# HG changeset patch
# User Matthias Förste <foerste@schlittermann.de>
# Date 1427450585 -3600
# Node ID 9501cc7d9177227ceb1b459e3b38aa9739ef0134
# Parent  53510efbca112525893be9a5da1a3c621249847c
new structure

diff -r 53510efbca11 -r 9501cc7d9177 .hgignore
--- a/.hgignore	Fri Mar 27 10:34:02 2015 +0100
+++ b/.hgignore	Fri Mar 27 11:03:05 2015 +0100
@@ -4,4 +4,7 @@
 ^debian/files
 ^debian/nagios-plugin-cert[/.]
 ^config\.(sub|guess)$
-^Makefile$
+^Makefile|Build$
+^_build/
+^MANIFEST$
+^MYMETA\.(yml|json)$
diff -r 53510efbca11 -r 9501cc7d9177 Build.PL
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Build.PL	Fri Mar 27 11:03:05 2015 +0100
@@ -0,0 +1,19 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Module::Build;
+
+my $build = Module::Build->new
+(
+    dist_name => 'nagios-plugin-cert',
+    dist_author => 'Matthias Förste',
+    dist_version_from => 'lib/nagios/plugins/ius/check_cert',
+    requires => {
+        'Nagios::Plugin' => 0,
+        'Crypt::OpenSSL::PKCS12' => 0,
+        'Crypt::OpenSSL::X509' => 0
+    },
+);
+$build->create_build_script;
diff -r 53510efbca11 -r 9501cc7d9177 MANIFEST.SKIP
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/MANIFEST.SKIP	Fri Mar 27 11:03:05 2015 +0100
@@ -0,0 +1,76 @@
+
+#!start included /usr/share/perl/5.14/ExtUtils/MANIFEST.SKIP
+# Avoid version control files.
+\bRCS\b
+\bCVS\b
+\bSCCS\b
+,v$
+\B\.svn\b
+\B\.git\b
+\B\.gitignore\b
+\b_darcs\b
+\B\.cvsignore$
+
+# Avoid VMS specific MakeMaker generated files
+\bDescrip.MMS$
+\bDESCRIP.MMS$
+\bdescrip.mms$
+
+# Avoid Makemaker generated and utility files.
+\bMANIFEST\.bak
+\bMakefile$
+\bblib/
+\bMakeMaker-\d
+\bpm_to_blib\.ts$
+\bpm_to_blib$
+\bblibdirs\.ts$         # 6.18 through 6.25 generated this
+
+# Avoid Module::Build generated and utility files.
+\bBuild$
+\b_build/
+\bBuild.bat$
+\bBuild.COM$
+\bBUILD.COM$
+\bbuild.com$
+
+# Avoid temp and backup files.
+~$
+\.old$
+\#$
+\b\.#
+\.bak$
+\.tmp$
+\.#
+\.rej$
+
+# Avoid OS-specific files/dirs
+# Mac OSX metadata
+\B\.DS_Store
+# Mac OSX SMB mount metadata files
+\B\._
+
+# Avoid Devel::Cover and Devel::CoverX::Covered files.
+\bcover_db\b
+\bcovered\b
+
+# Avoid MYMETA files
+^MYMETA\.
+#!end included /usr/share/perl/5.14/ExtUtils/MANIFEST.SKIP
+
+# Avoid configuration metadata file
+^MYMETA\.
+
+# Avoid Module::Build generated and utility files.
+\bBuild$
+\bBuild.bat$
+\b_build
+\bBuild.COM$
+\bBUILD.COM$
+\bbuild.com$
+^MANIFEST\.SKIP
+
+# Avoid archives of this distribution
+\bnagios-plugin-cert-[\d\.\_]+
+
+# Avoid mercurial version control files
+^.hg(/|(ignore|tags)$)
diff -r 53510efbca11 -r 9501cc7d9177 Makefile.in
--- a/Makefile.in	Fri Mar 27 10:34:02 2015 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-SCRIPTS = check_cert
-CLEANFILES = ${SCRIPTS}
-DESTDIR =
-prefix = !prefix!
