Merge pull request #9 from anynines/https-redirect

Https redirect

Author: gdenn

.final_builds/jobs/nginx/index.yml

@@ -27,6 +27,10 @@ builds:
     version: bf23c7f17dc12386697113e5170f7129b65f3922
     blobstore_id: d939ca5d-c945-4502-7047-f22f72d940ad
     sha1: e6ee0e61a611c0dfc4458c5374bdcac4bb69ca1a
+  c1f886c74700249c7cc81b0ddd6423877104bfb9:
+    version: c1f886c74700249c7cc81b0ddd6423877104bfb9
+    blobstore_id: a92fd131-1115-4d6a-6eaf-2e194914f8f5
+    sha1: 94d059c0bcc4799ff1d79d2ee29a5365a3764949
   ca7867c57b4f1297b6d282be27ef1bca0dc59ce7:
     version: ca7867c57b4f1297b6d282be27ef1bca0dc59ce7
     blobstore_id: 88ccd427-f240-401f-6d82-e299ee0beadd

acceptance-tests/manifests/reachability.yml

@@ -1 +1 @@
-Subproject commit 1a651169a2d4cef9ffde274526ad9d24293f02fa
+Subproject commit cc1a16b5d86771cf72936a0490bc4ed8181cce65

acceptance-tests/manifests/reachability.yml.erb

@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIUTJ7P+x0h4yKpcT5P6/QpqQI9gYQwDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMzAxOTAx
+MTVaFw0xODExMzAxOTAxMTVaMBIxEDAOBgNVBAMMB3NzbHRlc3QwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3UlBQ9dkFqBjj5d9uXz/d9niZQ1g1RXyp
+FWEPHo2X3hz97XmUF50IVO9zudJYfW6uniCWwwxuAt27OZOXUwJcGSMOlBhJKiGH
+I/bpUtAhS6Mz+k2rPx/6RzOi7BDXP7QGMPBjA5RIJnhz2S2OwGl3+Ib7cayPEVUd
+cq6FHuKUFGMp6hQB1px2Sy/SFouewrdkZuw2UWiuSSFdpISJxQ+AKWxEY0DRKp0/
+CPNAqhLxjrD6txvyFoLercpIervl5R+lzG7TrWlTy9AS7qHo5OycGYLXCCHsO96C
+lkShFAEBfWCKGZ6BjArkQ2rh1BKZI2ylD7txOd+fMZ2ASA72bMGFAgMBAAGjgYsw
+gYgwHQYDVR0OBBYEFBc36EBOgdriRbPDZjsuusZMbXeIMFkGA1UdIwRSMFCAFLf7
+W9JEtitTs9FzLKWAz9MIw6qaoSKkIDAeMRwwGgYDVQQDDBNzc2xfZ2F0ZXdheV9k
