package org.wso2.carbon.identity.entitlement.pep.agent.thrift;

import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.thrift.TException;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient;
import org.wso2.carbon.identity.entitlement.pep.agent.Attribute;
import org.wso2.carbon.identity.entitlement.pep.agent.ProxyConstants;
import org.wso2.carbon.identity.entitlement.pep.agent.XACMLRequetBuilder;
import org.wso2.carbon.identity.entitlement.pep.agent.exception.EntitlementAgentException;
import org.wso2.carbon.identity.entitlement.pep.agent.generatedCode.EntitlementException;
import org.wso2.carbon.identity.entitlement.pep.agent.generatedCode.EntitlementThriftClient;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/pep/agent/thrift/ThriftEntitlementServiceClient.class */
public class ThriftEntitlementServiceClient extends AbstractEntitlementServiceClient {
    private String serverUrl;
    private String userName;
    private String password;
    private String thriftHost;
    private int thriftPort;
    private boolean reuseSession;
    private String trustStore = System.getProperty(ProxyConstants.TRUST_STORE);
    private String trustStorePass = System.getProperty(ProxyConstants.TRUST_STORE_PASSWORD);
    private Map<String, Authenticator> authenticators = new ConcurrentHashMap();

    public ThriftEntitlementServiceClient(String str, String str2, String str3, String str4, int i, boolean z) {
        this.reuseSession = true;
        this.serverUrl = str;
        this.userName = str2;
        this.password = str3;
        this.thriftHost = str4;
        this.thriftPort = i;
        this.reuseSession = z;
    }

    @Override // org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient
    public String getDecision(Attribute[] attributeArr, String str) throws Exception {
        return getDecision(XACMLRequetBuilder.buildXACML3Request(attributeArr), getThriftClient(str), getAuthenticator(this.serverUrl, this.userName, this.password).getSessionId(false));
    }

    @Override // org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient
    public boolean subjectCanActOnResource(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        return getDecision(XACMLRequetBuilder.buildXACML3Request(new Attribute[]{new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", str, ProxyConstants.DEFAULT_DATA_TYPE, str2), new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, str3), new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, str4), new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, str5)}), getThriftClient(str6), getAuthenticator(this.serverUrl, this.userName, this.password).getSessionId(false)).contains("Permit");
    }

    @Override // org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient
    public boolean subjectCanActOnResource(String str, String str2, String str3, String str4, Attribute[] attributeArr, String str5, String str6) throws Exception {
        Attribute[] attributeArr2 = new Attribute[attributeArr.length + 4];
        attributeArr2[0] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", str, ProxyConstants.DEFAULT_DATA_TYPE, str2);
        for (int i = 0; i < attributeArr.length; i++) {
            attributeArr2[i + 1] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", attributeArr[i].getType(), attributeArr[i].getId(), attributeArr[i].getValue());
        }
        attributeArr2[attributeArr2.length - 3] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, str3);
        attributeArr2[attributeArr2.length - 2] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, str4);
        attributeArr2[attributeArr2.length - 1] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, str5);
        return getDecision(XACMLRequetBuilder.buildXACML3Request(attributeArr2), getThriftClient(str6), getAuthenticator(this.serverUrl, this.userName, this.password).getSessionId(false)).contains("Permit");
    }

    @Override // org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient
    public List<String> getResourcesForAlias(String str, String str2) {
        return null;
    }

    @Override // org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient
    public List<String> getActionableResourcesForAlias(String str, String str2) {
        return null;
    }

    @Override // org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient
    public List<String> getActionsForResource(String str, String str2, String str3) {
        return null;
    }

    @Override // org.wso2.carbon.identity.entitlement.pep.agent.AbstractEntitlementServiceClient
    public List<String> getActionableChildResourcesForAlias(String str, String str2, String str3, String str4) throws Exception {
        return null;
    }

    private String getDecision(String str, EntitlementThriftClient.Client client, String str2) throws EntitlementAgentException {
        try {
            return client.getDecision(str, str2);
        } catch (TException e) {
            throw new EntitlementAgentException("Error while getting decision from PDP using ThriftEntitlementServiceClient", e);
        } catch (EntitlementException e2) {
            throw new EntitlementAgentException("Error while getting decision from PDP using ThriftEntitlementServiceClient", e2);
        }
    }

    private Authenticator getAuthenticator(String str, String str2, String str3) throws Exception {
        if (this.reuseSession && this.authenticators.containsKey(str)) {
            return this.authenticators.get(str);
        }
        Authenticator authenticator = new Authenticator(str2, str3, str + "thriftAuthenticator");
        this.authenticators.put(str, authenticator);
        return authenticator;
    }

    private EntitlementThriftClient.Client getThriftClient(String str) throws Exception {
        TSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new TSSLTransportFactory.TSSLTransportParameters();
        tSSLTransportParameters.setTrustStore(this.trustStore, this.trustStorePass);
        return new EntitlementThriftClient.Client(new TBinaryProtocol(TSSLTransportFactory.getClientSocket(this.thriftHost, this.thriftPort, ProxyConstants.THRIFT_TIME_OUT, tSSLTransportParameters)));
    }
}
