github.com/clocklock/go-rfc3161@v0.0.0-20160419203229-5ea544d9dee0/rfc3161_test.go

github.com/clocklock/go-rfc3161@v0.0.0-20160419203229-5ea544d9dee0/rfc3161_test.go (about)

     1  package rfc3161
     2  
     3  import (
     4  	"crypto"
     5  	"crypto/sha1"
     6  	"crypto/x509"
     7  	"errors"
     8  	"fmt"
     9  	"io/ioutil"
    10  	"os"
    11  	"os/exec"
    12  	"strings"
    13  	"testing"
    14  
    15  	"github.com/blang/semver"
    16  )
    17  
    18  func TestUnmarshal(t *testing.T) {
    19  	req, err := ReadTSQ("./test/sha1.tsq")
    20  	if err != nil {
    21  		t.Error(err)
    22  	}
    23  	err = req.Verify()
    24  	if err != nil {
    25  		t.Error(err)
    26  	}
    27  	_, err = ReadTSR("./test/sha1.response.tsr")
    28  	if err != nil {
    29  		t.Error(err)
    30  	}
    31  
    32  	req, err = ReadTSQ("./test/sha1_nonce.tsq")
    33  	if err != nil {
    34  		t.Error(err)
    35  	}
    36  	err = req.Verify()
    37  	if err != nil {
    38  		t.Error(err)
    39  	}
    40  	_, err = ReadTSR("./test/sha1_nonce.response.tsr")
    41  	if err != nil {
    42  		t.Error(err)
    43  	}
    44  }
    45  
    46  // Contruct the tsr manually
    47  func TestReqBuildManually(t *testing.T) {
    48  	mes, err := ioutil.ReadFile("./test/message.txt")
    49  	if err != nil {
    50  		t.Error(err)
    51  	}
    52  	digest := sha1.Sum(mes)
    53  
    54  	tsr2, err := NewTimeStampReq(crypto.SHA1, digest[:])
    55  	if err != nil {
    56  		t.Error(err)
    57  	}
    58  	err = tsr2.GenerateNonce()
    59  	if err != nil {
    60  		t.Error(err)
    61  	}
    62  	err = tsr2.Verify()
    63  	if err != nil {
    64  		t.Error(err)
    65  	}
    66  }
    67  
    68  // Round-trip test with OpenSSL
    69  func TestOpenSSL(t *testing.T) {
    70  	err := checkOpenSSL()
    71  	if err != nil {
    72  		fmt.Println("Unable to test OpenSSL. Skipping OpenSSL Test. " + err.Error())
    73  		return
    74  	}
    75  
    76  	// Create temp dir
    77  	dir, err := ioutil.TempDir("", "rfc3161_test")
    78  	if err != nil {
    79  		t.Error(err)
    80  	}
    81  	defer os.RemoveAll(dir) // clean up
    82  
    83  	// Files
    84  	cakey := "cakey.pem"
    85  	cacert := "cacert.pem"
    86  	keypath := "private.pem"
    87  	csrpath := "request.csr"
    88  	crtpath := "cert.pem"
    89  	tsqpath := "request.tsq"
    90  	tsrpath := "response.tsr"
    91  	cnfpath := "openssl.conf"
    92  	mespath := "message.txt"
    93  
    94  	// Copy config and message
    95  	os.Link("test/openssl.conf", dir+"/"+cnfpath)
    96  	os.Link("test/message.txt", dir+"/"+mespath)
    97  
    98  	// Change directory to our temporary working directory
    99  	curdir, _ := os.Getwd()
   100  	os.Chdir(dir)
   101  	defer os.Chdir(curdir)
   102  
   103  	// Commands
   104  	commands := [][]string{
   105  		{"genrsa", "-out", cakey, "1024"},
   106  		{"req", "-x509", "-new", "-key", cakey, "-out", cacert, "-days", "730", "-subj", "/CN=\"Clock Lock Test CA\""},
   107  		{"genrsa", "-out", keypath, "1024"},
   108  		{"req", "-new", "-key", keypath, "-out", csrpath, "-subj", "/C=GB/ST=London/L=London/O=GORFC3161/OU=Testing/CN=example.com", "-config", cnfpath},
   109  		{"x509", "-req", "-days", "365", "-in", csrpath, "-CAkey", cakey, "-CA", cacert, "-set_serial", "01", "-out", crtpath, "-extfile", cnfpath},
   110  		{"ts", "-query", "-data", mespath, "-sha1", "-cert", "-out", tsqpath},
   111  		{"ts", "-reply", "-queryfile", tsqpath, "-out", tsrpath, "-inkey", keypath, "-signer", crtpath, "-config", cnfpath},
   112  	}
   113  
   114  	// Run commands
   115  	for _, cmd := range commands {
   116  		out, err := exec.Command("openssl", cmd...).Output()
   117  		if err != nil {
   118  			t.Error(err, string(out), string(err.(*exec.ExitError).Stderr))
   119  		}
   120  	}
   121  
   122  	// Add the certificate to the root list
   123  	RootCerts = x509.NewCertPool()
   124  	certbytes, err := ioutil.ReadFile(cacert)
   125  	if err != nil {
   126  		t.Error(err)
   127  	}
   128  
   129  	ok := RootCerts.AppendCertsFromPEM(certbytes)
   130  	if !ok {
   131  		t.Error("Unable to add root cert")
   132  	}
   133  
   134  	req, err := ReadTSQ(tsqpath)
   135  	if err != nil {
   136  		t.Error(err)
   137  	}
   138  	resp, err := ReadTSR(tsrpath)
   139  	if err != nil {
   140  		t.Error(err)
   141  	}
   142  	err = resp.Verify(req, nil)
   143  	if err != nil {
   144  		t.Error(err)
   145  	}
   146  }
   147  
   148  func checkOpenSSL() error {
   149  	out, err := exec.Command("openssl", "version").Output()
   150  	if err != nil {
   151  		return err
   152  	}
   153  	ver := strings.TrimRight(strings.Split(string(out), " ")[1], "abcdefghijklmnopqrstuvwxyz")
   154  	version, err := semver.Make(ver)
   155  	if err != nil {
   156  		return err
   157  	}
   158  	requiredVersion, _ := semver.Make("1.0.0")
   159  
   160  	if version.LT(requiredVersion) {
   161  		return errors.New("OpenSSL is required to be at least version 1.0.0 to test Time Stamping")
   162  	}
   163  
   164  	return nil
   165  }