1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
#!/bin/sh
if [ -z "${SHUNIT2}" ] ; then
cat <<EOF
To be able to run the unit test you need a copy of shUnit2
You can download it from http://shunit2.googlecode.com/
Once downloaded please set the SHUNIT2 variable with the location
of the 'shunit2' script
EOF
exit 1
fi
if [ ! -x "${SHUNIT2}" ] ; then
echo "Error: the specified shUnit2 script (${SHUNIT2}) is not an executable file"
exit 1
fi
SCRIPT=../check_ssl_cert
if [ ! -r "${SCRIPT}" ] ; then
echo "Error: the script to test (${SCRIPT}) is not a readable file"
fi
# constants
NAGIOS_OK=0
NAGIOS_WARNING=1
NAGIOS_CRITICAL=2
NAGIOS_UNKNOWN=3
testDependencies() {
check_required_prog openssl
assertNotNull 'openssl not found' "${PROG}"
}
testUsage() {
${SCRIPT} > /dev/null 2>&1
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_UNKNOWN} "${EXIT_CODE}"
}
testETHZ() {
# debugging: to be removed
${SCRIPT} -H www.ethz.ch --cn www.ethz.ch --rootcert cabundle.crt
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testETHZCaseInsensitive() {
# debugging: to be removed
${SCRIPT} -H www.ethz.ch --cn WWW.ETHZ.CH --rootcert cabundle.crt
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testETHZWildCard() {
${SCRIPT} -H sherlock.sp.ethz.ch --cn sp.ethz.ch --rootcert cabundle.crt
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testETHZWildCardCaseInsensitive() {
${SCRIPT} -H sherlock.sp.ethz.ch --cn SP.ETHZ.CH --rootcert cabundle.crt
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testETHZWildCardSub() {
${SCRIPT} -H sherlock.sp.ethz.ch --cn sub.sp.ethz.ch --rootcert cabundle.crt
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testETHZWildCardSubCaseInsensitive() {
${SCRIPT} -H sherlock.sp.ethz.ch --cn SUB.SP.ETHZ.CH --rootcert cabundle.crt
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testValidity() {
# Tests bug #8
${SCRIPT} --rootcert cabundle.crt -H www.ethz.ch -w 1000
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_WARNING} "${EXIT_CODE}"
}
testAltNames() {
${SCRIPT} -H www.inf.ethz.ch --cn www.inf.ethz.ch --rootcert cabundle.crt --altnames
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testAltNamesCaseInsensitve() {
${SCRIPT} -H www.inf.ethz.ch --cn WWW.INF.ETHZ.CH --rootcert cabundle.crt --altnames
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testAltNames2() {
# should fail: inf.ethz.ch has the same ip as www.inf.ethz.ch but inf.ethz.ch is not in the certificate
${SCRIPT} -H inf.ethz.ch --cn inf.ethz.ch --rootcert cabundle.crt --altnames
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_CRITICAL} "${EXIT_CODE}"
}
testMultipleAltNamesOK() {
# Test with multiple CN's
${SCRIPT} -H inf.ethz.ch -n www.ethz.ch -n ethz.ch --rootcert cabundle.crt --altnames
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
}
testMultipleAltNamesFailOne() {
# Test with wiltiple CN's but last one is wrong
${SCRIPT} -H inf.ethz.ch -n www.ethz.ch -n wrong.ch --rootcert cabundle.crt --altnames
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_CRITICAL} "${EXIT_CODE}"
}
testMultipleAltNamesFailTwo() {
# Test with multiple CN's but first one is wrong
${SCRIPT} -H inf.ethz.ch -n wrong.ch -n www.ethz.ch --rootcert cabundle.crt --altnames
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_CRITICAL} "${EXIT_CODE}"
}
testAltNames2CaseInsensitive() {
# should fail: inf.ethz.ch has the same ip as www.inf.ethz.ch but inf.ethz.ch is not in the certificate
${SCRIPT} -H inf.ethz.ch --cn INF.ETHZ.CH --rootcert cabundle.crt --altnames
EXIT_CODE=$?
assertEquals "wrong exit code" ${NAGIOS_CRITICAL} "${EXIT_CODE}"
}
testETHZWithSSLLabs() {
# we assume www.ethz.ch gets at least a C
${SCRIPT} -H www.ethz.ch --cn www.ethz.ch --check-ssl-labs C --rootcert cabundle.crt
EXIT_CODE=$?
assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
}
testTimeOut() {
${SCRIPT} --rootcert cabundle.crt -H corti.li --protocol imap --port 993 --timeout 1
EXIT_CODE=$?
assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}"
}
testIMAP() {
${SCRIPT} --rootcert cabundle.crt -H corti.li --port 993
EXIT_CODE=$?
assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
}
testSMTP() {
# Travis CI blocks port 25
if [ -z "${TRAVIS+x}" ] ; then
${SCRIPT} --rootcert cabundle.crt -H corti.li --protocol smtp --port 25 --timeout 60
EXIT_CODE=$?
assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
else
echo "Skipping SMTP tests on Travis CI"
fi
}
# the script will exit without executing main
export SOURCE_ONLY='test'
# source the script.
. ${SCRIPT}
unset SOURCE_ONLY
# run shUnit: it will execute all the tests in this file
# (e.g., functions beginning with 'test'
#
# We clone to output to pass it to grep as shunit does always return 0
# We parse the output to check if a test failed
#
if ! . "${SHUNIT2}" | tee /dev/tty | grep -q 'tests\ total:\ *[0-9]*\ 100%' ; then
# at least one of the tests failed
exit 1
fi
|
