1 files changed, 455 insertions, 0 deletions
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
new file mode 100755
index 0000000..28dacd0
--- /dev/null
+++ b/plugins/tests/check_curl.t
@@ -0,0 +1,455 @@
+#! /usr/bin/perl -w -I ..
+#
+# Test check_http by having an actual HTTP server running
+#
+# To create the https server certificate:
+# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
+# Country Name (2 letter code) [AU]:UK
+# State or Province Name (full name) [Some-State]:Derbyshire
+# Locality Name (eg, city) []:Belper
+# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
+# Organizational Unit Name (eg, section) []:
+# Common Name (eg, YOUR name) []:Ton Voon
+# Email Address []:tonvoon@mac.com
+use strict;
+use Test::More;
+use NPTest;
+use FindBin qw($Bin);
+$ENV{'LC_TIME'} = "C";
+my $common_tests = 70;
+my $virtual_port_tests = 8;
+my $ssl_only_tests = 8;
+# Check that all dependent modules are available
+eval "use HTTP::Daemon 6.01;";
+plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
+eval {
+        require HTTP::Status;
+        require HTTP::Response;
+};
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+if ($@) {
+        plan skip_all => "Missing required module for test: $@";
+} else {
+        if (-x "./$plugin") {
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
+        } else {
+                plan skip_all => "No $plugin compiled";
+        }
+}
+my $servers = { http => 0 };    # HTTP::Daemon should always be available
+eval { require HTTP::Daemon::SSL };
+if ($@) {
+        diag "Cannot load HTTP::Daemon::SSL: $@";
+} else {
+        $servers->{https} = 0;
+}
+# set a fixed version, so the header size doesn't vary
+$HTTP::Daemon::VERSION = "1.00";
+my $port_http = 50000 + int(rand(1000));
+my $port_https = $port_http + 1;
+my $port_https_expired = $port_http + 2;
+# This array keeps sockets around for implementing timeouts
+my @persist;
+# Start up all servers
+my @pids;
+my $pid = fork();
+if ($pid) {
+        # Parent
+        push @pids, $pid;
+        if (exists $servers->{https}) {
+                # Fork a normal HTTPS server
+                $pid = fork();
+                if ($pid) {
+                        # Parent
+                        push @pids, $pid;
+                        # Fork an expired cert server
+                        $pid = fork();
+                        if ($pid) {
+                                push @pids, $pid;
+                        } else {
+                                my $d = HTTP::Daemon::SSL->new(
+                                        LocalPort => $port_https_expired,
+                                        LocalAddr => "127.0.0.1",
+                                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
+                                        SSL_key_file => "$Bin/certs/expired-key.pem",
+                                ) || die;
+                                print "Please contact https expired at: <URL:", $d->url, ">\n";
+                                run_server( $d );
+                                exit;
+                        }
+                } else {
+                        my $d = HTTP::Daemon::SSL->new(
+                                LocalPort => $port_https,
+                                LocalAddr => "127.0.0.1",
+                                SSL_cert_file => "$Bin/certs/server-cert.pem",
+                                SSL_key_file => "$Bin/certs/server-key.pem",
+                        ) || die;
+                        print "Please contact https at: <URL:", $d->url, ">\n";
+                        run_server( $d );
+                        exit;
+                }
+        }
+        # give our webservers some time to startup
+        sleep(1);
+} else {
+        # Child
+        #print "child\n";
+        my $d = HTTP::Daemon->new(
+                LocalPort => $port_http,
+                LocalAddr => "127.0.0.1",
+        ) || die;
+        print "Please contact http at: <URL:", $d->url, ">\n";
+        run_server( $d );
+        exit;
+}
+# Run the same server on http and https
+sub run_server {
+        my $d = shift;
+        MAINLOOP: while (my $c = $d->accept ) {
+                while (my $r = $c->get_request) {
+                        if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
+                                $c->send_basic_header($1);
+                                $c->send_crlf;
+                        } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_file_response("$Bin/var/$1");
+                        } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                sleep 1;
+                                $c->send_response("slow");
+                        } elsif ($r->url->path eq "/method") {
+                                if ($r->method eq "DELETE") {
+                                        $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
+                                } elsif ($r->method eq "foo") {
+                                        $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                } else {
+                                        $c->send_status_line(200, $r->method);
+                                }
+                        } elsif ($r->url->path eq "/postdata") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response($r->method.":".$r->content);
+                        } elsif ($r->url->path eq "/redirect") {
+                                $c->send_redirect( "/redirect2" );
+                        } elsif ($r->url->path eq "/redir_external") {
+                                $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
+                        } elsif ($r->url->path eq "/redirect2") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                        } elsif ($r->url->path eq "/redir_timeout") {
+                                $c->send_redirect( "/timeout" );
+                        } elsif ($r->url->path eq "/timeout") {
+                                # Keep $c from being destroyed, but prevent severe leaks
+                                unshift @persist, $c;
+                                delete($persist[1000]);
+                                next MAINLOOP;
+                        } elsif ($r->url->path eq "/header_check") {
+                                $c->send_basic_header;
+                                $c->send_header('foo');
+                                $c->send_crlf;
+                        } elsif ($r->url->path eq "/virtual_port") {
+                                # return sent Host header
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                        } else {
+                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
+                        }
+                        $c->close;
+                }
+        }
+}
+END {
+        foreach my $pid (@pids) {
+                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
+        }
+};
+if ($ARGV[0] && $ARGV[0] eq "-d") {
+        while (1) {
+                sleep 100;
+        }
+}
+my $result;
+my $command = "./$plugin -H 127.0.0.1";
+run_common_tests( { command => "$command -p $port_http" } );
+SKIP: {
+        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
+        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
+        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
+        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:28 2019 +0000.', "output ok" );
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
+        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
+        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019 \+0000\)./', "output ok" );
+        # Expired cert tests
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
+        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
+        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019 \+0000\)./', "output ok" );
+        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
+        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
+        is( $result->output,
+                'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:16 2009 +0000.',
+                "output ok" );
+}
+my $cmd;
+# check virtual port behaviour
+#
+# http without virtual port
+$cmd = "$command -p $port_http -u /virtual_port -r ^127.0.0.1:$port_http\$";
+$result = NPTest->testCmd( $cmd );
+is( $result->return_code, 0, $cmd);
+like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+# http with virtual port
+$cmd = "$command:80 -p $port_http -u /virtual_port -r ^127.0.0.1\$";
+$result = NPTest->testCmd( $cmd );
+is( $result->return_code, 0, $cmd);
+like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+SKIP: {
+        skip "HTTP::Daemon::SSL not installed", 4 if ! exists $servers->{https};
+        # https without virtual port
+        $cmd = "$command -p $port_https --ssl -u /virtual_port -r ^127.0.0.1:$port_https\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        # https with virtual port
+        $cmd = "$command:443 -p $port_https --ssl -u /virtual_port -r ^127.0.0.1\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+}
+sub run_common_tests {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+        if ($opts->{ssl}) {
+                $command .= " --ssl";
+        }
+        $result = NPTest->testCmd( "$command -u /file/root" );
+        is( $result->return_code, 0, "/file/root");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
+        $result = NPTest->testCmd( "$command -u /file/root -s Root" );
+        is( $result->return_code, 0, "/file/root search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
+        $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" );
+        is( $result->return_code, 2, "Missing string check");
+        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
+        $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" );
+        is( $result->return_code, 2, "Missing string check");
+        like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
+        $result = NPTest->testCmd( "$command -u /header_check -d foo" );
+        is( $result->return_code, 0, "header_check search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
+        $result = NPTest->testCmd( "$command -u /header_check -d bar" );
+        is( $result->return_code, 2, "Missing header string check");
+        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
+        my $cmd;
+        $cmd = "$command -u /slow";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, "$cmd");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $result->output =~ /in ([\d\.]+) second/;
+        cmp_ok( $1, ">", 1, "Time is > 1 second" );
+        $cmd = "$command -u /statuscode/200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -u /statuscode/200 -e 200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -u /statuscode/201";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
+        $cmd = "$command -u /statuscode/201 -e 201";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
+        $cmd = "$command -u /statuscode/201 -e 200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output );
+        $cmd = "$command -u /statuscode/200 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -u /statuscode/201 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -u /statuscode/203 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output );
+        $cmd = "$command -j HEAD -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -j POST -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -j GET -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -P foo -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -j DELETE -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 1, $cmd);
+        like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output );
+        $cmd = "$command -j foo -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output );
+        $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        # To confirm that the free doesn't segfault
+        $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -u /redirect";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -f follow -u /redirect";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -f follow -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -f sticky -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -f stickyport -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+  # These tests may block
+        print "ALRM\n";
+        # stickyport - on full urlS port is set back to 80 otherwise
+        $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
+        eval {
+                local $SIG{ALRM} = sub { die "alarm\n" };
+                alarm(2);
+                $result = NPTest->testCmd( $cmd );
+                alarm(0);       };
+        isnt( $@, "alarm\n", $cmd );
+        is( $result->return_code, 0, $cmd );
+        # Let's hope there won't be any web server on :80 returning "redirected"!
+        $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
+        eval {
+                local $SIG{ALRM} = sub { die "alarm\n" };
+                alarm(2);
+                $result = NPTest->testCmd( $cmd );
+                alarm(0); };
+        isnt( $@, "alarm\n", $cmd );
+        isnt( $result->return_code, 0, $cmd );
+        # Test an external address - timeout
+        SKIP: {
+                skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
+                $cmd = "$command -f follow -u /redir_external -t 5";
+                eval {
+                        $result = NPTest->testCmd( $cmd, 2 );
+                };
+                like( $@, "/timeout in command: $cmd/", $cmd );
+        }
+        $cmd = "$command -u /timeout -t 5";
+        eval {
+                $result = NPTest->testCmd( $cmd, 2 );
+        };
+        like( $@, "/timeout in command: $cmd/", $cmd );
+        $cmd = "$command -f follow -u /redir_timeout -t 2";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+}

diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t new file mode 100755 index 0000000..28dacd0 --- /dev/null +++ b/plugins/tests/check_curl.t
@@ -0,0 +1,455 @@
	1	#! /usr/bin/perl -w -I ..
	2	#
	3	# Test check_http by having an actual HTTP server running
	4	#
	5	# To create the https server certificate:
	6	# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
	7	# Country Name (2 letter code) [AU]:UK
	8	# State or Province Name (full name) [Some-State]:Derbyshire
	9	# Locality Name (eg, city) []:Belper
	10	# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
	11	# Organizational Unit Name (eg, section) []:
	12	# Common Name (eg, YOUR name) []:Ton Voon
	13	# Email Address []:tonvoon@mac.com
	14
	15	use strict;
	16	use Test::More;
	17	use NPTest;
	18	use FindBin qw($Bin);
	19
	20	$ENV{'LC_TIME'} = "C";
	21
	22	my $common_tests = 70;
	23	my $virtual_port_tests = 8;
	24	my $ssl_only_tests = 8;
	25	# Check that all dependent modules are available
	26	eval "use HTTP::Daemon 6.01;";
	27	plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
	28	eval {
	29	require HTTP::Status;
	30	require HTTP::Response;
	31	};
	32
	33	my $plugin = 'check_http';
	34	$plugin = 'check_curl' if $0 =~ m/check_curl/mx;
	35
	36	if ($@) {
	37	plan skip_all => "Missing required module for test: $@";
	38	} else {
	39	if (-x "./$plugin") {
	40	plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
	41	} else {
	42	plan skip_all => "No $plugin compiled";
	43	}
	44	}
	45
	46	my $servers = { http => 0 }; # HTTP::Daemon should always be available
	47	eval { require HTTP::Daemon::SSL };
	48	if ($@) {
	49	diag "Cannot load HTTP::Daemon::SSL: $@";
	50	} else {
	51	$servers->{https} = 0;
	52	}
	53
	54	# set a fixed version, so the header size doesn't vary
	55	$HTTP::Daemon::VERSION = "1.00";
	56
	57	my $port_http = 50000 + int(rand(1000));
	58	my $port_https = $port_http + 1;
	59	my $port_https_expired = $port_http + 2;
	60
	61	# This array keeps sockets around for implementing timeouts
	62	my @persist;
	63
	64	# Start up all servers
	65	my @pids;
	66	my $pid = fork();
	67	if ($pid) {
	68	# Parent
	69	push @pids, $pid;
	70	if (exists $servers->{https}) {
	71	# Fork a normal HTTPS server
	72	$pid = fork();
	73	if ($pid) {
	74	# Parent
	75	push @pids, $pid;
	76	# Fork an expired cert server
	77	$pid = fork();
	78	if ($pid) {
	79	push @pids, $pid;
	80	} else {
	81	my $d = HTTP::Daemon::SSL->new(
	82	LocalPort => $port_https_expired,
	83	LocalAddr => "127.0.0.1",
	84	SSL_cert_file => "$Bin/certs/expired-cert.pem",
	85	SSL_key_file => "$Bin/certs/expired-key.pem",
	86	) \|\| die;
	87	print "Please contact https expired at: <URL:", $d->url, ">\n";
	88	run_server( $d );
	89	exit;
	90	}
	91	} else {
	92	my $d = HTTP::Daemon::SSL->new(
	93	LocalPort => $port_https,
	94	LocalAddr => "127.0.0.1",
	95	SSL_cert_file => "$Bin/certs/server-cert.pem",
	96	SSL_key_file => "$Bin/certs/server-key.pem",
	97	) \|\| die;
	98	print "Please contact https at: <URL:", $d->url, ">\n";
	99	run_server( $d );
	100	exit;
	101	}
	102	}
	103	# give our webservers some time to startup
	104	sleep(1);
	105	} else {
	106	# Child
	107	#print "child\n";
	108	my $d = HTTP::Daemon->new(
	109	LocalPort => $port_http,