+ZWZhdWx0ghQwJJPN2/QreOeG7gxeXeTKUVmS3TAMBgNVHRMBAf8EAjAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQBHj5OiBGGjni4EQwA/Kg+SRsr4/VKTYSZF6CpXPl0nVKcO
+OCo+xB6ebejr0BMXRr9rN6OFpshXlbKScykS5OU1oSAk6fkDTiFWZzyFAVG/VOfD
+skN29SmYjRXtncRMqh4vnOWpTOBziWVQ5Jrcl0M13YJhakR28zWw8yOkAIjZgDOz
+HDxmn6UrL1Y9KEfbAgwDWfYxL8wy/bakxnXo4Wh36hNwKMYdl4wGT8taP5WiyW+P
+uR6gK34ZuPBqxpcrQHkwYfjctJdJbjG5gm/Q2b6LCtcttsyFFNCsWJO0SRMr46+D
+gwWNUW1am6eeljFati2ZHHrEdWfsJbRrBNFYjc4C
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkGgAwIBAgIUMCSTzdv0K3jnhu4MXl3kylFZkt0wDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMjIxMjE5
+NDZaFw0xODExMjIxMjE5NDZaMB4xHDAaBgNVBAMME3NzbF9nYXRld2F5X2RlZmF1
+bHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsebmKABMAm7O1IYA5
+j6GH+suQ5ry2Zmx+29zF41Dr2dW0I0dgDZWhEvoA10Z/jZG4cHwzAT3rbo81zbFB
+UryFv2Pgap5QdhteodhogIof1yaXg7oAoh7Rupx4t7dqwgvK0UC2eCAr/DfNLUlx
+0ljZmXOPwGTHQsHSEAKJCDTkAXGyVG0o0RNKBMorXcBkkGQjJ8spunRM+FaTzVlQ
+Af8oIEwtmNhbHRjxb0qLJNx0fuUXY3JrMeN1RB97tZLPdU+BPBe02DHTxHUAUwFu
+d3qFM0+U3Tx6Wo/pQ1XlVMbz3mnJT7fQFwQWIG1EuQXRPD10mg9kfxm4jn4J4o+f
+H44HAgMBAAGjgY4wgYswHQYDVR0OBBYEFLf7W9JEtitTs9FzLKWAz9MIw6qaMFkG
+A1UdIwRSMFCAFLf7W9JEtitTs9FzLKWAz9MIw6qaoSKkIDAeMRwwGgYDVQQDDBNz
+c2xfZ2F0ZXdheV9kZWZhdWx0ghQwJJPN2/QreOeG7gxeXeTKUVmS3TAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl124Jqji8xTYS4JzthbcP31os
+20T0Ha6C+/6Dple01S9QnZdMt+JjMKGKvKpo9sK/7R8HI20ik/LfJOm0WBCfJgKA
+UCAitCOG91dNYNqrCcXB3xAMF68LMl7vnZeerY6vBVroRURBzEp+t8QcOmlwVKkU
+iJVMH6AujxFT2o3mGqoGDgErhhMgC8NYMn5ZQsRb/soOIchmYGHJPn8ZB5RhfL/Z
+KMEz9Osv9GWHqyGEr8L1eHc4VZ3PCROkknXqe5mVad7PCG2gLNQ71zDfDPxZFQZb
+wzFRkKHHaAFHdGYBsz0WF2Yc7LQ6ArTxAd+G7YwR0xHW5jAtIrX89WP1u0Hj
+-----END CERTIFICATE-----

