2017-12-02 17:38:30 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2019-03-18 14:24:28 +02:00
|
|
|
"crypto/tls"
|
|
|
|
|
"crypto/x509"
|
2020-06-17 17:29:21 +02:00
|
|
|
"encoding/pem"
|
2017-12-02 17:38:30 +02:00
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"net/http/httptest"
|
2020-06-17 17:29:21 +02:00
|
|
|
"net/url"
|
|
|
|
|
"os"
|
|
|
|
|
"strconv"
|
2017-12-02 17:38:30 +02:00
|
|
|
"strings"
|
|
|
|
|
"testing"
|
2020-06-17 17:29:21 +02:00
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
pconfig "github.com/prometheus/common/config"
|
|
|
|
|
"github.com/ribbybibby/ssl_exporter/config"
|
|
|
|
|
"github.com/ribbybibby/ssl_exporter/test"
|
2017-12-02 17:38:30 +02:00
|
|
|
)
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerHTTPS tests a typical HTTPS probe
|
|
|
|
|
func TestProbeHandlerHTTPS(t *testing.T) {
|
|
|
|
|
server, certPEM, _, caFile, teardown, err := test.SetupHTTPSServer()
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
defer teardown()
|
|
|
|
|
|
|
|
|
|
server.StartTLS()
|
|
|
|
|
defer server.Close()
|
2019-03-27 20:10:35 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
conf := &config.Config{
|
|
|
|
|
Modules: map[string]config.Module{
|
|
|
|
|
"https": config.Module{
|
|
|
|
|
Prober: "https",
|
|
|
|
|
TLSConfig: pconfig.TLSConfig{
|
|
|
|
|
CAFile: caFile,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rr, err := probe(server.URL, "https", conf)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check success metric
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 1"); !ok {
|
2019-03-27 20:10:35 +02:00
|
|
|
t.Errorf("expected `ssl_tls_connect_success 1`")
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check probe metric
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_prober{prober=\"https\"} 1"); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_prober{prober=\"https\"} 1`")
|
|
|
|
|
}
|
2019-03-27 20:10:35 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check notAfter and notBefore metrics
|
|
|
|
|
block, _ := pem.Decode(certPEM)
|
|
|
|
|
cert, err := x509.ParseCertificate(block.Bytes)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Errorf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
notAfter := strconv.FormatFloat(float64(cert.NotAfter.UnixNano()/1e9), 'g', -1, 64)
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_cert_not_after{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} "+notAfter); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_cert_not_after{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} " + notAfter + "`")
|
|
|
|
|
}
|
|
|
|
|
notBefore := strconv.FormatFloat(float64(cert.NotBefore.UnixNano()/1e9), 'g', -1, 64)
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_cert_not_before{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} "+notBefore); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_cert_not_before{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} " + notBefore + "`")
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check TLS version metric
|
|
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_version_info{version=\"TLS 1.3\"} 1")
|
2019-03-27 20:10:35 +02:00
|
|
|
if !ok {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Errorf("expected `ssl_tls_version_info{version=\"TLS 1.3\"} 1`")
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
func TestProbeHandlerHTTPSNoServer(t *testing.T) {
|
|
|
|
|
rr, err := probe("localhost:6666", "https", config.DefaultConfig)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check success metric
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0"); !ok {
|
2019-03-27 20:10:35 +02:00
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerHTTPSEmptyTarget tests a https probe with an empty target
|
|
|
|
|
func TestProbeHandlerHTTPSEmptyTarget(t *testing.T) {
|
|
|
|
|
rr, err := probe("", "https", config.DefaultConfig)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
if rr.Code != 400 {
|
|
|
|
|
t.Fatalf("expected 400 status code, got %v", rr.Code)
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerHTTPSSpaces tests an invalid address with spaces in it
|
|
|
|
|
func TestProbeHandlerHTTPSSpaces(t *testing.T) {
