[L] Change in osmo-ttcn3-hacks[master]: smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn

27 Oct 2025

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/41270?usp=email )
Change subject: smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn
......................................................................
smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn
In smdp_Tests.ttcn, the ES9+ and ES2+ interface are intermingled. This
is a problem since ES2+ and ES9+ are two independed interfaces and they
may use different certificates and may even be reachable under a different
FQDN from a different network interface.
To untable ES2+ and ES9+ we can move the ES2+ code from ES2Plus_Tests.ttcn
to smdpp_Tests.ttcn. Since ES2Plus_Tests.ttcn inherits from smdpp_Tests.ttcn
the ES2+ code will still be available to ES2Plus_Tests.ttcn.
This change will add the flexibility of ES2Plus_Tests.ttcn to
smdpp_Tests.ttcn. This means we can now freely configure the FQDN and the
certificates used with ES2+.
Related: SYS#7339
Change-Id: Ib59568379a9d454ea99d66550d6da8fd203681db
---
M smdpp/ES2Plus_Tests.cfg
M smdpp/ES2Plus_Tests.ttcn
M smdpp/smdpp_Tests.cfg
M smdpp/smdpp_Tests.ttcn
4 files changed, 186 insertions(+), 178 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/70/41270/1

diff --git a/smdpp/ES2Plus_Tests.cfg b/smdpp/ES2Plus_Tests.cfg
index 91463c6..19b9b78 100644
--- a/smdpp/ES2Plus_Tests.cfg
+++ b/smdpp/ES2Plus_Tests.cfg
@@ -8,11 +8,11 @@
[MODULE_PARAMETERS]
 # ES2+ specific parameters
-# ES2Plus_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must match the hostname of the server SSL certificate!
-# ES2Plus_Tests.mp_es2plus_server_port := 8000
-# ES2Plus_Tests.mp_es2plus_operator_id := "test.operator.com"
-# ES2Plus_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
-# ES2Plus_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
+# smdpp_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must match the hostname of the server SSL certificate!
+# smdpp_Tests.mp_es2plus_server_port := 8000
+# smdpp_Tests.mp_es2plus_operator_id := "test.operator.com"
+# smdpp_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
+# smdpp_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
[EXECUTE]
 ES2Plus_Tests.control
\ No newline at end of file
diff --git a/smdpp/ES2Plus_Tests.ttcn b/smdpp/ES2Plus_Tests.ttcn
index c6765f4..e2f034e 100644
--- a/smdpp/ES2Plus_Tests.ttcn
+++ b/smdpp/ES2Plus_Tests.ttcn
@@ -34,41 +34,13 @@
 const charstring c_wrong_cert_path := "./sgp26/eUICC/CERT_EUICC_ECDSA_NIST.der";
 const charstring c_wrong_key_path := "./sgp26/eUICC/SK_EUICC_ECDSA_NIST.pem";
-// The external function ext_RSPClient_create requires a path and a name filter as input to load test certificates.
-// While those certificates are required for the ES9+ interface related tests (smdpp_Tests.ttcn), for the ES2+
-// interface tests those certificates have no relevance.
-const charstring c_es2plus_cert_path := "./sgp26/";
-const charstring c_es2plus_cert_name_filter := "NIST";
-
 // Module parameters
-modulepar {
-    // The SMDP server host name (FQDN) must match the host name of the SSL certificate of the server. To resolve the
-    // server host name to an IP address, an entry in /etc/hosts is sufficient. It should also be pointed out that this
-    // testsuite (libcurl) will also verify the presented server certificate against the related CA. To ensure that
-    // the server certificate verification is possible, ensure that the related CA certificates are made available in
-    // /etc/ssl/certs
-    charstring mp_es2plus_server_fqdn := "testsmdpplus1.example.com";
-
-    // Sets the server port of the ES2+ server (SM-DP+).
-    integer mp_es2plus_server_port := 8000;
-
-    // Sets the client certificate to be used to authenticate towards the ES2+ server (SM-DP+)
-    charstring mp_es2plus_client_cert_path := "./test_certs/CERT_MNO_ECDSA_NIST.pem";
-
-    // Sets the private key to be used to authenticate towards the ES2+ server (SM-DP+)
-    charstring mp_es2plus_client_key_path := "./test_certs/SK_MNO_ECDSA_NIST.pem";
-
-    // Sets the operator ID to be used on the ES2+ interface. (this parameter has no relation to SSL/TLS)
-    charstring mp_es2plus_operator_id := "test.operator.com";
-
-    // ES2+ normally uses SSL with client authentication, however for debug purposes it is possible to disable
-    // mutual authentication.
