summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Hannah <jhannah@bytemark.co.uk>2017-03-27 10:49:37 +0100
committerJames Hannah <jhannah@bytemark.co.uk>2017-03-27 10:49:37 +0100
commitf868e25305c9636e8f863002a08770a3bfac6d8c (patch)
tree0aae9dfd987c73ab118e91c9f7c873eaa57c17af
parenta3d7eb874eedbe3c065451bd0377f5236873e36a (diff)
parenta3272a6fd29fe2983c0ab63f47b639b6bc0da8b3 (diff)
Merge branch 'ssl-custom-expiry' into 'master'
Allow tests to specify the number of days before an expiring SSL certificate will generate a warning See merge request !5
-rw-r--r--lib/custodian/protocoltest/ssl.rb21
-rwxr-xr-xt/test-custodian-parser.rb48
2 files changed, 65 insertions, 4 deletions
diff --git a/lib/custodian/protocoltest/ssl.rb b/lib/custodian/protocoltest/ssl.rb
index c58a083..82754c6 100644
--- a/lib/custodian/protocoltest/ssl.rb
+++ b/lib/custodian/protocoltest/ssl.rb
@@ -25,13 +25,15 @@ class SSLCheck
#
# Takes one parameter -- the URL.
#
- def initialize(uri)
+ def initialize(uri, expiry_days = 14)
raise ArgumentError, 'URI must be a string' unless uri.is_a?(String)
@uri = URI.parse(uri)
@domain = @uri.host
@key = nil
+ @expiry_days = expiry_days
+
@certificate = nil
@certificate_store = nil
@@ -352,7 +354,7 @@ class SSLCheck
days_until_expiry = (self.certificate.not_after.to_i - Time.now.to_i) / (24.0 * 3600).floor.to_i
- if days_until_expiry > 14
+ if days_until_expiry > @expiry_days
verbose "The certificate for #{self.domain} is valid until #{self.certificate.not_after}."
return true
else
@@ -440,6 +442,12 @@ module Custodian
#
@line = line
+ if @line =~ /and cannot expire within (\d+) days/ then
+ @expiry_days = $1.to_i
+ else
+ @expiry_days = 14
+ end
+
#
# Save the host
#
@@ -448,6 +456,13 @@ module Custodian
end
+ #
+ # Return the expiry period we'll test against
+ #
+ def expiry_days
+ @expiry_days
+ end
+
#
@@ -499,7 +514,7 @@ module Custodian
return Custodian::TestResult::TEST_SKIPPED
end
- s = SSLCheck.new(@host)
+ s = SSLCheck.new(@host,@expiry_days)
result = s.verify
if true == result
diff --git a/t/test-custodian-parser.rb b/t/test-custodian-parser.rb
index cfecbb3..1bcf5bc 100755
--- a/t/test-custodian-parser.rb
+++ b/t/test-custodian-parser.rb
@@ -1,6 +1,5 @@
#!/usr/bin/ruby -I./lib/ -I../lib/
-
require 'test/unit'
require 'custodian/parser'
@@ -430,7 +429,54 @@ EOF
end
end
+ #
+ # HTTP/HTTPS tests might specify custom expiry
+ #
+ def test_https_custom_expiry
+
+ parser = Custodian::Parser.new
+ #
+ # A series of tests to parse
+ #
+ expiries = {}
+ expiries['https://example.com/ must run https'] = 14
+ expiries['https://example.com/ must run https and cannot expire within 14 days'] = 14
+ expiries['https://example.com/ must run https and cannot expire within 45 days'] = 45
+ expiries['https://example.com/ must run https and cannot expire within 300 days'] = 300
+
+ #
+ # Test the parser with this text
+ #
+ expiries.each do |str,days|
+ assert_nothing_raised do
+
+ #
+ # Create the new parser
+ #
+ obj = Custodian::TestFactory.create(str)
+ assert(!obj.nil?)
+ assert(obj.kind_of?(Array))
+
+ # There are *TWO* registered tests for http URLs.
+ assert(obj.size == 2)
+
+ found_days = -1
+
+ # Test both of them to make sure we got our expiry period.
+ obj.each do |x|
+ if ( x.class.name =~ /SSL/ )
+ found_days = x.expiry_days
+ end
+ end
+
+ # Ensure we did find a match.
+ assert(found_days != -1 )
+ assert(found_days == days)
+
+ end
+ end
+ end
#