	110	LocalAddr => "127.0.0.1",
	111	) \|\| die;
	112	print "Please contact http at: <URL:", $d->url, ">\n";
	113	run_server( $d );
	114	exit;
	115	}
	116
	117	# Run the same server on http and https
	118	sub run_server {
	119	my $d = shift;
	120	MAINLOOP: while (my $c = $d->accept ) {
	121	while (my $r = $c->get_request) {
	122	if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
	123	$c->send_basic_header($1);
	124	$c->send_crlf;
	125	} elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
	126	$c->send_basic_header;
	127	$c->send_crlf;
	128	$c->send_file_response("$Bin/var/$1");
	129	} elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
	130	$c->send_basic_header;
	131	$c->send_crlf;
	132	sleep 1;
	133	$c->send_response("slow");
	134	} elsif ($r->url->path eq "/method") {
	135	if ($r->method eq "DELETE") {
	136	$c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
	137	} elsif ($r->method eq "foo") {
	138	$c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
	139	} else {
	140	$c->send_status_line(200, $r->method);
	141	}
	142	} elsif ($r->url->path eq "/postdata") {
	143	$c->send_basic_header;
	144	$c->send_crlf;
	145	$c->send_response($r->method.":".$r->content);
	146	} elsif ($r->url->path eq "/redirect") {
	147	$c->send_redirect( "/redirect2" );
	148	} elsif ($r->url->path eq "/redir_external") {
	149	$c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
	150	} elsif ($r->url->path eq "/redirect2") {
	151	$c->send_basic_header;
	152	$c->send_crlf;
	153	$c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
	154	} elsif ($r->url->path eq "/redir_timeout") {
	155	$c->send_redirect( "/timeout" );
	156	} elsif ($r->url->path eq "/timeout") {
	157	# Keep $c from being destroyed, but prevent severe leaks
	158	unshift @persist, $c;
	159	delete($persist[1000]);
	160	next MAINLOOP;
	161	} elsif ($r->url->path eq "/header_check") {
	162	$c->send_basic_header;
	163	$c->send_header('foo');
	164	$c->send_crlf;
	165	} elsif ($r->url->path eq "/virtual_port") {
	166	# return sent Host header
	167	$c->send_basic_header;
	168	$c->send_crlf;
	169	$c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
	170	} else {
	171	$c->send_error(HTTP::Status->RC_FORBIDDEN);
	172	}
	173	$c->close;
	174	}
	175	}
	176	}
	177
	178	END {
	179	foreach my $pid (@pids) {
	180	if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
	181	}
	182	};
	183
	184	if ($ARGV[0] && $ARGV[0] eq "-d") {
	185	while (1) {
	186	sleep 100;
	187	}
	188	}
	189
	190	my $result;
	191	my $command = "./$plugin -H 127.0.0.1";
	192
	193	run_common_tests( { command => "$command -p $port_http" } );
	194	SKIP: {
	195	skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
	196	run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
	197
	198	$result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
	199	is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
	200	is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019 +0000.', "output ok" );
	201
	202	$result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
	203	is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
	204	like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" );
	205
	206	# Expired cert tests
	207	$result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
	208	is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
	209	like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" );
	210
	211	$result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
	212	is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
	213	is( $result->output,
	214	'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009 +0000.',
	215	"output ok" );
	216
	217	}
	218
	219	my $cmd;
	220	# check virtual port behaviour
	221	#
	222	# http without virtual port
	223	$cmd = "$command -p $port_http -u /virtual_port -r ^127.0.0.1:$port_http\$";
	224	$result = NPTest->testCmd( $cmd );
	225	is( $result->return_code, 0, $cmd);
	226	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	227
	228	# http with virtual port
	229	$cmd = "$command:80 -p $port_http -u /virtual_port -r ^127.0.0.1\$";
	230	$result = NPTest->testCmd( $cmd );
	231	is( $result->return_code, 0, $cmd);
	232	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	233