-    boolean mp_es2plus_use_mutual_tls := true;
-}
+// This module has no own module parameters (yet), for the ES2+ related settings, it inherets the module parameters
+// (mp_es2plus_) from the smdpp_ConnHdlr
// Test component - extend smdpp_ConnHdlr to reuse RSPClient functionality
 type component ES2Plus_ConnHdlr extends smdpp_ConnHdlr {
-    // Inherits g_rsp_client_handle from smdpp_ConnHdlr
+    // Inherits g_rsp_client_handle_es2p from smdpp_ConnHdlr
 }
// Parameter structures for test cases
@@ -135,7 +107,7 @@
// Send request using pre-configured authentication
     response := smdpp_Tests.ext_RSPClient_sendHttpsPostWithAuth(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
         url,
         oct2char(req_enc),
         mp_es2plus_server_port,
@@ -187,35 +159,6 @@
     return true;
 }
-// Initialize RSP client for ES2+
-function f_init_es2plus() runs on ES2Plus_ConnHdlr {
-    // Initialize RSP client using imported function from smdpp_Tests
-    g_rsp_client_handle := smdpp_Tests.ext_RSPClient_create(
-        mp_es2plus_server_fqdn,
-        mp_es2plus_server_port,
-	c_es2plus_cert_path,
-	c_es2plus_cert_name_filter
-    );
-
-    if (g_rsp_client_handle < 0) {
-        setverdict(fail, "Failed to initialize RSP client for ES2+");
-        mtc.stop;
-    }
-
-    // Set authentication parameters once for all ES2+ operations
-    var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
-        g_rsp_client_handle,
-        mp_es2plus_use_mutual_tls,
-        mp_es2plus_client_cert_path,
-        mp_es2plus_client_key_path
-    );
-
-    if (result != 0) {
-        setverdict(fail, "Failed to set RSP client authentication parameters for ES2+");
-        mtc.stop;
-    }
-}
-
 /***********************************************************************
  * Generic Test Functions
  ***********************************************************************/
@@ -978,7 +921,7 @@
// Temporarily set wrong authentication parameters
     var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
    mp_es2plus_use_mutual_tls,
         c_wrong_cert_path,  // Using wrong certificate
         c_wrong_key_path    // Using wrong key
@@ -995,7 +938,7 @@
log("ES2+ Request with WRONG certificate to ", url);
     response := smdpp_Tests.ext_RSPClient_sendHttpsPostWithAuth(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
         url,
         oct2char(req_enc),
         mp_es2plus_server_port,
@@ -1011,7 +954,7 @@
// Restore correct auth params for cleanup
     smdpp_Tests.ext_RSPClient_setAuthParams(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
         mp_es2plus_use_mutual_tls,
         mp_es2plus_client_cert_path,
         mp_es2plus_client_key_path
diff --git a/smdpp/smdpp_Tests.cfg b/smdpp/smdpp_Tests.cfg
index 60ad49e..1b4fd99 100644
--- a/smdpp/smdpp_Tests.cfg
+++ b/smdpp/smdpp_Tests.cfg
@@ -18,9 +18,16 @@
 [TESTPORT_PARAMETERS]
[MODULE_PARAMETERS]
+# ES2+ specific parameters
 # smdpp_Tests.mp_es9plus_server_port_nist := 8000
 # smdpp_Tests.mp_es9plus_server_port_brp := 8001
+
+# ES2+ specific parameters
+# smdpp_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must match the hostname of the server SSL certificate!
 # smdpp_Tests.mp_es2plus_server_port := 8000
+# smdpp_Tests.mp_es2plus_operator_id := "test.operator.com"
+# smdpp_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
+# smdpp_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
[MAIN_CONTROLLER]
diff --git a/smdpp/smdpp_Tests.ttcn b/smdpp/smdpp_Tests.ttcn
index 9c453c2..2b8768f 100644
--- a/smdpp/smdpp_Tests.ttcn
+++ b/smdpp/smdpp_Tests.ttcn
@@ -34,13 +34,41 @@
 import from esx_header_Types_JSON all;
 import from ES2Plus_Tests all;
+/* The external function ext_RSPClient_create requires a path and a name filter as input to load test certificates.
