3 files changed, 123 insertions, 4 deletions

diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
index 4ebfb90e..fe8aabdb 100644
--- a/plugins/t/NPTest.cache.travis
+++ b/plugins/t/NPTest.cache.travis
@@ -17,13 +17,15 @@
   'NP_HOST_HPJD_PORT_INVALID' => '161',
   'NP_HOST_HPJD_PORT_VALID' => '',
   'NP_HOST_TCP_HTTP' => 'localhost',
-  'NP_HOST_TCP_HTTP2' => 'labs.consol.de',
+  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
   'NP_HOST_TCP_IMAP' => 'imap.web.de',
+  'NP_HOST_TCP_LDAP' => 'localhost',
   'NP_HOST_TCP_POP' => 'pop.web.de',
   'NP_HOST_TCP_SMTP' => 'localhost',
   'NP_HOST_TCP_SMTP_NOTLS' => '',
   'NP_HOST_TCP_SMTP_TLS' => '',
   'NP_INTERNET_ACCESS' => 'yes',
+  'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain',
   'NP_MOUNTPOINT2_VALID' => '',
   'NP_MOUNTPOINT_VALID' => '/',
   'NP_MYSQL_SERVER' => 'localhost',
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 2539a289..c2caec60 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -6,9 +6,10 @@
 
 use strict;
 use Test::More;
+use POSIX qw/mktime strftime/;
 use NPTest;
 
-plan tests => 30;
+plan tests => 42;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
@@ -34,6 +35,8 @@ my $host_tcp_http2  = getTestParameter( "NP_HOST_TCP_HTTP2",
             "A host providing an index page containing the string 'monitoring'",
             "test.monitoring-plugins.org" );
 
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
+
 
 $res = NPTest->testCmd(
         "./check_http $host_tcp_http -wt 300 -ct 600"
@@ -47,10 +50,10 @@ $res = NPTest->testCmd(
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_nonresponsive -wt 1 -ct 2"
+        "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3"
         );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
-cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK");
+cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
 
 $res = NPTest->testCmd(
         "./check_http $hostname_invalid -wt 1 -ct 2"
@@ -112,6 +115,40 @@ SKIP: {
         $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
 
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 12 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date");
+                is( $res->return_code, 2, "Output on expire date" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output");
+                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output");
+                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output");
+                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output");
+                is( $res->return_code, 2, "Certificate expired exit code" );
+        };
+
         $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t
new file mode 100644
index 00000000..b8944d4b
--- /dev/null
+++ b/plugins/t/check_ldap.t
@@ -0,0 +1,80 @@
+#!/usr/bin/env perl -I ..
+#
+# Lightweight Directory Access Protocol (LDAP) Test via check_ldap
+#
+#
+
+use strict;
+use warnings;
+use Test::More;
+use NPTest;
+
+my $host_tcp_ldap      = getTestParameter("NP_HOST_TCP_LDAP",
+                                          "A host providing the LDAP Service",
+                                          "localhost" );
+
+my $ldap_base_dn       = getTestParameter("NP_LDAP_BASE_DN",
+                                          "A base dn for the LDAP Service",
+                                          "cn=admin" );
+
+my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
+                                          "The hostname of system not responsive to network requests" );
+
+my $hostname_invalid   = getTestParameter("hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
+                                          "An invalid (not known to DNS) hostname" );
+
+my($result, $cmd);
+my $command = './check_ldap';
+
+plan tests => 16;
+
+SKIP: {
+    skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive;
+
+    $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1");
+    is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" );
+    is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid;
+
+    $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5");
+    is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" );
+    is( $result->output, 'Could not bind to the LDAP server', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap;
+    skip "NP_LDAP_BASE_DN not set",  12 if ! $ldap_base_dn;
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 1, $cmd );
+    like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" );
+};