github.com/clocklock/go-rfc3161@v0.0.0-20160419203229-5ea544d9dee0/rfc3161_test.go (about) 1 package rfc3161 2 3 import ( 4 "crypto" 5 "crypto/sha1" 6 "crypto/x509" 7 "errors" 8 "fmt" 9 "io/ioutil" 10 "os" 11 "os/exec" 12 "strings" 13 "testing" 14 15 "github.com/blang/semver" 16 ) 17 18 func TestUnmarshal(t *testing.T) { 19 req, err := ReadTSQ("./test/sha1.tsq") 20 if err != nil { 21 t.Error(err) 22 } 23 err = req.Verify() 24 if err != nil { 25 t.Error(err) 26 } 27 _, err = ReadTSR("./test/sha1.response.tsr") 28 if err != nil { 29 t.Error(err) 30 } 31 32 req, err = ReadTSQ("./test/sha1_nonce.tsq") 33 if err != nil { 34 t.Error(err) 35 } 36 err = req.Verify() 37 if err != nil { 38 t.Error(err) 39 } 40 _, err = ReadTSR("./test/sha1_nonce.response.tsr") 41 if err != nil { 42 t.Error(err) 43 } 44 } 45 46 // Contruct the tsr manually 47 func TestReqBuildManually(t *testing.T) { 48 mes, err := ioutil.ReadFile("./test/message.txt") 49 if err != nil { 50 t.Error(err) 51 } 52 digest := sha1.Sum(mes) 53 54 tsr2, err := NewTimeStampReq(crypto.SHA1, digest[:]) 55 if err != nil { 56 t.Error(err) 57 } 58 err = tsr2.GenerateNonce() 59 if err != nil { 60 t.Error(err) 61 } 62 err = tsr2.Verify() 63 if err != nil { 64 t.Error(err) 65 } 66 } 67 68 // Round-trip test with OpenSSL 69 func TestOpenSSL(t *testing.T) { 70 err := checkOpenSSL() 71 if err != nil { 72 fmt.Println("Unable to test OpenSSL. Skipping OpenSSL Test. " + err.Error()) 73 return 74 } 75 76 // Create temp dir 77 dir, err := ioutil.TempDir("", "rfc3161_test") 78 if err != nil { 79 t.Error(err) 80 } 81 defer os.RemoveAll(dir) // clean up 82 83 // Files 84 cakey := "cakey.pem" 85 cacert := "cacert.pem" 86 keypath := "private.pem" 87 csrpath := "request.csr" 88 crtpath := "cert.pem" 89 tsqpath := "request.tsq" 90 tsrpath := "response.tsr" 91 cnfpath := "openssl.conf" 92 mespath := "message.txt" 93 94 // Copy config and message 95 os.Link("test/openssl.conf", dir+"/"+cnfpath) 96 os.Link("test/message.txt", dir+"/"+mespath) 97 98 // Change directory to our temporary working directory 99 curdir, _ := os.Getwd() 100 os.Chdir(dir) 101 defer os.Chdir(curdir) 102 103 // Commands 104 commands := [][]string{ 105 {"genrsa", "-out", cakey, "1024"}, 106 {"req", "-x509", "-new", "-key", cakey, "-out", cacert, "-days", "730", "-subj", "/CN=\"Clock Lock Test CA\""}, 107 {"genrsa", "-out", keypath, "1024"}, 108 {"req", "-new", "-key", keypath, "-out", csrpath, "-subj", "/C=GB/ST=London/L=London/O=GORFC3161/OU=Testing/CN=example.com", "-config", cnfpath}, 109 {"x509", "-req", "-days", "365", "-in", csrpath, "-CAkey", cakey, "-CA", cacert, "-set_serial", "01", "-out", crtpath, "-extfile", cnfpath}, 110 {"ts", "-query", "-data", mespath, "-sha1", "-cert", "-out", tsqpath}, 111 {"ts", "-reply", "-queryfile", tsqpath, "-out", tsrpath, "-inkey", keypath, "-signer", crtpath, "-config", cnfpath}, 112 } 113 114 // Run commands 115 for _, cmd := range commands { 116 out, err := exec.Command("openssl", cmd...).Output() 117 if err != nil { 118 t.Error(err, string(out), string(err.(*exec.ExitError).Stderr)) 119 } 120 } 121 122 // Add the certificate to the root list 123 RootCerts = x509.NewCertPool() 124 certbytes, err := ioutil.ReadFile(cacert) 125 if err != nil { 126 t.Error(err) 127 } 128 129 ok := RootCerts.AppendCertsFromPEM(certbytes) 130 if !ok { 131 t.Error("Unable to add root cert") 132 } 133 134 req, err := ReadTSQ(tsqpath) 135 if err != nil { 136 t.Error(err) 137 } 138 resp, err := ReadTSR(tsrpath) 139 if err != nil { 140 t.Error(err) 141 } 142 err = resp.Verify(req, nil) 143 if err != nil { 144 t.Error(err) 145 } 146 } 147 148 func checkOpenSSL() error { 149 out, err := exec.Command("openssl", "version").Output() 150 if err != nil { 151 return err 152 } 153 ver := strings.TrimRight(strings.Split(string(out), " ")[1], "abcdefghijklmnopqrstuvwxyz") 154 version, err := semver.Make(ver) 155 if err != nil { 156 return err 157 } 158 requiredVersion, _ := semver.Make("1.0.0") 159 160 if version.LT(requiredVersion) { 161 return errors.New("OpenSSL is required to be at least version 1.0.0 to test Time Stamping") 162 } 163 164 return nil 165 }