argos/dmp-backend/src/main/java/eu/eudat/security/validators/google/GoogleTokenValidator.java

package eu.eudat.security.validators.google;

import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.*;
import java.util.stream.Collector;
import java.util.stream.Collectors;

import com.google.api.client.googleapis.auth.oauth2.*;
import eu.eudat.dao.entities.security.CredentialDao;
import eu.eudat.dao.entities.security.UserTokenDao;
import eu.eudat.entities.Credential;
import eu.eudat.entities.UserToken;
import eu.eudat.models.criteria.UserInfoCriteria;
import eu.eudat.models.login.LoginInfo;
import eu.eudat.security.validators.TokenValidator;
import eu.eudat.security.validators.TokenValidatorFactoryImpl;
import eu.eudat.services.AuthenticationService;
import org.springframework.beans.factory.annotation.Autowired;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;

import eu.eudat.dao.entities.UserInfoDao;
import eu.eudat.entities.UserInfo;
import eu.eudat.exceptions.NonValidTokenException;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;

import static com.sun.org.apache.xalan.internal.xsltc.compiler.Constants.REDIRECT_URI;

@Component("googleTokenValidator")
public class GoogleTokenValidator implements TokenValidator {

	private static final HttpTransport transport = new NetHttpTransport();
	@Autowired private UserInfoDao userInfoDao;
	@Autowired private CredentialDao credentialDao;
	@Autowired private AuthenticationService authenticationService;
	@Autowired private UserTokenDao userTokenDao;
	private GoogleIdTokenVerifier verifier;
	public GoogleTokenValidator(){
		verifier = new GoogleIdTokenVerifier.Builder(transport, JacksonFactory.getDefaultInstance())
				.setAudience(Collections.singletonList("524432312250-sc9qsmtmbvlv05r44onl6l93ia3k9deo.apps.googleusercontent.com"))
				// Or, if multiple clients access the backend:
				//.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))
				.build();
	}

	private GoogleIdToken verifyUserAndGetUser(String idTokenString) throws IOException, GeneralSecurityException {

		GoogleIdToken idToken = verifier.verify(idTokenString);

		return idToken;
	}

	@Override
	public eu.eudat.models.security.Principal validateToken(String token) throws NonValidTokenException, IOException, GeneralSecurityException {

		GoogleIdToken idToken = this.verifyUserAndGetUser(token);
		Payload payload = idToken.getPayload();

		UserInfoCriteria criteria = new UserInfoCriteria();
		criteria.setEmail(payload.getEmail());
		List<UserInfo> users = userInfoDao.getWithCriteria(criteria).toList();
		UserInfo userInfo = null;
		if(users.size()>0)userInfo = users.get(0);
		final Credential credential = new Credential();
		credential.setId(UUID.randomUUID());
		credential.setCreationTime(new Date());
		credential.setStatus(1);
		credential.setLastUpdateTime(new Date());
		credential.setProvider((int)TokenValidatorFactoryImpl.LoginProvider.GOOGLE.getValue());
		credential.setSecret(token);
		if(userInfo == null) {
			userInfo = new UserInfo();
			userInfo.setName((String)payload.get("name"));
			userInfo.setVerified_email(payload.getEmailVerified());
			userInfo.setEmail(payload.getEmail());
			userInfo.setCreated(new Date());
			userInfo.setLastloggedin(new Date());
			userInfo.setAuthorization_level(new Short("1"));
			userInfo.setUsertype(new Short("1"));
			userInfo = userInfoDao.createOrUpdate(userInfo);

			credential.setPublicValue(userInfo.getName());

			credential.setUserInfo(userInfo);
			credentialDao.createOrUpdate(credential);
		}
		else {
			userInfo.setLastloggedin(new Date());
			Set<Credential> credentials = userInfo.getCredentials();
			if(credentials.contains(credential)){
				Credential oldCredential = credentials.stream().filter(item->credential.getProvider().equals(item.getProvider())).findFirst().get();
				credential.setId(oldCredential.getId());
			}
			else{
				credential.setUserInfo(userInfo);
				credential.setId(UUID.randomUUID());
				credential.setPublicValue(userInfo.getName());

				credentialDao.createOrUpdate(credential);
				userInfo.getCredentials().add(credential);
			}
			userInfo = userInfoDao.createOrUpdate(userInfo);

		}

		UserToken userToken = new UserToken();
		userToken.setUser(userInfo);
		userToken.setIssuedAt(new Date());
		userToken.setToken(UUID.randomUUID());
		userToken.setExpiresAt(addADay(new Date()));
		userTokenDao.create(userToken);
		return authenticationService.Touch(userToken.getToken());
	  
