package eu.eudat.security.validators; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; import java.util.*; import eu.eudat.dao.entities.security.CredentialDao; import eu.eudat.entities.Credential; import eu.eudat.entities.UserToken; import eu.eudat.services.AuthenticationService; import org.springframework.beans.factory.annotation.Autowired; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; import com.google.api.client.http.HttpTransport; import com.google.api.client.http.javanet.NetHttpTransport; import com.google.api.client.json.jackson2.JacksonFactory; import eu.eudat.dao.entities.UserInfoDao; import eu.eudat.entities.UserInfo; import eu.eudat.exceptions.NonValidTokenException; import org.springframework.stereotype.Component; import org.springframework.stereotype.Service; @Component public class GoogleTokenValidator implements TokenValidator { private static final JacksonFactory jacksonFactory = new JacksonFactory(); private static final HttpTransport transport = new NetHttpTransport(); @Autowired private UserInfoDao userInfoDao; @Autowired private CredentialDao credentialDao; @Autowired private AuthenticationService authenticationService; private static final List clientIDs = Arrays.asList( "1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com", "1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com" ); private GoogleIdTokenVerifier verifier = null; public GoogleTokenValidator() { verifier = new GoogleIdTokenVerifier.Builder(transport, jacksonFactory) .setAudience(clientIDs) // Or, if multiple clients access the backend: //.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3)) .build(); } @Override public eu.eudat.models.security.Principal validateToken(String token) throws NonValidTokenException { GoogleIdToken idToken = null; try { idToken = verifier.verify(token); } catch(GeneralSecurityException ex) { throw new NonValidTokenException("Token is not valid -> "+ex.getMessage()); } catch(IOException ex) { throw new NonValidTokenException("Could not verify token -> "+ex.getMessage()); } catch(IllegalArgumentException ex) { throw new NonValidTokenException("Could not verify token"); } if(idToken == null) { throw new NonValidTokenException("Not a valid token"); } Payload payload = idToken.getPayload(); UserInfo userInfo = userInfoDao.getByMail(payload.getEmail()); Credential credential = new Credential(); credential.setCreationTime(new Date()); credential.setId(UUID.randomUUID()); credential.setLastUpdateTime(new Date()); credential.setProvider(1); credential.setSecret(token); credential.setPublicValue(userInfo.getName()); credential.setUserInfo(userInfo); if(userInfo == null) { //means not existing in db, so create one userInfo = new UserInfo(); userInfo.setName((String)payload.get("name")); userInfo.setVerified_email(payload.getEmailVerified()); userInfo.setEmail(payload.getEmail()); userInfo.setCreated(new Date()); userInfo.setLastloggedin(new Date()); userInfo.setAuthorization_level(new Short("1")); userInfo.setUsertype(new Short("1")); userInfo = userInfoDao.create(userInfo); credential = credentialDao.create(credential); } else { userInfo.setLastloggedin(new Date()); Set credentials = userInfo.getCredentials(); credentials.add(credential); userInfo = userInfoDao.update(userInfo); } UserToken userToken = new UserToken(); userToken.setUser(userInfo); userToken.setIssuedAt(new Date()); userToken.setToken(UUID.randomUUID()); userToken.setExpiresAt(new Date()); return authenticationService.Touch(userToken.getToken()); } }