acceptance-tests/run-testsuite.sh

@@ -0,0 +1,43 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIUPrMyGxd1SyED4Ia+xr7SKPGLwmowDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMjIxMjMz
+MDRaFw0xODExMjIxMjMzMDRaMBQxEjAQBgNVBAMMCWRlLmE5cy5ldTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8IpDbBsgRqDHYd2lEdzySstpN+HSrm
+UORs8BinMijRDtWbjfvmMAD5zeIwqShltNEk1SFAglMTbTGeJoLqAIlj+56vb9z7
+jPSbumExkpdpvxAFvnO+JeTWRQZdy5oE1Xa31PjK/7h6AFicDjbbqYeKUaWmtIjY
+uAS3O40D0FrzgdoVqhzTSBRnejpX/JwtLYc4qM2lQbXwyeaUdRJVOEMKM56HwnIE
+juTiZymU8FKWLsRaL82hnKtZhYydDBK4TAFC1Bj9afqGLUdlyUOFPtFIs4zV9xQm
+HAkB5gVy9yugEiv08XAykwW2SSfOiBGYAJlb8Glem6MrlXE6stBdsN0CAwEAAaOB
+izCBiDAdBgNVHQ4EFgQUaZZxil8ju6zvsl4qxFkN3b0StdMwWQYDVR0jBFIwUIAU
+t/tb0kS2K1Oz0XMspYDP0wjDqpqhIqQgMB4xHDAaBgNVBAMME3NzbF9nYXRld2F5
+X2RlZmF1bHSCFDAkk83b9Ct454buDF5d5MpRWZLdMAwGA1UdEwEB/wQCMAAwDQYJ
+KoZIhvcNAQELBQADggEBAGRL+kXrw+qdllrtpPZtNSGQy+a/kyG/EdEYWW6jxquu
+mhAzlJynJU+NPrhTrTqEaUQoeZyEiP8yHYm7rG5lyl3RTYSJDBxgo7Dy2yVEDCjb
+W3i8WjKMjSMsGSiODY4iiehhG7fEMS2Fo08v53fl9UdVyAdnTHevog0D8eU+Pfjr
+ZU8hOCBqQua2T5YTbdtV7KRosIGucnX1ujSuzmRPPuvk8hglJ2VKwj8HKL7vVK9d
+SxkbSkbP/0Xfz4I72H35IfpO+DaBRa0UIX106WzRSH0kRaaNaeau1YnO/qtmzJSD
+amaQbVrI7+zAM3S4Aa58v70RrfYtPkwRFlWgUHnNy2A=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkGgAwIBAgIUMCSTzdv0K3jnhu4MXl3kylFZkt0wDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMjIxMjE5
+NDZaFw0xODExMjIxMjE5NDZaMB4xHDAaBgNVBAMME3NzbF9nYXRld2F5X2RlZmF1
+bHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsebmKABMAm7O1IYA5
+j6GH+suQ5ry2Zmx+29zF41Dr2dW0I0dgDZWhEvoA10Z/jZG4cHwzAT3rbo81zbFB
+UryFv2Pgap5QdhteodhogIof1yaXg7oAoh7Rupx4t7dqwgvK0UC2eCAr/DfNLUlx
+0ljZmXOPwGTHQsHSEAKJCDTkAXGyVG0o0RNKBMorXcBkkGQjJ8spunRM+FaTzVlQ
+Af8oIEwtmNhbHRjxb0qLJNx0fuUXY3JrMeN1RB97tZLPdU+BPBe02DHTxHUAUwFu
+d3qFM0+U3Tx6Wo/pQ1XlVMbz3mnJT7fQFwQWIG1EuQXRPD10mg9kfxm4jn4J4o+f
+H44HAgMBAAGjgY4wgYswHQYDVR0OBBYEFLf7W9JEtitTs9FzLKWAz9MIw6qaMFkG
+A1UdIwRSMFCAFLf7W9JEtitTs9FzLKWAz9MIw6qaoSKkIDAeMRwwGgYDVQQDDBNz
+c2xfZ2F0ZXdheV9kZWZhdWx0ghQwJJPN2/QreOeG7gxeXeTKUVmS3TAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl124Jqji8xTYS4JzthbcP31os
+20T0Ha6C+/6Dple01S9QnZdMt+JjMKGKvKpo9sK/7R8HI20ik/LfJOm0WBCfJgKA
+UCAitCOG91dNYNqrCcXB3xAMF68LMl7vnZeerY6vBVroRURBzEp+t8QcOmlwVKkU
+iJVMH6AujxFT2o3mGqoGDgErhhMgC8NYMn5ZQsRb/soOIchmYGHJPn8ZB5RhfL/Z
+KMEz9Osv9GWHqyGEr8L1eHc4VZ3PCROkknXqe5mVad7PCG2gLNQ71zDfDPxZFQZb
+wzFRkKHHaAFHdGYBsz0WF2Yc7LQ6ArTxAd+G7YwR0xHW5jAtIrX89WP1u0Hj
+-----END CERTIFICATE-----
+
+