	234	SKIP: {
	235	skip "HTTP::Daemon::SSL not installed", 4 if ! exists $servers->{https};
	236	# https without virtual port
	237	$cmd = "$command -p $port_https --ssl -u /virtual_port -r ^127.0.0.1:$port_https\$";
	238	$result = NPTest->testCmd( $cmd );
	239	is( $result->return_code, 0, $cmd);
	240	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	241
	242	# https with virtual port
	243	$cmd = "$command:443 -p $port_https --ssl -u /virtual_port -r ^127.0.0.1\$";
	244	$result = NPTest->testCmd( $cmd );
	245	is( $result->return_code, 0, $cmd);
	246	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	247	}
	248
	249
	250	sub run_common_tests {
	251	my ($opts) = @_;
	252	my $command = $opts->{command};
	253	if ($opts->{ssl}) {
	254	$command .= " --ssl";
	255	}
	256
	257	$result = NPTest->testCmd( "$command -u /file/root" );
	258	is( $result->return_code, 0, "/file/root");
	259	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
	260
	261	$result = NPTest->testCmd( "$command -u /file/root -s Root" );
	262	is( $result->return_code, 0, "/file/root search for string");
	263	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
	264
	265	$result = NPTest->testCmd( "$command -u /file/root -s NonRoot" );
	266	is( $result->return_code, 2, "Missing string check");
	267	like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
	268
	269	$result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" );
	270	is( $result->return_code, 2, "Missing string check");
	271	like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
	272
	273	$result = NPTest->testCmd( "$command -u /header_check -d foo" );
	274	is( $result->return_code, 0, "header_check search for string");
	275	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
	276
	277	$result = NPTest->testCmd( "$command -u /header_check -d bar" );
	278	is( $result->return_code, 2, "Missing header string check");
	279	like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
	280
	281	my $cmd;
	282	$cmd = "$command -u /slow";
	283	$result = NPTest->testCmd( $cmd );
	284	is( $result->return_code, 0, "$cmd");
	285	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	286	$result->output =~ /in ([\d\.]+) second/;
	287	cmp_ok( $1, ">", 1, "Time is > 1 second" );
	288
	289	$cmd = "$command -u /statuscode/200";
	290	$result = NPTest->testCmd( $cmd );
	291	is( $result->return_code, 0, $cmd);
	292	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	293
	294	$cmd = "$command -u /statuscode/200 -e 200";
	295	$result = NPTest->testCmd( $cmd );
	296	is( $result->return_code, 0, $cmd);
	297	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	298
	299	$cmd = "$command -u /statuscode/201";
	300	$result = NPTest->testCmd( $cmd );
	301	is( $result->return_code, 0, $cmd);
	302	like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
	303
	304	$cmd = "$command -u /statuscode/201 -e 201";
	305	$result = NPTest->testCmd( $cmd );
	306	is( $result->return_code, 0, $cmd);
	307	like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
	308
	309	$cmd = "$command -u /statuscode/201 -e 200";
	310	$result = NPTest->testCmd( $cmd );
	311	is( $result->return_code, 2, $cmd);
	312	like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output );
	313
	314	$cmd = "$command -u /statuscode/200 -e 200,201,202";
	315	$result = NPTest->testCmd( $cmd );
	316	is( $result->return_code, 0, $cmd);
	317	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	318
	319	$cmd = "$command -u /statuscode/201 -e 200,201,202";
	320	$result = NPTest->testCmd( $cmd );
	321	is( $result->return_code, 0, $cmd);
	322	like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	323
	324	$cmd = "$command -u /statuscode/203 -e 200,201,202";
	325	$result = NPTest->testCmd( $cmd );
	326	is( $result->return_code, 2, $cmd);
	327	like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output );
	328
	329	$cmd = "$command -j HEAD -u /method";
	330	$result = NPTest->testCmd( $cmd );
	331	is( $result->return_code, 0, $cmd);
	332	like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	333
	334	$cmd = "$command -j POST -u /method";
	335	$result = NPTest->testCmd( $cmd );
	336	is( $result->return_code, 0, $cmd);
	337	like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	338
