Add Authentication Header to Swagger UI (#65)

README.md

@@ -303,7 +303,19 @@ For example to convert the test authentication certificate created earlier:
 
 ## Documentation
 
-* [OpenAPI Spec](https://eu-digital-green-certificates.github.io/dgc-gateway/)
+### OpenAPI Spec
+
+The latest OpenAPI specification can always be found here: https://eu-digital-green-certificates.github.io/dgc-gateway/
+
+It is also possible to access OpenAPI when DGC Gateway is deployed on your local computer when Spring-Profile "dev" or "
+local" is enabled. In order to set authentication headers for authentication without a mTLS terminating LoadBalancer at
+least the profile "local"
+should be enabled. Then both headers can be set in Swagger UI.
+
+http://localhost:8090/swagger-ui/index.html
+
+### Other Documentation
+
 * [Software Design](docs/software-design-dgc-gateway.md)
 * [Onboarding Document](https://github.com/eu-digital-green-certificates/dgc-participating-countries/blob/main/gateway/OnboardingChecklist.md)
 

src/main/java/eu/europa/ec/dgc/gateway/config/OpenApiConfig.java

@@ -20,21 +20,30 @@
 
 package eu.europa.ec.dgc.gateway.config;
 
+import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.info.Info;
 import io.swagger.v3.oas.models.info.License;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import java.util.Arrays;
+import java.util.List;
 import java.util.Optional;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.info.BuildProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
 
 @Configuration
 @RequiredArgsConstructor
 public class OpenApiConfig {
 
     private final Optional<BuildProperties> buildProperties;
 
+    private final DgcConfigProperties configProperties;
+
+    private final Environment environment;
+
     @Bean
     OpenAPI openApiInfo() {
         String version;
@@ -45,13 +54,34 @@ OpenAPI openApiInfo() {
             version = "Development Build";
         }
 
+        Components components = new Components();
+
+        // Add authorization if "local" Profile is enabled.
+        List<String> activeProfiles = Arrays.asList(environment.getActiveProfiles());
+        if (activeProfiles.contains("local")) {
+            components = new Components()
+                .addSecuritySchemes("Authentication Certificate Hash", new SecurityScheme()
+                    .type(SecurityScheme.Type.APIKEY)
+                    .in(SecurityScheme.In.HEADER)
+                    .name(configProperties.getCertAuth().getHeaderFields().getThumbprint())
+                    .description("SHA256 Hash of Authentication Certificate (HEX encoded, "
+                        + "e.g. e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855)"))
+                .addSecuritySchemes("Authentication Certificate Distinguish Name", new SecurityScheme()
+                    .type(SecurityScheme.Type.APIKEY)
+                    .in(SecurityScheme.In.HEADER)
+                    .name(configProperties.getCertAuth().getHeaderFields().getDistinguishedName())
+                    .description("Distinguish Name of Authentication Certificate."
+                        + "Should contain at least country property. (e.g. C=EU)"));
+        }
+
         return new OpenAPI()
             .info(new Info()
                 .version(version)
                 .title("Digital Green Certificate Gateway")
                 .description("The API defines how to exchange verification information for digital green certificates.")
                 .license(new License()
                     .name("Apache 2.0")
-                    .url("http://www.apache.org/licenses/LICENSE-2.0")));
+                    .url("http://www.apache.org/licenses/LICENSE-2.0")))
+            .components(components);
     }
 }

src/main/resources/application-local.yml

@@ -0,0 +1,6 @@
+springdoc:
+  api-docs:
+    path: /api/docs
+    enabled: true
+  swagger-ui:
+    path: /swagger