acceptance-tests/service-binding-checker

@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUXhhaBMTu0eYX/TWeaLa4xX1zsQwwDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMzAxOTAx
+MTVaFw0xODExMzAxOTAxMTVaMBMxETAPBgNVBAMMCHNzbHRlc3QyMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eLFzwW6LuSUrhM98RWSLB6jdT2hVlkD
+Yr07UvJDfDFYydpScWB9i5IAB+J4VNzCNHAlEO7TrduZtAy/nvbjNJ5hQGsSZsoU
+FwEmrNscS8n4nzXpLNDl/huMarUoF0gAv/6qO1X2hPtS63/PwFmFOml813zcWPYE
+fBB93m9MLN01BLz9Gr+Fq5l/ih6AmA69BCLMlw1SyhViMsvMxGRYy08oHrT8EjFv
+1zptPiPqd0e1FQF/AKqspE2Ox2TMqmCBV/+GwnrlTmMf+dE4TjqhLyYLuhW+6TMU
+9NJ9FOx0aGmWrrp8OsNXvtP3cEcm075aWYDBuShLz8tAiqqXwnZ0uwIDAQABo4GL
+MIGIMB0GA1UdDgQWBBSbOHLCWNMz2ur/Mcb2hXGNu/r+mjBZBgNVHSMEUjBQgBS3
++1vSRLYrU7PRcyylgM/TCMOqmqEipCAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlf
+ZGVmYXVsdIIUMCSTzdv0K3jnhu4MXl3kylFZkt0wDAYDVR0TAQH/BAIwADANBgkq
+hkiG9w0BAQsFAAOCAQEAm8AtK2PMrmTnvO+tdOFGB+QSIs3VNPNfcYJ9ozUuXaJt
+Bxea2KdkwXgB0WJNPkvf3dRKnDRdvG4SIg0udw+xi9B8pJp96FaRADGHH0Mi4g1i
+I5a7MfHk+6wROWj+BKfk99FTKARUgVdlDPh5JvmlgtOq+7Y1c8rIN0uf5YQ/6CLf
+YIOIvhGHxiOZmep/GbmY4HwupoeYKux5Ls5N/zShKhNYTJR6TkWtNo6H7poVRJki
+/wNQKPH8+6pBbyWAF1dB8v/Wh97J1uhTwQ/QAwlk7vgNuCeihsvha9dXrggCecD/
++0ybDhSPcNo+allD2IMtOHpcrcS4JyrXmK+B6nTxuA==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkGgAwIBAgIUMCSTzdv0K3jnhu4MXl3kylFZkt0wDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMjIxMjE5
+NDZaFw0xODExMjIxMjE5NDZaMB4xHDAaBgNVBAMME3NzbF9nYXRld2F5X2RlZmF1
+bHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsebmKABMAm7O1IYA5
+j6GH+suQ5ry2Zmx+29zF41Dr2dW0I0dgDZWhEvoA10Z/jZG4cHwzAT3rbo81zbFB
+UryFv2Pgap5QdhteodhogIof1yaXg7oAoh7Rupx4t7dqwgvK0UC2eCAr/DfNLUlx
+0ljZmXOPwGTHQsHSEAKJCDTkAXGyVG0o0RNKBMorXcBkkGQjJ8spunRM+FaTzVlQ
+Af8oIEwtmNhbHRjxb0qLJNx0fuUXY3JrMeN1RB97tZLPdU+BPBe02DHTxHUAUwFu
+d3qFM0+U3Tx6Wo/pQ1XlVMbz3mnJT7fQFwQWIG1EuQXRPD10mg9kfxm4jn4J4o+f
+H44HAgMBAAGjgY4wgYswHQYDVR0OBBYEFLf7W9JEtitTs9FzLKWAz9MIw6qaMFkG
+A1UdIwRSMFCAFLf7W9JEtitTs9FzLKWAz9MIw6qaoSKkIDAeMRwwGgYDVQQDDBNz
+c2xfZ2F0ZXdheV9kZWZhdWx0ghQwJJPN2/QreOeG7gxeXeTKUVmS3TAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl124Jqji8xTYS4JzthbcP31os
+20T0Ha6C+/6Dple01S9QnZdMt+JjMKGKvKpo9sK/7R8HI20ik/LfJOm0WBCfJgKA
+UCAitCOG91dNYNqrCcXB3xAMF68LMl7vnZeerY6vBVroRURBzEp+t8QcOmlwVKkU
+iJVMH6AujxFT2o3mGqoGDgErhhMgC8NYMn5ZQsRb/soOIchmYGHJPn8ZB5RhfL/Z
+KMEz9Osv9GWHqyGEr8L1eHc4VZ3PCROkknXqe5mVad7PCG2gLNQ71zDfDPxZFQZb
+wzFRkKHHaAFHdGYBsz0WF2Yc7LQ6ArTxAd+G7YwR0xHW5jAtIrX89WP1u0Hj
+-----END CERTIFICATE-----