+ * While those certificates are required for the ES9+ interface related tests (smdpp_Tests.ttcn), for the ES2+
+ * interface tests those certificates have no relevance. */
+const charstring c_es2plus_cert_path := "./sgp26/";
+const charstring c_es2plus_cert_name_filter := "NIST";
+
 /* Module Parameters */
 modulepar {
+    /* The SMDP server host name (FQDN) must match the host name of the SSL certificate of the server. To resolve the
+     * server host name to an IP address, an entry in /etc/hosts is sufficient. It should also be pointed out that this
+     * testsuite (libcurl) will also verify the presented server certificate against the related CA. To ensure that
+     * the server certificate verification is possible, ensure that the related CA certificates are made available in
+     * /etc/ssl/certs */
+    charstring mp_es2plus_server_fqdn := "testsmdpplus1.example.com";
+
+    /* Sets the server port of the ES2+ server (SM-DP+). */
+    integer mp_es2plus_server_port := 8000;
+
+    /* Sets the client certificate to be used to authenticate towards the ES2+ server (SM-DP+) */
+    charstring mp_es2plus_client_cert_path := "./test_certs/CERT_MNO_ECDSA_NIST.pem";
+
+    /* Sets the private key to be used to authenticate towards the ES2+ server (SM-DP+) */
+    charstring mp_es2plus_client_key_path := "./test_certs/SK_MNO_ECDSA_NIST.pem";
+
+    /* Sets the operator ID to be used on the ES2+ interface. (this parameter has no relation to SSL/TLS) */
+    charstring mp_es2plus_operator_id := "test.operator.com";
+
+    /* ES2+ normally uses SSL with client authentication, however for debug purposes it is possible to disable
+     * mutual authentication. */
+    boolean mp_es2plus_use_mutual_tls := true;
+
    boolean mp_use_custom_tls_cert := true;
    charstring mp_custom_tls_cert_path := "";  // Empty means use cert pool only
    integer mp_es9plus_server_port_nist := 8000;
    integer mp_es9plus_server_port_brp := 8001;
-	integer mp_es2plus_server_port := 8000;
 }
/* C++ handles only crypto, TTCN-3 handles ASN.1 encoding/decoding most of the time */
@@ -349,7 +377,8 @@
    var template integer g_http_client_id_es2p := omit;
/* C++ RSP client handle */
-	var integer g_rsp_client_handle := -1;
+	var integer g_rsp_client_handle_es9p := -1;
+	var integer g_rsp_client_handle_es2p := -1;
/* Session state */
    var octetstring g_transactionId := ''O;
@@ -371,7 +400,7 @@
 type record smdpp_ConnHdlrPars {
    charstring smdp_server_fqdn,
    integer smdp_es9p_server_port,
-    integer smdp_es2p_server_port,
+	integer smdp_es2p_server_port,
    charstring cert_path,
    charstring cert_name_filter,
    charstring euicc_cert_path,
@@ -460,28 +489,59 @@
/* RSP CLIENT WRAPPER FUNCTIONS */
+// Initialize RSP client for ES2+
+function f_init_es2plus() runs on smdpp_ConnHdlr return boolean {
+    // Initialize RSP client using imported function from smdpp_Tests
+    g_rsp_client_handle_es2p := smdpp_Tests.ext_RSPClient_create(
+        mp_es2plus_server_fqdn,
+        mp_es2plus_server_port,
+	c_es2plus_cert_path,
+	c_es2plus_cert_name_filter
+    );
+
+    if (g_rsp_client_handle_es2p < 0) {
+        setverdict(fail, "Failed to initialize RSP client for ES2+");
+        mtc.stop;
+    }
+
+    // Set authentication parameters once for all ES2+ operations
+    var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
+        g_rsp_client_handle_es2p,
+        mp_es2plus_use_mutual_tls,
+        mp_es2plus_client_cert_path,
+        mp_es2plus_client_key_path
+    );
+
+    if (result != 0) {
+        setverdict(fail, "Failed to set RSP client authentication parameters for ES2+");
+        mtc.stop;
+    }
+
+    return true;
+}
+
 private function f_rsp_client_init() runs on smdpp_ConnHdlr return boolean {
    ext_logInfo("Initializing RSP client");
-	g_rsp_client_handle := ext_RSPClient_create(
+	g_rsp_client_handle_es9p := ext_RSPClient_create(
    	g_pars_smdpp.smdp_server_fqdn,
    	g_pars_smdpp.smdp_es9p_server_port,
    	g_pars_smdpp.cert_path,
    	g_pars_smdpp.cert_name_filter
    );
-	if (g_rsp_client_handle < 0) {
+	if (g_rsp_client_handle_es9p < 0) {
    	ext_logError("Failed to create RSP client");
    	return false;
    }
-	if (ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle, g_pars_smdpp.euicc_cert_path) != 0) {
+	if (ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p, g_pars_smdpp.euicc_cert_path) != 0) {
    	ext_logError("Failed to load eUICC certificate");
    	f_rsp_client_cleanup();
    	return false;
    }
-	if (ext_RSPClient_loadEUICCKeyPair(g_rsp_client_handle, g_pars_smdpp.euicc_key_path) != 0) {
+	if (ext_RSPClient_loadEUICCKeyPair(g_rsp_client_handle_es9p, g_pars_smdpp.euicc_key_path) != 0) {
    	ext_logError("Failed to load eUICC private key");
    	f_rsp_client_cleanup();
    	return false;
@@ -490,7 +550,7 @@
// Configure HTTP client
    var integer result := ext_RSPClient_configureHttpClient(
-		g_rsp_client_handle,
+		g_rsp_client_handle_es9p,
    	mp_use_custom_tls_cert,
    	mp_custom_tls_cert_path
    );
@@ -511,9 +571,13 @@
 }
private function f_rsp_client_cleanup() runs on smdpp_ConnHdlr {
-	if (g_rsp_client_handle >= 0) {
-		ext_RSPClient_destroy(g_rsp_client_handle);
-		g_rsp_client_handle := -1;
+	if (g_rsp_client_handle_es9p >= 0) {
+		ext_RSPClient_destroy(g_rsp_client_handle_es9p);
+		g_rsp_client_handle_es9p := -1;
+	}
+	if (g_rsp_client_handle_es2p >= 0) {
+		ext_RSPClient_destroy(g_rsp_client_handle_es2p);
+		g_rsp_client_handle_es2p := -1;
    }
 }
@@ -539,7 +603,7 @@
     var charstring func_call_id := "TTCN3-" & oct2str(rnd_oct);
var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es9p,
         true,  // useMutualTLS
         c_cert_path,
         c_key_path
@@ -554,7 +618,7 @@
     var JSON_ES2p_Request dl_req := {
         downloadOrderRequest := {
             header := {
-                functionRequesterIdentifier := "test.operator.com",
+                functionRequesterIdentifier := mp_es2plus_operator_id,
                 functionCallIdentifier := func_call_id & "-DL"
             },
             eid := eid,
@@ -566,7 +630,7 @@
     var octetstring req_enc := enc_JSON_ES2p_Request(dl_req);
     var integer status_code;
     var charstring response := ext_RSPClient_sendHttpsPostWithAuth(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
         c_path_download_order,
         oct2char(req_enc),
         g_pars_smdpp.smdp_es2p_server_port,
@@ -591,7 +655,7 @@
     var JSON_ES2p_Request conf_req := {
         confirmOrderRequest := {
             header := {
-                functionRequesterIdentifier := "test.operator.com",
+                functionRequesterIdentifier := mp_es2plus_operator_id,
                 functionCallIdentifier := func_call_id & "-CF"
             },
             iccid := new_iccid,
@@ -609,7 +673,7 @@
req_enc := enc_JSON_ES2p_Request(conf_req);
     response := ext_RSPClient_sendHttpsPostWithAuth(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
         c_path_confirm_order,
         oct2char(req_enc),
         g_pars_smdpp.smdp_es2p_server_port,
@@ -681,7 +745,7 @@
 private function f_create_initiate_authentication_request() runs on smdpp_ConnHdlr
 return RemoteProfileProvisioningRequest {
-	g_euiccChallenge := ext_RSPClient_generateChallenge(g_rsp_client_handle);
+	g_euiccChallenge := ext_RSPClient_generateChallenge(g_rsp_client_handle_es9p);
    ext_logInfo("Generated eUICC challenge: " & ext_bytesToHex(g_euiccChallenge));
/* Create EUICC_INFO1 using TTCN-3 native types */
@@ -735,7 +799,7 @@
    	return false;
    }
-	if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle, enc_ServerSigned1(authOk.serverSigned1), authOk.serverSignature1, g_serverCert)) {
+	if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p, enc_ServerSigned1(authOk.serverSigned1), authOk.serverSignature1, g_serverCert)) {
    	ext_logError("Server signature validation failed");
    	return false;
    }
@@ -763,7 +827,7 @@
 private function f_create_get_bound_profile_package_request(octetstring smdpSignature2) runs on smdpp_ConnHdlr
 return RemoteProfileProvisioningRequest {
-	var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+	var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
    	transactionId := g_transactionId,
@@ -772,7 +836,7 @@
    };
// Add confirmation code hash if required
-	var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+	var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
    ext_logInfo("Checking confirmation code hash, length: " & int2str(lengthof(ccHash)));
    if (lengthof(ccHash) == 32) {
    	euiccSigned2.hashCc := ccHash;
@@ -785,7 +849,7 @@
var octetstring euiccSigned2Data := enc_EUICCSigned2(euiccSigned2);
    var octetstring concatdata := euiccSigned2Data & smdpSignature2;
-	var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+	var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepareDownloadResponse := {
    	downloadResponseOk := {
@@ -812,7 +876,7 @@
    	hashCc := omit  /* No confirmation code for nominal case */
    };
-	var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+	var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
    if (lengthof(ccHash) == 32) {
    	euiccSigned2.hashCc := ccHash;
    	ext_logInfo("Added confirmation code hash to PrepareDownloadResponse: " & oct2str(ccHash));
@@ -822,7 +886,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
    var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
-	var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+	var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepareDownloadResponse := {
    	downloadResponseOk := {
@@ -919,7 +983,7 @@
    var integer http_status;
var charstring response_body := ext_RSPClient_sendHttpsPost(
-		g_rsp_client_handle,
+		g_rsp_client_handle_es9p,
    	g_last_es9p_endpoint,
    	g_last_es9p_request,
         g_pars_smdpp.smdp_es9p_server_port,
@@ -978,7 +1042,7 @@
var integer http_status;
    	var charstring response_body := ext_RSPClient_sendHttpsPost(
-			g_rsp_client_handle,
+			g_rsp_client_handle_es9p,
    		g_last_es9p_endpoint,
    		g_last_es9p_request,
    		g_pars_smdpp.smdp_es9p_server_port,
@@ -1013,7 +1077,7 @@
    var integer http_status;
    ext_logInfo("Sending ASN.1 request to /gsma/rsp2/asn1 on port " & int2str(g_pars_smdpp.smdp_es9p_server_port));
    var octetstring response_body := ext_RSPClient_sendHttpsPostBinary(
-		g_rsp_client_handle,
+		g_rsp_client_handle_es9p,
    	"/gsma/rsp2/asn1",
    	asn1_request,
    	g_pars_smdpp.smdp_es9p_server_port,
@@ -1238,14 +1302,14 @@
private function f_get_certificate_pair() runs on smdpp_ConnHdlr return CertificatePair {
    return {
-		euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
-		eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+		euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+		eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
    };
 }
private function f_sign_euicc_signed1(EuiccSigned1 euiccSigned1) runs on smdpp_ConnHdlr return octetstring {
     var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
-    return ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+    return ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
 }
private function f_build_authenticate_client_request(
@@ -1360,7 +1424,7 @@
                                              AuthenticateClientOk auok,
                                              RemoteProfileProvisioningRequest packageRequest)
 runs on smdpp_ConnHdlr return boolean {
-    var octetstring euiccOtpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle);
+    var octetstring euiccOtpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle_es9p);
