Mercurial Mercurial > hg > ius > nagios > nagios-plugin-tlsa / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
t/check_tlsa_record.t
changeset 27 32c8d3292079
parent 26 3190e55f104b
child 39 0f95ea2ef883
equal deleted inserted replaced
26:3190e55f104b 27:32c8d3292079 
     1 #! /usr/bin/perl
 
     1 #! /usr/bin/perl
 
     2 
     2 
     3 use strict;
 
     3 use strict;
 
     4 use warnings;
 
     4 use warnings;
 
     5 use Test::More qw(no_plan);
 
     5 use Test::More qw(no_plan);
 
       
     6 
     6 # @TODO write tests for
 
     7 # @TODO write tests for
 
     7 # bad-hash.dane.verisignlabs.com -> The TLSA record for this server has an incorrect hash value, although it is correctly signed with DNSSEC
 
     8 # bad-hash.dane.verisignlabs.com -> The TLSA record for this server has an incorrect hash value, although it is correctly signed with DNSSEC
 
     8 # bad-params.dane.verisignlabs.com -> The TLSA record for this server has a correct hash value, incorrect TLSA parameters, and is correctly signed with DNSSEC. NOTE: The current Firefox plugin accepts these TLSA records as valid.
 
     9 # bad-params.dane.verisignlabs.com -> The TLSA record for this server has a correct hash value, incorrect TLSA parameters, and is correctly signed with DNSSEC. NOTE: The current Firefox plugin accepts these TLSA records as valid.
 
     9 # bad-sig.dane.verisignlabs.com -> The TLSA record for this server is correct, but the DNSSEC chain-of-trust is broken and/or has a bad signature. NOTE: If you have validation enabled you won't be able to look up the hostname anyway.
 
    10 # bad-sig.dane.verisignlabs.com -> The TLSA record for this server is correct, but the DNSSEC chain-of-trust is broken and/or has a bad signature. NOTE: If you have validation enabled you won't be able to look up the hostname anyway.
 
    10 # source: http://dane.verisignlabs.com/
 
    11 # source: http://dane.verisignlabs.com/
 
    11 
    12 
    12 BEGIN { use_ok('Nagios::Check::DNS::check_tlsa_record') };
 
    13 BEGIN { use_ok('Nagios::Check::DNS::check_tlsa_record') }
 
    13 
    14 
    14 require_ok('Nagios::Check::DNS::check_tlsa_record');
 
    15 require_ok('Nagios::Check::DNS::check_tlsa_record');
 
    15 
    16 
    16 #HTTP Domains
 
    17 #HTTP Domains
 
    17 my $domain  = 'ssl.schlittermann.de';
 
    18 my $domain  = 'ssl.schlittermann.de';
 
    18 my $domain2 = 'torproject.org';
 
    19 my $domain2 = 'torproject.org';
 
    19 my $domain3 = 'freebsd.org';
 
    20 my $domain3 = 'freebsd.org';
 
    20 my $domain4 = 'bad-hash.dane.verisignlabs.com'; # The TLSA record for this server has an incorrect hash value, although it is correctly signed with DNSSEC
 
    21 my $domain4 = 'bad-hash.dane.verisignlabs.com'
 
       
    22   ; # The TLSA record for this server has an incorrect hash value, although it is correctly signed with DNSSEC
 
    21 
    23 
    22 #smtpdomains
 
    24 #smtpdomains
 
    23 my $sdomain = 'hh.schlittermann.de';
 
    25 my $sdomain = 'hh.schlittermann.de';
 
    24 
    26 
       
    27 sub test_main() {
 
       
    28     my $test_main_default_port =
 
       
    29       Nagios::Check::DNS::check_tlsa_record::main(($domain));
 
       
    30     like(
 
       
    31         $test_main_default_port,
 
       
    32         qr(OK: .* is valid),
 
       
    33         'main() ok with domain and default port 443'
 
       
    34     );
 
    25 
    35 
    26 sub test_main() {
 
    36     my $test_main_domain_and_port =
 
    27  my $test_main_default_port = Nagios::Check::DNS::check_tlsa_record::main(($domain));
 
    37       Nagios::Check::DNS::check_tlsa_record::main(($sdomain, 25));
 
    28  like($test_main_default_port, qr(OK: .* is valid), 'main() ok with domain and default port 443');
 
    38     like(
 
       
    39         $test_main_domain_and_port,
 
       
    40         qr(OK: .* is valid),
 
       
    41         'main() ok with domain and port'
 
       
    42     );
 
    29 
    43 
    30  my $test_main_domain_and_port = Nagios::Check::DNS::check_tlsa_record::main(($sdomain, 25));
 
    44     my $test_main_domain_port_protocol =
 
    31  like($test_main_domain_and_port, qr(OK: .* is valid), 'main() ok with domain and port');
 
    45       Nagios::Check::DNS::check_tlsa_record::main(($domain3, 443, 'tcp'));
 
       
    46     like(
 
       
    47         $test_main_domain_port_protocol,
 
       
    48         qr(OK: .* is valid),
 
       
    49         'main() ok with domain, port and protocol'
 
       
    50     );
 
    32 
    51 
    33  my $test_main_domain_port_protocol = Nagios::Check::DNS::check_tlsa_record::main(($domain3, 443, 'tcp'));
 
    52     my $test_main_no_tlsa =
 
    34  like($test_main_domain_port_protocol, qr(OK: .* is valid), 'main() ok with domain, port and protocol');
 
    53       Nagios::Check::DNS::check_tlsa_record::main(('google.com'));
 
       
    54     like(
 
       
    55         $test_main_no_tlsa,
 
       
    56         qr(WARNING: .*),
 
       
    57 'main() warning when no SSL-Certificate  or no TLSA-Record/DANE is available'
 
       
    58     );
 
    35 
    59 
    36  my $test_main_no_tlsa = Nagios::Check::DNS::check_tlsa_record::main(('google.com'));
 
    60     my $test_main_default_port2 =
 
    37  like($test_main_no_tlsa, qr(WARNING: .*), 'main() warning when no SSL-Certificate  or no TLSA-Record/DANE is available');
 
    61       Nagios::Check::DNS::check_tlsa_record::main(($domain4));
 
    38 
    62     like(
 
    39   my $test_main_default_port2 = Nagios::Check::DNS::check_tlsa_record::main(($domain4));
 
    63         $test_main_default_port2,
 
    40   like($test_main_default_port2, qr(CRITICAL: .* valid), 'main() critical when DANE not valid.');
 
    64         qr(CRITICAL: .* valid),
 
       
    65         'main() critical when DANE not valid.'
 
       
    66     );
 
    41 
    67 
    42 }
 
    68 }
 
    43 
    69 
    44 #sub test_dig() {
 
    70 #sub test_dig() {
 
    45 
    71 
    48 #like($test_dig_tlsa, qr(^[0-3]{1}\s[01]{1}\s[0-2]{1}\s[A-F0-9]{56}\s[A-F0-9]{8}), 'dig_tlsa() returnd format looks like an valid answer to dig tlsa');
 
    74 #like($test_dig_tlsa, qr(^[0-3]{1}\s[01]{1}\s[0-2]{1}\s[A-F0-9]{56}\s[A-F0-9]{8}), 'dig_tlsa() returnd format looks like an valid answer to dig tlsa');
 
    49 
    75 
    50 #}
 
    76 #}
 
    51 
    77 
    52 test_main();
 
    78 test_main();
 
       
    79 
    53 #test_dig();
 
    80 #test_dig();
 
    54 
       
    55 
       
    56 
    81 
    57 #@TODO write tests
 
    82 #@TODO write tests
 
    58 #my $return2 = Nagios::Check::DNS::check_tlsa_record::dig_tlsa(qw(hh.schlittermann.de 25 udp));
 
    83 #my $return2 = Nagios::Check::DNS::check_tlsa_record::dig_tlsa(qw(hh.schlittermann.de 25 udp));
 
    59 #say $return2;
 
    84 #say $return2;
 
    60 #
 
    85 #
 
    62 #say $return3;
 
    87 #say $return3;
 
    63 #
 
    88 #
 
    64 #my $return4 = Nagios::Check::DNS::check_tlsa_record::dig_tlsa(qw(hh.schlittermann.de));
 
    89 #my $return4 = Nagios::Check::DNS::check_tlsa_record::dig_tlsa(qw(hh.schlittermann.de));
 
    65 #say $return4;
 
    90 #say $return4;
 
    66 
    91 
    67 
       
    68 
       
    69 # vim: ft=perl ts=2 sw=2
 
    92 # vim: ft=perl ts=2 sw=2
ius/nagios/nagios-plugin-tlsa