TLS mutual authentication has been added.

Change-Id: I60ebe8e1b06d72413940935396cb7a56af437c0d
Issue-ID: DCAEGEN2-959
Signed-off-by: ANDRZEJ SZUKUC <andrzej.szukuc@nokia.com>

3 files changed, 344 insertions, 3 deletions

diff --git a/src/test/java/org/onap/dcae/TLSTest.java b/src/test/java/org/onap/dcae/TLSTest.java
new file mode 100644
index 00000000..63099b7d
--- /dev/null
+++ b/src/test/java/org/onap/dcae/TLSTest.java
@@ -0,0 +1,138 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dcaegen2.collectors.ves
+ * ================================================================================
+ * Copyright (C) 2018 Nokia. All rights reserved.
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcae;
+
+import io.vavr.collection.HashMap;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.HttpStatus;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.when;
+import static org.onap.dcae.TLSTest.HttpsConfiguration.USERNAME;
+import static org.onap.dcae.TLSTest.HttpsConfiguration.PASSWORD;
+
+public class TLSTest extends TLSTestBase {
+
+    @Nested
+    @Import(HttpConfiguration.class)
+    class HttpTest extends TestClassBase {
+
+        @Test
+        public void shouldHttpRequestSucceed() {
+            assertEquals(HttpStatus.OK, makeHttpRequest().getStatusCode());
+        }
+
+        @Test
+        public void shouldHttpsRequestFail() {
+            assertThrows(Exception.class, this::makeHttpsRequest);
+        }
+    }
+
+    @Nested
+    @Import(HttpsConfiguration.class)
+    class HttpsTest extends TestClassBase {
+
+
+        @Test
+        public void shouldHttpsRequestWithoutBasicAuthFail() {
+            assertThrows(Exception.class, this::makeHttpsRequest);
+        }
+
+        @Test
+        public void shouldHttpsRequestWithBasicAuthSucceed() {
+            assertEquals(HttpStatus.OK, makeHttpsRequestWithBasicAuth(USERNAME, PASSWORD).getStatusCode());
+        }
+    }
+
+    @Nested
+    @Import(HttpsConfigurationWithTLSAuthentication.class)
+    class HttpsWithTLSAuthenticationTest extends TestClassBase {
+
+        @Test
+        public void shouldHttpsRequestWithoutCertificateFail() {
+            assertThrows(Exception.class, this::makeHttpsRequest);
+        }
+
+        @Test
+        public void shouldHttpsRequestWithCertificateSucceed() {
+            assertEquals(HttpStatus.OK, makeHttpsRequestWithClientCert().getStatusCode());
+        }
+    }
+
+    @Nested
+    @Import(HttpsConfigurationWithTLSAuthenticationAndBasicAuth.class)
+    class HttpsWithTLSAuthenticationAndBasicAuthTest extends TestClassBase {
+
+        @Test
+        public void shouldHttpsRequestWithoutBasicAuthFail() {
+            assertThrows(Exception.class, this::makeHttpsRequestWithClientCert);
+        }
+
+        @Test
+        public void shouldHttpsRequestWithBasicAuthSucceed() {
+            assertEquals(HttpStatus.OK, makeHttpsRequestWithClientCertAndBasicAuth(USERNAME, PASSWORD).getStatusCode());
+        }
+    }
+
+    // ApplicationSettings configurations
+    static class HttpConfiguration extends TLSTestBase.ConfigurationBase {
+        @Override
+        protected void configureSettings(ApplicationSettings settings) {
+        }
+    }
+
+    static class HttpsConfiguration extends TLSTestBase.ConfigurationBase {
+        public static final String USERNAME = "TestUser";
+        public static final String PASSWORD = "TestPassword";
+
+        @Override
+        protected void configureSettings(ApplicationSettings settings) {
+            when(settings.keystoreAlias()).thenReturn(KEYSTORE_ALIAS);
+            when(settings.keystoreFileLocation()).thenReturn(KEYSTORE.toString());
+            when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString());
+            when(settings.authorizationEnabled()).thenReturn(true);
+            when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, PASSWORD));
+        }
+    }
+
+    static class HttpsConfigurationWithTLSAuthentication extends HttpsConfiguration {
+        @Override
+        protected void configureSettings(ApplicationSettings settings) {
+            super.configureSettings(settings);
+            when(settings.authorizationEnabled()).thenReturn(false);
+            when(settings.clientTlsAuthenticationEnabled()).thenReturn(true);
+            when(settings.truststoreFileLocation()).thenReturn(TRUSTSTORE.toString());
+            when(settings.truststorePasswordFileLocation()).thenReturn(TRUSTSTORE_PASSWORD_FILE.toString());
+        }
+    }
+
+    static class HttpsConfigurationWithTLSAuthenticationAndBasicAuth extends HttpsConfigurationWithTLSAuthentication {
+        @Override
+        protected void configureSettings(ApplicationSettings settings) {
+            super.configureSettings(settings);
+            when(settings.authorizationEnabled()).thenReturn(true);
+        }
+    }
+}
diff --git a/src/test/java/org/onap/dcae/TLSTestBase.java b/src/test/java/org/onap/dcae/TLSTestBase.java
new file mode 100644
index 00000000..8b486ec7
--- /dev/null
+++ b/src/test/java/org/onap/dcae/TLSTestBase.java
@@ -0,0 +1,152 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dcaegen2.collectors.ves
