func initializeBBSClient(logger lager.Logger) bbs.Client {
bbsURL, err := url.Parse(*bbsAddress)
if err != nil {
logger.Fatal("Invalid BBS URL", err)
}
if bbsURL.Scheme != "https" {
return bbs.NewClient(*bbsAddress)
}
bbsClient, err := bbs.NewSecureClient(*bbsAddress, *bbsCACert, *bbsClientCert, *bbsClientKey, *bbsClientSessionCacheSize, *bbsMaxIdleConnsPerHost)
if err != nil {
logger.Fatal("Failed to configure secure BBS client", err)
}
return bbsClient
}
bbsArgs.EtcdClientSessionCacheSize = 64
bbsArgs.EtcdMaxIdleConnsPerHost = 2
bbsURL.Scheme = "https"
bbsArgs.RequireSSL = true
bbsArgs.CAFile = path.Join(basePath, "green-certs", "server-ca.crt")
bbsArgs.CertFile = path.Join(basePath, "green-certs", "server.crt")
bbsArgs.KeyFile = path.Join(basePath, "green-certs", "server.key")
caFile := path.Join(basePath, "green-certs", "server-ca.crt")
certFile := path.Join(basePath, "green-certs", "client.crt")
keyFile := path.Join(basePath, "green-certs", "client.key")
var err error
client, err = bbs.NewSecureClient(bbsURL.String(), caFile, certFile, keyFile, 64, 2)
Expect(err).NotTo(HaveOccurred())
})
runMeasurements()
})
Context("when NOT configuring mutual SSL", func() {
BeforeEach(func() {
etcdSSLConfig = nil
bbsURL.Scheme = "http"
bbsArgs.RequireSSL = false
client = bbs.NewClient(bbsURL.String())
})
runMeasurements()
bbsProcess = ginkgomon.Invoke(bbsRunner)
})
Context("when configuring mutual SSL", func() {
BeforeEach(func() {
bbsArgs.RequireSSL = true
bbsArgs.CAFile = path.Join(basePath, "green-certs", "server-ca.crt")
bbsArgs.CertFile = path.Join(basePath, "green-certs", "server.crt")
bbsArgs.KeyFile = path.Join(basePath, "green-certs", "server.key")
})
It("succeeds for a client configured with the right certificate", func() {
caFile := path.Join(basePath, "green-certs", "server-ca.crt")
certFile := path.Join(basePath, "green-certs", "client.crt")
keyFile := path.Join(basePath, "green-certs", "client.key")
client, err = bbs.NewSecureClient(bbsURL.String(), caFile, certFile, keyFile, 0, 0)
Expect(err).NotTo(HaveOccurred())
Expect(client.Ping(logger)).To(BeTrue())
})
It("fails for a client with no SSL", func() {
client = bbs.NewClient(bbsURL.String())
Expect(client.Ping(logger)).To(BeFalse())
})
It("fails for a client configured with the wrong certificates", func() {
caFile := path.Join(basePath, "green-certs", "server-ca.crt")
certFile := path.Join(basePath, "blue-certs", "client.crt")
keyFile := path.Join(basePath, "blue-certs", "client.key")
client, err = bbs.NewSecureClient(bbsURL.String(), caFile, certFile, keyFile, 0, 0)
Expect(err).NotTo(HaveOccurred())