package at.gv.egovernment.moa.id.auth.modules.internal.tasks;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.class */
public class UserRestrictionTask extends AbstractAuthServletTask {
    public static final String CONFIG_PROPS_SP_LIST = "configuration.restrictions.sp.entityIds";
    public static final String CONFIG_PROPS_CSV_USER_FILE = "configuration.restrictions.sp.users.url";
    public static final String CONFIG_PROPS_CSV_USER_SECTOR = "configuration.restrictions.sp.users.sector";

    @Autowired(required = true)
    UserWhitelistStore whitelist;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        try {
            String uniqueIdentifier = this.pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
            if (KeyValueUtils.getListOfCSVValues(this.authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST)).contains(uniqueIdentifier)) {
                Logger.debug("SP:" + uniqueIdentifier + " has a user restrication. Check users bPK ... ");
                AuthenticationSessionWrapper authenticationSessionWrapper = (AuthenticationSessionWrapper) this.pendingReq.getSessionData(AuthenticationSessionWrapper.class);
                if (authenticationSessionWrapper.getIdentityLink() == null) {
                    Logger.warn("PendingRequest contains NO IdentityLink. User restrictation NOT possible!");
                    throw new MOAIDException("process.03", (Object[]) null);
                }
                String basicConfiguration = this.authConfig.getBasicConfiguration(CONFIG_PROPS_CSV_USER_SECTOR);
                if (MiscUtil.isEmpty(basicConfiguration)) {
                    Logger.info("NO bPK sector for user whitelist in configuration");
                    throw new MOAIDException("config.05", new Object[]{CONFIG_PROPS_CSV_USER_SECTOR});
                }
                new BPKBuilder();
                Pair generateAreaSpecificPersonIdentifier = BPKBuilder.generateAreaSpecificPersonIdentifier(authenticationSessionWrapper.getIdentityLink().getIdentificationValue(), authenticationSessionWrapper.getIdentityLink().getIdentificationType(), basicConfiguration);
                if (!this.whitelist.isUserbPKInWhitelistDynamic((String) generateAreaSpecificPersonIdentifier.getFirst())) {
                    Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
                    Logger.trace("User's bPK: " + ((String) generateAreaSpecificPersonIdentifier.getFirst()));
                    throw new MOAIDException("auth.35", (Object[]) null);
                }
                Logger.debug("User was found in whitelist. Continue authentication process ... ");
            } else {
                Logger.trace("SP: " + uniqueIdentifier + " has no user restrication.");
            }
        } catch (MOAIDException e) {
            throw new TaskExecutionException(this.pendingReq, e.getMessage(), e);
        } catch (Exception e2) {
            Logger.warn("RestartAuthProzessManagement has an internal error", e2);
            throw new TaskExecutionException(this.pendingReq, e2.getMessage(), e2);
        }
    }
}