acceptance-tests/spec/fixtures/wild.checker.ssltest.com.crt.bundle

@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUXhhaBMTu0eYX/TWeaLa4xX1zsQwwDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMzAxOTAx
+MTVaFw0xODExMzAxOTAxMTVaMBMxETAPBgNVBAMMCHNzbHRlc3QyMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eLFzwW6LuSUrhM98RWSLB6jdT2hVlkD
+Yr07UvJDfDFYydpScWB9i5IAB+J4VNzCNHAlEO7TrduZtAy/nvbjNJ5hQGsSZsoU
+FwEmrNscS8n4nzXpLNDl/huMarUoF0gAv/6qO1X2hPtS63/PwFmFOml813zcWPYE
+fBB93m9MLN01BLz9Gr+Fq5l/ih6AmA69BCLMlw1SyhViMsvMxGRYy08oHrT8EjFv
+1zptPiPqd0e1FQF/AKqspE2Ox2TMqmCBV/+GwnrlTmMf+dE4TjqhLyYLuhW+6TMU
+9NJ9FOx0aGmWrrp8OsNXvtP3cEcm075aWYDBuShLz8tAiqqXwnZ0uwIDAQABo4GL
+MIGIMB0GA1UdDgQWBBSbOHLCWNMz2ur/Mcb2hXGNu/r+mjBZBgNVHSMEUjBQgBS3
++1vSRLYrU7PRcyylgM/TCMOqmqEipCAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlf
+ZGVmYXVsdIIUMCSTzdv0K3jnhu4MXl3kylFZkt0wDAYDVR0TAQH/BAIwADANBgkq
+hkiG9w0BAQsFAAOCAQEAm8AtK2PMrmTnvO+tdOFGB+QSIs3VNPNfcYJ9ozUuXaJt
+Bxea2KdkwXgB0WJNPkvf3dRKnDRdvG4SIg0udw+xi9B8pJp96FaRADGHH0Mi4g1i
+I5a7MfHk+6wROWj+BKfk99FTKARUgVdlDPh5JvmlgtOq+7Y1c8rIN0uf5YQ/6CLf
+YIOIvhGHxiOZmep/GbmY4HwupoeYKux5Ls5N/zShKhNYTJR6TkWtNo6H7poVRJki
+/wNQKPH8+6pBbyWAF1dB8v/Wh97J1uhTwQ/QAwlk7vgNuCeihsvha9dXrggCecD/
++0ybDhSPcNo+allD2IMtOHpcrcS4JyrXmK+B6nTxuA==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkGgAwIBAgIUMCSTzdv0K3jnhu4MXl3kylFZkt0wDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc3NsX2dhdGV3YXlfZGVmYXVsdDAeFw0xNzExMjIxMjE5
+NDZaFw0xODExMjIxMjE5NDZaMB4xHDAaBgNVBAMME3NzbF9nYXRld2F5X2RlZmF1
+bHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsebmKABMAm7O1IYA5
+j6GH+suQ5ry2Zmx+29zF41Dr2dW0I0dgDZWhEvoA10Z/jZG4cHwzAT3rbo81zbFB
+UryFv2Pgap5QdhteodhogIof1yaXg7oAoh7Rupx4t7dqwgvK0UC2eCAr/DfNLUlx
+0ljZmXOPwGTHQsHSEAKJCDTkAXGyVG0o0RNKBMorXcBkkGQjJ8spunRM+FaTzVlQ
+Af8oIEwtmNhbHRjxb0qLJNx0fuUXY3JrMeN1RB97tZLPdU+BPBe02DHTxHUAUwFu
+d3qFM0+U3Tx6Wo/pQ1XlVMbz3mnJT7fQFwQWIG1EuQXRPD10mg9kfxm4jn4J4o+f
+H44HAgMBAAGjgY4wgYswHQYDVR0OBBYEFLf7W9JEtitTs9FzLKWAz9MIw6qaMFkG
+A1UdIwRSMFCAFLf7W9JEtitTs9FzLKWAz9MIw6qaoSKkIDAeMRwwGgYDVQQDDBNz
+c2xfZ2F0ZXdheV9kZWZhdWx0ghQwJJPN2/QreOeG7gxeXeTKUVmS3TAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl124Jqji8xTYS4JzthbcP31os
+20T0Ha6C+/6Dple01S9QnZdMt+JjMKGKvKpo9sK/7R8HI20ik/LfJOm0WBCfJgKA
+UCAitCOG91dNYNqrCcXB3xAMF68LMl7vnZeerY6vBVroRURBzEp+t8QcOmlwVKkU
+iJVMH6AujxFT2o3mGqoGDgErhhMgC8NYMn5ZQsRb/soOIchmYGHJPn8ZB5RhfL/Z
+KMEz9Osv9GWHqyGEr8L1eHc4VZ3PCROkknXqe5mVad7PCG2gLNQ71zDfDPxZFQZb
+wzFRkKHHaAFHdGYBsz0WF2Yc7LQ6ArTxAd+G7YwR0xHW5jAtIrX89WP1u0Hj
+-----END CERTIFICATE-----
+

acceptance-tests/spec/fixtures/wild.de.a9sapp.eu.crt.bundle

@@ -9,34 +9,7 @@
 describe 'ssl-gateway reachability spec for apps' do
   let(:app_name) { "checker" }
 
-  before(:all) do
-    app_name = "checker"
-    manifest = "reachability.yml"
-    properties = {
-      :release_version => ENV["RELEASE"].gsub("ssl-gateway-", "").gsub(".yml", ""),
-      :local_ip => ENV["LOCALHOST_IP"]
-    }
-
-    ManifestHelpers::render_manifest(manifest, properties)
-    BoshHelpers::deploy(manifest, ENV['IAAS_CONFIG'], ENV['EXTERNAL_SECRETS'], ENV['OPS_FILE'])
-    
-    CFHelpers::push_checker_app(app_name, 80)
-    CFHelpers::push_checker_app(app_name, 443)
-    CFHelpers::push_checker_app(app_name, 4443)
-
-    CFHelpers::push_checker_app(app_name, 80, ENV["REACHABLE_BLACKLIST_DOMAIN"])
-    CFHelpers::push_checker_app(app_name, 80, ENV["UNREACHABLE_BLACKLIST_DOMAIN"])
-
-    CFHelpers::push_checker_app(app_name, 80, ENV["REACHABLE_SSL_BLACKLIST_DOMAIN"])
-    CFHelpers::push_checker_app(app_name, 443, ENV["REACHABLE_SSL_BLACKLIST_DOMAIN"])
-    CFHelpers::push_checker_app(app_name, 4443, ENV["REACHABLE_SSL_BLACKLIST_DOMAIN"])
-
-    CFHelpers::push_checker_app(app_name, 80, ENV["UNREACHABLE_SSL_BLACKLIST_DOMAIN"])
-    CFHelpers::push_checker_app(app_name, 443, ENV["UNREACHABLE_SSL_BLACKLIST_DOMAIN"])
-    CFHelpers::push_checker_app(app_name, 4443, ENV["UNREACHABLE_SSL_BLACKLIST_DOMAIN"])
-  end
-
-  context 'when a ssl-gateway is deployed with service checker apps' do
+  context 'when service checker apps are pushed' do
     context "reachable blacklist domain #{ENV["REACHABLE_BLACKLIST_DOMAIN"]}" do
       it 'it is possible to send a http request on port 80 to the reachable blacklist domain' do
         expect(HTTParty.get("http://#{app_name}.#{ENV["REACHABLE_BLACKLIST_DOMAIN"]}").code == 200)
@@ -54,6 +27,11 @@
         expect(HTTParty.get("http://#{app_name}.#{ENV["RANDOM_DOMAIN"]}").code == 200)
       end
 
