sensu-plugins-ssl 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ad7f900ae9946ad4bb040d4e7968761847ca38f6
-  data.tar.gz: f7485dfc07f15d1789ef4000455a60e3b32c78d8
+  metadata.gz: 0c7ef7f4a5a0373eed6c446ed8ec13223600e22d
+  data.tar.gz: ed0fce3c7528e674217fcc9f5353cf02681cae24
 SHA512:
-  metadata.gz: 2c2a81176f56ca91455c54ffa18e62f34e26d9fb1cc29cbdd53e9fa421aa5e7552f251e799fd4191ff806dbe228e3b29b9261d7a3bd4f76b449b89f4a544d405
-  data.tar.gz: 17e6353a089229402fb90abc4a2729a0221e43f4fd820aa3b402d32da60318e1c9e8207a18cdaf870c170ddc1258b432c0f7aefd114a6de607adc0a203dc962f
+  metadata.gz: ac3f37e17956a9c958b912b70d6c2787460768ecd3b30ab7d617162e0c92a19f4c369ccceca4072936c7855375e157531a83ad960820708b78b70c293f4f3825
+  data.tar.gz: 569ae38fd0ea68c72e9869d5e7f571e5cd66a4389d2597bfb3b2f2719fcc62717acfe137e29bc4b85a19a8731a0e1a18789d020a65875e0186b53d781245c2b2

data/CHANGELOG.md

@@ -4,6 +4,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
 
 ## [Unreleased]
+## [1.2.0] - 2017-05-17
+### Changed
+- check-ssl-qualys.rb: removed dependency on rest-client so we don't need a c compiler (@baweaver)
 
 ## [1.1.0] - 2017-02-28
 ### Added
@@ -61,7 +64,8 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
 ### Added
 - initial release
 
-[unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.1.0...HEAD
+[unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.2.0...HEAD
+[1.2.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.1.0...1.2.0
 [1.1.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.0.0...1.1.0
 [1.0.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.6...1.0.0
 [0.0.6]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.5...0.0.6

data/bin/check-ssl-cert.rb

@@ -67,6 +67,16 @@ class CheckSSLCert < Sensu::Plugin::Check::CLI
          short: '-s',
          long: '--servername SERVER'
 
+  option :pkcs12,
+         description: 'Path to PKCS#12 certificate',
+         short: '-C',
+         long: '--cert P12'
+
+  option :pass,
+         description: 'Pass phrase for the private key in PKCS#12 certificate',
+         short: '-S',
+         long: '--pass '
+
   def ssl_cert_expiry
     `openssl s_client -servername #{config[:servername]} -connect #{config[:host]}:#{config[:port]} < /dev/null 2>&1 | openssl x509 -enddate -noout`.split('=').last
   end
@@ -75,18 +85,36 @@ class CheckSSLCert < Sensu::Plugin::Check::CLI
     OpenSSL::X509::Certificate.new(File.read config[:pem]).not_after # rubocop:disable Style/NestedParenthesizedCalls
   end
 
+  def ssl_pkcs12_expiry
+    `openssl pkcs12 -in #{config[:pkcs12]} -nokeys -nomacver -passin pass:"#{config[:pass]}" | openssl x509 -noout -enddate | grep -v MAC`.split('=').last
+  end
+
   def validate_opts
-    if !config[:pem]
+    if !config[:pem] && !config[:pkcs12]
       unknown 'Host and port required' unless config[:host] && config[:port]
     elsif config[:pem]
       unknown 'No such cert' unless File.exist? config[:pem]
+    elsif config[:pkcs12]
+      if !config[:pass]
+        unknown 'No pass phrase specified for PKCS#12 certificate'
+      else
+        unknown 'No such cert' unless File.exist? config[:pkcs12]
+      end
     end
     config[:servername] = config[:host] unless config[:servername]
   end
 
   def run
     validate_opts
-    expiry = config[:pem] ? ssl_pem_expiry : ssl_cert_expiry
+
+    expiry = if config[:pem]
+               ssl_pem_expiry
+             elsif config[:pkcs12]
+               ssl_pkcs12_expiry
+             else
+               ssl_cert_expiry
+             end
+
     days_until = (Date.parse(expiry.to_s) - Date.today).to_i
 
     if days_until < 0

data/bin/check-ssl-qualys.rb

@@ -40,7 +40,6 @@
 #
 
 require 'sensu-plugin/check/cli'
-require 'rest-client'
 require 'json'
 
 # Checks a single DNS entry has a rating above a certain level
@@ -90,13 +89,14 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   def ssl_api_request(from_cache)
     params = { host: config[:domain] }
     params[:startNew] = 'on' unless from_cache
-    begin
-      r = RestClient.get("#{config[:api_url]}analyze", params: params)
-      warning "HTTP#{r.code} recieved from API" unless r.code == 200
-    rescue RestClient::ExceptionWithResponse => e
-      unknown e.response
-    end
-    JSON.parse(r.body)
+
+    uri       = URI("#{config[:api_url]}analyze")
+    uri.query = URI.encode_www_form(params)
+    response  = Net::HTTP.get_response(uri)
+
+    warning 'Bad response recieved from API' unless response.is_a?(Net::HTTPSuccess)
+
+    JSON.parse(response.body)
   end
 
   def ssl_check(from_cache)

data/lib/sensu-plugins-ssl/version.rb

@@ -1,7 +1,7 @@
 module SensuPluginsSSL
   module Version
     MAJOR = 1
-    MINOR = 1
+    MINOR = 2
     PATCH = 0
 
     VER_STRING = [MAJOR, MINOR, PATCH].compact.join('.')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-ssl
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Sensu-Plugins and contributors
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-01 00:00:00.000000000 Z
+date: 2017-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sensu-plugin
@@ -24,20 +24,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
-- !ruby/object:Gem::Dependency
-  name: rest-client
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.8.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement