Corner case issue.

When authMethod = certBasicAuth - following is expected

4.1 client with cert, known identity and without/wrong basic auth -> pass

4.2 client with cert, unknown identity and without/wrong basic auth -> fail

5.1 client with cert, known identity and correct basic auth -> pass

5.2 client with cert, unknown identity and correct basic auth -> pass

5.2 fails when the entry in certSubjectMatcher.properties is removed (default  - .*) - the request includes both certificate and BasicAuth credentials

vagrant@ncomp-dev:~$ curl -i -u sample1:sample1 -X POST -d @ves.txt --header "Content-Type: application/json" https://127.0.0.1:32770/eventListener/v5 --cert ~/gerrit/dcae-utils/g2/ves-tls/certs/rootCA.crt:collector --key ~/gerrit/dcae-utils/g2/ves-tls/certs/rootCA.key -k -v

• Hostname was NOT found in DNS cache

• Trying 127.0.0.1...

• Connected to 127.0.0.1 (127.0.0.1) port 32770 (#0)

• successfully set certificate verify locations:

• CAfile: none

CApath: /etc/ssl/certs

• SSLv3, TLS handshake, Client hello (1):

• SSLv3, TLS handshake, Server hello (2):

• SSLv3, TLS handshake, CERT (11):

• SSLv3, TLS handshake, Server key exchange (12):

• SSLv3, TLS handshake, Request CERT (13):

• SSLv3, TLS handshake, Server finished (14):

• SSLv3, TLS handshake, CERT (11):

• SSLv3, TLS handshake, Client key exchange (16):

• SSLv3, TLS handshake, CERT verify (15):

• SSLv3, TLS change cipher, Client hello (1):

• SSLv3, TLS handshake, Finished (20):

• SSLv3, TLS change cipher, Client hello (1):

• SSLv3, TLS handshake, Finished (20):

• SSL connection using ECDHE-RSA-AES256-GCM-SHA384

• Server certificate:

• subject: C=US; ST=NJ; L=Middletown; O=DCAE; OU=OPEN-DCAE; CN=DCAELOCAL

• start date: 2016-10-20 19:24:22 GMT

• expire date: 2017-01-18 19:24:22 GMT

• issuer: C=US; ST=NJ; L=Middletown; O=DCAE; OU=OPEN-DCAE; CN=DCAELOCAL

• SSL certificate verify result: self signed certificate (18), continuing anyway.

• Server auth using Basic with user 'sample1'

> POST /eventListener/v5 HTTP/1.1

> Authorization: Basic c2FtcGxlMTpzYW1wbGUx

> User-Agent: curl/7.35.0

> Host: 127.0.0.1:32770

> Accept: /

> Content-Type: application/json

> Content-Length: 483

>

• upload completely sent off: 483 out of 483 bytes

< HTTP/1.1 403

HTTP/1.1 403

< Content-Type: application/json;charset=UTF-8

Content-Type: application/json;charset=UTF-8

< Transfer-Encoding: chunked

Transfer-Encoding: chunked

< Date: Mon, 15 Apr 2019 16:55:40 GMT

Date: Mon, 15 Apr 2019 16:55:40 GMT

<

• Connection #0 to host 127.0.0.1 left intact

Unknown macro: {"timestamp"}

The validation against basic-auth credentials works when certificates are removed on the request (curl -i -u sample1:sample1 -X POST -d @ves.txt --header "Content-Type: application/json" https://127.0.0.1:32770/eventListener/v5 -k -v)