dexter has uploaded this change for review.
smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn
In smdp_Tests.ttcn, the ES9+ and ES2+ interface are intermingled. This
is a problem since ES2+ and ES9+ are two independed interfaces and they
may use different certificates and may even be reachable under a different
FQDN from a different network interface.
To untable ES2+ and ES9+ we can move the ES2+ code from ES2Plus_Tests.ttcn
to smdpp_Tests.ttcn. Since ES2Plus_Tests.ttcn inherits from smdpp_Tests.ttcn
the ES2+ code will still be available to ES2Plus_Tests.ttcn.
This change will add the flexibility of ES2Plus_Tests.ttcn to
smdpp_Tests.ttcn. This means we can now freely configure the FQDN and the
certificates used with ES2+.
Related: SYS#7339
Change-Id: Ib59568379a9d454ea99d66550d6da8fd203681db
---
M smdpp/ES2Plus_Tests.cfg
M smdpp/ES2Plus_Tests.ttcn
M smdpp/smdpp_Tests.cfg
M smdpp/smdpp_Tests.ttcn
4 files changed, 186 insertions(+), 178 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/70/41270/1
diff --git a/smdpp/ES2Plus_Tests.cfg b/smdpp/ES2Plus_Tests.cfg
index 91463c6..19b9b78 100644
--- a/smdpp/ES2Plus_Tests.cfg
+++ b/smdpp/ES2Plus_Tests.cfg
@@ -8,11 +8,11 @@
[MODULE_PARAMETERS]
# ES2+ specific parameters
-# ES2Plus_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must match the hostname of the server SSL certificate!
-# ES2Plus_Tests.mp_es2plus_server_port := 8000
-# ES2Plus_Tests.mp_es2plus_operator_id := "test.operator.com"
-# ES2Plus_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
-# ES2Plus_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
+# smdpp_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must match the hostname of the server SSL certificate!
+# smdpp_Tests.mp_es2plus_server_port := 8000
+# smdpp_Tests.mp_es2plus_operator_id := "test.operator.com"
+# smdpp_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
+# smdpp_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
[EXECUTE]
ES2Plus_Tests.control
\ No newline at end of file
diff --git a/smdpp/ES2Plus_Tests.ttcn b/smdpp/ES2Plus_Tests.ttcn
index c6765f4..e2f034e 100644
--- a/smdpp/ES2Plus_Tests.ttcn
+++ b/smdpp/ES2Plus_Tests.ttcn
@@ -34,41 +34,13 @@
const charstring c_wrong_cert_path := "./sgp26/eUICC/CERT_EUICC_ECDSA_NIST.der";
const charstring c_wrong_key_path := "./sgp26/eUICC/SK_EUICC_ECDSA_NIST.pem";
-// The external function ext_RSPClient_create requires a path and a name filter as input to load test certificates.
-// While those certificates are required for the ES9+ interface related tests (smdpp_Tests.ttcn), for the ES2+
-// interface tests those certificates have no relevance.
-const charstring c_es2plus_cert_path := "./sgp26/";
-const charstring c_es2plus_cert_name_filter := "NIST";
-
// Module parameters
-modulepar {
- // The SMDP server host name (FQDN) must match the host name of the SSL certificate of the server. To resolve the
- // server host name to an IP address, an entry in /etc/hosts is sufficient. It should also be pointed out that this
- // testsuite (libcurl) will also verify the presented server certificate against the related CA. To ensure that
- // the server certificate verification is possible, ensure that the related CA certificates are made available in
- // /etc/ssl/certs
- charstring mp_es2plus_server_fqdn := "testsmdpplus1.example.com";
-
- // Sets the server port of the ES2+ server (SM-DP+).
- integer mp_es2plus_server_port := 8000;
-
- // Sets the client certificate to be used to authenticate towards the ES2+ server (SM-DP+)
- charstring mp_es2plus_client_cert_path := "./test_certs/CERT_MNO_ECDSA_NIST.pem";
-
- // Sets the private key to be used to authenticate towards the ES2+ server (SM-DP+)
- charstring mp_es2plus_client_key_path := "./test_certs/SK_MNO_ECDSA_NIST.pem";
-
- // Sets the operator ID to be used on the ES2+ interface. (this parameter has no relation to SSL/TLS)
- charstring mp_es2plus_operator_id := "test.operator.com";
-
- // ES2+ normally uses SSL with client authentication, however for debug purposes it is possible to disable
- // mutual authentication.
- boolean mp_es2plus_use_mutual_tls := true;
-}
+// This module has no own module parameters (yet), for the ES2+ related settings, it inherets the module parameters
+// (mp_es2plus_) from the smdpp_ConnHdlr
// Test component - extend smdpp_ConnHdlr to reuse RSPClient functionality
type component ES2Plus_ConnHdlr extends smdpp_ConnHdlr {
- // Inherits g_rsp_client_handle from smdpp_ConnHdlr
+ // Inherits g_rsp_client_handle_es2p from smdpp_ConnHdlr
}
// Parameter structures for test cases
@@ -135,7 +107,7 @@
// Send request using pre-configured authentication
response := smdpp_Tests.ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
url,
oct2char(req_enc),
mp_es2plus_server_port,
@@ -187,35 +159,6 @@
return true;
}
-// Initialize RSP client for ES2+
-function f_init_es2plus() runs on ES2Plus_ConnHdlr {
- // Initialize RSP client using imported function from smdpp_Tests
- g_rsp_client_handle := smdpp_Tests.ext_RSPClient_create(
- mp_es2plus_server_fqdn,
- mp_es2plus_server_port,
- c_es2plus_cert_path,
- c_es2plus_cert_name_filter
- );
-
- if (g_rsp_client_handle < 0) {
- setverdict(fail, "Failed to initialize RSP client for ES2+");
- mtc.stop;
- }
-
- // Set authentication parameters once for all ES2+ operations
- var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
- mp_es2plus_use_mutual_tls,
- mp_es2plus_client_cert_path,
- mp_es2plus_client_key_path
- );
-
- if (result != 0) {
- setverdict(fail, "Failed to set RSP client authentication parameters for ES2+");
- mtc.stop;
- }
-}
-
/***********************************************************************
* Generic Test Functions
***********************************************************************/
@@ -978,7 +921,7 @@
// Temporarily set wrong authentication parameters
var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
mp_es2plus_use_mutual_tls,
c_wrong_cert_path, // Using wrong certificate
c_wrong_key_path // Using wrong key
@@ -995,7 +938,7 @@
log("ES2+ Request with WRONG certificate to ", url);
response := smdpp_Tests.ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
url,
oct2char(req_enc),
mp_es2plus_server_port,
@@ -1011,7 +954,7 @@
// Restore correct auth params for cleanup
smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
mp_es2plus_use_mutual_tls,
mp_es2plus_client_cert_path,
mp_es2plus_client_key_path
diff --git a/smdpp/smdpp_Tests.cfg b/smdpp/smdpp_Tests.cfg
index 60ad49e..1b4fd99 100644
--- a/smdpp/smdpp_Tests.cfg
+++ b/smdpp/smdpp_Tests.cfg
@@ -18,9 +18,16 @@
[TESTPORT_PARAMETERS]
[MODULE_PARAMETERS]
+# ES2+ specific parameters
# smdpp_Tests.mp_es9plus_server_port_nist := 8000
# smdpp_Tests.mp_es9plus_server_port_brp := 8001
+
+# ES2+ specific parameters
+# smdpp_Tests.mp_es2plus_server_fqdn := "testsmdpplus1.example.com" # Must match the hostname of the server SSL certificate!
# smdpp_Tests.mp_es2plus_server_port := 8000
+# smdpp_Tests.mp_es2plus_operator_id := "test.operator.com"
+# smdpp_Tests.mp_es2plus_client_cert_path := "/path/to/my/client/cert"
+# smdpp_Tests.mp_es2plus_client_key_path := "/path/to/my/client/cert_key"
[MAIN_CONTROLLER]
diff --git a/smdpp/smdpp_Tests.ttcn b/smdpp/smdpp_Tests.ttcn
index 9c453c2..2b8768f 100644
--- a/smdpp/smdpp_Tests.ttcn
+++ b/smdpp/smdpp_Tests.ttcn
@@ -34,13 +34,41 @@
import from esx_header_Types_JSON all;
import from ES2Plus_Tests all;
+/* The external function ext_RSPClient_create requires a path and a name filter as input to load test certificates.
