package at.gv.egovernment.moa.id.auth.modules.internal.tasks;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
 
public class UserRestrictionTask extends AbstractAuthServletTask {
		
	public static final String CONFIG_PROPS_SP_LIST = "configuration.restrictions.sp.entityIds";
	public static final String CONFIG_PROPS_CSV_USER_FILE = "configuration.restrictions.sp.users.url";
	public static final String CONFIG_PROPS_CSV_USER_SECTOR = "configuration.restrictions.sp.users.sector";
	
	@Autowired(required=true) UserWhitelistStore whitelist;
	
	@Override
	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
			throws TaskExecutionException {
		try {			
			String spEntityId = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();			
			List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST));						
			if (restrictedSPs.contains(spEntityId)) {
				Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");				
				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
				
				//check if user idl is already loaded
				if (moasession.getIdentityLink() == null) {
					Logger.warn("PendingRequest contains NO IdentityLink. User restrictation NOT possible!");
					throw new MOAIDException("process.03", null);
					
				}
				
				//calculate whitelist bPK for current user
				String bpkTarget = authConfig.getBasicConfiguration(CONFIG_PROPS_CSV_USER_SECTOR);
				if (MiscUtil.isEmpty(bpkTarget)) {
					Logger.info("NO bPK sector for user whitelist in configuration");
					throw new MOAIDException("config.05", new Object[] {CONFIG_PROPS_CSV_USER_SECTOR});
					
				}
				
				Pair<String, String> pseudonym = new BPKBuilder().generateAreaSpecificPersonIdentifier(
						moasession.getIdentityLink().getIdentificationValue(), 
						moasession.getIdentityLink().getIdentificationType(), 
						bpkTarget);
				
				
				//check if user's bPK is whitelisted 
				if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) {
					Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
					Logger.trace("User's bPK: " + pseudonym.getFirst());
					throw new MOAIDException("auth.35", null);
					
				}
				
				Logger.debug("User was found in whitelist. Continue authentication process ... ");
				
			} else
				Logger.trace("SP: " + spEntityId + " has no user restrication.");
			
			
		} catch (MOAIDException e) {
			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
			
		} catch (Exception e) {
			Logger.warn("RestartAuthProzessManagement has an internal error", e);
			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
			
		}		

	}

}