Collector authentication enhancement

Collector authentication enhancement

Change-Id: I03a05cb83dd8c498fb218e82e9b3958348fbb4ac
Issue-ID: DCAEGEN2-1101
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>

7 files changed, 23 insertions, 31 deletions

diff --git a/src/test/java/org/onap/dcae/ApplicationSettingsTest.java b/src/test/java/org/onap/dcae/ApplicationSettingsTest.java
index 646d3e52..60287aef 100644
--- a/src/test/java/org/onap/dcae/ApplicationSettingsTest.java
+++ b/src/test/java/org/onap/dcae/ApplicationSettingsTest.java
@@ -344,22 +344,12 @@ public class ApplicationSettingsTest {
     }
 
     @Test
-    public void shouldReturnIfAuthorizationIsEnabled() throws IOException {
-        // when
-        boolean authorizationEnabled = fromTemporaryConfiguration("header.authflag=1")
-            .authorizationEnabled();
-
-        // then
-        assertTrue(authorizationEnabled);
-    }
-
-    @Test
     public void shouldAuthorizationBeDisabledByDefault() throws IOException {
         // when
-        boolean authorizationEnabled = fromTemporaryConfiguration().authorizationEnabled();
+        boolean authorizationEnabled = fromTemporaryConfiguration().authMethod().contains("noAuth");
 
         // then
-        assertFalse(authorizationEnabled);
+        assertTrue(authorizationEnabled);
     }
 
     @Test
diff --git a/src/test/java/org/onap/dcae/TLSTest.java b/src/test/java/org/onap/dcae/TLSTest.java
index e088df28..b1f90371 100644
--- a/src/test/java/org/onap/dcae/TLSTest.java
+++ b/src/test/java/org/onap/dcae/TLSTest.java
@@ -24,6 +24,7 @@ package org.onap.dcae;
 import io.vavr.collection.HashMap;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.onap.dcae.common.configuration.AuthMethodType;
 import org.springframework.context.annotation.Import;
 import org.springframework.http.HttpStatus;
 
@@ -86,8 +87,8 @@ public class TLSTest extends TLSTestBase {
     class HttpsWithTLSAuthenticationAndBasicAuthTest extends TestClassBase {
 
         @Test
-        public void shouldHttpsRequestWithoutBasicAuthFail() {
-            assertThrows(Exception.class, this::makeHttpsRequestWithClientCert);
+        public void shouldHttpsRequestWithoutBasicAuthSucceed() {
+            assertEquals(HttpStatus.OK, makeHttpsRequestWithClientCert().getStatusCode());
         }
 
         @Test
@@ -100,6 +101,7 @@ public class TLSTest extends TLSTestBase {
     static class HttpConfiguration extends TLSTestBase.ConfigurationBase {
         @Override
         protected void configureSettings(ApplicationSettings settings) {
+            when(settings.authMethod()).thenReturn(AuthMethodType.NO_AUTH.value());
         }
     }
 
@@ -111,7 +113,7 @@ public class TLSTest extends TLSTestBase {
         protected void configureSettings(ApplicationSettings settings) {
             when(settings.keystoreFileLocation()).thenReturn(KEYSTORE.toString());
             when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString());
-            when(settings.authorizationEnabled()).thenReturn(true);
+            when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
             when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, "$2a$10$51tDgG2VNLde5E173Ay/YO.Fq.aD.LR2Rp8pY3QAKriOSPswvGviy"));
         }
     }
@@ -120,8 +122,7 @@ public class TLSTest extends TLSTestBase {
         @Override
         protected void configureSettings(ApplicationSettings settings) {
             super.configureSettings(settings);
-            when(settings.authorizationEnabled()).thenReturn(false);
-            when(settings.clientTlsAuthenticationEnabled()).thenReturn(true);
+            when(settings.authMethod()).thenReturn(AuthMethodType.CERT_ONLY.value());
             when(settings.truststoreFileLocation()).thenReturn(TRUSTSTORE.toString());
             when(settings.truststorePasswordFileLocation()).thenReturn(TRUSTSTORE_PASSWORD_FILE.toString());
         }
@@ -131,7 +132,7 @@ public class TLSTest extends TLSTestBase {
         @Override
         protected void configureSettings(ApplicationSettings settings) {
             super.configureSettings(settings);
-            when(settings.authorizationEnabled()).thenReturn(true);
+            when(settings.authMethod()).thenReturn(AuthMethodType.CERT_BASIC_AUTH.value());
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
index 569fd969..a295046b 100644
--- a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
+++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
@@ -28,6 +28,7 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.onap.dcae.ApplicationSettings;
+import org.onap.dcae.common.configuration.AuthMethodType;
 import org.slf4j.Logger;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -89,7 +90,7 @@ public class ApiAuthInterceptionTest {
         // given
         final HttpServletRequest request = createEmptyRequest();
 