+ * While those certificates are required for the ES9+ interface related tests (smdpp_Tests.ttcn), for the ES2+
+ * interface tests those certificates have no relevance. */
+const charstring c_es2plus_cert_path := "./sgp26/";
+const charstring c_es2plus_cert_name_filter := "NIST";
+
/* Module Parameters */
modulepar {
+ /* The SMDP server host name (FQDN) must match the host name of the SSL certificate of the server. To resolve the
+ * server host name to an IP address, an entry in /etc/hosts is sufficient. It should also be pointed out that this
+ * testsuite (libcurl) will also verify the presented server certificate against the related CA. To ensure that
+ * the server certificate verification is possible, ensure that the related CA certificates are made available in
+ * /etc/ssl/certs */
+ charstring mp_es2plus_server_fqdn := "testsmdpplus1.example.com";
+
+ /* Sets the server port of the ES2+ server (SM-DP+). */
+ integer mp_es2plus_server_port := 8000;
+
+ /* Sets the client certificate to be used to authenticate towards the ES2+ server (SM-DP+) */
+ charstring mp_es2plus_client_cert_path := "./test_certs/CERT_MNO_ECDSA_NIST.pem";
+
+ /* Sets the private key to be used to authenticate towards the ES2+ server (SM-DP+) */
+ charstring mp_es2plus_client_key_path := "./test_certs/SK_MNO_ECDSA_NIST.pem";
+
+ /* Sets the operator ID to be used on the ES2+ interface. (this parameter has no relation to SSL/TLS) */
+ charstring mp_es2plus_operator_id := "test.operator.com";
+
+ /* ES2+ normally uses SSL with client authentication, however for debug purposes it is possible to disable
+ * mutual authentication. */
+ boolean mp_es2plus_use_mutual_tls := true;
+
boolean mp_use_custom_tls_cert := true;
charstring mp_custom_tls_cert_path := ""; // Empty means use cert pool only
integer mp_es9plus_server_port_nist := 8000;
integer mp_es9plus_server_port_brp := 8001;
- integer mp_es2plus_server_port := 8000;
}
/* C++ handles only crypto, TTCN-3 handles ASN.1 encoding/decoding most of the time */
@@ -349,7 +377,8 @@
var template integer g_http_client_id_es2p := omit;
/* C++ RSP client handle */
- var integer g_rsp_client_handle := -1;
+ var integer g_rsp_client_handle_es9p := -1;
+ var integer g_rsp_client_handle_es2p := -1;
/* Session state */
var octetstring g_transactionId := ''O;
@@ -371,7 +400,7 @@
type record smdpp_ConnHdlrPars {
charstring smdp_server_fqdn,
integer smdp_es9p_server_port,
- integer smdp_es2p_server_port,
+ integer smdp_es2p_server_port,
charstring cert_path,
charstring cert_name_filter,
charstring euicc_cert_path,
@@ -460,28 +489,59 @@
/* RSP CLIENT WRAPPER FUNCTIONS */
+// Initialize RSP client for ES2+
+function f_init_es2plus() runs on smdpp_ConnHdlr return boolean {
+ // Initialize RSP client using imported function from smdpp_Tests
+ g_rsp_client_handle_es2p := smdpp_Tests.ext_RSPClient_create(
+ mp_es2plus_server_fqdn,
+ mp_es2plus_server_port,
+ c_es2plus_cert_path,
+ c_es2plus_cert_name_filter
+ );
+
+ if (g_rsp_client_handle_es2p < 0) {
+ setverdict(fail, "Failed to initialize RSP client for ES2+");
+ mtc.stop;
+ }
+
+ // Set authentication parameters once for all ES2+ operations
+ var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
+ g_rsp_client_handle_es2p,
+ mp_es2plus_use_mutual_tls,
+ mp_es2plus_client_cert_path,
+ mp_es2plus_client_key_path
+ );
+
+ if (result != 0) {
+ setverdict(fail, "Failed to set RSP client authentication parameters for ES2+");
+ mtc.stop;
+ }
+
+ return true;
+}
+
private function f_rsp_client_init() runs on smdpp_ConnHdlr return boolean {
ext_logInfo("Initializing RSP client");
- g_rsp_client_handle := ext_RSPClient_create(
+ g_rsp_client_handle_es9p := ext_RSPClient_create(
g_pars_smdpp.smdp_server_fqdn,
g_pars_smdpp.smdp_es9p_server_port,
g_pars_smdpp.cert_path,
g_pars_smdpp.cert_name_filter
);
- if (g_rsp_client_handle < 0) {
+ if (g_rsp_client_handle_es9p < 0) {
ext_logError("Failed to create RSP client");
return false;
}
- if (ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle, g_pars_smdpp.euicc_cert_path) != 0) {
+ if (ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p, g_pars_smdpp.euicc_cert_path) != 0) {
ext_logError("Failed to load eUICC certificate");
f_rsp_client_cleanup();
return false;
}
- if (ext_RSPClient_loadEUICCKeyPair(g_rsp_client_handle, g_pars_smdpp.euicc_key_path) != 0) {
+ if (ext_RSPClient_loadEUICCKeyPair(g_rsp_client_handle_es9p, g_pars_smdpp.euicc_key_path) != 0) {
ext_logError("Failed to load eUICC private key");
f_rsp_client_cleanup();
return false;
@@ -490,7 +550,7 @@
// Configure HTTP client
var integer result := ext_RSPClient_configureHttpClient(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
mp_use_custom_tls_cert,
mp_custom_tls_cert_path
);
@@ -511,9 +571,13 @@
}
private function f_rsp_client_cleanup() runs on smdpp_ConnHdlr {
- if (g_rsp_client_handle >= 0) {
