package eu.eudat.security.validators; import java.io.FileReader; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; import java.util.*; import java.util.stream.Collector; import java.util.stream.Collectors; import com.google.api.client.googleapis.auth.oauth2.*; import eu.eudat.dao.entities.security.CredentialDao; import eu.eudat.dao.entities.security.UserTokenDao; import eu.eudat.entities.Credential; import eu.eudat.entities.UserToken; import eu.eudat.models.criteria.UserInfoCriteria; import eu.eudat.models.login.LoginInfo; import eu.eudat.services.AuthenticationService; import org.springframework.beans.factory.annotation.Autowired; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; import com.google.api.client.http.HttpTransport; import com.google.api.client.http.javanet.NetHttpTransport; import com.google.api.client.json.jackson2.JacksonFactory; import eu.eudat.dao.entities.UserInfoDao; import eu.eudat.entities.UserInfo; import eu.eudat.exceptions.NonValidTokenException; import org.springframework.stereotype.Component; import org.springframework.stereotype.Service; import static com.sun.org.apache.xalan.internal.xsltc.compiler.Constants.REDIRECT_URI; @Component public class GoogleTokenValidator implements TokenValidator { private static final JacksonFactory jacksonFactory = new JacksonFactory(); private static final HttpTransport transport = new NetHttpTransport(); @Autowired private UserInfoDao userInfoDao; @Autowired private CredentialDao credentialDao; @Autowired private AuthenticationService authenticationService; @Autowired private UserTokenDao userTokenDao; private GoogleIdTokenVerifier verifier; public GoogleTokenValidator(){ verifier = new GoogleIdTokenVerifier.Builder(transport, JacksonFactory.getDefaultInstance()) .setAudience(Collections.singletonList("524432312250-sc9qsmtmbvlv05r44onl6l93ia3k9deo.apps.googleusercontent.com")) // Or, if multiple clients access the backend: //.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3)) .build(); } private GoogleIdToken verifyUserAndGetUser(String idTokenString) throws IOException, GeneralSecurityException { GoogleIdToken idToken = verifier.verify(idTokenString); return idToken; } @Override public eu.eudat.models.security.Principal validateToken(String token) throws NonValidTokenException, IOException, GeneralSecurityException { GoogleIdToken idToken = this.verifyUserAndGetUser(token); Payload payload = idToken.getPayload(); UserInfoCriteria criteria = new UserInfoCriteria(); criteria.setEmail(payload.getEmail()); UserInfo userInfo = userInfoDao.getWithCriteria(criteria).toList().get(0); final Credential credential = new Credential(); credential.setCreationTime(new Date()); credential.setStatus(1); credential.setLastUpdateTime(new Date()); credential.setProvider(1); credential.setSecret(token); credential.setPublicValue(userInfo.getName()); if(userInfo == null) { credential.setId(UUID.randomUUID()); userInfo = new UserInfo(); userInfo.setName((String)payload.get("name")); userInfo.setVerified_email(payload.getEmailVerified()); userInfo.setEmail(payload.getEmail()); userInfo.setCreated(new Date()); userInfo.setLastloggedin(new Date()); userInfo.setAuthorization_level(new Short("1")); userInfo.setUsertype(new Short("1")); userInfo = userInfoDao.createOrUpdate(userInfo); credential.setUserInfo(userInfo); credentialDao.createOrUpdate(credential); } else { userInfo.setLastloggedin(new Date()); Set credentials = userInfo.getCredentials(); if(credentials.contains(credential)){ Credential oldCredential = credentials.stream().filter(item->credential.getProvider().equals(item.getProvider())).findFirst().get(); credential.setId(oldCredential.getId()); } else{ credential.setUserInfo(userInfo); credential.setId(UUID.randomUUID()); credentialDao.createOrUpdate(credential); userInfo.getCredentials().add(credential); } userInfo = userInfoDao.createOrUpdate(userInfo); } UserToken userToken = new UserToken(); userToken.setUser(userInfo); userToken.setIssuedAt(new Date()); userToken.setToken(UUID.randomUUID()); userToken.setExpiresAt(addADay(new Date())); userTokenDao.create(userToken); return authenticationService.Touch(userToken.getToken()); } private Date addADay(Date date){ Date dt = new Date(); Calendar c = Calendar.getInstance(); c.setTime(dt); c.add(Calendar.DATE, 1); dt = c.getTime(); return dt; } }