-        when(settings.authorizationEnabled()).thenReturn(false);
+        when(settings.authMethod()).thenReturn(AuthMethodType.NO_AUTH.value());
 
         // when
         final boolean isAuthorized = sut.preHandle(request, response, obj);
@@ -103,7 +104,7 @@ public class ApiAuthInterceptionTest {
         // given
         final HttpServletRequest request = createEmptyRequest();
 
-        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
         when(response.getWriter()).thenReturn(writer);
 
         // when
@@ -113,7 +114,7 @@ public class ApiAuthInterceptionTest {
         // then
         assertFalse(isAuthorized);
 
-        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(response).setStatus(HttpStatus.UNAUTHORIZED.value());
         verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
     }
 
@@ -122,7 +123,7 @@ public class ApiAuthInterceptionTest {
         // given
         final HttpServletRequest request = createRequestWithAuthorizationHeader();
 
-        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
         when(response.getWriter()).thenReturn(writer);
 
         // when
@@ -131,7 +132,7 @@ public class ApiAuthInterceptionTest {
         // then
         assertFalse(isAuthorized);
 
-        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(response).setStatus(HttpStatus.UNAUTHORIZED.value());
         verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
     }
 
@@ -139,7 +140,7 @@ public class ApiAuthInterceptionTest {
     public void shouldSucceed() throws IOException {
         // given
         final HttpServletRequest request = createRequestWithAuthorizationHeader();
-        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.authMethod()).thenReturn(AuthMethodType.CERT_ONLY.value());
         when(settings.validAuthorizationCredentials()).thenReturn(
             HashMap.of(USERNAME, "$2a$10$BsZkEynNm/93wbAeeZuxJeu6IHRyQl4XReqDg2BtYOFDhUsz20.3G"));
         when(response.getWriter()).thenReturn(writer);
@@ -160,7 +161,7 @@ public class ApiAuthInterceptionTest {
                         .header(HttpHeaders.AUTHORIZATION, "FooBar")
                         .buildRequest(null);
 
-        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
         when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
         when(response.getWriter()).thenReturn(writer);
 
@@ -170,7 +171,7 @@ public class ApiAuthInterceptionTest {
         // then
         assertFalse(isAuthorized);
 