     if (not ext_CertificateUtil_verifyECDHCompatible(euiccOtpk, iscReq.smdpOtpk)) {
         ext_logError("eUICC and SM-DP+ public keys are not ECDH compatible");
         return false;
@@ -1377,7 +1441,7 @@
     var octetstring encsecr := encode_DER_InitialiseSecureChannelRequest_ver(toencsec);
     var octetstring trunc_initsec := substr(encsecr, 4, lengthof(encsecr)-4);
-    if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle, trunc_initsec,
+    if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p, trunc_initsec,
                                                iscReq.smdpSign, enc_Certificate(auok.smdpCertificate))) {
         ext_logError("InitialiseSecureChannelRequest signature validation failed");
         return false;
@@ -1483,7 +1547,7 @@
var integer http_status;
     var charstring response_body := ext_RSPClient_sendHttpsPost(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es9p,
         g_last_es9p_endpoint,
         g_last_es9p_request,
         g_pars_smdpp.smdp_es9p_server_port,
@@ -1592,7 +1656,7 @@
     }
var octetstring full_encoded := encode_DER_profileInstallationResultData(pirData);
-    var octetstring euiccSignPIR := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, full_encoded);
+    var octetstring euiccSignPIR := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, full_encoded);
var ProfileInstallationResult pir := {
         profileInstallationResultData := pirData,
@@ -1669,10 +1733,10 @@
    };
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
-	var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+	var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
-	var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
-	var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+	var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+	var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
return {
    	authenticateClientRequest := {
@@ -1857,7 +1921,7 @@
     };
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
-    cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+    cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
         cancelSessionRequestEs9 := {
@@ -1892,10 +1956,10 @@
    var EuiccSigned1 euiccSigned1 := f_create_euicc_signed1(euiccInfo2, ctxParams);
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
-	var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+	var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
-	var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
-	var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+	var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+	var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
var RemoteProfileProvisioningRequest authReq := {
    	authenticateClientRequest := {
@@ -1916,7 +1980,7 @@
private function f_create_prepare_download_response(octetstring smdpSignature2) runs on smdpp_ConnHdlr return PrepareDownloadResponse {
-	var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+	var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
    	transactionId := g_transactionId,
@@ -1924,7 +1988,7 @@
    	hashCc := omit
    };
-	var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+	var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
    if (lengthof(ccHash) == 32) {
    	euiccSigned2.hashCc := ccHash;
    	ext_logInfo("Added confirmation code hash to PrepareDownloadResponse: " & oct2str(ccHash));
@@ -1934,7 +1998,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
    var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
-	var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+	var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepDownloadResp := {
    	downloadResponseOk := {
@@ -2039,7 +2103,7 @@
/* Sign the data */
     var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
-    var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+    var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
/* Apply signature error if specified */
     if (ischosen(err_injection.sig_error) and err_injection.sig_error.corrupt_signature) {
@@ -2051,23 +2115,23 @@
         select (err_injection.cert_error.error_type) {
         case (INVALID_EUM_SIGNATURE) {
             /* Load invalid (self-signed) EUM certificate */
-            ext_RSPClient_loadEUMCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_INVALID.der");
+            ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_INVALID.der");
         }
         case (EXPIRED_EUM) {
             /* Load expired EUM certificate */
-            ext_RSPClient_loadEUMCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_EXPIRED.der");
+            ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_EXPIRED.der");
         }
         case (INVALID_EUICC_SIGNATURE) {
             /* Load invalid (self-signed) eUICC certificate */
-            ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_INVALID.der");
+            ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_INVALID.der");
         }
         case (EXPIRED_EUICC) {
             /* Load expired eUICC certificate */
-            ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_EXPIRED.der");
+            ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_EXPIRED.der");
         }
         case (UNKNOWN_CI_KEY) {
             /* Load EUM certificate signed by unknown CI */
-            ext_RSPClient_loadEUMCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_UNKNOWN_CI.der");
+            ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_UNKNOWN_CI.der");
         }
         case else {
             setverdict(fail, "Unsupported certificate error type");
@@ -2077,8 +2141,8 @@
     }
/* Get certificates from RSP client */
-    var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
-    var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+    var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+    var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
