From 674841e279cc1bdbcb5c84c9b26377b156aee76b Mon Sep 17 00:00:00 2001
From: Ton Voon <tonvoon@macbook.local>
Date: Fri, 6 Mar 2009 00:24:38 +0000
Subject: Create expired cert for testing purposes. Updated tests to check
 expired and unexpired certificates

---
 plugins/tests/certs/expired-cert.pem | 21 ++++++++++++
 plugins/tests/certs/expired-key.pem  | 15 ++++++++
 plugins/tests/check_http.t           | 66 ++++++++++++++++++++++++++++++------
 3 files changed, 92 insertions(+), 10 deletions(-)
 create mode 100644 plugins/tests/certs/expired-cert.pem
 create mode 100644 plugins/tests/certs/expired-key.pem

(limited to 'plugins/tests')

diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem
new file mode 100644
index 00000000..40324cf8
--- /dev/null
+++ b/plugins/tests/certs/expired-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
+BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
+BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
+SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw
+NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
+BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
+CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K
+iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP
+J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX
+tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp
+MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ
+BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
+FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
+CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw
+AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5
+45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda
+SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo
+6xW7hkzYog==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem
new file mode 100644
index 00000000..af0e24da
--- /dev/null
+++ b/plugins/tests/certs/expired-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1
++ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8
+yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB
+AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS
+R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0
+uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq
+UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/
+ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer
+fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi
+WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM
+quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu
+dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9
+QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg=
+-----END RSA PRIVATE KEY-----
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 20078c20..d221463b 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -2,6 +2,16 @@
 #
 # Test check_http by having an actual HTTP server running
 #
+# To create the https server certificate:
+# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
+# Country Name (2 letter code) [AU]:UK
+# State or Province Name (full name) [Some-State]:Derbyshire
+# Locality Name (eg, city) []:Belper
+# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Nagios Plugins
+# Organizational Unit Name (eg, section) []:
+# Common Name (eg, YOUR name) []:Ton Voon
+# Email Address []:tonvoon@mac.com
+
 
 use strict;
 use Test::More;
@@ -25,17 +35,35 @@ $HTTP::Daemon::VERSION = "1.00";
 
 my $port_http = 50000 + int(rand(1000));
 my $port_https = $port_http + 1;
+my $port_https_expired = $port_http + 2;
 
-# Start up both servers
-my $pid_https;
-my $pid_http = fork();
-if ($pid_http) {
+# Start up all servers
+my @pids;
+my $pid = fork();
+if ($pid) {
 	# Parent
+	push @pids, $pid;
 	if (exists $servers->{https}) {
-		# Fork another server
-		$pid_https = fork();
-		if ($pid_https) {
+		# Fork a normal HTTPS server
+		$pid = fork();
+		if ($pid) {
 			# Parent
+			push @pids, $pid;
+			# Fork an expired cert server
+			$pid = fork();
+			if ($pid) {
+				push @pids, $pid;
+			} else {
+				my $d = HTTP::Daemon::SSL->new(
+					LocalPort => $port_https_expired,
+					LocalAddr => "127.0.0.1",
+					SSL_cert_file => "$Bin/certs/expired-cert.pem",
+					SSL_key_file => "$Bin/certs/expired-key.pem",
+				) || die;
+				print "Please contact https expired at: <URL:", $d->url, ">\n";
+				run_server( $d );
+				exit;
+			}
 		} else {
 			my $d = HTTP::Daemon::SSL->new(
 				LocalPort => $port_https,
@@ -106,7 +134,7 @@ sub run_server {
 }
 
 END { 
-	foreach my $pid ($pid_http, $pid_https) {
+	foreach my $pid (@pids) {
 		if ($pid) { print "Killing $pid\n"; kill "INT", $pid } 
 	}
 };
@@ -116,8 +144,9 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 }
 
 my $common_tests = 47;
+my $ssl_only_tests = 6;
 if (-x "./check_http") {
-	plan tests => $common_tests * 2;
+	plan tests => $common_tests * 2 + $ssl_only_tests;
 } else {
 	plan skip_all => "No check_http compiled";
 }
@@ -127,8 +156,25 @@ my $command = "./check_http -H 127.0.0.1";
 
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
-	skip "HTTP::Daemon::SSL not installed", $common_tests if ! exists $servers->{https};
+	skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
 	run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+	
+	$result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
+	is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
+	is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41.', "output ok" );
+
+	$result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
+	is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
+	like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" );
+
+
+	# Expired cert tests
+	$result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
+	is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
+	is( $result->output, 
+		'CRITICAL - Certificate expired on 03/05/2009 00:13.',
+		"output ok" );
+
 }
 
 sub run_common_tests {
-- 
cgit v1.2.3-74-g34f1