This document contains the assertion specification for the WAP June 2000 release of the: WMLScript Crypto Library technical specification.
The following specifications and SINs were used to generate the assertions:
This is the baseline specification to be used for the VSWAP June 2000 test and certification programme.
The specification is organized such that there is a section for each section
of the WMLScript Crypto Library specification in which assertions can be found.
For each assertion in the specifications, a corresponding entry in this test
specification contains the following elements:
| ID: |
The name by which the test is known |
| Class: |
An assertion Class as defined in IEEE Std 1003.3. These types are: |
| A |
A mandatory, testable assertion. |
| B |
A mandatory, but untestable assertion. |
| C |
An optional, testable assertion. |
| D |
An optional, but untestable assertion. |
|
| Scope: |
If an assertion is type C or D, this entry describes the option that needs
to be supported in order to activate the test. |
| Text: |
The text of the assertion and a reference to the source specification
from which the assertion is derived. |
| Note: |
Any supplementary information associated with the assertion. For example
it may suggest a strategy for the test implementation of the assertion
or it may propose rationale as to why a test is classified as untestable.
|
There are no testable assertions in this section.
There are no testable assertions in this section.
There are no testable assertions in this section.
| ID: |
crypto/signtext/1 |
| Class: |
A |
| Text: |
When a call to the WML Script Library function Crypto.signText is made the text to sign must be displayed to the Operator prior to the function returning. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000 |
|
| ID: |
crypto/signtext/2 |
| Class: |
A |
| Text: |
When the Operator is presented with the text to sign after a call to the WML Script Library function Crypto.signText, the Operator may choose to cancel the operation without the text being signed the function should then return the string "error:userCancel". [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. Here the User should click on the "link", and then cancel the signing operation when prompted. Only cancelling the signing operation will cause the test to pass. |
|
| ID: |
crypto/signtext/3 |
| Class: |
A |
| Text: |
When the Operator is presented with the text to sign after a call to the WML Script Library function Crypto.signText, the Operator may choose to approve the signing operation and the call to the function proceedes. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. |
|
| ID: |
crypto/signtext/4 |
| Class: |
A |
| Text: |
If the Operator approves the signing of text using the Crypto.signText function then the browser must request Operator verification for the private key. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000 |
|
| ID: |
crypto/signtext/5 |
| Class: |
A |
| Text: |
If the Operator approves the signing of text using the Crypto.signText function then the Operator must enter a valid WIM PIN for the call to Crypto.signText to proceed. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. Notes: this assertion requires that a valid WIM PIN is made available to whoever is performing the test. Also, a device that has WIN capabilities should also be made available. |
|
| ID: |
crypto/signtext/6 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with parameters that indicate that a Certificate should be included in the result of the call and the URL of a valid certificate is available to the browser, then the string returned by the call to the function Crypto.signText should contain the URL of the certificate that should be used to decrypt the text. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that the browser ONLY has access to the URL of a valid certificate. |
|
| ID: |
crypto/signtext/7 |
| Class: |
B |
| Text: |
When a call to WML Script Library function Crypto.signText is made with parameters that indicate that a Certificate should be included in the result of the call and a valid certificate is available to the browser, then the string returned by the call to the Crypto.signText function should contain the certificate used during the signing operation. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that the browser has a valid certificate available. |
|
| ID: |
crypto/signtext/8 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with parameters that indicate that a Certificate should be included in the result of the call and no valid certificate is available to the browser then the call to Crypto.signText should return "error:noCert". [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that there are no valid certificates available. |
|
| ID: |
crypto/signtext/9 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with parameters that indicates that a Certificate should be included in the result and there are a number of Certificates available to the browser then the browser should prompt the User to indicate which Certificate should be used in the signing process using the labels of the certificates. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that there are a number of valid certificates available. |
|
| ID: |
crypto/signtext/10 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with parameters that indicate that the string to sign should be included in the returned string then the string returned by the function must include the string to sign. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that there is a valid signature key or certificate to be available. |
|
| ID: |
crypto/signtext/11 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with the keyIdType parameter indicating that no key identifier is supplied in the keyId parameter, the browser may use and key and certificate available to perform the signing function. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that there are key or certificates available. |
|
| ID: |
crypto/signtext/12 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with the keyIdType parameter indicating a SHA-1 hash of the user public key is supplied in the keyId parameter, the browser must use the signature key corresponding to the given public key hash. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that there are key or certificates available. |
|
| ID: |
crypto/signtext/13 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with the keyIdType parameter indicating a SHA-1 hash of the user public key is supplied in the keyId parameter and the signature key is not available then the function must return the string "error:noCert". [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test requires that a valid SHA-1 hash of a user public key is available for use in the call to the function, also a signature key that corresponds to the given public key hash must also be made available. |
|
| ID: |
crypto/signtext/14 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with the keyIdType parameter indicating a SHA-1 hash of a trusted Certification Authority public key is supplied in the keyId parameter, the browser must use a signature key that is certified by the indicated Certification Authority. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test requires that a valid SHA-1 hash of a trusted CA public key is available for use in the call to the function, also a signature key certified by the CA must be made available. |
|
| ID: |
crypto/signtext/15 |
| Class: |
B |
| Text: |
When a call to the WML Script Library function Crypto.signText is made with the keyIdType parameter indicating a SHA-1 hash of a trusted Certification Authority public key is supplied in the keyId parameter and the keyId parameter comprises multiple CA public key hashes, the browser must one or more of the signature keys that are certified by the indicated Certification Authority. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered untestable since there is no way for the application to ensure that the signing of the text is performed using multiple signature keys. |
|
| ID: |
crypto/signtext/16 |
| Class: |
B |
| Text: |
When a successful call to the WML Script Library function Crypto.signText is made the function will return the signed text encoded as a SignedContent string. [WMLScript Crypto Library Specification section 5.1.2] |
| Note: |
New for June 2000. This test is considered to be untestable since there is no way for the application to ensure that the browser has valid certificates available. |
|
There are no testable assertions in this section.
There are no testable assertions in this section.
There are no testable assertions in this section.
There are no testable assertions in this section.
There are no testable assertions in this section.