- ext_RSPClient_destroy(g_rsp_client_handle);
- g_rsp_client_handle := -1;
+ if (g_rsp_client_handle_es9p >= 0) {
+ ext_RSPClient_destroy(g_rsp_client_handle_es9p);
+ g_rsp_client_handle_es9p := -1;
+ }
+ if (g_rsp_client_handle_es2p >= 0) {
+ ext_RSPClient_destroy(g_rsp_client_handle_es2p);
+ g_rsp_client_handle_es2p := -1;
}
}
@@ -539,7 +603,7 @@
var charstring func_call_id := "TTCN3-" & oct2str(rnd_oct);
var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
true, // useMutualTLS
c_cert_path,
c_key_path
@@ -554,7 +618,7 @@
var JSON_ES2p_Request dl_req := {
downloadOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := func_call_id & "-DL"
},
eid := eid,
@@ -566,7 +630,7 @@
var octetstring req_enc := enc_JSON_ES2p_Request(dl_req);
var integer status_code;
var charstring response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_download_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -591,7 +655,7 @@
var JSON_ES2p_Request conf_req := {
confirmOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := func_call_id & "-CF"
},
iccid := new_iccid,
@@ -609,7 +673,7 @@
req_enc := enc_JSON_ES2p_Request(conf_req);
response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_confirm_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -681,7 +745,7 @@
private function f_create_initiate_authentication_request() runs on smdpp_ConnHdlr
return RemoteProfileProvisioningRequest {
- g_euiccChallenge := ext_RSPClient_generateChallenge(g_rsp_client_handle);
+ g_euiccChallenge := ext_RSPClient_generateChallenge(g_rsp_client_handle_es9p);
ext_logInfo("Generated eUICC challenge: " & ext_bytesToHex(g_euiccChallenge));
/* Create EUICC_INFO1 using TTCN-3 native types */
@@ -735,7 +799,7 @@
return false;
}
- if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle, enc_ServerSigned1(authOk.serverSigned1), authOk.serverSignature1, g_serverCert)) {
+ if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p, enc_ServerSigned1(authOk.serverSigned1), authOk.serverSignature1, g_serverCert)) {
ext_logError("Server signature validation failed");
return false;
}
@@ -763,7 +827,7 @@
private function f_create_get_bound_profile_package_request(octetstring smdpSignature2) runs on smdpp_ConnHdlr
return RemoteProfileProvisioningRequest {
- var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
@@ -772,7 +836,7 @@
};
// Add confirmation code hash if required
- var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
ext_logInfo("Checking confirmation code hash, length: " & int2str(lengthof(ccHash)));
if (lengthof(ccHash) == 32) {
euiccSigned2.hashCc := ccHash;
@@ -785,7 +849,7 @@
var octetstring euiccSigned2Data := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2Data & smdpSignature2;
- var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepareDownloadResponse := {
downloadResponseOk := {
@@ -812,7 +876,7 @@
hashCc := omit /* No confirmation code for nominal case */
};
- var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
if (lengthof(ccHash) == 32) {
euiccSigned2.hashCc := ccHash;
ext_logInfo("Added confirmation code hash to PrepareDownloadResponse: " & oct2str(ccHash));
@@ -822,7 +886,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepareDownloadResponse := {
downloadResponseOk := {
@@ -919,7 +983,7 @@
var integer http_status;
var charstring response_body := ext_RSPClient_sendHttpsPost(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
g_last_es9p_endpoint,
g_last_es9p_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -978,7 +1042,7 @@
var integer http_status;
var charstring response_body := ext_RSPClient_sendHttpsPost(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
g_last_es9p_endpoint,
g_last_es9p_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -1013,7 +1077,7 @@
var integer http_status;
ext_logInfo("Sending ASN.1 request to /gsma/rsp2/asn1 on port " & int2str(g_pars_smdpp.smdp_es9p_server_port));
var octetstring response_body := ext_RSPClient_sendHttpsPostBinary(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
"/gsma/rsp2/asn1",
asn1_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -1238,14 +1302,14 @@
private function f_get_certificate_pair() runs on smdpp_ConnHdlr return CertificatePair {
return {
- euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
- eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+ euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+ eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
};
}
private function f_sign_euicc_signed1(EuiccSigned1 euiccSigned1) runs on smdpp_ConnHdlr return octetstring {
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- return ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ return ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
}
private function f_build_authenticate_client_request(
@@ -1360,7 +1424,7 @@
AuthenticateClientOk auok,
RemoteProfileProvisioningRequest packageRequest)
