// Do not modify header object
func (p *proxyRoundTripper) validateSignature(header *http.Header) error {
requestedTimeHeader := header.Get(RouteServiceSignature)
requestedTime, err := common.UnixToTime(requestedTimeHeader)
if err != nil {
return err
}
if time.Since(requestedTime) > p.routeServiceTimeout {
return routeServiceExpired
}
return nil
}
var err error
routeServiceListener, err = net.Listen("tcp", "127.0.0.1:0")
Expect(err).NotTo(HaveOccurred())
tlsListener := newTlsListener(routeServiceListener)
server := &http.Server{Handler: routeServiceHandler}
go func() {
err := server.Serve(tlsListener)
Expect(err).ToNot(HaveOccurred())
}()
})
BeforeEach(func() {
routeServiceHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
tm, err := common.UnixToTime(r.Header.Get(proxy.RouteServiceSignature))
Expect(err).ToNot(HaveOccurred())
Expect(time.Since(tm)).Should(BeNumerically(">=", 0))
Expect(r.Header.Get("X-CF-ApplicationID")).To(Equal(""))
// validate client request header
Expect(r.Header.Get("X-CF-Forwarded-Url")).To(Equal("http://my_host.com/resource+9-9_9?query=123&query$2=345#page1..5"))
w.Write([]byte("My Special Snowflake Route Service\n"))
})
})
Context("with SSLSkipValidation enabled", func() {
BeforeEach(func() {
conf.SSLSkipValidation = true