From 674841e279cc1bdbcb5c84c9b26377b156aee76b Mon Sep 17 00:00:00 2001 From: Ton Voon Date: Fri, 6 Mar 2009 00:24:38 +0000 Subject: Create expired cert for testing purposes. Updated tests to check expired and unexpired certificates --- plugins/tests/certs/expired-cert.pem | 21 ++++++++++++ plugins/tests/certs/expired-key.pem | 15 ++++++++ plugins/tests/check_http.t | 66 ++++++++++++++++++++++++++++++------ 3 files changed, 92 insertions(+), 10 deletions(-) create mode 100644 plugins/tests/certs/expired-cert.pem create mode 100644 plugins/tests/certs/expired-key.pem diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem new file mode 100644 index 00000000..40324cf8 --- /dev/null +++ b/plugins/tests/certs/expired-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV +BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV +BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG +SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw +NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN +BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT +CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K +iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP +J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX +tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp +MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ +BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx +FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG +CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw +AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5 +45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda +SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo +6xW7hkzYog== +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem new file mode 100644 index 00000000..af0e24da --- /dev/null +++ b/plugins/tests/certs/expired-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1 ++ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8 +yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB +AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS +R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0 +uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq +UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/ +ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer +fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi +WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM +quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu +dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9 +QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg= +-----END RSA PRIVATE KEY----- diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index 20078c20..d221463b 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -2,6 +2,16 @@ # # Test check_http by having an actual HTTP server running # +# To create the https server certificate: +# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes +# Country Name (2 letter code) [AU]:UK +# State or Province Name (full name) [Some-State]:Derbyshire +# Locality Name (eg, city) []:Belper +# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Nagios Plugins +# Organizational Unit Name (eg, section) []: +# Common Name (eg, YOUR name) []:Ton Voon +# Email Address []:tonvoon@mac.com + use strict; use Test::More; @@ -25,17 +35,35 @@ $HTTP::Daemon::VERSION = "1.00"; my $port_http = 50000 + int(rand(1000)); my $port_https = $port_http + 1; +my $port_https_expired = $port_http + 2; -# Start up both servers -my $pid_https; -my $pid_http = fork(); -if ($pid_http) { +# Start up all servers +my @pids; +my $pid = fork(); +if ($pid) { # Parent + push @pids, $pid; if (exists $servers->{https}) { - # Fork another server - $pid_https = fork(); - if ($pid_https) { + # Fork a normal HTTPS server + $pid = fork(); + if ($pid) { # Parent + push @pids, $pid; + # Fork an expired cert server + $pid = fork(); + if ($pid) { + push @pids, $pid; + } else { + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https_expired, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/expired-cert.pem", + SSL_key_file => "$Bin/certs/expired-key.pem", + ) || die; + print "Please contact https expired at: url, ">\n"; + run_server( $d ); + exit; + } } else { my $d = HTTP::Daemon::SSL->new( LocalPort => $port_https, @@ -106,7 +134,7 @@ sub run_server { } END { - foreach my $pid ($pid_http, $pid_https) { + foreach my $pid (@pids) { if ($pid) { print "Killing $pid\n"; kill "INT", $pid } } }; @@ -116,8 +144,9 @@ if ($ARGV[0] && $ARGV[0] eq "-d") { } my $common_tests = 47; +my $ssl_only_tests = 6; if (-x "./check_http") { - plan tests => $common_tests * 2; + plan tests => $common_tests * 2 + $ssl_only_tests; } else { plan skip_all => "No check_http compiled"; } @@ -127,8 +156,25 @@ my $command = "./check_http -H 127.0.0.1"; run_common_tests( { command => "$command -p $port_http" } ); SKIP: { - skip "HTTP::Daemon::SSL not installed", $common_tests if ! exists $servers->{https}; + skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https}; run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); + + $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); + is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); + is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41.', "output ok" ); + + $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); + is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); + like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" ); + + + # Expired cert tests + $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); + is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); + is( $result->output, + 'CRITICAL - Certificate expired on 03/05/2009 00:13.', + "output ok" ); + } sub run_common_tests { -- cgit v1.2.3-74-g34f1