runs on smdpp_ConnHdlr return boolean {
- var octetstring euiccOtpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle);
+ var octetstring euiccOtpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle_es9p);
if (not ext_CertificateUtil_verifyECDHCompatible(euiccOtpk, iscReq.smdpOtpk)) {
ext_logError("eUICC and SM-DP+ public keys are not ECDH compatible");
return false;
@@ -1377,7 +1441,7 @@
var octetstring encsecr := encode_DER_InitialiseSecureChannelRequest_ver(toencsec);
var octetstring trunc_initsec := substr(encsecr, 4, lengthof(encsecr)-4);
- if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle, trunc_initsec,
+ if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p, trunc_initsec,
iscReq.smdpSign, enc_Certificate(auok.smdpCertificate))) {
ext_logError("InitialiseSecureChannelRequest signature validation failed");
return false;
@@ -1483,7 +1547,7 @@
var integer http_status;
var charstring response_body := ext_RSPClient_sendHttpsPost(
- g_rsp_client_handle,
+ g_rsp_client_handle_es9p,
g_last_es9p_endpoint,
g_last_es9p_request,
g_pars_smdpp.smdp_es9p_server_port,
@@ -1592,7 +1656,7 @@
}
var octetstring full_encoded := encode_DER_profileInstallationResultData(pirData);
- var octetstring euiccSignPIR := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, full_encoded);
+ var octetstring euiccSignPIR := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, full_encoded);
var ProfileInstallationResult pir := {
profileInstallationResultData := pirData,
@@ -1669,10 +1733,10 @@
};
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
- var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
return {
authenticateClientRequest := {
@@ -1857,7 +1921,7 @@
};
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -1892,10 +1956,10 @@
var EuiccSigned1 euiccSigned1 := f_create_euicc_signed1(euiccInfo2, ctxParams);
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
- var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
var RemoteProfileProvisioningRequest authReq := {
authenticateClientRequest := {
@@ -1916,7 +1980,7 @@
private function f_create_prepare_download_response(octetstring smdpSignature2) runs on smdpp_ConnHdlr return PrepareDownloadResponse {
- var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
@@ -1924,7 +1988,7 @@
hashCc := omit
};
- var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring ccHash := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
if (lengthof(ccHash) == 32) {
euiccSigned2.hashCc := ccHash;
ext_logInfo("Added confirmation code hash to PrepareDownloadResponse: " & oct2str(ccHash));
@@ -1934,7 +1998,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepDownloadResp := {
downloadResponseOk := {
@@ -2039,7 +2103,7 @@
/* Sign the data */
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
/* Apply signature error if specified */
if (ischosen(err_injection.sig_error) and err_injection.sig_error.corrupt_signature) {
@@ -2051,23 +2115,23 @@
select (err_injection.cert_error.error_type) {
case (INVALID_EUM_SIGNATURE) {
/* Load invalid (self-signed) EUM certificate */
- ext_RSPClient_loadEUMCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_INVALID.der");
+ ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_INVALID.der");
}
case (EXPIRED_EUM) {
/* Load expired EUM certificate */
- ext_RSPClient_loadEUMCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_EXPIRED.der");
+ ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_EXPIRED.der");
}
case (INVALID_EUICC_SIGNATURE) {
/* Load invalid (self-signed) eUICC certificate */
- ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_INVALID.der");
+ ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_INVALID.der");
}
case (EXPIRED_EUICC) {
/* Load expired eUICC certificate */
- ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_EXPIRED.der");
+ ext_RSPClient_loadEUICCCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUICC_ECDSA_NIST_EXPIRED.der");
}
case (UNKNOWN_CI_KEY) {
/* Load EUM certificate signed by unknown CI */
- ext_RSPClient_loadEUMCertificate(g_rsp_client_handle, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_UNKNOWN_CI.der");
+ ext_RSPClient_loadEUMCertificate(g_rsp_client_handle_es9p, "./InvalidTestCases/CERT_EUM_ECDSA_NIST_UNKNOWN_CI.der");
}
case else {
setverdict(fail, "Unsupported certificate error type");
@@ -2077,8 +2141,8 @@
}
/* Get certificates from RSP client */
- var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
/* Build the request */
var RemoteProfileProvisioningRequest authClientReq := {
@@ -2148,7 +2212,7 @@
/* Step 3: PrepareDownloadResponse with error injection */
var octetstring smdpSignature2 := authClientOk.smdpSignature2;
- var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
/* Build EUICCSigned2 */
var EUICCSigned2 euiccSigned2 := {
@@ -2164,9 +2228,9 @@
if (server_requires_cc and not ischosen(err_injection.cc_error)) {