-
-plugindir = ${prefix}/lib/nagios/plugins/ius
-
-.PHONY:	all clean install
-
-all:	${SCRIPTS}
-
-clean:
-	-rm -f ${CLEANFILES}
-
-install:	all
-	install -d -m 0755 ${DESTDIR}/${plugindir}
-	install -m 0755 $(SCRIPTS) ${DESTDIR}/${plugindir}/
-
-%:	%.pl
-	@perl -c $<
-	@cp -f $< $@
-	@chmod +x $@
-
-%:	%.sh
-	@cp -f $< $@
-	@chmod +x $@
diff -r 53510efbca11 -r 9501cc7d9177 check_cert.pl
--- a/check_cert.pl	Fri Mar 27 10:34:02 2015 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,243 +0,0 @@
-#!/usr/bin/perl -w
-
-use strict;
-use warnings;
-use File::Basename;
-use Getopt::Long;
-use Date::Manip;
-use IPC::Open2;
-use lib "/usr/lib/nagios/plugins";
-use utils qw (%ERRORS &print_revision &support);
-
-sub print_help();
-sub print_usage();
-
-my $ME = basename $0;
-my ( $opt_w, $opt_c, $opt_V, $opt_h, $opt_b, $opt_s, @opt_certfiles );
-my ( $w_time, $c_time, $result, $message, %certs );
-my ( @critical, @warning, @ok );
-
-$opt_w = "1month";
-$opt_c = "1week";
-$opt_b = "/usr/bin/openssl";
-$opt_s = "md5WithRSAEncryption";
-
-Getopt::Long::Configure('bundling');
-GetOptions(
-    "V"           => \$opt_V,
-    "version"     => \$opt_V,
-    "h"           => \$opt_h,
-    "help"        => \$opt_h,
-    "b=s"         => \$opt_b,
-    "binary"      => \$opt_b,
-    "w=s"         => \$opt_w,
-    "warning=s"   => \$opt_w,
-    "c=s"         => \$opt_c,
-    "critical=s"  => \$opt_c,
-    "s=s"         => \$opt_s,
-    "signature=s" => \$opt_s,
-    "f=s"         => \@opt_certfiles,
-    "certfile=s"  => \@opt_certfiles
-);
-
-if ($opt_V) {
-    print_revision( $ME, "1.2" );
-    exit $ERRORS{"OK"};
-}
-
-if ($opt_h) {
-    print_help();
-    exit $ERRORS{"OK"};
-}
-
-# check openssl binary
-unless ( -x $opt_b ) {
-    print "CERT CRITICAL: OpenSSL not found or not executable - $opt_b\n";
-    exit $ERRORS{"CRITICAL"};
-}
-
-unless (@opt_certfiles) {
-    print "CERT WARNING: Not defined any certificate files\n";
-    exit $ERRORS{"WARNING"};
-}
-
-@opt_certfiles = split( /,/, join( ',', @opt_certfiles ) );
-
-# extract certificate data
-foreach my $file (@opt_certfiles) {
-    unless ( -r $file ) {
-        print
-"CERT CRITICAL: $file - not exists or not read permission is granted\n";
-        exit $ERRORS{"CRITICAL"};
-    }
-    my $no_print =
-"no_header,no_version,no_serial,no_validity,no_subject,no_issuer,no_pubkey,no_sigdump,no_extensions";
-    my @cmd_x509 = (
-        $opt_b,     "x509",     "-in",      $file,
-        "-noout",   "-text",    "-certopt", $no_print,
-        "-subject", "-enddate", "-purpose"
-    );
-    my @cmd_pkcs12 = (
-        $opt_b,     "pkcs12",  "-in",       $file,
-        "-clcerts", "-nokeys", "-nomacver", "-passin",
-        "pass:"
-    );
-    my @cmd_pipe = (
-        $opt_b,     "x509",    "-noout",   "-text",
-        "-certopt", $no_print, "-subject", "-enddate",
-        "-purpose"
-    );
-    my ( $temp, $sig, $cn, $enddate, $rc, $cert_type );
-    open( CERT, "-|" ) or do {
-        open( STDERR, ">&STDOUT" );
-        exec(@cmd_x509);
-    };
-
-    # check x509 certificates
-    while (<CERT>) {
-        /unable to load certificate/ and $rc = 1 and last;
-        /Signature\sAlgorithm:\s($opt_s)\s+$/ and $sig       = $1;
-        /^subject=\s.*CN=(.*)\s+$/            and $cn        = $1;
-        /^notAfter=(.*)\s+$/                  and $enddate   = $1;
-        /^(SSL\sclient)\s:\sYes$/             and $cert_type = $1;
-        /^(SSL\sserver)\s:\sYes$/             and $cert_type = $1;
-    }
-    close(CERT);
-
-    # check pkcs12 certificates
-    if ($rc) {
-        open( PKCS12, "@cmd_pkcs12 |" );
-
-        while (<PKCS12>) {
-            $temp .= $_;
-        }
-        close(PKCS12);
-
-        local ( *READ, *WRITE );
-        open2( \*READ, \*WRITE, @cmd_pipe ) or die "Can't fork: $!\n";
-        print WRITE $temp;
-        close(WRITE);
-
-        while (<READ>) {
-            /unable to load certificate/
-              and print "CERT CRITICAL: unable to load certificate\n"
-              and exit $ERRORS{"CRITICAL"};
-            /Signature\sAlgorithm:\s($opt_s)\s+$/ and $sig       = $1;
-            /^subject=\s.*CN=(.*)\s+$/            and $cn        = $1;
-            /^notAfter=(.*)\s+$/                  and $enddate   = $1;
-            /^(SSL\sclient)\s:\sYes$/             and $cert_type = $1;
-            /^(SSL\sserver)\s:\sYes$/             and $cert_type = $1;
-        }
-        close(READ);
-    }
-
-    # fill the hash
-    push( @{ $certs{$file} }, ( $cn, $enddate, $sig, $cert_type ) );
-}
-
-# calculate the time
-$w_time = DateCalc( "today", "+ $opt_w" );
-$c_time = DateCalc( "today", "+ $opt_c" );
-
-# check expire date
-foreach ( sort keys %certs ) {
-    my $enddate;
-    if ( @{ $certs{$_} }[1] =~ /(\w+\s+\d+\s+\d+:\d+:\d+\s+\d+)/ ) {
-        $enddate = $1;
-    }
-    $enddate = ParseDate($enddate);
-    unless ($enddate) {
-        print "CERT CRITICAL: Can't parse enddate\n";
-        exit $ERRORS{"CRITICAL"};
-    }
-
-    &Date_Cmp( $enddate, $w_time ) > 0 and push( @{ $certs{$_} }, "OK" ), next;
-    &Date_Cmp( $enddate, $c_time ) > 0
-      and push( @{ $certs{$_} }, "WARNING" ), next;
-    push( @{ $certs{$_} }, "CRITICAL" );
-}
-
-# looking for stats
-foreach ( sort keys %certs ) {
-    if ( @{ $certs{$_} }[2] ) {
-        if ( @{ $certs{$_} }[2] eq "$opt_s" ) {
-            push( @warning,
-"file: $_, CN=@{$certs{$_}}[0] Signature Algorithm: @{$certs{$_}}[2]"
-            );
-        }
-    }
-
-    if ( @{ $certs{$_} }[4] eq "WARNING" ) {
-        push( @warning,
-"file: $_, CN=@{$certs{$_}}[0] expires @{$certs{$_}}[1] type: @{$certs{$_}}[3]"
-        );
-    }
-    elsif ( @{ $certs{$_} }[4] eq "CRITICAL" ) {
-        push( @critical,
-"file: $_, CN=@{$certs{$_}}[0] expires @{$certs{$_}}[1] type: @{$certs{$_}}[3]"
-        );
-    }
-    else {
-        push( @ok,
-"file: $_, CN=@{$certs{$_}}[0] expires @{$certs{$_}}[1] type: @{$certs{$_}}[3]"
-        );
-    }
-}
-
-# return the state
-if (@critical) {
-    print "CERT CRITICAL: @critical\n";
-    exit $ERRORS{"CRITICAL"};
-}
-elsif (@warning) {
-    print "CERT WARNING: @warning\n";
-    exit $ERRORS{"WARNING"};
-}
-else {
-    print "CERT OK: @ok\n";
-    exit $ERRORS{"OK"};
-}
-
-sub print_usage() {
-    print "Usage:\n";
-    print
-"  $ME [-b <binary>] [-w <time>] [-c <time>] [-s <signature algorithm>] [-f <file,file,file,...>]\n";
-    print "  $ME [-h | --help]\n";
-    print "  $ME [-V | --version]\n";
-}
-
-sub print_help() {
-    print_revision( $ME, "1.2" );
-    print "Copyright (c) 2010 Christian Arnold\n\n";
-    print "This plugin checks the expire date for openssl certificates.\n\n";
-    print_usage();
-    print "\n";
-    print "  -b, --binary <binary>\n";
-    print "     Path of openssl binary (default: /usr/bin/openssl)\n";
-    print "  -w, --warning <time>\n";
-    print
-"     Certificat should not be more than this time older (default: 1month)\n";
-    print
-"     For time can be used year, month, day, hour, minute, second and weeks.\n";
-    print "  -c, --critical <time>\n";
-    print
-"     Certificat should not be more than this time older (default: 1week)\n";
-    print
-"     For time can be used year, month, day, hour, minute, second and weeks.\n";
-    print "  -s, --signature <signature algorithm>\n";
-    print
-"     Return WARNING status if <signature algorithm> is used (default: md5WithRSAEncryption).\n";
-    print "  -f, --certfile <file,file,file, ...>\n";
-    print
-"     Absolute path of x509 or pkcs12 openssl certificate files, use comma-separated lists for multiple files.\n";
-    print "  -h, --help\n";
-    print "     Print detailed help screen\n";
-    print "  -V, --version\n";
-    print "     Print version information\n";
-    print "\n";
-    support();
-}
-
-exit;
-
-# vim:sts=4 sw=4 aw ai sm:
diff -r 53510efbca11 -r 9501cc7d9177 configure
--- a/configure	Fri Mar 27 10:34:02 2015 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-#! /bin/sh
-
-prefix=/usr/local
-
-tmp=`getopt -n $0 -o p: -l prefix: -- "$@"`
-eval set -- $tmp
-
-while true; do
-	o="$1"; shift
-	case "$o" in
-		-p|--prefix)	prefix="$1"; shift;;
-		--) break;;
-	esac
-done
-
-perl -pe "s{!prefix!}{$prefix}g" < Makefile.in > Makefile
diff -r 53510efbca11 -r 9501cc7d9177 debian/compat
--- a/debian/compat	Fri Mar 27 10:34:02 2015 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-5
diff -r 53510efbca11 -r 9501cc7d9177 debian/control
--- a/debian/control	Fri Mar 27 10:34:02 2015 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-Source: nagios-plugin-cert
-Section: net
-Priority: extra
-Maintainer: Christian Arnold <arnold@schlittermann.de>
-Build-Depends: debhelper (>= 5), autotools-dev, libdate-manip-perl, nagios-plugins-common
-Standards-Version: 3.7.2
-
-Package: nagios-plugin-cert
-Architecture: all
-Depends: perl, libdate-manip-perl, openssl
-Description: nagios plugin to check openssl certificates
- This plugin checks the expire date of x509 and pkcs12 certificates.
diff -r 53510efbca11 -r 9501cc7d9177 debian/rules
--- a/debian/rules	Fri Mar 27 10:34:02 2015 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-#!/usr/bin/make -f
-# -*- makefile -*-
-# Sample debian/rules that uses debhelper.
-# This file was originally written by Joey Hess and Craig Small.
-# As a special exception, when this file is copied by dh-make into a
-# dh-make output file, you may use that output file without restriction.
-# This special exception was added by Craig Small in version 0.37 of dh-make.
-
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
-
-# These are used for cross-compiling and for saving the configure script
-# from having to guess our platform (since we know it already)
-DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
-DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-
-
-CFLAGS = -Wall -g
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -O0
-else
-	CFLAGS += -O2
-endif
-
-config.status: configure
-	dh_testdir
-	# Add here commands to configure the package.
-	./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs"
-
-
-build: build-stamp
-
-build-stamp:  config.status
-	dh_testdir
-
-	# Add here commands to compile the package.
-	$(MAKE)
-	#docbook-to-man debian/nagios-plugin-cert.sgml > nagios-plugin-cert.1
-
-	touch $@
-
-clean:
-	dh_testdir
-	dh_testroot
-	rm -f build-stamp 
-
-	# Add here commands to clean up after the build process.
-	-$(MAKE) distclean
-ifneq "$(wildcard /usr/share/misc/config.sub)" ""
-	cp -f /usr/share/misc/config.sub config.sub
-endif
-ifneq "$(wildcard /usr/share/misc/config.guess)" ""
-	cp -f /usr/share/misc/config.guess config.guess
-endif
-
-
-	dh_clean 
-
-install: build
-	dh_testdir
-	dh_testroot
-	dh_clean -k 
-	dh_installdirs
-
-	# Add here commands to install the package into debian/nagios-plugin-cert.
-	$(MAKE) prefix=$(CURDIR)/debian/nagios-plugin-cert/usr install
-
-
-# Build architecture-independent files here.
-binary-indep: build install
-# We have nothing to do by default.
-
-# Build architecture-dependent files here.
-binary-arch: build install
-	dh_testdir
-	dh_testroot
-	dh_installchangelogs 
-	dh_installdocs
-	dh_installexamples
-#	dh_install
-#	dh_installmenu
-#	dh_installdebconf	
-#	dh_installlogrotate
-#	dh_installemacsen
-#	dh_installpam
-#	dh_installmime
-#	dh_python
-#	dh_installinit
-#	dh_installcron
-#	dh_installinfo
-	dh_installman
-	dh_link
-	dh_strip
-	dh_compress
-	dh_fixperms
-#	dh_perl
-#	dh_makeshlibs
-	dh_installdeb
-	dh_shlibdeps
-	dh_gencontrol
-	dh_md5sums
-	dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install 
diff -r 53510efbca11 -r 9501cc7d9177 lib/nagios/plugins/ius/check_cert
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/nagios/plugins/ius/check_cert	Fri Mar 27 11:03:05 2015 +0100
@@ -0,0 +1,98 @@
+#!/usr/bin/perl
+
+#    Copyright (C) 2015  Matthias Förste
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#    Matthias Förste <foerste@schlittermann.de>
+
+=encoding utf8
+=cut
+
+use strict;
+use warnings;
+
+#use Getopt::Long;
+use Pod::Usage;
+
+use Nagios::Plugin;
+
+package Nagios::Plugin::IUS::Cert
+$VERSION = 2.0;
+
+my $np = Nagios::Plugin->new(  
+         usage => pod2usage ( -verbose => 0, -exitval => 0)
+     );
+
+GetOptions(
+    "h|help" => sub { pod2usage( -verbose => 0, -exitval => 0 ) },
+    "m|man"  => sub {
+        pod2usage(
+            -verbose   => 2,
+            -exitval   => 0,
+            -noperldoc => ( `perldoc -V 2>/dev/null`, $? != 0 )[-1]
+        );
+    },
+) or pod2usage();
+
+__END__
+
+=pod
+
+=head1 NAME
+
+check_cert - check ssl certificate expiry
+
+=head1 SYNOPSIS
+
+check_cert [options] [directories]
+
+check_cert -m|--man
+           -h|--help
+
+=head1 DESCRIPTION
+
+This script checks the expiry of openssl certificates.
+
+=head1 OPTIONS
+
+=over
+
+=item B<-b|--binary> I<path>
+
+Path to the openssl binary (default: /usr/bin/openssl)
+
+=item B<-w|--warning> I<time>
+
+Return status I<warning> if certificate expires in less than <time>.
+
+=item B<-w|--critical> I<time>
+
+Return status I<critical> if certificate expires in less than <time>.
+
+=back
+
+=head1 NOTES
+
+Time Ranges may be given as <number><suffix>, where <suffix> can be one of s, m, h or d for seconds, minutes, hours or days (default).
+
+=head1 FILES
+
+List or describe any files which may be used by 'check_cert' here.
+
+=head1 AUTHOR
+
+Matthias Förste <foerste@schlittermann.de>
+
+=cut