Expect(err.Error()).To(ContainSubstring("bad certificate"))
Expect(spec.FileExists(path.Join(tmpDir, "install.log"))).To(BeFalse())
})
It("rejects requests when the client certificate isn't signed by the given CA", func() {
logWriter.Ignore("client didn't provide a certificate")
_, err := spec.HttpPut(url, tarballPath, spec.CertFor("directorWithWrongCA"))
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("bad certificate"))
Expect(spec.FileExists(path.Join(tmpDir, "install.log"))).To(BeFalse())
})
Context("when the client cert's distinguished name is not permitted", func() {
BeforeEach(func() { allowedNames = []string{"o=bosh.not-director"} })
It("rejects the request", func() {
logWriter.Capture("Unauthorized")
resp, err := spec.HttpPut(url, tarballPath, directorCert)
Expect(err).ToNot(HaveOccurred())
Expect(resp.StatusCode).To(Equal(http.StatusUnauthorized))
Expect(spec.FileExists(path.Join(tmpDir, "install.log"))).To(BeFalse())
Expect(logWriter.Captured()).To(ContainSubstring("ERROR - Unauthorized access: Subject"))
})
})
})
Describe("PUT /self-update", func() {
var url string
BeforeEach(func() {
url = fmt.Sprintf("https://localhost:%d/self-update", port)
})
})
Context("when the downloaded file is bad", func() {
BeforeEach(func() {
tarballPath = spec.CreateTarball("foooooooooooooooooooo")
})
It("returns a file error", func() {
err := dl.Download(logger, tarballURL)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("install.sh"))
})
})
Context("when server cert doesn't match client cert rules", func() {
BeforeEach(func() {
allowedNames = []string{"o=not.bosh.director"}
})
It("rejects the request", func() {
logWriter.Capture("Fake Bosh Server")
err := dl.Download(logger, tarballURL)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("didn't match allowed distinguished names"))
_, err = os.Stat(path.Join(tmpDir, "install.log"))
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("no such file"))
})
})
})
