From: Ton Voon Date: Thu, 5 Mar 2009 23:37:45 +0000 (+0000) Subject: Added inline tests for HTTPS using HTTP::Daemon::SSL X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=8580335779b44f23a97b5534c90262b9658a37d7;p=nagiosplug.git Added inline tests for HTTPS using HTTP::Daemon::SSL --- diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem new file mode 100644 index 0000000..549e4f7 --- /dev/null +++ b/plugins/tests/certs/server-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYzCCAsygAwIBAgIJAL8LkpNwzYdxMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV +BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV +BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG +SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNTIxNDEyOFoXDTE5MDMw +MzIxNDEyOFowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN +BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT +CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAKcWMBtNtfY8vZXk0SN6/EYTVN/LOvaOSegy +oVdLoGwuwjagk+XmCzvCqHZRp8lnCLay7AO8AQI7TSN02ihCcSrgGA9OT+HciIJ1 +l5/kEYUAuA1PR6YKK/T713zUAlMzy2tsugx5+xSsSEwsXkmne52jJiG/wuE5CLT0 +9pF8HQqHAgMBAAGjgeYwgeMwHQYDVR0OBBYEFGioSPQ/rdE19+zaeY2YvHTXlUDI +MIGzBgNVHSMEgaswgaiAFGioSPQ/rdE19+zaeY2YvHTXlUDIoYGEpIGBMH8xCzAJ +BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx +FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG +CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAvwuSk3DNh3EwDAYDVR0TBAUw +AwEB/zANBgkqhkiG9w0BAQQFAAOBgQCdqasaIO6JiV5ONFG6Tr1++85UfEdZKMUX +N2NHiNNUunolIZEYR+dW99ezKmHlDiQ/tMgoLVYpl2Ubho2pAkLGQR+W0ZASgWQ1 +NjfV27Rv0y6lYQMTA0lVAU93L1x9reo3FMedmL5+H+lIEpLCxEPtAJNISrJOneZB +W5jDadwkoQ== +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem new file mode 100644 index 0000000..eacaeaa --- /dev/null +++ b/plugins/tests/certs/server-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCnFjAbTbX2PL2V5NEjevxGE1Tfyzr2jknoMqFXS6BsLsI2oJPl +5gs7wqh2UafJZwi2suwDvAECO00jdNooQnEq4BgPTk/h3IiCdZef5BGFALgNT0em +Civ0+9d81AJTM8trbLoMefsUrEhMLF5Jp3udoyYhv8LhOQi09PaRfB0KhwIDAQAB +AoGAfpxclcP8N3vteXErXURrd7pcXT0GECDgNjhvc9PV20RPXM+vYs1AA+fMeeQE +TaRqwO6x016aMRO4rz5ztYArecTBznkds1k59pkN/Ne/nsueU4tvGK8MNyS2o986 +Voohqkaq4Lcy1bcHJb9su1ELjegEr1R76Mz452Hsy+uTbAECQQDcg/tZWKVeh5CQ +dOEB3YWHwfn0NDgfPm/X2i2kAZ7n7URaUy/ffdlfsrr1mBtHCfedLoOxmmlNfEpM +hXAAurSHAkEAwfk7fEb0iN0Sj9gTozO7c6Ky10KwePZyjVzqSQIiJq3NX8BEaIeb +51TXxE5VxaLjjMLRkA0hWTYXClgERFZ6AQJAN7ChPqwzf08PRFwwIw911JY5cOHr +NoDHMCUql5vNLNdwBruxgGjBB/kUXEfgw60RusFvgt/zLh1wiii844JDawJAGQBF +sYP3urg7zzx7c3qUe5gJ0wLuefjR1PSX4ecbfb7DDMdcSdjIuG1QDiZGmd2f1KG7 +nwSCOtxk5dloW2KGAQJAQh/iBn0QhfKLFAP5eZBVk8E8XlZuw+S2DLy5SnBlIiYJ +GB5I2OClgtudXMv1labFrcST8O9eFrtsrhU1iUGUOw== +-----END RSA PRIVATE KEY----- diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index c5f9080..20078c2 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -12,26 +12,59 @@ use HTTP::Daemon; use HTTP::Status; use HTTP::Response; +my $servers = { http => 0 }; # HTTP::Daemon should always be available +eval { require HTTP::Daemon::SSL }; +if ($@) { + diag "Cannot load HTTP::Daemon::SSL: $@"; +} else { + $servers->{https} = 0; +} + # set a fixed version, so the header size doesn't vary $HTTP::Daemon::VERSION = "1.00"; -my $port = 50000 + int(rand(1000)); +my $port_http = 50000 + int(rand(1000)); +my $port_https = $port_http + 1; -my $pid = fork(); -if ($pid) { +# Start up both servers +my $pid_https; +my $pid_http = fork(); +if ($pid_http) { # Parent - #print "parent\n"; - # give our webserver some time to startup + if (exists $servers->{https}) { + # Fork another server + $pid_https = fork(); + if ($pid_https) { + # Parent + } else { + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/server-cert.pem", + SSL_key_file => "$Bin/certs/server-key.pem", + ) || die; + print "Please contact https at: url, ">\n"; + run_server( $d ); + exit; + } + } + # give our webservers some time to startup sleep(1); } else { # Child #print "child\n"; - my $d = HTTP::Daemon->new( - LocalPort => $port, + LocalPort => $port_http, LocalAddr => "127.0.0.1", ) || die; - print "Please contact me at: url, ">\n"; + print "Please contact http at: url, ">\n"; + run_server( $d ); + exit; +} + +# Run the same server on http and https +sub run_server { + my $d = shift; while (my $c = $d->accept ) { while (my $r = $c->get_request) { if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) { @@ -70,140 +103,173 @@ if ($pid) { $c->close; } } - exit; } -END { if ($pid) { print "Killing $pid\n"; kill "INT", $pid } }; +END { + foreach my $pid ($pid_http, $pid_https) { + if ($pid) { print "Killing $pid\n"; kill "INT", $pid } + } +}; if ($ARGV[0] && $ARGV[0] eq "-d") { sleep 1000; } +my $common_tests = 47; if (-x "./check_http") { - plan tests => 47; + plan tests => $common_tests * 2; } else { plan skip_all => "No check_http compiled"; } my $result; -my $command = "./check_http -H 127.0.0.1 -p $port"; - -$result = NPTest->testCmd( "$command -u /file/root" ); -is( $result->return_code, 0, "/file/root"); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 274 bytes in [\d\.]+ seconds/', "Output correct" ); +my $command = "./check_http -H 127.0.0.1"; -$result = NPTest->testCmd( "$command -u /file/root -s Root" ); -is( $result->return_code, 0, "/file/root search for string"); -TODO: { -local $TODO = "Output is different if a string is requested - should this be right?"; -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 274 bytes in [\d\.]+ seconds/', "Output correct" ); +run_common_tests( { command => "$command -p $port_http" } ); +SKIP: { + skip "HTTP::Daemon::SSL not installed", $common_tests if ! exists $servers->{https}; + run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); } -$result = NPTest->testCmd( "$command -u /slow" ); -is( $result->return_code, 0, "/file/root"); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 177 bytes in ([\d\.]+) seconds/', "Output correct" ); -$result->output =~ /in ([\d\.]+) seconds/; -cmp_ok( $1, ">", 1, "Time is > 1 second" ); - -my $cmd; -$cmd = "$command -u /statuscode/200 -e 200"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 89 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -u /statuscode/201 -e 201"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 201 Created - 94 bytes in ([\d\.]+) seconds /', "Output correct: ".$result->output ); - -$cmd = "$command -u /statuscode/201 -e 200"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 2, $cmd); -like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output ); - -$cmd = "$command -u /statuscode/200 -e 200,201,202"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 89 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -u /statuscode/201 -e 200,201,202"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 201 Created - 94 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -u /statuscode/203 -e 200,201,202"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 2, $cmd); -like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output ); - -$cmd = "$command -j HEAD -u /method"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 HEAD - 19 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -j POST -u /method"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 POST - 19 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -j GET -u /method"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 GET - 18 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -u /method"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 GET - 18 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -P foo -u /method"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 POST - 19 bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); - -$cmd = "$command -j DELETE -u /method"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 1, $cmd); -like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output ); - -$cmd = "$command -j foo -u /method"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 2, $cmd); -like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output ); - -$cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - ([\d\.]+) second/', "Output correct: ".$result->output ); - -$cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - ([\d\.]+) second/', "Output correct: ".$result->output ); - -# To confirm that the free doesn't segfault -$cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - ([\d\.]+) second/', "Output correct: ".$result->output ); - -$cmd = "$command -u /redirect"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK - HTTP/1.1 301 Moved Permanently - [\d\.]+ second/', "Output correct: ".$result->output ); - -$cmd = "$command -f follow -u /redirect"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 183 bytes in [\d\.]+ second/', "Output correct: ".$result->output ); - -$cmd = "$command -u /redirect -k 'follow: me'"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK - HTTP/1.1 301 Moved Permanently - [\d\.]+ second/', "Output correct: ".$result->output ); - -$cmd = "$command -f follow -u /redirect -k 'follow: me'"; -$result = NPTest->testCmd( $cmd ); -is( $result->return_code, 0, $cmd); -like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 183 bytes in [\d\.]+ second/', "Output correct: ".$result->output ); +sub run_common_tests { + my ($opts) = @_; + my $command = $opts->{command}; + my $b; + my $add = 0; + if ($opts->{ssl}) { + $command .= " --ssl"; + } + $result = NPTest->testCmd( "$command -u /file/root" ); + is( $result->return_code, 0, "/file/root"); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 274 bytes in [\d\.]+ seconds/', "Output correct" ); + + $result = NPTest->testCmd( "$command -u /file/root -s Root" ); + is( $result->return_code, 0, "/file/root search for string"); + TODO: { + local $TODO = "Output is different if a string is requested - should this be right?"; + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - 274 bytes in [\d\.]+ seconds/', "Output correct" ); + } + + + $b = 177 + $add; + $result = NPTest->testCmd( "$command -u /slow" ); + is( $result->return_code, 0, "/file/root"); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct" ); + $result->output =~ /in ([\d\.]+) seconds/; + cmp_ok( $1, ">", 1, "Time is > 1 second" ); + + my $cmd; + $b = 89 + $add; + $cmd = "$command -u /statuscode/200 -e 200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $b = 94 + $add; + $cmd = "$command -u /statuscode/201 -e 201"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 201 Created - '.$b.' bytes in ([\d\.]+) seconds /', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201 -e 200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output ); + + $b = 89 + $add; + $cmd = "$command -u /statuscode/200 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $b = 94 + $add; + $cmd = "$command -u /statuscode/201 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 201 Created - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/203 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output ); + + $b = 19 + $add; + $cmd = "$command -j HEAD -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 HEAD - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $b = 19 + $add; + $cmd = "$command -j POST -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 POST - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $b = 18 + $add; + $cmd = "$command -j GET -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 GET - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $b = 18 + $add; + $cmd = "$command -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 GET - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $b = 19 + $add; + $cmd = "$command -P foo -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 POST - '.$b.' bytes in ([\d\.]+) seconds/', "Output correct: ".$result->output ); + + $cmd = "$command -j DELETE -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 1, $cmd); + like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output ); + + $cmd = "$command -j foo -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output ); + + $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - ([\d\.]+) second/', "Output correct: ".$result->output ); + + $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - ([\d\.]+) second/', "Output correct: ".$result->output ); + + # To confirm that the free doesn't segfault + $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - ([\d\.]+) second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /redirect"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK - HTTP/1.1 301 Moved Permanently - [\d\.]+ second/', "Output correct: ".$result->output ); + + $b = 183 + $add; + $cmd = "$command -f follow -u /redirect"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - '.$b.' bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK - HTTP/1.1 301 Moved Permanently - [\d\.]+ second/', "Output correct: ".$result->output ); + + $b = 183 + $add; + $cmd = "$command -f follow -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK HTTP/1.1 200 OK - '.$b.' bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + +}