3 files changed, 92 insertions, 10 deletions
diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem
new file mode 100644
index 00000000..40324cf8
--- /dev/null
+++ b/plugins/tests/certs/expired-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
+BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
+BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
+SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw
+NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
+BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
+CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K
+iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP
+J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX
+tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp
+MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ
+BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
+FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
+CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw
+AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5
+45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda
+SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo
+6xW7hkzYog==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem
new file mode 100644
index 00000000..af0e24da
--- /dev/null
+++ b/plugins/tests/certs/expired-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1
+ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8
+yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB
+AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS
+R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0
+uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq
+UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/
+ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer
+fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi
+WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM
+quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu
+dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9
+QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg=
+-----END RSA PRIVATE KEY-----
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 20078c20..d221463b 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -2,6 +2,16 @@
 #
 # Test check_http by having an actual HTTP server running
 #
+# To create the https server certificate:
+# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
+# Country Name (2 letter code) [AU]:UK
+# State or Province Name (full name) [Some-State]:Derbyshire
+# Locality Name (eg, city) []:Belper
+# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Nagios Plugins
+# Organizational Unit Name (eg, section) []:
+# Common Name (eg, YOUR name) []:Ton Voon
+# Email Address []:tonvoon@mac.com
 use strict;
 use Test::More;
@@ -25,17 +35,35 @@ $HTTP::Daemon::VERSION = "1.00";
 my $port_http = 50000 + int(rand(1000));
 my $port_https = $port_http + 1;
+my $port_https_expired = $port_http + 2;
-# Start up both servers
+# Start up all servers
-my $pid_https;
+my @pids;
-my $pid_http = fork();
+my $pid = fork();
-if ($pid_http) {
+if ($pid) {
        # Parent
+        push @pids, $pid;
        if (exists $servers->{https}) {
-                # Fork another server
+                # Fork a normal HTTPS server
-                $pid_https = fork();
+                $pid = fork();
-                if ($pid_https) {
+                if ($pid) {
                        # Parent
+                        push @pids, $pid;
+                        # Fork an expired cert server
+                        $pid = fork();
+                        if ($pid) {
+                                push @pids, $pid;
+                        } else {
+                                my $d = HTTP::Daemon::SSL->new(
+                                        LocalPort => $port_https_expired,
+                                        LocalAddr => "127.0.0.1",
+                                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
+                                        SSL_key_file => "$Bin/certs/expired-key.pem",
+                                ) || die;
+                                print "Please contact https expired at: <URL:", $d->url, ">\n";
+                                run_server( $d );
+                                exit;
+                        }
                } else {
                        my $d = HTTP::Daemon::SSL->new(
                                LocalPort => $port_https,
@@ -106,7 +134,7 @@ sub run_server {
 }
 END { 
-        foreach my $pid ($pid_http, $pid_https) {
+        foreach my $pid (@pids) {
                if ($pid) { print "Killing $pid\n"; kill "INT", $pid } 
        }
 };
@@ -116,8 +144,9 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 }
 my $common_tests = 47;
+my $ssl_only_tests = 6;
 if (-x "./check_http") {
-        plan tests => $common_tests * 2;
+        plan tests => $common_tests * 2 + $ssl_only_tests;
 } else {
        plan skip_all => "No check_http compiled";
 }
@@ -127,8 +156,25 @@ my $command = "./check_http -H 127.0.0.1";
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
-        skip "HTTP::Daemon::SSL not installed", $common_tests if ! exists $servers->{https};
+        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+        
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
+        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
+        is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41.', "output ok" );
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
+        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
+        like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" );
+        # Expired cert tests
+        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
+        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
+        is( $result->output, 
+                'CRITICAL - Certificate expired on 03/05/2009 00:13.',
+                "output ok" );
 }
 sub run_common_tests {

diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem new file mode 100644 index 00000000..40324cf8 --- /dev/null +++ b/plugins/tests/certs/expired-cert.pem
@@ -0,0 +1,21 @@
		1	-----BEGIN CERTIFICATE-----
		2	MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
		3	BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
		4	BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
		5	SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw
		6	NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
		7	BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
		8	CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
		9	KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K
		10	iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP
		11	J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX
		12	tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp
		13	MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ
		14	BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
		15	FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
		16	CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw
		17	AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5
		18	45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda
		19	SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo
		20	6xW7hkzYog==
		21	-----END CERTIFICATE-----


diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem new file mode 100644 index 00000000..af0e24da --- /dev/null +++ b/plugins/tests/certs/expired-key.pem
@@ -0,0 +1,15 @@
		1	-----BEGIN RSA PRIVATE KEY-----
		2	MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1
		3	+ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8
		4	yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB
		5	AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS
		6	R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0
		7	uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq
		8	UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/
		9	ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer
		10	fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi
		11	WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM
		12	quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu
		13	dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9
		14	QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg=
		15	-----END RSA PRIVATE KEY-----


diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index 20078c20..d221463b 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t
@@ -2,6 +2,16 @@
2	#	2	#
3	# Test check_http by having an actual HTTP server running	3	# Test check_http by having an actual HTTP server running
4	#	4	#
		5	# To create the https server certificate:
		6	# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
		7	# Country Name (2 letter code) [AU]:UK
		8	# State or Province Name (full name) [Some-State]:Derbyshire
		9	# Locality Name (eg, city) []:Belper
		10	# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Nagios Plugins
		11	# Organizational Unit Name (eg, section) []:
		12	# Common Name (eg, YOUR name) []:Ton Voon
		13	# Email Address []:tonvoon@mac.com
		14
5		15
6	use strict;	16	use strict;
7	use Test::More;	17	use Test::More;
@@ -25,17 +35,35 @@ $HTTP::Daemon::VERSION = "1.00";
25		35
26	my $port_http = 50000 + int(rand(1000));	36	my $port_http = 50000 + int(rand(1000));
27	my $port_https = $port_http + 1;	37	my $port_https = $port_http + 1;
		38	my $port_https_expired = $port_http + 2;
28		39
29	# Start up both servers	40	# Start up all servers
30	my $pid_https;	41	my @pids;
31	my $pid_http = fork();	42	my $pid = fork();
32	if ($pid_http) {	43	if ($pid) {
33	# Parent	44	# Parent
		45	push @pids, $pid;
34	if (exists $servers->{https}) {	46	if (exists $servers->{https}) {
35	# Fork another server	47	# Fork a normal HTTPS server
36	$pid_https = fork();	48	$pid = fork();
37	if ($pid_https) {	49	if ($pid) {
38	# Parent	50	# Parent
		51	push @pids, $pid;
		52	# Fork an expired cert server
		53	$pid = fork();
		54	if ($pid) {
		55	push @pids, $pid;
		56	} else {
		57	my $d = HTTP::Daemon::SSL->new(
		58	LocalPort => $port_https_expired,
		59	LocalAddr => "127.0.0.1",
		60	SSL_cert_file => "$Bin/certs/expired-cert.pem",
		61	SSL_key_file => "$Bin/certs/expired-key.pem",
		62	) \|\| die;
		63	print "Please contact https expired at: <URL:", $d->url, ">\n";
		64	run_server( $d );
		65	exit;
		66	}
39	} else {	67	} else {
40	my $d = HTTP::Daemon::SSL->new(	68	my $d = HTTP::Daemon::SSL->new(
41	LocalPort => $port_https,	69	LocalPort => $port_https,
@@ -106,7 +134,7 @@ sub run_server {
106	}	134	}
107		135
108	END {	136	END {
109	foreach my $pid ($pid_http, $pid_https) {	137	foreach my $pid (@pids) {
110	if ($pid) { print "Killing $pid\n"; kill "INT", $pid }	138	if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
111	}	139	}
112	};	140	};
@@ -116,8 +144,9 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
116	}	144	}
117		145
118	my $common_tests = 47;	146	my $common_tests = 47;
		147	my $ssl_only_tests = 6;
119	if (-x "./check_http") {	148	if (-x "./check_http") {
120	plan tests => $common_tests * 2;	149	plan tests => $common_tests * 2 + $ssl_only_tests;
121	} else {	150	} else {
122	plan skip_all => "No check_http compiled";	151	plan skip_all => "No check_http compiled";
123	}	152	}
@@ -127,8 +156,25 @@ my $command = "./check_http -H 127.0.0.1";
127		156
128	run_common_tests( { command => "$command -p $port_http" } );	157	run_common_tests( { command => "$command -p $port_http" } );
129	SKIP: {	158	SKIP: {
130	skip "HTTP::Daemon::SSL not installed", $common_tests if ! exists $servers->{https};	159	skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
131	run_common_tests( { command => "$command -p $port_https", ssl => 1 } );	160	run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
		161
		162	$result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
		163	is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
		164	is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41.', "output ok" );
		165
		166	$result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
		167	is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
		168	like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" );
		169
		170
		171	# Expired cert tests
		172	$result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
		173	is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
		174	is( $result->output,
		175	'CRITICAL - Certificate expired on 03/05/2009 00:13.',
		176	"output ok" );
		177
132	}	178	}
133		179
134	sub run_common_tests {	180	sub run_common_tests {