignedData :=
enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -3370,7 +3436,7 @@
};
var octetstring cancelSignedData :=
enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -3481,7 +3547,7 @@
}
var octetstring cancelSignedData :=
enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
if (ischosen(err_injection.sig_error)) {
if (err_injection.sig_error.corrupt_signature) {
@@ -3578,7 +3644,7 @@
}
var octetstring cancelSignedData :=
enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
if (ischosen(err_injection.sig_error)) {
if (err_injection.sig_error.corrupt_signature) {
@@ -3762,13 +3828,13 @@
}
var octetstring enc_euicc_tosign := enc_EuiccSigned1(euiccSig);
- var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, enc_euicc_tosign);
+ var octetstring euiccSignature1 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, enc_euicc_tosign);
var AuthenticateServerResponse authresp := {
authenticateResponseOk := {
euiccSigned1 := euiccSig,
euiccSignature1 := euiccSignature1,
- euiccCertificate :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
- eumCertificate :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+ euiccCertificate :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+ eumCertificate :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
}
}
@@ -3784,7 +3850,7 @@
}
var octetstring auresp_sigdata := enc_SmdpSigned2(auok.smdpSigned2) &
'5f3740'O & euiccSignature1;
- if (not ext_RSPClient_verifyServerSignature( g_rsp_client_handle,
auresp_sigdata, auok.smdpSignature2, enc_Certificate(auok.smdpCertificate))) {
+ if (not ext_RSPClient_verifyServerSignature( g_rsp_client_handle_es9p,
auresp_sigdata, auok.smdpSignature2, enc_Certificate(auok.smdpCertificate))) {
ext_logError("Server signature validation failed");
setverdict(fail, "InitiateAuthentication validation failed");
f_rsp_client_cleanup();
@@ -3795,7 +3861,7 @@
ext_logInfo("Confirmation code is required for this profile");
ext_logInfo("Setting transaction ID: " &
oct2str(auok.transactionId));
- var integer result :=
ext_RSPClient_setTransactionId(g_rsp_client_handle, auok.transactionId);
+ var integer result :=
ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, auok.transactionId);
if (result != 0) {
ext_logError("Failed to set transaction ID");
}
@@ -3804,13 +3870,13 @@
if (ispresent(g_pars_smdpp.confirmation_code)) {
confirmationCode := g_pars_smdpp.confirmation_code;
}
- result :=
ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+ result :=
ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
if (result != 0) {
ext_logError("Failed to set confirmation code");
}
ext_logInfo("Set confirmation code: " & confirmationCode);
- var octetstring hashCheck :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring hashCheck :=
ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
ext_logInfo("Confirmation code hash length: " &
int2str(lengthof(hashCheck)));
if (lengthof(hashCheck) == 32) {
ext_logInfo("Confirmation code hash computed
successfully: " & oct2str(hashCheck));
@@ -3821,8 +3887,8 @@
ext_logInfo("Confirmation code is NOT required for this
profile");
}
- var charstring eid :=
ext_CertificateUtil_getEID(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var octetstring eumCert :=
ext_RSPClient_getEUMCertificate(g_rsp_client_handle);
+ var charstring eid :=
ext_CertificateUtil_getEID(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var octetstring eumCert :=
ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p);
if (not ext_CertificateUtil_validateEIDRange(eid, eumCert)) {
setverdict(fail, "EID is not within permitted range of EUM
certificate");
@@ -3870,9 +3936,9 @@
ext_logInfo("=== Validating certificate chains ===");
- var octetstring ciCertificate :=
ext_RSPClient_getCICertificate(g_rsp_client_handle);
+ var octetstring ciCertificate :=
ext_RSPClient_getCICertificate(g_rsp_client_handle_es9p);
- var octetstring euiccCertDer :=
ext_RSPClient_getEUICCCertificate(g_rsp_client_handle);
+ var octetstring euiccCertDer :=
ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p);
if (not
ext_CertificateUtil_verifyCertificateChainWithIntermediate(euiccCertDer,
eumCert,
ciCertificate)) {
@@ -3901,7 +3967,7 @@
}
ext_logInfo("Both certificates use curve: " & euiccCurve);
- var octetstring sharedSecret :=
ext_RSPClient_computeSharedSecret(g_rsp_client_handle,
+ var octetstring sharedSecret :=
ext_RSPClient_computeSharedSecret(g_rsp_client_handle_es9p,
iscReq.smdpOtpk);
if (lengthof(sharedSecret) == 0) {
setverdict(fail, "Failed to compute ECDH shared secret");
@@ -4125,13 +4191,13 @@
};
var octetstring encoded := enc_NotificationMetadata(notifMeta);
- var octetstring euicc_signature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, encoded);
+ var octetstring euicc_signature :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, encoded);
var OtherSignedNotification otherNotif := {
tbsOtherNotification := notifMeta,
euiccNotificationSignature := euicc_signature,
- euiccCertificate :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
- eumCertificate :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+ euiccCertificate :=
dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+ eumCertificate :=
dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
};
var PendingNotification pendingNotif := {
@@ -4167,7 +4233,7 @@
ext_logInfo("=== Step 3: GetBoundProfilePackage with " & test_description
& " ===");
var octetstring smdpSignature2 := authClientOk.smdpSignature2;
- var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk :=
ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
@@ -4186,7 +4252,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 :=
ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
if (ischosen(err_injection.sig_error)) {
if (err_injection.sig_error.corrupt_signature) {
@@ -5670,16 +5736,9 @@
return;
}
- var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
- true, // useMutualTLS
- c_cert_path,
- c_key_path
- );
-
- if (result != 0) {
- setverdict(fail, "Failed to set authentication parameters");
- mtc.stop;
+ if (not f_init_es2plus()) {
+ setverdict(fail, "RSP client initialization for ES2+ failed");
+ return;
}
// Step 1: Order profile via ES2+
@@ -5688,7 +5747,7 @@
var JSON_ES2p_Request dl_req := {
downloadOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := "01234567890123456789012345678901"
},
eid := c_eid1,
@@ -5700,7 +5759,7 @@
var octetstring req_enc := enc_JSON_ES2p_Request(dl_req);
var integer status_code;
var charstring response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_download_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -5726,7 +5785,7 @@
var JSON_ES2p_Request conf_req := {
confirmOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := "02234567890123456789012345678901"
},
iccid := new_iccid,
@@ -5740,7 +5799,7 @@
req_enc := enc_JSON_ES2p_Request(conf_req);
response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_confirm_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -5789,9 +5848,10 @@
f_validateAuthenticateClientResponse(authClientOk);
// Handle confirmation code if required
+ var integer result;
if (authClientOk.smdpSigned2.ccRequiredFlag == true) {
log("Confirmation code is required for this profile");
- result := ext_RSPClient_setTransactionId(g_rsp_client_handle,
authClientOk.transactionId);
+ result := ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p,
authClientOk.transactionId);
if (result != 0) {
setverdict(fail, "Failed to set transaction ID");
f_rsp_client_cleanup();
@@ -5799,7 +5859,7 @@
}
var charstring confirmationCode := "12345678"; // Default test code
- result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle,
confirmationCode);
+ result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p,
confirmationCode);
if (result != 0) {
setverdict(fail, "Failed to set confirmation code");
f_rsp_client_cleanup();
--
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/41270?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: merged
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: Ib59568379a9d454ea99d66550d6da8fd203681db
Gerrit-Change-Number: 41270
Gerrit-PatchSet: 2
Gerrit-Owner: dexter <[email protected]>
Gerrit-Reviewer: Hoernchen <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: dexter <[email protected]>
Gerrit-Reviewer: osmith <[email protected]>