-        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(response).setStatus(HttpStatus.UNAUTHORIZED.value());
         verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
     }
 }
diff --git a/src/test/resources/controller-config_dmaap_ip.json b/src/test/resources/controller-config_dmaap_ip.json
index f12a36fa..1cc6576b 100644
--- a/src/test/resources/controller-config_dmaap_ip.json
+++ b/src/test/resources/controller-config_dmaap_ip.json
@@ -1,5 +1,5 @@
 {
-	"header.authflag": 1,
+	"auth.method": "noAuth",
 	"collector.inputQueue.maxPending": 8096,
 	"collector.schema.checkflag": 1,
 	"collector.keystore.file.location": "/opt/app/dcae-certificate/keystore.jks",
diff --git a/src/test/resources/controller-config_singleline_ip.json b/src/test/resources/controller-config_singleline_ip.json
index 827138c7..c3a8d067 100644
--- a/src/test/resources/controller-config_singleline_ip.json
+++ b/src/test/resources/controller-config_singleline_ip.json
@@ -1,5 +1,5 @@
 {
-  "header.authflag": "1",
+  "auth.method": "noAuth",
   "collector.schema.file": "{\"v1\": \"./etc/CommonEventFormat_27.2.json\", \"v2\": \"./etc/CommonEventFormat_27.2.json\", \"v3\": \"./etc/CommonEventFormat_27.2.json\", \"v4\": \"./etc/CommonEventFormat_27.2.json\", \"v5\": \"./etc/CommonEventFormat_28.4.json\"}",
   "collector.keystore.passwordfile": "/opt/app/dcae-certificate/.password",
   "tomcat.maxthreads": "200",
diff --git a/src/test/resources/test_collector_ip_op.properties b/src/test/resources/test_collector_ip_op.properties
index 1d1364bc..9450067a 100644
--- a/src/test/resources/test_collector_ip_op.properties
+++ b/src/test/resources/test_collector_ip_op.properties
@@ -6,7 +6,7 @@ collector.schema.checkflag=1
 collector.schema.file={\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.json\"}
 collector.dmaap.streamid=fault=ves-fault,ves-fault-secondary|syslog=ves-syslog,ves-syslog-secondary|heartbeat=ves-heartbeat,ves-heartbeat-secondary|measurementsForVfScaling=ves-measurement,ves-measurement-secondary|mobileFlow=ves-mobileflow,ves-mobileflow-secondary|other=ves-other,ves-other-secondary|stateChange=ves-statechange,ves-statechange-secondary|thresholdCrossingAlert=ves-thresholdCrossingAlert,ves-thresholdCrossingAlert-secondary|voiceQuality=ves-voicequality,ves-voicequality-secondary|sipSignaling=ves-sipsignaling,ves-sipsignaling-secondary
 collector.dmaapfile=./etc/DmaapConfig.json
-header.authflag=1
+auth.method=noAuth
 header.authlist=sample1,$2a$10$pgjaxDzSuc6XVFEeqvxQ5u90DKJnM/u7TJTcinAlFJVaavXMWf/Zi|userid1,$2a$10$61gNubgJJl9lh3nvQvY9X.x4e5ETWJJ7ao7ZhJEvmfJigov26Z6uq|userid2,$2a$10$G52y/3uhuhWAMy.bx9Se8uzWinmbJa.dlm1LW6bYPdPkkywLDPLiy
 event.transform.flag=1
 collector.inputQueue.maxPending = 8096
diff --git a/src/test/resources/testcollector.properties b/src/test/resources/testcollector.properties
index a99fd067..c3fcca62 100644
--- a/src/test/resources/testcollector.properties
+++ b/src/test/resources/testcollector.properties
@@ -6,7 +6,7 @@ collector.schema.checkflag=1
 collector.schema.file={\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.json\"}

 collector.dmaap.streamid=fault=sec_fault|syslog=sec_syslog|heartbeat=sec_heartbeat|measurementsForVfScaling=sec_measurement|mobileFlow=sec_mobileflow|other=sec_other|stateChange=sec_statechange|thresholdCrossingAlert=sec_thresholdCrossingAlert|voiceQuality=ves_voicequality|sipSignaling=ves_sipsignaling

 collector.dmaapfile=./etc/DmaapConfig.json

-header.authflag=1

+auth.method=noAuth

 header.authlist=sample1,$2a$10$pgjaxDzSuc6XVFEeqvxQ5u90DKJnM/u7TJTcinAlFJVaavXMWf/Zi|userid1,$2a$10$61gNubgJJl9lh3nvQvY9X.x4e5ETWJJ7ao7ZhJEvmfJigov26Z6uq|userid2,$2a$10$G52y/3uhuhWAMy.bx9Se8uzWinmbJa.dlm1LW6bYPdPkkywLDPLiy

 event.transform.flag=1