+ * ================================================================================
+ * Copyright (C) 2018 Nokia. All rights reserved.
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcae;
+
+import org.json.JSONObject;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mockito;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.support.BasicAuthenticationInterceptor;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.web.client.RestTemplate;
+
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.concurrent.LinkedBlockingQueue;
+
+import static org.onap.dcae.TestingUtilities.*;
+
+@Configuration
+@ExtendWith(SpringExtension.class)
+public class TLSTestBase {
+    protected static final String KEYSTORE_ALIAS = "localhost";
+    protected static final Path RESOURCES = Paths.get("src", "test", "resources");
+    protected static final Path KEYSTORE = Paths.get(RESOURCES.toString(), "keystore");
+    protected static final Path KEYSTORE_PASSWORD_FILE = Paths.get(RESOURCES.toString(), "passwordfile");
+    protected static final Path TRUSTSTORE = Paths.get(RESOURCES.toString(), "truststore");
+    protected static final Path TRUSTSTORE_PASSWORD_FILE = Paths.get(RESOURCES.toString(), "trustpasswordfile");
+
+    protected static abstract class ConfigurationBase {
+        protected final ApplicationSettings settings = Mockito.mock(ApplicationSettings.class);
+
+        @Bean
+        @Primary
+        public ApplicationSettings settings() {
+            configureSettings(settings);
+            return settings;
+        }
+
+        protected abstract void configureSettings(final ApplicationSettings settings);
+    }
+
+    @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+    protected abstract class TestClassBase {
+        @MockBean
+        @Qualifier("inputQueue")
+        protected LinkedBlockingQueue<JSONObject> queue;
+
+        @LocalServerPort
+        private int port;
+
+        private final String keyStorePassword;
+        private final String trustStorePassword;
+
+        public TestClassBase() {
+            keyStorePassword = readFile(KEYSTORE_PASSWORD_FILE);
+            trustStorePassword = readFile(TRUSTSTORE_PASSWORD_FILE);
+        }
+
+        private String getURL(final String protocol, final String uri) {
+            return protocol + "://localhost:" + port + uri;
+        }
+
+        private RestTemplate addBasicAuth(final RestTemplate template, final String username, final String password) {
+            template.getInterceptors()
+                    .add(new BasicAuthenticationInterceptor(username, password));
+
+            return template;
+        }
+
+        public String createHttpURL(String uri) {
+            return getURL("http", uri);
+        }
+
+        public String createHttpsURL(String uri) {
+            return getURL("https", uri);
+        }
+
+        public RestTemplate createHttpRestTemplate() {
+            return new RestTemplate();
+        }
+
+        public RestTemplate createHttpsRestTemplate() {
+            return rethrow(() ->
+                    createRestTemplateWithSsl(
+                            sslBuilderWithTrustStore(KEYSTORE, keyStorePassword).build()
+                    ));
+        }
+
+        public RestTemplate createHttpsRestTemplateWithKeyStore() {
+            return rethrow(() ->
+                    createRestTemplateWithSsl(
+                            configureKeyStore(
+                                    sslBuilderWithTrustStore(KEYSTORE, keyStorePassword),
+                                    TRUSTSTORE,
+                                    trustStorePassword
+                            ).build())
+            );
+        }
+
+        public ResponseEntity<String> makeHttpRequest() {
+            return createHttpRestTemplate().getForEntity(createHttpURL("/"), String.class);
+        }
+
+        public ResponseEntity<String> makeHttpsRequest() {
+            return createHttpsRestTemplate().getForEntity(createHttpsURL("/"), String.class);
+        }
+
+
+        public ResponseEntity<String> makeHttpsRequestWithBasicAuth(final String username, final String password) {
+            return addBasicAuth(createHttpsRestTemplate(), username, password)
+                    .getForEntity(createHttpsURL("/"), String.class);
+
+        }
+
+        public ResponseEntity<String> makeHttpsRequestWithClientCert() {
+            return createHttpsRestTemplateWithKeyStore().getForEntity(createHttpsURL("/"), String.class);
+        }
+
+        public ResponseEntity<String> makeHttpsRequestWithClientCertAndBasicAuth(
+                final String username,
+                final String password) {
+            return addBasicAuth(createHttpsRestTemplateWithKeyStore(), username, password)
+                    .getForEntity(createHttpsURL("/"), String.class);
+        }
+    }
+}
diff --git a/src/test/java/org/onap/dcae/TestingUtilities.java b/src/test/java/org/onap/dcae/TestingUtilities.java
index bd05c4ea..4c0d5382 100644
--- a/src/test/java/org/onap/dcae/TestingUtilities.java
+++ b/src/test/java/org/onap/dcae/TestingUtilities.java
@@ -24,13 +24,30 @@ import static java.nio.file.Files.readAllBytes;
 import static org.assertj.core.api.Assertions.assertThat;
 
 import io.vavr.control.Try;
+
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.assertj.core.api.AbstractThrowableAssert;
 import org.assertj.core.api.Java6Assertions;
 import org.json.JSONObject;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+
+import javax.net.ssl.SSLContext;
 
 /**
  * @author Pawel Szalapski (pawel.szalapski@nokia.com)
@@ -67,11 +84,11 @@ public final class TestingUtilities {
      * Exception in test case usually means there is something wrong, it should never be catched, but rather thrown to
      * be handled by JUnit framework.
      */
-    private static <T> T rethrow(CheckedSupplier<T> supplier) {
+    public static <T> T rethrow(CheckedSupplier<T> supplier) {
         try {
             return supplier.get();
         } catch (Exception e) {
-            throw new RuntimeException();
+            throw new RuntimeException(e);
         }
     }
 
@@ -84,9 +101,43 @@ public final class TestingUtilities {
     public static void assertFailureHasInfo(Try any, String... msgPart) {
         Java6Assertions.assertThat(any.isFailure()).isTrue();
         AbstractThrowableAssert<?, ? extends Throwable> o = Java6Assertions.assertThat(any.getCause())
-            .hasCauseInstanceOf(Exception.class);
+                .hasCauseInstanceOf(Exception.class);
         for (String s : msgPart) {
             o.hasStackTraceContaining(s);
         }
     }
+
+    public static SSLContextBuilder sslBuilderWithTrustStore(final Path trustStore, final String pass) {
+        return rethrow(() ->
+                new SSLContextBuilder()
+                        .loadTrustMaterial(trustStore.toFile(), pass.toCharArray())
+        );
+    }
+
+    public static SSLContextBuilder configureKeyStore(
+            final SSLContextBuilder builder,
+            final Path keyStore,
+            final String pass) {
+        return rethrow(() -> {
+            KeyStore cks = KeyStore.getInstance(KeyStore.getDefaultType());
+            cks.load(new FileInputStream(keyStore.toFile()), pass.toCharArray());
+
+            builder.loadKeyMaterial(cks, pass.toCharArray());
+
+            return builder;
+        });
+    }
+
+    public static RestTemplate createRestTemplateWithSsl(final SSLContext context) {
+        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context);
+        final HttpClient httpClient = HttpClients
+                .custom()
+                .setSSLSocketFactory(socketFactory)
+                .build();
+
+        final HttpComponentsClientHttpRequestFactory factory =
+                new HttpComponentsClientHttpRequestFactory(httpClient);
+
+        return new RestTemplate(factory);
+    }
 }