2017-12-15 00:01:26 +01:00
|
|
|
package eu.eudat.security.validators;
|
2017-09-27 18:15:39 +02:00
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.security.GeneralSecurityException;
|
2017-12-15 17:57:41 +01:00
|
|
|
import java.security.Principal;
|
|
|
|
import java.util.*;
|
2017-09-27 18:15:39 +02:00
|
|
|
|
2017-12-15 17:57:41 +01:00
|
|
|
import eu.eudat.dao.entities.security.CredentialDao;
|
|
|
|
import eu.eudat.entities.Credential;
|
|
|
|
import eu.eudat.entities.UserToken;
|
|
|
|
import eu.eudat.services.AuthenticationService;
|
2017-10-20 12:03:55 +02:00
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
|
2017-09-27 18:15:39 +02:00
|
|
|
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
|
|
|
|
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
|
|
|
|
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
|
|
|
|
import com.google.api.client.http.HttpTransport;
|
|
|
|
import com.google.api.client.http.javanet.NetHttpTransport;
|
|
|
|
import com.google.api.client.json.jackson2.JacksonFactory;
|
|
|
|
|
2017-12-15 00:01:26 +01:00
|
|
|
import eu.eudat.dao.entities.UserInfoDao;
|
|
|
|
import eu.eudat.entities.UserInfo;
|
|
|
|
import eu.eudat.exceptions.NonValidTokenException;
|
|
|
|
import org.springframework.stereotype.Component;
|
|
|
|
import org.springframework.stereotype.Service;
|
2017-09-27 18:15:39 +02:00
|
|
|
|
2017-12-15 00:01:26 +01:00
|
|
|
@Component
|
2017-10-13 17:08:49 +02:00
|
|
|
public class GoogleTokenValidator implements TokenValidator {
|
2017-09-27 18:15:39 +02:00
|
|
|
|
|
|
|
private static final JacksonFactory jacksonFactory = new JacksonFactory();
|
|
|
|
private static final HttpTransport transport = new NetHttpTransport();
|
|
|
|
|
2017-10-20 12:03:55 +02:00
|
|
|
@Autowired private UserInfoDao userInfoDao;
|
2017-12-15 17:57:41 +01:00
|
|
|
@Autowired private CredentialDao credentialDao;
|
|
|
|
@Autowired private AuthenticationService authenticationService;
|
2017-10-19 11:35:33 +02:00
|
|
|
private static final List<String> clientIDs = Arrays.asList(
|
|
|
|
"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com",
|
2017-10-20 12:03:55 +02:00
|
|
|
"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com"
|
2017-10-19 11:35:33 +02:00
|
|
|
);
|
2017-09-27 18:15:39 +02:00
|
|
|
|
|
|
|
private GoogleIdTokenVerifier verifier = null;
|
|
|
|
|
|
|
|
|
|
|
|
public GoogleTokenValidator() {
|
|
|
|
verifier = new GoogleIdTokenVerifier.Builder(transport, jacksonFactory)
|
|
|
|
.setAudience(clientIDs)
|
|
|
|
// Or, if multiple clients access the backend:
|
|
|
|
//.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))
|
|
|
|
.build();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-10-13 17:08:49 +02:00
|
|
|
@Override
|
2017-12-15 17:57:41 +01:00
|
|
|
public eu.eudat.models.security.Principal validateToken(String token) throws NonValidTokenException {
|
2017-09-27 18:15:39 +02:00
|
|
|
|
|
|
|
GoogleIdToken idToken = null;
|
|
|
|
try {
|
|
|
|
idToken = verifier.verify(token);
|
|
|
|
}
|
|
|
|
catch(GeneralSecurityException ex) {
|
|
|
|
throw new NonValidTokenException("Token is not valid -> "+ex.getMessage());
|
|
|
|
}
|
|
|
|
catch(IOException ex) {
|
|
|
|
throw new NonValidTokenException("Could not verify token -> "+ex.getMessage());
|
|
|
|
}
|
|
|
|
catch(IllegalArgumentException ex) {
|
|
|
|
throw new NonValidTokenException("Could not verify token");
|
|
|
|
}
|
|
|
|
|
2017-10-13 17:08:49 +02:00
|
|
|
if(idToken == null) {
|
|
|
|
throw new NonValidTokenException("Not a valid token");
|
|
|
|
}
|
2017-10-20 12:03:55 +02:00
|
|
|
|
|
|
|
Payload payload = idToken.getPayload();
|
|
|
|
|
|
|
|
UserInfo userInfo = userInfoDao.getByMail(payload.getEmail());
|
|
|
|
|
2017-12-15 17:57:41 +01:00
|
|
|
Credential credential = new Credential();
|
|
|
|
credential.setCreationTime(new Date());
|
|
|
|
credential.setId(UUID.randomUUID());
|
|
|
|
credential.setLastUpdateTime(new Date());
|
|
|
|
credential.setProvider(1);
|
|
|
|
credential.setSecret(token);
|
|
|
|
credential.setPublicValue(userInfo.getName());
|
|
|
|
credential.setUserInfo(userInfo);
|
|
|
|
|
2017-10-20 12:03:55 +02:00
|
|
|
if(userInfo == null) { //means not existing in db, so create one
|
|
|
|
userInfo = new UserInfo();
|
|
|
|
userInfo.setName((String)payload.get("name"));
|
|
|
|
userInfo.setVerified_email(payload.getEmailVerified());
|
|
|
|
userInfo.setEmail(payload.getEmail());
|
|
|
|
userInfo.setCreated(new Date());
|
|
|
|
userInfo.setLastloggedin(new Date());
|
|
|
|
userInfo.setAuthorization_level(new Short("1"));
|
|
|
|
userInfo.setUsertype(new Short("1"));
|
|
|
|
userInfo = userInfoDao.create(userInfo);
|
2017-12-15 17:57:41 +01:00
|
|
|
credential = credentialDao.create(credential);
|
2017-10-20 12:03:55 +02:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
userInfo.setLastloggedin(new Date());
|
2017-12-15 17:57:41 +01:00
|
|
|
Set<Credential> credentials = userInfo.getCredentials();
|
|
|
|
credentials.add(credential);
|
2017-10-20 12:03:55 +02:00
|
|
|
userInfo = userInfoDao.update(userInfo);
|
|
|
|
}
|
2017-12-15 17:57:41 +01:00
|
|
|
|
|
|
|
UserToken userToken = new UserToken();
|
|
|
|
userToken.setUser(userInfo);
|
|
|
|
userToken.setIssuedAt(new Date());
|
|
|
|
userToken.setToken(UUID.randomUUID());
|
|
|
|
userToken.setExpiresAt(new Date());
|
2017-10-13 17:08:49 +02:00
|
|
|
|
2017-12-15 17:57:41 +01:00
|
|
|
return authenticationService.Touch(userToken.getToken());
|
2017-10-20 12:03:55 +02:00
|
|
|
|
2017-09-27 18:15:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|