	}
	
	private Date addADay(Date date){
		Date dt = new Date();
		Calendar c = Calendar.getInstance();
		c.setTime(dt);
		c.add(Calendar.DATE, 1);
		dt = c.getTime();
		return dt;
	}
	
	
	
}
no message 2018-01-09 12:31:01 +01:00			`package eu.eudat.security.validators.google;`
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00
no message 2017-12-18 16:55:12 +01:00			`import java.io.FileReader;`
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00			`import java.io.IOException;`
			`import java.security.GeneralSecurityException;`
no message 2017-12-15 17:57:41 +01:00			`import java.security.Principal;`
			`import java.util.*;`
no message 2017-12-19 17:22:30 +01:00			`import java.util.stream.Collector;`
			`import java.util.stream.Collectors;`
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00
no message 2017-12-18 16:55:12 +01:00			`import com.google.api.client.googleapis.auth.oauth2.*;`
no message 2017-12-15 17:57:41 +01:00			`import eu.eudat.dao.entities.security.CredentialDao;`
no message 2017-12-18 16:55:12 +01:00			`import eu.eudat.dao.entities.security.UserTokenDao;`
no message 2017-12-15 17:57:41 +01:00			`import eu.eudat.entities.Credential;`
			`import eu.eudat.entities.UserToken;`
no message 2018-01-05 08:47:52 +01:00			`import eu.eudat.models.criteria.UserInfoCriteria;`
no message 2017-12-18 16:55:12 +01:00			`import eu.eudat.models.login.LoginInfo;`
no message 2018-01-09 12:31:01 +01:00			`import eu.eudat.security.validators.TokenValidator;`
			`import eu.eudat.security.validators.TokenValidatorFactoryImpl;`
no message 2017-12-15 17:57:41 +01:00			`import eu.eudat.services.AuthenticationService;`
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00			`import org.springframework.beans.factory.annotation.Autowired;`

Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00			`import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;`
			`import com.google.api.client.http.HttpTransport;`
			`import com.google.api.client.http.javanet.NetHttpTransport;`
			`import com.google.api.client.json.jackson2.JacksonFactory;`

migrating to spring boot 2017-12-15 00:01:26 +01:00			`import eu.eudat.dao.entities.UserInfoDao;`
			`import eu.eudat.entities.UserInfo;`
			`import eu.eudat.exceptions.NonValidTokenException;`
			`import org.springframework.stereotype.Component;`
			`import org.springframework.stereotype.Service;`
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00
no message 2017-12-18 16:55:12 +01:00			`import static com.sun.org.apache.xalan.internal.xsltc.compiler.Constants.REDIRECT_URI;`

no message 2018-01-09 12:31:01 +01:00			`@Component("googleTokenValidator")`
Security is now completed... only token-based calls are now permitted. 2017-10-13 17:08:49 +02:00			`public class GoogleTokenValidator implements TokenValidator {`
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00
			`private static final HttpTransport transport = new NetHttpTransport();`
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00			`@Autowired private UserInfoDao userInfoDao;`
no message 2017-12-15 17:57:41 +01:00			`@Autowired private CredentialDao credentialDao;`
			`@Autowired private AuthenticationService authenticationService;`
no message 2017-12-18 16:55:12 +01:00			`@Autowired private UserTokenDao userTokenDao;`
no message 2017-12-19 17:22:30 +01:00			`private GoogleIdTokenVerifier verifier;`
			`public GoogleTokenValidator(){`
			`verifier = new GoogleIdTokenVerifier.Builder(transport, JacksonFactory.getDefaultInstance())`
			`.setAudience(Collections.singletonList("524432312250-sc9qsmtmbvlv05r44onl6l93ia3k9deo.apps.googleusercontent.com"))`
			`// Or, if multiple clients access the backend:`
			`//.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))`
			`.build();`
no message 2017-12-18 16:55:12 +01:00			`}`

no message 2017-12-19 17:22:30 +01:00			`private GoogleIdToken verifyUserAndGetUser(String idTokenString) throws IOException, GeneralSecurityException {`

			`GoogleIdToken idToken = verifier.verify(idTokenString);`
no message 2017-12-18 16:55:12 +01:00
no message 2017-12-19 17:22:30 +01:00			`return idToken;`
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00			`}`
no message 2017-12-18 16:55:12 +01:00
no message 2017-12-19 17:22:30 +01:00			`@Override`
			`public eu.eudat.models.security.Principal validateToken(String token) throws NonValidTokenException, IOException, GeneralSecurityException {`
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00
no message 2017-12-19 17:22:30 +01:00			`GoogleIdToken idToken = this.verifyUserAndGetUser(token);`
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00			`Payload payload = idToken.getPayload();`

no message 2018-01-05 08:47:52 +01:00			`UserInfoCriteria criteria = new UserInfoCriteria();`
			`criteria.setEmail(payload.getEmail());`
no message 2018-01-08 12:44:48 +01:00			`List<UserInfo> users = userInfoDao.getWithCriteria(criteria).toList();`
			`UserInfo userInfo = null;`
			`if(users.size()>0)userInfo = users.get(0);`
no message 2017-12-19 17:22:30 +01:00			`final Credential credential = new Credential();`
no message 2018-01-08 12:44:48 +01:00			`credential.setId(UUID.randomUUID());`
no message 2017-12-15 17:57:41 +01:00			`credential.setCreationTime(new Date());`
no message 2017-12-18 16:55:12 +01:00			`credential.setStatus(1);`
no message 2017-12-15 17:57:41 +01:00			`credential.setLastUpdateTime(new Date());`
no message 2018-01-09 12:31:01 +01:00			`credential.setProvider((int)TokenValidatorFactoryImpl.LoginProvider.GOOGLE.getValue());`
no message 2017-12-15 17:57:41 +01:00			`credential.setSecret(token);`
no message 2017-12-19 17:22:30 +01:00			`if(userInfo == null) {`
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00			`userInfo = new UserInfo();`
			`userInfo.setName((String)payload.get("name"));`
			`userInfo.setVerified_email(payload.getEmailVerified());`
			`userInfo.setEmail(payload.getEmail());`
			`userInfo.setCreated(new Date());`
			`userInfo.setLastloggedin(new Date());`
			`userInfo.setAuthorization_level(new Short("1"));`
			`userInfo.setUsertype(new Short("1"));`
no message 2018-01-05 08:47:52 +01:00			`userInfo = userInfoDao.createOrUpdate(userInfo);`
no message 2018-01-08 12:44:48 +01:00
			`credential.setPublicValue(userInfo.getName());`

no message 2017-12-19 17:22:30 +01:00			`credential.setUserInfo(userInfo);`
			`credentialDao.createOrUpdate(credential);`
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00			`}`
			`else {`
			`userInfo.setLastloggedin(new Date());`
no message 2017-12-15 17:57:41 +01:00			`Set<Credential> credentials = userInfo.getCredentials();`
no message 2017-12-19 17:22:30 +01:00			`if(credentials.contains(credential)){`
			`Credential oldCredential = credentials.stream().filter(item->credential.getProvider().equals(item.getProvider())).findFirst().get();`
			`credential.setId(oldCredential.getId());`
			`}`
			`else{`
			`credential.setUserInfo(userInfo);`
			`credential.setId(UUID.randomUUID());`
no message 2018-01-08 12:44:48 +01:00			`credential.setPublicValue(userInfo.getName());`

no message 2017-12-19 17:22:30 +01:00			`credentialDao.createOrUpdate(credential);`
			`userInfo.getCredentials().add(credential);`
			`}`
no message 2018-01-05 08:47:52 +01:00			`userInfo = userInfoDao.createOrUpdate(userInfo);`
no message 2017-12-19 17:22:30 +01:00
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00			`}`
no message 2017-12-15 17:57:41 +01:00
			`UserToken userToken = new UserToken();`
			`userToken.setUser(userInfo);`
			`userToken.setIssuedAt(new Date());`
			`userToken.setToken(UUID.randomUUID());`
no message 2017-12-18 16:55:12 +01:00			`userToken.setExpiresAt(addADay(new Date()));`
			`userTokenDao.create(userToken);`
no message 2017-12-15 17:57:41 +01:00			`return authenticationService.Touch(userToken.getToken());`
Finalized security, distinguish between internal and external users, etc 2017-10-20 12:03:55 +02:00
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00			`}`

no message 2017-12-18 16:55:12 +01:00			`private Date addADay(Date date){`
			`Date dt = new Date();`
			`Calendar c = Calendar.getInstance();`
			`c.setTime(dt);`
			`c.add(Calendar.DATE, 1);`
			`dt = c.getTime();`
			`return dt;`
			`}`
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request. 2017-09-27 18:15:39 +02:00


			`}`