From a3272a6fd29fe2983c0ab63f47b639b6bc0da8b3 Mon Sep 17 00:00:00 2001
From: James Hannah <jhannah@bytemark.co.uk>
Date: Mon, 27 Mar 2017 10:49:37 +0100
Subject: First stab at allowing custom SSL expiry days

---
 lib/custodian/protocoltest/ssl.rb | 21 ++++++++++++++---
 t/test-custodian-parser.rb        | 48 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 65 insertions(+), 4 deletions(-)

diff --git a/lib/custodian/protocoltest/ssl.rb b/lib/custodian/protocoltest/ssl.rb
index c58a083..82754c6 100644
--- a/lib/custodian/protocoltest/ssl.rb
+++ b/lib/custodian/protocoltest/ssl.rb
@@ -25,13 +25,15 @@ class SSLCheck
   #
   # Takes one parameter -- the URL.
   #
-  def initialize(uri)
+  def initialize(uri, expiry_days = 14)
     raise ArgumentError, 'URI must be a string' unless uri.is_a?(String)
     @uri = URI.parse(uri)
 
     @domain = @uri.host
     @key = nil
 
+    @expiry_days = expiry_days
+
     @certificate = nil
     @certificate_store = nil
 
@@ -352,7 +354,7 @@ class SSLCheck
 
     days_until_expiry = (self.certificate.not_after.to_i - Time.now.to_i) / (24.0 * 3600).floor.to_i
 
-    if days_until_expiry > 14
+    if days_until_expiry > @expiry_days
       verbose "The certificate for #{self.domain} is valid until #{self.certificate.not_after}."
       return true
     else
@@ -440,6 +442,12 @@ module Custodian
         #
         @line = line
 
+        if @line =~ /and cannot expire within (\d+) days/ then
+          @expiry_days = $1.to_i
+        else
+          @expiry_days = 14
+        end
+
         #
         # Save the host
         #
@@ -448,6 +456,13 @@ module Custodian
       end
 
 
+      #
+      # Return the expiry period we'll test against
+      #
+      def expiry_days
+        @expiry_days
+      end
+
 
 
       #
@@ -499,7 +514,7 @@ module Custodian
           return Custodian::TestResult::TEST_SKIPPED
         end
 
-        s = SSLCheck.new(@host)
+        s = SSLCheck.new(@host,@expiry_days)
         result = s.verify
 
         if true == result
diff --git a/t/test-custodian-parser.rb b/t/test-custodian-parser.rb
index cfecbb3..1bcf5bc 100755
--- a/t/test-custodian-parser.rb
+++ b/t/test-custodian-parser.rb
@@ -1,6 +1,5 @@
 #!/usr/bin/ruby -I./lib/ -I../lib/
 
-
 require 'test/unit'
 require 'custodian/parser'
 
@@ -430,7 +429,54 @@ EOF
     end
   end
 
+  #
+  # HTTP/HTTPS tests might specify custom expiry
+  #
+  def test_https_custom_expiry
+
+    parser = Custodian::Parser.new
 
+    #
+    # A series of tests to parse
+    #
+    expiries = {}
+    expiries['https://example.com/ must run https'] = 14
+    expiries['https://example.com/ must run https and cannot expire within 14 days'] = 14
+    expiries['https://example.com/ must run https and cannot expire within 45 days'] = 45
+    expiries['https://example.com/ must run https and cannot expire within 300 days'] = 300
+
+    #
+    # Test the parser with this text
+    #
+    expiries.each do |str,days|
+      assert_nothing_raised do
+
+        #
+        # Create the new parser
+        #
+        obj = Custodian::TestFactory.create(str)
+        assert(!obj.nil?)
+        assert(obj.kind_of?(Array))
+
+        # There are *TWO* registered tests for http URLs.
+        assert(obj.size == 2)
+
+        found_days = -1
+
+        # Test both of them to make sure we got our expiry period.
+        obj.each do |x|
+          if ( x.class.name =~ /SSL/ )
+            found_days =  x.expiry_days
+          end
+        end
+
+        # Ensure we did find a match.
+        assert(found_days != -1 )
+        assert(found_days == days)
+
+      end
+    end
+  end
 
 
   #
-- 
cgit v1.2.1