package eu.eudat.security.validators.google;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import eu.eudat.exceptions.security.NonValidTokenException;
import eu.eudat.models.login.LoginInfo;
import eu.eudat.models.loginprovider.LoginProviderUser;
import eu.eudat.security.validators.TokenValidator;
import eu.eudat.security.validators.TokenValidatorFactoryImpl;
import eu.eudat.services.ApiContext;
import eu.eudat.services.AuthenticationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collections;

@Component("googleTokenValidator")
public class GoogleTokenValidator implements TokenValidator {

    private static final HttpTransport transport = new NetHttpTransport();
    private ApiContext apiContext;
    private AuthenticationService authenticationService;
    private GoogleIdTokenVerifier verifier;
    private Environment environment;

    @Autowired
    public GoogleTokenValidator(ApiContext apiContext, Environment environment, AuthenticationService authenticationService) {
        this.apiContext = apiContext;
        this.environment = environment;
        this.authenticationService = authenticationService;
        verifier = new GoogleIdTokenVerifier.Builder(transport, JacksonFactory.getDefaultInstance())
                .setAudience(Collections.singletonList(this.environment.getProperty("google.login.clientId")))
                .build();
    }

    private GoogleIdToken verifyUserAndGetUser(String idTokenString) throws IOException, GeneralSecurityException {
        GoogleIdToken idToken = verifier.verify(idTokenString);
        return idToken;
    }

    @Override
    public eu.eudat.models.security.Principal validateToken(LoginInfo credentials) throws NonValidTokenException, IOException, GeneralSecurityException {
        GoogleIdToken idToken = this.verifyUserAndGetUser(credentials.getTicket());
        Payload payload = idToken.getPayload();
        LoginProviderUser user = new LoginProviderUser();
        user.setSecret(credentials.getTicket());
        user.setId( payload.getSubject());
        user.setProvider(TokenValidatorFactoryImpl.LoginProvider.GOOGLE);
        user.setName((String) payload.get("name"));
        user.setEmail(payload.getEmail());
        user.setIsVerified(payload.getEmailVerified());
        return this.authenticationService.Touch(user);
    }

}