+      it 'it redirects http requests to port 443' do
+        response = HTTParty.get("http://#{app_name}.#{ENV["RANDOM_DOMAIN"]}", follow_redirects: false)
+        expect(response.headers["location"]).to eq("https://#{app_name}.#{ENV["DEFAULT_APP_DOMAIN"]}")
+      end
+
       it 'it is possible to send a https request on port 443 to the random domain' do
         expect(HTTParty.get("https://#{app_name}.#{ENV["RANDOM_DOMAIN"]}:443", :verify => false).code == 200)
       end
@@ -68,6 +46,11 @@
         expect(HTTParty.get("http://#{app_name}.#{ENV["DEFAULT_APP_DOMAIN"]}").code == 200)
       end
 
+      it 'it redirects http requests to port 443' do
+        response = HTTParty.get("http://#{app_name}.#{ENV["DEFAULT_APP_DOMAIN"]}", follow_redirects: false)
+        expect(response.headers["location"]).to eq("https://#{app_name}.#{ENV["DEFAULT_APP_DOMAIN"]}")
+      end
+
       it 'it is possible to send a https request on port 443 to the default app domain' do
         expect(HTTParty.get("https://#{app_name}.#{ENV["DEFAULT_APP_DOMAIN"]}:443", :verify => false).code == 200)
       end
@@ -82,6 +65,11 @@
         expect(HTTParty.get("http://#{app_name}.#{ENV["REACHABLE_BLACKLIST_DOMAIN"]}").code == 200)
       end
 
+      it 'it redirects http requests to port 443' do
+        response = HTTParty.get("http://#{app_name}.#{ENV["REACHABLE_BLACKLIST_DOMAIN"]}", follow_redirects: false)
+        expect(response.headers["location"]).to eq("https://#{app_name}.#{ENV["DEFAULT_APP_DOMAIN"]}")
+      end
+
       it 'it is possible to send a https request on port 443 to the reachable blacklist domain' do
         expect(HTTParty.get("https://#{app_name}.#{ENV["REACHABLE_BLACKLIST_DOMAIN"]}:443", :verify => false).code == 200)
       end

acceptance-tests/spec/fixtures/wild.de.checker.ssltest2.com.crt.bundle

@@ -7,20 +7,6 @@
   include BoshHelpers
   include CFHelpers
 
-  config.before(:suite) do
-    BoshHelpers::create_dev_release
-    BoshHelpers::upload_last_dev_release
-    CFHelpers::cf_login(ENV["CF_USERNAME"], ENV["CF_PASSWORD"])
-    CFHelpers::create_org("ssl-gateway-tests")
-    CFHelpers::create_space("ssl-gateway-tests", "integration")
-    CFHelpers::target("ssl-gateway-tests", "integration")
-  end
-
-  config.after(:suite) do
-    CFHelpers::delete_org("ssl-gateway-tests")
-    BoshHelpers::cleanup_all
-  end
-
   config.color = true
   config.fail_fast = true
   config.formatter = :documentation

