From 393d46feb9890a87c5764f40b61c51d03fe0a4fe Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 24 Feb 2016 11:10:25 -0800
Subject: check server cert expiry in tests, closes #7910

---
 tests/white-box/network.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'tests')

diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
index 382f857b..2436230b 100644
--- a/tests/white-box/network.rb
+++ b/tests/white-box/network.rb
@@ -1,4 +1,5 @@
 require 'socket'
+require 'openssl'
 
 raise SkipTest if $node["dummy"]
 
@@ -69,4 +70,21 @@ class Network < LeapTest
     pass
   end
 
+  THIRTY_DAYS = 60*60*24*30
+
+  def test_04_Are_server_certificates_valid?
+    cert_paths = ["/etc/x509/certs/leap_commercial.crt", "/etc/x509/certs/leap.crt"]
+    cert_paths.each do |cert_path|
+      if File.exists?(cert_path)
+        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+        if cert.not_after > Time.now
+          fail "The certificate #{cert_path} expired on #{cert.not_after}"
+        elsif cert.not_after > Time.now + THIRTY_DAYS
+          fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}"
+        end
+      end
+    end
+    pass
+  end
+
 end
-- 
cgit v1.2.3