From 3651ce080d50e4d4fea159d29208250b21451455 Mon Sep 17 00:00:00 2001
From: Jorge Moratinos Salcines <jorge.moratinossalcines@telefonica.com>
Date: Mon, 7 Apr 2025 13:31:18 +0200
Subject: [PATCH] New test to check PKI AEF flog

---
 .../testplan/api_security_service/README.md   | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/doc/testing/testplan/api_security_service/README.md b/doc/testing/testplan/api_security_service/README.md
index eeed75e4..224d1c22 100644
--- a/doc/testing/testplan/api_security_service/README.md
+++ b/doc/testing/testplan/api_security_service/README.md
@@ -1341,6 +1341,61 @@ At this documentation you will have all information and related files and exampl
         * error invalid_scope
         * error_description=One of the api names does not exist or is not associated with the aef id provided
 
+## Test Case 28: Retrieve Security Context from AEF using PKI-secured API Invoker
+
+**Test ID**:: ***capif_security_api-28***, ***smoke***
+
+**Description**:
+
+  Validate that the AEF can successfully retrieve the security context of an API Invoker when the selected security method is PKI and it contains CA root at ***authenticationInfo*** attribute inside securityInfo.
+
+**Pre-Conditions**:
+
+  * API Invoker is pre-authorised and Provider is also authorized
+
+**Execution Steps**:
+
+1. Register and onboard Invoker at CCF.
+2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF with only **PKI** as security method allowed.
+3. Create Security Context indicating all security methods security methods as preferred in ***prefSecurityMethods*** attribute.
+4. Retrieve Security Context by **AEF**.
+
+**Information of Test**:
+
+1. Perform [Invoker Onboarding] and [Provider Registration] 
+
+2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+       * apiName: **service_1**
+       * securityMethods: **PKI**
+     * Use **APF Certificate**
+
+3. Create Security Context for this Invoker
+     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+     * body [service security body]
+         * prefSecurityMethods: **['PKI','PSK','OAUTH']**
+     * Using **Invoker Certificate**.
+     * Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
+
+4. Retrieve Service Security by AEF:
+     * Sent GET **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true**.
+     * Query parameters ***authenticationInfo*** and ***authorizationInfo*** set to true.
+     * Using **AEF Certificate**
+
+**Expected Result**:
+
+1. Response to Security Context Creation:
+      1. **200 OK** response.
+      2. body returned must accomplish **ServiceSecurity** data structure, with:
+          *  ***selSecurityMethod*** inside ***securityInfo***: **PKI**
+
+2. Response to GET Service Security:
+      1. **200 OK** Response.
+      2. body returned must accomplish **ServiceSecurity**
+         1. ***securityinfo*** attribue only contains one item with ***authenticationInfo*** containing CA root.
+
+
 
   [Return To All Test Plans]: ../README.md
   [service security body]: ./service_security.json  "Service Security Request"
-- 
GitLab