Add tests and refactor code

enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/AuthenticatorUtils.java

@@ -20,16 +20,14 @@
 
 import com.nimbusds.jwt.JWTClaimsSet;
 import net.minidev.json.JSONObject;
-
-import java.util.HashMap;
-import java.util.Map;
-
 import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
 import org.wso2.choreo.connect.enforcer.constants.APIConstants;
-import org.wso2.choreo.connect.enforcer.constants.Constants;
 import org.wso2.choreo.connect.enforcer.constants.HttpConstants;
 import org.wso2.choreo.connect.enforcer.dto.APIKeyValidationInfoDTO;
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * Utility functions shared between different authenticators.
  */

enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/UnsecuredAPIAuthenticator.java

@@ -24,14 +24,15 @@
 import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
 import org.wso2.choreo.connect.enforcer.commons.model.ResourceConfig;
 import org.wso2.choreo.connect.enforcer.constants.APIConstants;
+import org.wso2.choreo.connect.enforcer.constants.Constants;
+import org.wso2.choreo.connect.enforcer.constants.HttpConstants;
 import org.wso2.choreo.connect.enforcer.exception.APISecurityException;
 import org.wso2.choreo.connect.enforcer.security.Authenticator;
 import org.wso2.choreo.connect.enforcer.tracing.TracingConstants;
 import org.wso2.choreo.connect.enforcer.tracing.TracingSpan;
 import org.wso2.choreo.connect.enforcer.tracing.TracingTracer;
 import org.wso2.choreo.connect.enforcer.tracing.Utils;
 import org.wso2.choreo.connect.enforcer.util.FilterUtils;
-import org.wso2.choreo.connect.enforcer.util.InternalAPIKeyUtils;
 
 /**
  * Implements the authenticator interface to authenticate non-secured APIs.
@@ -78,7 +79,14 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws
 //                        GeneralErrorCodeConstants.API_BLOCKED_CODE, GeneralErrorCodeConstants.API_BLOCKED_MESSAGE);
 //            }
             if (requestContext.getMatchedAPI().getApiType().equalsIgnoreCase(APIConstants.ApiType.WEB_SOCKET)) {
-                InternalAPIKeyUtils.addWSProtocolResponseHeaderIfRequired(requestContext);
+                String secProtocolHeader = requestContext.getHeaders().get(HttpConstants.WEBSOCKET_PROTOCOL_HEADER);
+                if (secProtocolHeader.contains(Constants.WS_API_KEY_IDENTIFIER)) {
+                    AuthenticatorUtils.addWSProtocolResponseHeaderIfRequired(requestContext,
+                            Constants.WS_API_KEY_IDENTIFIER);
+                } else if (secProtocolHeader.contains(Constants.WS_OAUTH2_KEY_IDENTIFIED)) {
+                    AuthenticatorUtils.addWSProtocolResponseHeaderIfRequired(requestContext,
+                            Constants.WS_OAUTH2_KEY_IDENTIFIED);
+                }
             }
             return FilterUtils.generateAuthenticationContextForUnsecured(requestContext);
         } finally {

enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticatorTest.java

@@ -28,16 +28,21 @@
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 import org.wso2.carbon.apimgt.common.gateway.dto.JWTConfigurationDto;
+import org.wso2.choreo.connect.enforcer.commons.model.APIConfig;
+import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
 import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
 import org.wso2.choreo.connect.enforcer.config.EnforcerConfig;
+import org.wso2.choreo.connect.enforcer.config.dto.AuthHeaderDto;
 import org.wso2.choreo.connect.enforcer.config.dto.CacheDto;
 import org.wso2.choreo.connect.enforcer.exception.APISecurityException;
 
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 @RunWith(PowerMockRunner.class)
-@PrepareForTest({ConfigHolder.class})
+@PrepareForTest({ ConfigHolder.class })
 @PowerMockIgnore("javax.management.*")
 public class JWTAuthenticatorTest {
 
