argos/dmp-backend/src/main/java/eu/eudat/security/validators/GoogleTokenValidator.java

package eu.eudat.security.validators;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.*;

import eu.eudat.dao.entities.security.CredentialDao;
import eu.eudat.entities.Credential;
import eu.eudat.entities.UserToken;
import eu.eudat.services.AuthenticationService;
import org.springframework.beans.factory.annotation.Autowired;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;

import eu.eudat.dao.entities.UserInfoDao;
import eu.eudat.entities.UserInfo;
import eu.eudat.exceptions.NonValidTokenException;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;

@Component
public class GoogleTokenValidator implements TokenValidator {

	private static final JacksonFactory jacksonFactory = new JacksonFactory();
	private static final HttpTransport transport = new NetHttpTransport();

	@Autowired private UserInfoDao userInfoDao;
	@Autowired private CredentialDao credentialDao;
	@Autowired private AuthenticationService authenticationService;
	private static final List<String> clientIDs = Arrays.asList(
			"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com",
			"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com"
			);
	
	private GoogleIdTokenVerifier verifier = null;
	
	
	public GoogleTokenValidator() {
		verifier = new GoogleIdTokenVerifier.Builder(transport, jacksonFactory)
			    .setAudience(clientIDs)
			    // Or, if multiple clients access the backend:
			    //.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))
			    .build();
	}
	
	
	@Override
	public eu.eudat.models.security.Principal validateToken(String token) throws NonValidTokenException {
		
		GoogleIdToken idToken = null;
		try {
			idToken = verifier.verify(token);
		}
		catch(GeneralSecurityException ex) {
			throw new NonValidTokenException("Token is not valid -> "+ex.getMessage());
		}
		catch(IOException ex) {
			throw new NonValidTokenException("Could not verify token -> "+ex.getMessage());
		}
		catch(IllegalArgumentException ex) {
			throw new NonValidTokenException("Could not verify token");
		}
		
		if(idToken == null) {
			throw new NonValidTokenException("Not a valid token");
		}

		Payload payload = idToken.getPayload();

		UserInfo userInfo = userInfoDao.getByMail(payload.getEmail());

		Credential credential = new Credential();
		credential.setCreationTime(new Date());
		credential.setId(UUID.randomUUID());
		credential.setLastUpdateTime(new Date());
		credential.setProvider(1);
		credential.setSecret(token);
		credential.setPublicValue(userInfo.getName());
		credential.setUserInfo(userInfo);

		if(userInfo == null) { //means not existing in db, so create one
			userInfo = new UserInfo();
			userInfo.setName((String)payload.get("name"));
			userInfo.setVerified_email(payload.getEmailVerified());
			userInfo.setEmail(payload.getEmail());
			userInfo.setCreated(new Date());
			userInfo.setLastloggedin(new Date());
			userInfo.setAuthorization_level(new Short("1"));
			userInfo.setUsertype(new Short("1"));
			userInfo = userInfoDao.create(userInfo);
			credential = credentialDao.create(credential);
		}
		else {
			userInfo.setLastloggedin(new Date());
			Set<Credential> credentials = userInfo.getCredentials();
			credentials.add(credential);
			userInfo = userInfoDao.update(userInfo);
		}

		UserToken userToken = new UserToken();
		userToken.setUser(userInfo);
		userToken.setIssuedAt(new Date());
		userToken.setToken(UUID.randomUUID());
		userToken.setExpiresAt(new Date());
		
		return authenticationService.Touch(userToken.getToken());
	  
	}
	
	
	
	
	
}