/* Build the request */
     var RemoteProfileProvisioningRequest authClientReq := {
@@ -2148,7 +2212,7 @@
/* Step 3: PrepareDownloadResponse with error injection */
     var octetstring smdpSignature2 := authClientOk.smdpSignature2;
-    var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+    var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
/* Build EUICCSigned2 */
     var EUICCSigned2 euiccSigned2 := {
@@ -2164,9 +2228,9 @@
     if (server_requires_cc and not ischosen(err_injection.cc_error)) {
         /* Set confirmation code and get hash */
         var charstring confirmationCode := "12345678";  /* Default test code matching server */
-        var integer result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+        var integer result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
         if (result == 0) {
-            euiccSigned2.hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+            euiccSigned2.hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
             ext_logInfo("Using confirmation code hash: " & oct2str(euiccSigned2.hashCc));
         }
     }
@@ -2212,7 +2276,7 @@
     /* Sign EUICCSigned2 */
     var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
     var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
-    var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+    var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
/* Apply signature corruption if needed */
     if (ischosen(err_injection.sig_error) and err_injection.sig_error.corrupt_signature) {
@@ -2287,7 +2351,7 @@
     }
var octetstring serverCert := enc_Certificate(authOk.serverCertificate);
-    if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle,
+    if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p,
                                                 enc_ServerSigned1(authOk.serverSigned1),
                                                 authOk.serverSignature1,
                                                 serverCert)) {
@@ -2496,10 +2560,10 @@
var EuiccSigned1 euiccSigned1 := f_create_euicc_signed1(euiccInfo2, ctxParams);
         var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
-        var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+        var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
-        var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
-        var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+        var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+        var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
var RemoteProfileProvisioningRequest authReq := {
             authenticateClientRequest := {
@@ -2536,7 +2600,7 @@
if (params.testMode == BPP_RETRY_SAME_OTPK and iter == 0) {
                 /* First iteration: generate and save OTPK */
-                euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+                euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
                 saved_euicc_otpk := euicc_otpk;
                 ext_logInfo("Generated and saved eUICC OTPK: " & oct2str(euicc_otpk));
             } else if (params.testMode == BPP_RETRY_SAME_OTPK and iter == 1) {
@@ -2545,7 +2609,7 @@
                 ext_logInfo("Reusing saved eUICC OTPK: " & oct2str(euicc_otpk));
             } else {
                 /* Generate new OTPK for all other cases */
-                euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+                euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
                 if (params.testMode == BPP_RETRY_DIFFERENT_OTPK and iter == 1) {
                     ext_logInfo("Generated new eUICC OTPK for retry: " & oct2str(euicc_otpk));
                 }
@@ -2712,17 +2776,17 @@
    var RemoteProfileProvisioningRequest packageReq;
if (requireCC) {
-		var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+		var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
    		transactionId := g_transactionId,
    		euiccOtpk := euiccOtpk,
-			hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle)
+			hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p)
    	};
var octetstring euiccSigned2Data := enc_EUICCSigned2(euiccSigned2);
    	var octetstring concatdata := euiccSigned2Data & authClientOk.smdpSignature2;
-		var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+		var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepDownloadResp := {
    		downloadResponseOk := {
@@ -2869,7 +2933,7 @@
     ext_logInfo("Step 3: Testing GetBoundProfilePackage with OTPK reuse");
/* simulate reuse from cancelled session */
-    var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+    var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var octetstring smdpSignature2 := authClientResp2.smdpSignature2;
     var PrepareDownloadResponse prepDownloadResp := f_create_prepare_download_response_with_otpk(smdpSignature2, euicc_otpk);
@@ -2942,7 +3006,7 @@
     };
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
-    cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+    cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
         cancelSessionRequestEs9 := {
@@ -2993,7 +3057,7 @@
     }
if (with_cc) {
-        ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "12345678");
+        ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "12345678");
     }
/* Step 3: Prepare retry based on OTPK mode */
@@ -3002,7 +3066,7 @@
if (otpk_mode == RETRY_REUSE_SAME_OTPK) {
         /* Reuse OTPK from cancelled session */
-        var octetstring euicc_otpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle);
+        var octetstring euicc_otpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle_es9p);
         ext_logInfo("Step 3: GetBoundProfilePackage retry with SAME eUICC otPK");
