package org.wso2.carbon.identity.entitlement.mediator.client;

import java.util.Properties;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.wso2.carbon.identity.entitlement.mediator.EntitlementConstants;
import org.wso2.carbon.identity.entitlement.mediator.EntitlementMediatorUtils;
import org.wso2.carbon.identity.entitlement.mediator.generatedCode.AuthenticatorService;
import org.wso2.carbon.identity.entitlement.mediator.generatedCode.EntitlementThriftClient;

/* loaded from: input_file:lib/org.wso2.carbon.identity.entitlement.mediator_4.0.1.jar:org/wso2/carbon/identity/entitlement/mediator/client/ThriftServiceClient.class */
public class ThriftServiceClient extends EntitlementServiceClient {
    private String sessionId;
    private String userName;
    private String password;
    private String backEndServerURL;
    private String thriftHost;
    private int thriftPort;
    private String trustStore;
    private String trustStorePass;
    private static final Log log = LogFactory.getLog(ThriftServiceClient.class);

    @Override // org.wso2.carbon.identity.entitlement.mediator.client.EntitlementServiceClient
    public void init(Properties properties) {
        this.password = properties.getProperty(EntitlementConstants.PASSWORD);
        this.userName = properties.getProperty(EntitlementConstants.USER);
        this.thriftHost = properties.getProperty(EntitlementConstants.THRIFT_HOST);
        String property = properties.getProperty(EntitlementConstants.THRIFT_PORT);
        if (property != null) {
            this.thriftPort = Integer.parseInt(property.trim());
        } else {
            this.thriftPort = 10500;
        }
        this.backEndServerURL = properties.getProperty(EntitlementConstants.SERVICE_EPR);
        if (this.backEndServerURL != null) {
            this.backEndServerURL = this.backEndServerURL.trim();
            if (!this.backEndServerURL.endsWith("/")) {
                this.backEndServerURL += "/";
            }
        }
        this.trustStore = System.getProperty("javax.net.ssl.trustStore");
        this.trustStorePass = System.getProperty("javax.net.ssl.trustStorePassword");
    }

    public boolean authenticate() throws Exception {
        try {
            THttpClient tHttpClient = new THttpClient(this.backEndServerURL + "thriftAuthenticator");
            AuthenticatorService.Client client = new AuthenticatorService.Client(new TCompactProtocol(tHttpClient));
            tHttpClient.open();
            this.sessionId = client.authenticate(this.userName, this.password);
            tHttpClient.close();
            return true;
        } catch (Exception e) {
            log.error("Error while authenticating with Identity Server using thrift authenticator", e);
            return false;
        }
    }

    @Override // org.wso2.carbon.identity.entitlement.mediator.client.EntitlementServiceClient
    public OMElement[] getDecision(String str, String str2, String str3, String[] strArr) throws Exception {
        if (!authenticate()) {
            log.error("User can not be authenticated to evaluate the entitlement query");
            throw new Exception("User can not be authenticated to evaluate the entitlement query");
        }
        TSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new TSSLTransportFactory.TSSLTransportParameters();
        try {
            tSSLTransportParameters.setTrustStore(this.trustStore, this.trustStorePass);
            return getStatus(new EntitlementThriftClient.Client(new TBinaryProtocol(TSSLTransportFactory.getClientSocket(this.thriftHost, this.thriftPort, 30000, tSSLTransportParameters))).getDecision(EntitlementMediatorUtils.createXACML2Request(str, str2, str3), this.sessionId));
        } catch (Exception e) {
            log.error("Error occurred while policy evaluation", e);
            throw e;
        }
    }
}