/* Set confirmation code and get hash */
var charstring confirmationCode := "12345678"; /* Default test code matching server */
- var integer result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+ var integer result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
if (result == 0) {
- euiccSigned2.hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ euiccSigned2.hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
ext_logInfo("Using confirmation code hash: " & oct2str(euiccSigned2.hashCc));
}
}
@@ -2212,7 +2276,7 @@
/* Sign EUICCSigned2 */
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
/* Apply signature corruption if needed */
if (ischosen(err_injection.sig_error) and err_injection.sig_error.corrupt_signature) {
@@ -2287,7 +2351,7 @@
}
var octetstring serverCert := enc_Certificate(authOk.serverCertificate);
- if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle,
+ if (not ext_RSPClient_verifyServerSignature(g_rsp_client_handle_es9p,
enc_ServerSigned1(authOk.serverSigned1),
authOk.serverSignature1,
serverCert)) {
@@ -2496,10 +2560,10 @@
var EuiccSigned1 euiccSigned1 := f_create_euicc_signed1(euiccInfo2, ctxParams);
var octetstring euiccSigned1_raw := enc_EuiccSigned1(euiccSigned1);
- var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, euiccSigned1_raw);
+ var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, euiccSigned1_raw);
- var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle));
+ var Certificate g_euicc_cert := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var Certificate g_eum_cert := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p));
var RemoteProfileProvisioningRequest authReq := {
authenticateClientRequest := {
@@ -2536,7 +2600,7 @@
if (params.testMode == BPP_RETRY_SAME_OTPK and iter == 0) {
/* First iteration: generate and save OTPK */
- euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
saved_euicc_otpk := euicc_otpk;
ext_logInfo("Generated and saved eUICC OTPK: " & oct2str(euicc_otpk));
} else if (params.testMode == BPP_RETRY_SAME_OTPK and iter == 1) {
@@ -2545,7 +2609,7 @@
ext_logInfo("Reusing saved eUICC OTPK: " & oct2str(euicc_otpk));
} else {
/* Generate new OTPK for all other cases */
- euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
if (params.testMode == BPP_RETRY_DIFFERENT_OTPK and iter == 1) {
ext_logInfo("Generated new eUICC OTPK for retry: " & oct2str(euicc_otpk));
}
@@ -2712,17 +2776,17 @@
var RemoteProfileProvisioningRequest packageReq;
if (requireCC) {
- var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euiccOtpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
euiccOtpk := euiccOtpk,
- hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle)
+ hashCc := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p)
};
var octetstring euiccSigned2Data := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2Data & authClientOk.smdpSignature2;
- var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
var PrepareDownloadResponse prepDownloadResp := {
downloadResponseOk := {
@@ -2869,7 +2933,7 @@
ext_logInfo("Step 3: Testing GetBoundProfilePackage with OTPK reuse");
/* simulate reuse from cancelled session */
- var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var octetstring smdpSignature2 := authClientResp2.smdpSignature2;
var PrepareDownloadResponse prepDownloadResp := f_create_prepare_download_response_with_otpk(smdpSignature2, euicc_otpk);
@@ -2942,7 +3006,7 @@
};
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -2993,7 +3057,7 @@
}
if (with_cc) {
- ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "12345678");
+ ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "12345678");
}
/* Step 3: Prepare retry based on OTPK mode */
@@ -3002,7 +3066,7 @@
if (otpk_mode == RETRY_REUSE_SAME_OTPK) {
/* Reuse OTPK from cancelled session */
- var octetstring euicc_otpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk := ext_RSPClient_getEUICCOtpk(g_rsp_client_handle_es9p);
ext_logInfo("Step 3: GetBoundProfilePackage retry with SAME eUICC otPK");
ext_logInfo("Reusing SAME eUICC otPK");
prepDownloadResp := f_create_prepare_download_response_with_otpk(
@@ -3010,7 +3074,7 @@
otpk_description := "same";
} else if (otpk_mode == RETRY_SEND_NEW_OTPK) {
/* Generate new OTPK to simulate eUICC rejection */
- var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
ext_logInfo("Step 3: GetBoundProfilePackage retry with NEW eUICC otPK");
ext_logInfo("Using NEW eUICC otPK");
prepDownloadResp := f_create_prepare_download_response_with_otpk(
@@ -3176,7 +3240,7 @@
/* Set transaction ID for confirmation code hash computation */
ext_logInfo("Setting transaction ID: " & oct2str(g_transactionId));
- var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle, g_transactionId);
+ var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, g_transactionId);
if (result != 0) {
