0005771: Security Certificate Validation case 052 should allow an error response, or a different endpoint should be used.

ID	Project	Category	View Status	Date Submitted	Last Update

0005771	CTT UA Test Case	4 - Test Case Definition	public	2020-07-01 07:44	2022-08-02 20:06

Reporter	Jan Murzyn	Assigned To	Sebastian Allmendinger
Priority	normal	Severity	minor	Reproducibility	always
Status	assigned	Resolution	reopened

Summary	0005771: Security Certificate Validation case 052 should allow an error response, or a different endpoint should be used.
Description	In this test CTT is expecting successful connection to the Basic128Rsa15 endpoint by sending a certificate with 4096-bit long key. I think that connection can (or should) be actually rejected based on the profile definition (Part 7 Profiles, Table 11 - Security), which says that MaxAsymmetricKeyLength for this policy is 2048. Our server currently responds with BadSecurityConfig 0x81080000 (that's coming from the SDK), which, in my understanding, is not a code that should be used in the service response. If this test is going to allow the error response, what error code would be expected?
Tags	Security

Files Affected

Paul Hunkar 2020-07-10 17:35 administrator ~0012591	Bad_SecurityChecksFailed is the error code that should be returned

Sebastian Allmendinger 2021-02-25 20:52 developer ~0013829	Updated the test case to allow server to reject the connection with BadSecurityChecksFailed if SecurityPolicy#Basic128Rsa15 or SecurityPolicy#Basic256 is used. Updated the test script accordingly.

Paul Hunkar 2021-03-25 15:30 administrator ~0014073	As part of the review it was determined that the fix is a partial fix only. The actual fix should ensure that certificates that are above the max size are rejected. The checked in fix is being left as a work around until the final fixes are applied

Paul Hunkar 2021-03-25 15:36 administrator ~0014074	This issue shall result in a larger set of changes , in that each security policy has a range and all test case should be updated for this set of tests this will mean some test cases such as 49-52 will need to be marked as obsolete.

Date Modified	Username	Field	Change
2020-07-01 07:44	Jan Murzyn	New Issue
2020-07-01 07:44	Jan Murzyn	Tag Attached: Security
2020-07-10 17:34	Paul Hunkar	Assigned To	=> Alexander Allmendinger
2020-07-10 17:34	Paul Hunkar	Status	new => assigned
2020-07-10 17:35	Paul Hunkar	Note Added: 0012591
2021-02-25 16:26	Sebastian Allmendinger	Assigned To	Alexander Allmendinger => Sebastian Allmendinger
2021-02-25 20:52	Sebastian Allmendinger	Note Added: 0013829
2021-02-25 20:53	Sebastian Allmendinger	Status	assigned => resolved
2021-02-25 20:53	Sebastian Allmendinger	Resolution	open => fixed
2021-02-25 20:53	Sebastian Allmendinger	Fixed in Version	=> 1.03.341.398
2021-03-25 15:30	Paul Hunkar	Status	resolved => feedback
2021-03-25 15:30	Paul Hunkar	Resolution	fixed => reopened
2021-03-25 15:30	Paul Hunkar	Note Added: 0014073
2021-03-25 15:30	Paul Hunkar	Status	feedback => assigned
2021-03-25 15:36	Paul Hunkar	Note Added: 0014074
2022-08-02 20:06	Paul Hunkar	Project	Compliance Test Tool (CTT) Unified Architecture => CTT UA Test Case