url = fmt.Sprintf("https://localhost:%d/self-update", port)
})
JustBeforeEach(func() {
err := l.ListenAndServe(logger, port)
Expect(err).ToNot(HaveOccurred())
})
It("identifies itself with the provided key", func() {
resp, err := spec.HttpPut(url, tarballPath, directorCert)
Expect(err).ToNot(HaveOccurred())
Expect(resp.TLS.PeerCertificates[0].Subject.Organization[0]).To(Equal("bosh.bootstrapper"))
})
It("rejects requests without a client certificate", func() {
logWriter.Ignore("client didn't provide a certificate")
_, err := spec.HttpPut(url, tarballPath, nil)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("bad certificate"))
Expect(spec.FileExists(path.Join(tmpDir, "install.log"))).To(BeFalse())
})
It("rejects requests when the client certificate isn't signed by the given CA", func() {
logWriter.Ignore("client didn't provide a certificate")
_, err := spec.HttpPut(url, tarballPath, spec.CertFor("directorWithWrongCA"))
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("bad certificate"))
Expect(spec.FileExists(path.Join(tmpDir, "install.log"))).To(BeFalse())
})
Context("when the client cert's distinguished name is not permitted", func() {