setverdict(fail, "Failed to set transaction ID");
f_rsp_client_cleanup();
@@ -3185,7 +3249,7 @@
/* First attempt with wrong confirmation code */
ext_logInfo("First attempt with wrong confirmation code");
- ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "00000000"); /* Wrong code */
+ ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "00000000"); /* Wrong code */
var PrepareDownloadResponse prepDownloadResp := f_create_prepare_download_response(authClientOk.smdpSignature2);
var RemoteProfileProvisioningRequest packageReq := {
@@ -3208,7 +3272,7 @@
/* Second attempt with correct confirmation code */
ext_logInfo("Second attempt with correct confirmation code");
- ext_RSPClient_setConfirmationCode(g_rsp_client_handle, "12345678"); /* Correct code */
+ ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, "12345678"); /* Correct code */
prepDownloadResp := f_create_prepare_download_response(authClientOk.smdpSignature2);
packageReq.getBoundProfilePackageRequest.prepareDownloadResponse := prepDownloadResp;
@@ -3286,7 +3350,7 @@
};
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -3371,7 +3435,7 @@
};
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
var RemoteProfileProvisioningRequest cancelReq := {
cancelSessionRequestEs9 := {
@@ -3482,7 +3546,7 @@
}
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
if (ischosen(err_injection.sig_error)) {
if (err_injection.sig_error.corrupt_signature) {
@@ -3579,7 +3643,7 @@
}
var octetstring cancelSignedData := enc_EuiccCancelSessionSigned(cancelResp.cancelSessionResponseOk.euiccCancelSessionSigned);
- cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, cancelSignedData);
+ cancelResp.cancelSessionResponseOk.euiccCancelSessionSignature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, cancelSignedData);
if (ischosen(err_injection.sig_error)) {
if (err_injection.sig_error.corrupt_signature) {
@@ -3763,13 +3827,13 @@
}
var octetstring enc_euicc_tosign := enc_EuiccSigned1(euiccSig);
- var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, enc_euicc_tosign);
+ var octetstring euiccSignature1 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, enc_euicc_tosign);
var AuthenticateServerResponse authresp := {
authenticateResponseOk := {
euiccSigned1 := euiccSig,
euiccSignature1 := euiccSignature1,
- euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
- eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+ euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+ eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
}
}
@@ -3785,7 +3849,7 @@
}
var octetstring auresp_sigdata := enc_SmdpSigned2(auok.smdpSigned2) & '5f3740'O & euiccSignature1;
- if (not ext_RSPClient_verifyServerSignature( g_rsp_client_handle, auresp_sigdata, auok.smdpSignature2, enc_Certificate(auok.smdpCertificate))) {
+ if (not ext_RSPClient_verifyServerSignature( g_rsp_client_handle_es9p, auresp_sigdata, auok.smdpSignature2, enc_Certificate(auok.smdpCertificate))) {
ext_logError("Server signature validation failed");
setverdict(fail, "InitiateAuthentication validation failed");
f_rsp_client_cleanup();
@@ -3796,7 +3860,7 @@
ext_logInfo("Confirmation code is required for this profile");
ext_logInfo("Setting transaction ID: " & oct2str(auok.transactionId));
- var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle, auok.transactionId);
+ var integer result := ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, auok.transactionId);
if (result != 0) {
ext_logError("Failed to set transaction ID");
}
@@ -3805,13 +3869,13 @@
if (ispresent(g_pars_smdpp.confirmation_code)) {
confirmationCode := g_pars_smdpp.confirmation_code;
}
- result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+ result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
if (result != 0) {
ext_logError("Failed to set confirmation code");
}
ext_logInfo("Set confirmation code: " & confirmationCode);
- var octetstring hashCheck := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle);
+ var octetstring hashCheck := ext_RSPClient_getConfirmationCodeHash(g_rsp_client_handle_es9p);
ext_logInfo("Confirmation code hash length: " & int2str(lengthof(hashCheck)));
if (lengthof(hashCheck) == 32) {
ext_logInfo("Confirmation code hash computed successfully: " & oct2str(hashCheck));
@@ -3822,8 +3886,8 @@
ext_logInfo("Confirmation code is NOT required for this profile");
}
- var charstring eid := ext_CertificateUtil_getEID(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle));
- var octetstring eumCert := ext_RSPClient_getEUMCertificate(g_rsp_client_handle);
+ var charstring eid := ext_CertificateUtil_getEID(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p));
+ var octetstring eumCert := ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p);
if (not ext_CertificateUtil_validateEIDRange(eid, eumCert)) {
setverdict(fail, "EID is not within permitted range of EUM certificate");
@@ -3871,9 +3935,9 @@
ext_logInfo("=== Validating certificate chains ===");
- var octetstring ciCertificate := ext_RSPClient_getCICertificate(g_rsp_client_handle);
+ var octetstring ciCertificate := ext_RSPClient_getCICertificate(g_rsp_client_handle_es9p);
- var octetstring euiccCertDer := ext_RSPClient_getEUICCCertificate(g_rsp_client_handle);
+ var octetstring euiccCertDer := ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p);
if (not ext_CertificateUtil_verifyCertificateChainWithIntermediate(euiccCertDer,
eumCert,
ciCertificate)) {
@@ -3902,7 +3966,7 @@
}
ext_logInfo("Both certificates use curve: " & euiccCurve);
- var octetstring sharedSecret := ext_RSPClient_computeSharedSecret(g_rsp_client_handle,
+ var octetstring sharedSecret := ext_RSPClient_computeSharedSecret(g_rsp_client_handle_es9p,
iscReq.smdpOtpk);
if (lengthof(sharedSecret) == 0) {
setverdict(fail, "Failed to compute ECDH shared secret");
@@ -4126,13 +4190,13 @@
};
var octetstring encoded := enc_NotificationMetadata(notifMeta);
- var octetstring euicc_signature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, encoded);
+ var octetstring euicc_signature := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, encoded);
var OtherSignedNotification otherNotif := {
tbsOtherNotification := notifMeta,
euiccNotificationSignature := euicc_signature,
- euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle)),
- eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle))
+ euiccCertificate := dec_Certificate(ext_RSPClient_getEUICCCertificate(g_rsp_client_handle_es9p)),
+ eumCertificate := dec_Certificate(ext_RSPClient_getEUMCertificate(g_rsp_client_handle_es9p))
};
var PendingNotification pendingNotif := {
@@ -4168,7 +4232,7 @@
ext_logInfo("=== Step 3: GetBoundProfilePackage with " & test_description & " ===");
var octetstring smdpSignature2 := authClientOk.smdpSignature2;
- var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle);
+ var octetstring euicc_otpk := ext_RSPClient_generateEUICCOtpk(g_rsp_client_handle_es9p);
var EUICCSigned2 euiccSigned2 := {
transactionId := g_transactionId,
@@ -4187,7 +4251,7 @@
var octetstring euiccSigned2_raw := enc_EUICCSigned2(euiccSigned2);
var octetstring concatdata := euiccSigned2_raw & smdpSignature2;
- var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle, concatdata);
+ var octetstring euiccSignature2 := ext_RSPClient_signDataWithEUICC(g_rsp_client_handle_es9p, concatdata);
if (ischosen(err_injection.sig_error)) {
if (err_injection.sig_error.corrupt_signature) {
@@ -5671,16 +5735,9 @@
return;
}
- var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
- g_rsp_client_handle,
- true, // useMutualTLS
- c_cert_path,
- c_key_path
- );
-
- if (result != 0) {
- setverdict(fail, "Failed to set authentication parameters");
- mtc.stop;
+ if (not f_init_es2plus()) {
+ setverdict(fail, "RSP client initialization for ES2+ failed");
+ return;
}
// Step 1: Order profile via ES2+
@@ -5689,7 +5746,7 @@
var JSON_ES2p_Request dl_req := {
downloadOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := "01234567890123456789012345678901"
},
eid := c_eid1,
@@ -5701,7 +5758,7 @@
var octetstring req_enc := enc_JSON_ES2p_Request(dl_req);
var integer status_code;
var charstring response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_download_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -5727,7 +5784,7 @@
var JSON_ES2p_Request conf_req := {
confirmOrderRequest := {
header := {
- functionRequesterIdentifier := "test.operator.com",
+ functionRequesterIdentifier := mp_es2plus_operator_id,
functionCallIdentifier := "02234567890123456789012345678901"
},
iccid := new_iccid,
@@ -5741,7 +5798,7 @@
req_enc := enc_JSON_ES2p_Request(conf_req);
response := ext_RSPClient_sendHttpsPostWithAuth(
- g_rsp_client_handle,
+ g_rsp_client_handle_es2p,
c_path_confirm_order,
oct2char(req_enc),
g_pars_smdpp.smdp_es2p_server_port,
@@ -5790,9 +5847,10 @@
f_validateAuthenticateClientResponse(authClientOk);
// Handle confirmation code if required
+ var integer result;
if (authClientOk.smdpSigned2.ccRequiredFlag == true) {
log("Confirmation code is required for this profile");
- result := ext_RSPClient_setTransactionId(g_rsp_client_handle, authClientOk.transactionId);
+ result := ext_RSPClient_setTransactionId(g_rsp_client_handle_es9p, authClientOk.transactionId);
if (result != 0) {
setverdict(fail, "Failed to set transaction ID");
f_rsp_client_cleanup();
@@ -5800,7 +5858,7 @@
}
var charstring confirmationCode := "12345678"; // Default test code
- result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle, confirmationCode);
+ result := ext_RSPClient_setConfirmationCode(g_rsp_client_handle_es9p, confirmationCode);
if (result != 0) {
setverdict(fail, "Failed to set confirmation code");
f_rsp_client_cleanup();
To view, visit change 41270. To unsubscribe, or for help writing mail filters, visit settings.