@@ -87,4 +92,59 @@ public void isAllowedEnvironmentForIDPTest() {
                     "of the API");
         }
     }
+
+    @Test
+    public void extractJWTInWSProtocolHeaderTest() {
+        PowerMockito.mockStatic(ConfigHolder.class);
+        ConfigHolder configHolder = Mockito.mock(ConfigHolder.class);
+        EnforcerConfig enforcerConfig = Mockito.mock(EnforcerConfig.class);
+        AuthHeaderDto authHeaderDto = Mockito.mock(AuthHeaderDto.class);
+        CacheDto cacheDto = Mockito.mock(CacheDto.class);
+        Mockito.when(cacheDto.isEnabled()).thenReturn(true);
+        Mockito.when(enforcerConfig.getCacheDto()).thenReturn(cacheDto);
+        JWTConfigurationDto jwtConfigurationDto = Mockito.mock(JWTConfigurationDto.class);
+        Mockito.when(jwtConfigurationDto.isEnabled()).thenReturn(false);
+        Mockito.when(enforcerConfig.getJwtConfigurationDto()).thenReturn(jwtConfigurationDto);
+        Mockito.when(configHolder.getConfig()).thenReturn(enforcerConfig);
+        Mockito.when(ConfigHolder.getInstance()).thenReturn(configHolder);
+        Mockito.when(ConfigHolder.getInstance().getConfig().getAuthHeader()).thenReturn(authHeaderDto);
+
+        String securityParam = "Authorization";
+
+        String mockToken = "eyJraWQiOiJnYXRld2F5XUlMyNTYifQlzaGVyXC92MlwvYXBpc1wvaW50ZXJuYlzaGVyXC92XBpc1wvaW50ZXJuY." +
+                "eyJzdWIiOiJhMzllYGV2OjQ0M1wvYXBpXC9hbVwvcHVibGlzaGVyXC92MlwvYXBpc1wvaW50ZXJuYWwta2V5Iiwia2V5dHlwZcl." +
+                "cnZpY2VcL3YxLjAiLCJwdWJsaXNoZXIiOiJjaG9yZW9fZGV2X2FwaW1fYWRtaW4iLCJ2ZXJzaW9uIjoidj7MIXRnS-2UWHdrmd7";
+
+        String secWebsocketProtocolHeader = "sec-websocket-protocol";
+
+        // Test case to test for an Upgrade request sent from the choreo console
+        // The token will be set to the sec-websocket-protocol header with
+        // choreo-oauth2-key keyword
+        // the value after choreo-oauth2-key will be the token
+        RequestContext.Builder builder = new RequestContext.Builder("/pets");
+        builder.matchedAPI(new APIConfig.Builder("Petstore")
+                .basePath("/choreo")
+                .apiType("WS")
+                .build());
+        Map<String, String> headersMap = new HashMap<>();
+        headersMap.put(
+                secWebsocketProtocolHeader,
+                "choreo-oauth2-key," + mockToken);
+        builder.headers(headersMap);
+        RequestContext requestContext = builder.build();
+        JWTAuthenticator jwtAuthenticator = new JWTAuthenticator();
+        Assert.assertEquals(jwtAuthenticator.extractJWTInWSProtocolHeader(requestContext), mockToken);
+
+        // Test case to test for an Upgrade request sent from a client with api-key
+        RequestContext.Builder builder2 = new RequestContext.Builder("/pets");
+        builder2.matchedAPI(new APIConfig.Builder("Petstore")
+                .basePath("/choreo")
+                .apiType("WS")
+                .build());
+        Map<String, String> headersMap2 = new HashMap<>();
+        headersMap2.put(securityParam, mockToken);
+        builder2.headers(headersMap2);
+        RequestContext requestContext2 = builder2.build();
+        Assert.assertEquals(jwtAuthenticator.extractJWTInWSProtocolHeader(requestContext2), "");
+    }
 }