         ext_logInfo("Reusing SAME eUICC otPK");
         prepDownloadResp := f_create_prepare_download_response_with_otpk(
@@ -3010,7 +3074,7 @@
         otpk_description := "same";
     } else if (otpk_mode == RETRY_SEND_NEW_OTPK) {
         /* Generate new OTPK to simulate eUICC rejection */
-        var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+        var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
         ext_logInfo("Step 3: GetBoundProfilePackage retry with NEW eUICC otPK");
         ext_logInfo("Using NEW eUICC otPK");
         prepDownloadResp := f_create_prepare_download_response_with_otpk(
@@ -3176,7 +3240,7 @@
/* Set transaction ID for confirmation code hash computation */
     ext_logInfo("Setting transaction ID: " & oct2str(g_transactionId));
-    var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle, g_transactionId);
+    var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, g_transactionId);
     if (result != 0) {
         setverdict(fail, "Failed to set transaction ID");
         f_rsp_client_cleanup();
@@ -3185,7 +3249,7 @@
/* First attempt with wrong confirmation code */
     ext_logInfo("First attempt with wrong confirmation code");
-    ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "00000000");  /* Wrong code */
+    ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "00000000");  /* Wrong code */
var PrepareDownloadResponse prepDownloadResp := f_create_prepare_download_response(authClientOk.smdpSignature2);
     var RemoteProfileProvisioningRequest packageReq := {
@@ -3208,7 +3272,7 @@
/* Second attempt with correct confirmation code */
     ext_logInfo("Second attempt with correct confirmation code");
-    ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "12345678");  /* Correct code */
+    ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "12345678");  /* Correct code */
prepDownloadResp := f_create_prepare_download_response(authClientOk.smdpSignature2);
     packageReq.getBoundProfilePackageRequest.prepareDownloadResponse := prepDownloadResp;
@@ -3286,7 +3350,7 @@
    };
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
-	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
    	cancelSessionRequestEs9 := {
@@ -3371,7 +3435,7 @@
    };
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
-	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
    	cancelSessionRequestEs9 := {
@@ -3482,7 +3546,7 @@
    }
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
-	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
if (ischosen(err_injection.sig_error)) {
    	if (err_injection.sig_error.corrupt_signature) {
@@ -3579,7 +3643,7 @@
    }
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
-	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+	cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
if (ischosen(err_injection.sig_error)) {
    	if (err_injection.sig_error.corrupt_signature) {
@@ -3763,13 +3827,13 @@
    }
var octetstring enc_euicc_tosign := enc_EuiccSigned1(euiccSig);
-	var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, enc_euicc_tosign);
+	var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, enc_euicc_tosign);
    var AuthenticateServerResponse authresp := {
    	authenticateResponseOk := {
    		euiccSigned1 := euiccSig,
    		euiccSignature1 := euiccSignature1,
-			euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
-			eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+			euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+			eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
    	}
    }
@@ -3785,7 +3849,7 @@
    }
var octetstring auresp_sigdata := enc_SmdpSigned2(auok.smdpSigned2) & '5f3740'O & euiccSignature1;
-	if (not ext_RSPClient_verifyServerSignature( g_rsp_client_handle, auresp_sigdata, auok.smdpSignature2, enc_Certificate(auok.smdpCertificate))) {
+	if (not ext_RSPClient_verifyServerSignature( g_rsp_client_handle_es9p, auresp_sigdata, auok.smdpSignature2, enc_Certificate(auok.smdpCertificate))) {
    	ext_logError("Server signature validation failed");
    	setverdict(fail, "InitiateAuthentication validation failed");
    	f_rsp_client_cleanup();
@@ -3796,7 +3860,7 @@
    	ext_logInfo("Confirmation code is required for this profile");
ext_logInfo("Setting transaction ID: " & oct2str(auok.transactionId));
-		var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle, auok.transactionId);
+		var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, auok.transactionId);
    	if (result != 0) {
    		ext_logError("Failed to set transaction ID");
    	}
@@ -3805,13 +3869,13 @@
    	if (ispresent(g_pars_smdpp.confirmation_code)) {
    		confirmationCode := g_pars_smdpp.confirmation_code;
    	}
-		result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+		result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
    	if (result != 0) {
    		ext_logError("Failed to set confirmation code");
    	}
    	ext_logInfo("Set confirmation code: " & confirmationCode);
-		var octetstring hashCheck := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+		var octetstring hashCheck := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
    	ext_logInfo("Confirmation code hash length: " & int2str(lengthof(hashCheck)));
    	if (lengthof(hashCheck) == 32) {
    		ext_logInfo("Confirmation code hash computed successfully: " & oct2str(hashCheck));
@@ -3822,8 +3886,8 @@
    	ext_logInfo("Confirmation code is NOT required for this profile");
    }
-    var charstring eid := ext_CertificateUtil_getEID(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
-    var octetstring eumCert := ext_RSPClient_getEUMCertificate(g_rsp_client_handle);
+    var charstring eid := ext_CertificateUtil_getEID(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+    var octetstring eumCert := ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p);