	339	$cmd = "$command -j GET -u /method";
	340	$result = NPTest->testCmd( $cmd );
	341	is( $result->return_code, 0, $cmd);
	342	like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	343
	344	$cmd = "$command -u /method";
	345	$result = NPTest->testCmd( $cmd );
	346	is( $result->return_code, 0, $cmd);
	347	like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	348
	349	$cmd = "$command -P foo -u /method";
	350	$result = NPTest->testCmd( $cmd );
	351	is( $result->return_code, 0, $cmd);
	352	like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	353
	354	$cmd = "$command -j DELETE -u /method";
	355	$result = NPTest->testCmd( $cmd );
	356	is( $result->return_code, 1, $cmd);
	357	like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output );
	358
	359	$cmd = "$command -j foo -u /method";
	360	$result = NPTest->testCmd( $cmd );
	361	is( $result->return_code, 2, $cmd);
	362	like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output );
	363
	364	$cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude";
	365	$result = NPTest->testCmd( $cmd );
	366	is( $result->return_code, 0, $cmd);
	367	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	368
	369	$cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude";
	370	$result = NPTest->testCmd( $cmd );
	371	is( $result->return_code, 0, $cmd);
	372	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	373
	374	# To confirm that the free doesn't segfault
	375	$cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude";
	376	$result = NPTest->testCmd( $cmd );
	377	is( $result->return_code, 0, $cmd);
	378	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	379
	380	$cmd = "$command -u /redirect";
	381	$result = NPTest->testCmd( $cmd );
	382	is( $result->return_code, 0, $cmd);
	383	like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	384
	385	$cmd = "$command -f follow -u /redirect";
	386	$result = NPTest->testCmd( $cmd );
	387	is( $result->return_code, 0, $cmd);
	388	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	389
	390	$cmd = "$command -u /redirect -k 'follow: me'";
	391	$result = NPTest->testCmd( $cmd );
	392	is( $result->return_code, 0, $cmd);
	393	like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	394
	395	$cmd = "$command -f follow -u /redirect -k 'follow: me'";
	396	$result = NPTest->testCmd( $cmd );
	397	is( $result->return_code, 0, $cmd);
	398	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	399
	400	$cmd = "$command -f sticky -u /redirect -k 'follow: me'";
	401	$result = NPTest->testCmd( $cmd );
	402	is( $result->return_code, 0, $cmd);
	403	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	404
	405	$cmd = "$command -f stickyport -u /redirect -k 'follow: me'";
	406	$result = NPTest->testCmd( $cmd );
	407	is( $result->return_code, 0, $cmd);
	408	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
	409
	410	# These tests may block
	411	print "ALRM\n";
	412
	413	# stickyport - on full urlS port is set back to 80 otherwise
	414	$cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
	415	eval {
	416	local $SIG{ALRM} = sub { die "alarm\n" };
	417	alarm(2);
	418	$result = NPTest->testCmd( $cmd );
	419	alarm(0); };
	420	isnt( $@, "alarm\n", $cmd );
	421	is( $result->return_code, 0, $cmd );
	422
	423	# Let's hope there won't be any web server on :80 returning "redirected"!
	424	$cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
	425	eval {
	426	local $SIG{ALRM} = sub { die "alarm\n" };
	427	alarm(2);
	428	$result = NPTest->testCmd( $cmd );
	429	alarm(0); };
	430	isnt( $@, "alarm\n", $cmd );
	431	isnt( $result->return_code, 0, $cmd );
	432
	433	# Test an external address - timeout
	434	SKIP: {
	435	skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
	436	$cmd = "$command -f follow -u /redir_external -t 5";
	437	eval {
	438	$result = NPTest->testCmd( $cmd, 2 );
	439	};
	440	like( $@, "/timeout in command: $cmd/", $cmd );
	441	}
	442
	443	$cmd = "$command -u /timeout -t 5";
	444	eval {
	445	$result = NPTest->testCmd( $cmd, 2 );
	446	};
	447	like( $@, "/timeout in command: $cmd/", $cmd );
	448
	449	$cmd = "$command -f follow -u /redir_timeout -t 2";
	450	eval {
	451	$result = NPTest->testCmd( $cmd, 5 );
	452	};
	453	is( $@, "", $cmd );
	454
	455	}