|
|
|
|
|
rr, err := probe("with spaces", "https", config.DefaultConfig)
|
2019-08-15 10:43:34 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0")
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerHTTPSHTTP tests a https probe against a http server
|
|
|
|
|
func TestProbeHandlerHTTPSHTTP(t *testing.T) {
|
|
|
|
|
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
fmt.Fprintln(w, "Hello world")
|
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
server.Start()
|
|
|
|
|
defer server.Close()
|
|
|
|
|
|
|
|
|
|
u, err := url.Parse(server.URL)
|
2019-08-15 10:43:34 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
rr, err := probe(u.Host, "https", config.DefaultConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
2019-08-15 10:43:34 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0")
|
2019-08-15 10:43:34 +02:00
|
|
|
if !ok {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
2019-08-15 10:43:34 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
func TestProbeHandlerHTTPSClientAuthWrongClientCert(t *testing.T) {
|
|
|
|
|
server, serverCertPEM, _, caFile, teardown, err := test.SetupHTTPSServer()
|
2019-08-15 10:43:34 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
defer teardown()
|
2019-08-15 10:43:34 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Configure client auth on the server
|
|
|
|
|
certPool := x509.NewCertPool()
|
|
|
|
|
certPool.AppendCertsFromPEM(serverCertPEM)
|
2019-08-15 10:43:34 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
server.TLS.ClientAuth = tls.RequireAndVerifyClientCert
|
|
|
|
|
server.TLS.RootCAs = certPool
|
|
|
|
|
server.TLS.ClientCAs = certPool
|
2019-08-15 10:43:34 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
server.StartTLS()
|
|
|
|
|
defer server.Close()
|
|
|
|
|
|
|
|
|
|
// Create a different cert/key pair that won't be accepted by the server
|
|
|
|
|
certPEM, keyPEM := test.GenerateTestCertificate(time.Now().AddDate(0, 0, 1))
|
|
|
|
|
|
|
|
|
|
// Create cert file
|
|
|
|
|
certFile, err := test.WriteFile("cert.pem", certPEM)
|
2019-08-15 10:43:34 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
defer os.Remove(certFile)
|
2019-08-15 10:43:34 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Create key file
|
|
|
|
|
keyFile, err := test.WriteFile("key.pem", keyPEM)
|
2019-03-18 14:24:28 +02:00
|
|
|
if err != nil {
|
2019-03-27 20:10:35 +02:00
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
defer os.Remove(keyFile)
|
2019-03-27 20:10:35 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
conf := &config.Config{
|
|
|
|
|
Modules: map[string]config.Module{
|
|
|
|
|
"https": config.Module{
|
|
|
|
|
Prober: "https",
|
|
|
|
|
TLSConfig: pconfig.TLSConfig{
|
|
|
|
|
CAFile: caFile,
|
|
|
|
|
CertFile: certFile,
|
|
|
|
|
KeyFile: keyFile,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rr, err := probe(server.Listener.Addr().String(), "https", conf)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0")
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerTCP tests a typical TCP probe
|
|
|
|
|
func TestProbeHandlerTCP(t *testing.T) {
|
|
|
|
|
server, certPEM, _, caFile, teardown, err := test.SetupTCPServer()
|
2020-01-24 19:43:13 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
defer teardown()
|
2020-01-24 19:43:13 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
server.StartTLS()
|
|
|
|
|
defer server.Close()
|
2020-01-24 19:43:13 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
conf := &config.Config{
|
|
|
|
|
Modules: map[string]config.Module{
|
|
|
|
|
"tcp": config.Module{
|
|
|
|
|
Prober: "tcp",
|
|
|
|
|
TLSConfig: pconfig.TLSConfig{
|
|
|
|
|
CAFile: caFile,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2020-01-24 19:43:13 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
rr, err := probe(server.Listener.Addr().String(), "tcp", conf)
|
2020-01-24 19:43:13 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check success metric
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 1"); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_tls_connect_success 1`")
|
2020-01-24 19:43:13 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check probe metric
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_prober{prober=\"tcp\"} 1"); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_prober{prober=\"tcp\"} 1`")
|
2020-01-24 19:43:13 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check notAfter and notBefore metrics
|
|
|
|
|
block, _ := pem.Decode(certPEM)
|
|
|
|
|
cert, err := x509.ParseCertificate(block.Bytes)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Errorf(err.Error())
|
2019-03-18 14:24:28 +02:00
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
notAfter := strconv.FormatFloat(float64(cert.NotAfter.UnixNano()/1e9), 'g', -1, 64)
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_cert_not_after{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} "+notAfter); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_cert_not_after{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} " + notAfter + "`")
|
2019-03-18 14:24:28 +02:00
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
notBefore := strconv.FormatFloat(float64(cert.NotBefore.UnixNano()/1e9), 'g', -1, 64)
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_cert_not_before{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} "+notBefore); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_cert_not_before{cn=\"example.ribbybibby.me\",dnsnames=\",example.ribbybibby.me,example-2.ribbybibby.me,example-3.ribbybibby.me,\",emails=\",me@ribbybibby.me,example@ribbybibby.me,\",ips=\",127.0.0.1,::1,\",issuer_cn=\"example.ribbybibby.me\",ou=\",ribbybibbys org,\",serial_no=\"100\"} " + notBefore + "`")
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
}
|
2019-03-18 14:24:28 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerTCPNoServer tests against a tcp server that doesn't exist
|
|
|
|
|
func TestProbeHandlerTCPNoServer(t *testing.T) {
|
|
|
|
|
rr, err := probe("localhost:6666", "tcp", config.DefaultConfig)
|
2019-03-18 14:24:28 +02:00
|
|
|
if err != nil {
|
2019-03-27 20:10:35 +02:00
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check success metric
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0"); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
2019-03-18 14:24:28 +02:00
|
|
|
}
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
2019-03-24 22:43:14 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerTCPEmptyTarget tests a TCP probe with an empty target
|
|
|
|
|
func TestProbeHandlerTCPEmptyTarget(t *testing.T) {
|
|
|
|
|
rr, err := probe("", "tcp", config.DefaultConfig)
|
2019-03-24 21:17:24 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2017-12-02 17:38:30 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
if rr.Code != 400 {
|
|
|
|
|
t.Fatalf("expected 400 status code, got %v", rr.Code)
|
2017-12-02 17:38:30 +02:00
|
|
|
}
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
2017-12-02 17:38:30 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerTCPSpaces tests an invalid address with spaces in it
|
|
|
|
|
func TestProbeHandlerTCPSpaces(t *testing.T) {
|
|
|
|
|
rr, err := probe("with spaces", "tcp", config.DefaultConfig)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
2019-03-24 21:17:24 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0")
|
2019-03-27 20:10:35 +02:00
|
|
|
if !ok {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
}
|
2017-12-02 17:38:30 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerTCPHTTP tests a tcp probe against a HTTP server
|
|
|
|
|
func TestProbeHandlerTCPHTTP(t *testing.T) {
|
|
|
|
|
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
fmt.Fprintln(w, "Hello world")
|
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
server.Start()
|
|
|
|
|
defer server.Close()
|
|
|
|
|
|
|
|
|
|
u, err := url.Parse(server.URL)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2017-12-02 17:38:30 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
rr, err := probe(u.Host, "tcp", config.DefaultConfig)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0")
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
func TestProbeHandlerTCPExpired(t *testing.T) {
|
|
|
|
|
server, _, _, caFile, teardown, err := test.SetupTCPServer()
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
defer teardown()
|
2019-03-27 20:10:35 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Create a certificate with a notAfter date in the past
|
|
|
|
|
certPEM, keyPEM := test.GenerateTestCertificate(time.Now().AddDate(0, 0, -1))
|
|
|
|
|
testcert, err := tls.X509KeyPair(certPEM, keyPEM)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
server.TLS.Certificates = []tls.Certificate{testcert}
|
2019-03-27 20:10:35 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
server.StartTLS()
|
|
|
|
|
defer server.Close()
|
2019-03-27 20:10:35 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
conf := &config.Config{
|
|
|
|
|
Modules: map[string]config.Module{
|
|
|
|
|
"tcp": config.Module{
|
|
|
|
|
Prober: "tcp",
|
|
|
|
|
TLSConfig: pconfig.TLSConfig{
|
|
|
|
|
CAFile: caFile,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
rr, err := probe(server.Listener.Addr().String(), "tcp", conf)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 0")
|
2019-03-27 20:10:35 +02:00
|
|
|
if !ok {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Errorf("expected `ssl_tls_connect_success 0`")
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
func TestProbeHandlerTCPExpiredInsecure(t *testing.T) {
|
|
|
|
|
server, _, _, caFile, teardown, err := test.SetupTCPServer()
|
2020-03-08 20:50:25 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
defer teardown()
|
2020-03-08 20:50:25 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Create a certificate with a notAfter date in the past
|
|
|
|
|
certPEM, keyPEM := test.GenerateTestCertificate(time.Now().AddDate(0, 0, -1))
|
|
|
|
|
testcert, err := tls.X509KeyPair(certPEM, keyPEM)
|
2020-03-08 20:50:25 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf(err.Error())
|
|
|
|
|
}
|
2020-06-17 17:29:21 +02:00
|
|
|
server.TLS.Certificates = []tls.Certificate{testcert}
|
2020-03-08 20:50:25 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
server.StartTLS()
|
|
|
|
|
defer server.Close()
|
2020-03-08 20:50:25 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
conf := &config.Config{
|
|
|
|
|
Modules: map[string]config.Module{
|
|
|
|
|
"tcp": config.Module{
|
|
|
|
|
Prober: "tcp",
|
|
|
|
|
TLSConfig: pconfig.TLSConfig{
|
|
|
|
|
CAFile: caFile,
|
|
|
|
|
InsecureSkipVerify: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
rr, err := probe(server.Listener.Addr().String(), "tcp", conf)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Fatalf(err.Error())
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
2017-12-02 17:38:30 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
ok := strings.Contains(rr.Body.String(), "ssl_tls_connect_success 1")
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Errorf("expected `ssl_tls_connect_success 1`")
|
|
|
|
|
}
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
2017-12-02 17:38:30 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// TestProbeHandlerDefaultModule tests that the default module uses the tcp prober
|
|
|
|
|
func TestProbeHandlerDefaultModule(t *testing.T) {
|
|
|
|
|
rr, err := probe("localhost:6666", "", config.DefaultConfig)
|
2019-03-27 20:10:35 +02:00
|
|
|
if err != nil {
|
2020-06-17 17:29:21 +02:00
|
|
|
t.Fatalf(err.Error())
|
2017-12-02 17:38:30 +02:00
|
|
|
}
|
2019-03-27 20:10:35 +02:00
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
// Check probe metric
|
|
|
|
|
if ok := strings.Contains(rr.Body.String(), "ssl_prober{prober=\"tcp\"} 1"); !ok {
|
|
|
|
|
t.Errorf("expected `ssl_prober{prober=\"tcp\"} 1`")
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-17 17:29:21 +02:00
|
|
|
func probe(target, module string, conf *config.Config) (*httptest.ResponseRecorder, error) {
|
|
|
|
|
uri := "/probe?target=" + target
|
|
|
|
|
if module != "" {
|
|
|
|
|
uri = uri + "&module=" + module
|
2019-03-27 20:10:35 +02:00
|
|
|
}
|
|
|
|
|
req, err := http.NewRequest("GET", uri, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rr := httptest.NewRecorder()
|
|
|
|
|
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2020-06-17 17:29:21 +02:00
|
|
|
probeHandler(w, r, conf)
|
2019-03-27 20:10:35 +02:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
handler.ServeHTTP(rr, req)
|
|
|
|
|
|
|
|
|
|
return rr, nil
|
|
|
|
|
}
|