if (not ext_CertificateUtil_validateEIDRange(eid, eumCert)) {
         setverdict(fail, "EID is not within permitted range of EUM certificate");
@@ -3871,9 +3935,9 @@
ext_logInfo("=== Validating certificate chains ===");
-	var octetstring ciCertificate := ext_RSPClient_getCICertificate(g_rsp_client_handle);
+	var octetstring ciCertificate := ext_RSPClient_getCICertificate(g_rsp_client_handle_es9p);
-	var octetstring euiccCertDer := ext_RSPClient_getEUICCCertificate(g_rsp_client_handle);
+	var octetstring euiccCertDer := ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p);
    if (not ext_CertificateUtil_verifyCertificateChainWithIntermediate(euiccCertDer,
    																   eumCert,
    																   ciCertificate)) {
@@ -3902,7 +3966,7 @@
    }
    ext_logInfo("Both certificates use curve: " & euiccCurve);
-	var octetstring sharedSecret := ext_RSPClient_computeSharedSecret(g_rsp_client_handle,
+	var octetstring sharedSecret := ext_RSPClient_computeSharedSecret(g_rsp_client_handle_es9p,
    																iscReq.smdpOtpk);
    if (lengthof(sharedSecret) == 0) {
    	setverdict(fail, "Failed to compute ECDH shared secret");
@@ -4126,13 +4190,13 @@
    };
var octetstring encoded := enc_NotificationMetadata(notifMeta);
-	var octetstring euicc_signature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, encoded);
+	var octetstring euicc_signature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, encoded);
var OtherSignedNotification otherNotif := {
    	tbsOtherNotification := notifMeta,
    	euiccNotificationSignature := euicc_signature,
-		euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
-		eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+		euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+		eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
    };
var PendingNotification pendingNotif := {
@@ -4168,7 +4232,7 @@
     ext_logInfo("=== Step 3: GetBoundProfilePackage with " & test_description & " ===");
var octetstring smdpSignature2 := authClientOk.smdpSignature2;
-    var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+    var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
         transactionId := g_transactionId,
@@ -4187,7 +4251,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
     var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
-    var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+    var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
if (ischosen(err_injection.sig_error)) {
         if (err_injection.sig_error.corrupt_signature) {
@@ -5671,16 +5735,9 @@
         return;
     }
-    var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
-        g_rsp_client_handle,
-        true,  // useMutualTLS
-        c_cert_path,
-        c_key_path
-    );
-
-    if (result != 0) {
-        setverdict(fail, "Failed to set authentication parameters");
-        mtc.stop;
+    if (not f_init_es2plus()) {
+        setverdict(fail, "RSP client initialization for ES2+ failed");
+        return;
     }
// Step 1: Order profile via ES2+
@@ -5689,7 +5746,7 @@
     var JSON_ES2p_Request dl_req := {
         downloadOrderRequest := {
             header := {
-                functionRequesterIdentifier := "test.operator.com",
+                functionRequesterIdentifier := mp_es2plus_operator_id,
                 functionCallIdentifier := "01234567890123456789012345678901"
             },
             eid := c_eid1,
@@ -5701,7 +5758,7 @@
     var octetstring req_enc := enc_JSON_ES2p_Request(dl_req);
     var integer status_code;
     var charstring response := ext_RSPClient_sendHttpsPostWithAuth(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
         c_path_download_order,
         oct2char(req_enc),
         g_pars_smdpp.smdp_es2p_server_port,
@@ -5727,7 +5784,7 @@
     var JSON_ES2p_Request conf_req := {
         confirmOrderRequest := {
             header := {
-                functionRequesterIdentifier := "test.operator.com",
+                functionRequesterIdentifier := mp_es2plus_operator_id,
                 functionCallIdentifier := "02234567890123456789012345678901"
             },
             iccid := new_iccid,
@@ -5741,7 +5798,7 @@
req_enc := enc_JSON_ES2p_Request(conf_req);
     response := ext_RSPClient_sendHttpsPostWithAuth(
-        g_rsp_client_handle,
+        g_rsp_client_handle_es2p,
         c_path_confirm_order,
         oct2char(req_enc),
         g_pars_smdpp.smdp_es2p_server_port,
@@ -5790,9 +5847,10 @@
     f_validateAuthenticateClientResponse(authClientOk);
// Handle confirmation code if required
+    var integer result;
     if (authClientOk.smdpSigned2.ccRequiredFlag == true) {
         log("Confirmation code is required for this profile");
-        result := ext_RSPClient_setTransactionId(g_rsp_client_handle, authClientOk.transactionId);
+        result := ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, authClientOk.transactionId);
         if (result != 0) {
             setverdict(fail, "Failed to set transaction ID");
             f_rsp_client_cleanup();
@@ -5800,7 +5858,7 @@
         }
var charstring confirmationCode := "12345678";  // Default test code
-        result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+        result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
         if (result != 0) {
             setverdict(fail, "Failed to set confirmation code");
             f_rsp_client_cleanup();
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/41270?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: Ib59568379a9d454ea99d66550d6da8fd203681db
Gerrit-Change-Number: 41270
Gerrit-PatchSet: 1
Gerrit-Owner: dexter pmaier@sysmocom.de



    

2025

2024

2023

2022

[L] Change in osmo-ttcn3-hacks[master]: smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn