View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004785Compliance Test Tool (CTT) Unified Architecture3 - Feature Requestpublic2019-06-18 11:522020-07-03 16:01
ReporterFrank Fischer Assigned ToSebastian Allmendinger  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version1.03Fixed in Version1.03.341.392 
Summary0004785: Add testcase for userTokenSignature of X509IdentityTokens
Description

According to Part 4, 7.36.5 "X509IdentityTokens": "This token shall always be accompanied by a Signature in the userTokenSignature parameter of
ActivateSession". The signature is required to prevent user who do not have the private key but only the certificate (the certificate is not a secret) to authenticate successfully. So there should also be a testcase in the CTT which sends a valid certificate with an invalid signature and expect a bad statuscode to make sure the server actually verifies the signature.

TagsNo tags attached.
Files Affected

Activities

Paul Hunkar

2019-06-26 16:45

administrator   ~0010416

Agreed test case should be added

Sebastian Allmendinger

2019-12-13 12:13

developer   ~0011349

Prepared 3 additional test cases for the Security User X509 Conformance Unit:

016: Specify a valid/trusted user certificate and provide an empty UserIdentitySignature. -> ServiceResult = BadIdentityTokenInvalid
017: Specify a valid/trusted user certificate and provide an invalid UserIdentitySignature. -> ServiceResult = BadIdentityTokenRejected
018: Specify a valid/trusted user certificate and provide an UserIdentitySignature created using an invalid Algorithm. -> BadIdentityTokenInvalid

Test scripts for these test cases are available and will be added when test cases are approved.

Paul Hunkar

2020-07-03 16:01

administrator   ~0012542

reviewed in CMP call

Issue History

Date Modified Username Field Change
2019-06-18 11:52 Frank Fischer New Issue
2019-06-26 16:45 Paul Hunkar Status new => acknowledged
2019-06-26 16:45 Paul Hunkar Note Added: 0010416
2019-08-30 15:42 Paul Hunkar Target Version => 1.03
2019-12-13 12:13 Sebastian Allmendinger Assigned To => Sebastian Allmendinger
2019-12-13 12:13 Sebastian Allmendinger Status acknowledged => resolved
2019-12-13 12:13 Sebastian Allmendinger Resolution open => fixed
2019-12-13 12:13 Sebastian Allmendinger Fixed in Version => 1.03.341.392
2019-12-13 12:13 Sebastian Allmendinger Note Added: 0011349
2020-07-03 16:01 Paul Hunkar Status resolved => closed
2020-07-03 16:01 Paul Hunkar Note Added: 0012542