acceptance-tests/spec/fixtures/wild.ssltest2.com.crt.bundle

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'json'
+
+describe 'ssl specs' do 
+  let(:api) { ENV["CF_API"] }
+  
+  let(:cipher_scan) do
+    system("../cipherscan/cipherscan -j #{api} > /tmp/cipher_scan.json")
+    JSON.parse(File.read("/tmp/cipher_scan.json")
+  end
+
+  let(:allowed_ciphers) do
+    'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'.split(':')
+  end
+
+  let(:allowed_protocols) do
+    ["TLSv1.2"]
+  end
+
+  context 'with a valid ssl-gateway deployment' do
+    it "should have the correct default app cert bundles on all instances" do
+      should = File.read(File.join(__dir__, "fixtures/wild.de.a9sapp.eu.crt.bundle"))
+      expect(BoshHelpers::scp_read(0, "/var/vcap/store/nginx/ssl/wild.de.a9sapp.eu.crt.bundle")).to eq(should)
+      expect(BoshHelpers::scp_read(1, "/var/vcap/store/nginx/ssl/wild.de.a9sapp.eu.crt.bundle")).to eq(should)
+      expect(BoshHelpers::scp_read(2, "/var/vcap/store/nginx/ssl/wild.de.a9sapp.eu.crt.bundle")).to eq(should)
+    end
+
+    it "should have the correct ssltest cert bundles on all instances" do
+      should = File.read(File.join(__dir__, "fixtures/wild.checker.ssltest.com.crt.bundle"))
+      expect(BoshHelpers::scp_read(0, "/var/vcap/store/nginx/ssl/wild.checker.ssltest.com.crt.bundle")).to eq(should)
+      expect(BoshHelpers::scp_read(1, "/var/vcap/store/nginx/ssl/wild.checker.ssltest.com.crt.bundle")).to eq(should)
+      expect(BoshHelpers::scp_read(2, "/var/vcap/store/nginx/ssl/wild.checker.ssltest.com.crt.bundle")).to eq(should)
+    end
+
+    it "should have the correct ssltest cert bundles on all instances" do
+      should = File.read(File.join(__dir__, "fixtures/wild.checker.ssltest2.com.crt.bundle"))
+      expect(BoshHelpers::scp_read(0, "/var/vcap/store/nginx/ssl/wild.checker.ssltest2.com.crt.bundle")).to eq(should)
+      expect(BoshHelpers::scp_read(1, "/var/vcap/store/nginx/ssl/wild.checker.ssltest2.com.crt.bundle")).to eq(should)
+      expect(BoshHelpers::scp_read(2, "/var/vcap/store/nginx/ssl/wild.checker.ssltest2.com.crt.bundle")).to eq(should)
+    end
+
+    it "should have the correct ciphers" do
+      cipher_scan["cipher_suite"].each do |cipher|
+        expect(allowed_ciphers).to include(cipher["cipher"])
+      end
+    end
+
+    it "should use the correct protocol" do
+      cipher_scan["cipher_suite"].each do |cipher|
+        expect(allowed_protocols).to include(cipher["protocol"])
+      end
+    end
+  end
+end

acceptance-tests/spec/reachability_spec.rb

@@ -24,4 +24,9 @@ def upload_last_dev_release
   def cleanup_all
     system("bosh -n clean-up --all")
   end
+
+  def scp_read(node, path)
+    system("bosh -n scp -d ssl-gateway --gw-user=vcap ssl-gateway/#{node}:#{path} /tmp/file")
+    File.read("/tmp/file")
+  end
 end

acceptance-tests/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'rspec/expectations'
+
+RSpec::Matchers.define :to_match_cert_bundle do |expected|
+  match do |actual|
+    actual.gsub("\n", "") == expected.gsub("\n", "")
+  end
+  failure_message_when_negated do |actual|
+    "expected that #{actual} would equal #{expected}"
+  end
+end
+