package co.cask.cdap.gateway.handlers;

import co.cask.cdap.common.BadRequestException;
import co.cask.cdap.common.kerberos.ImpersonationRequest;
import co.cask.cdap.common.kerberos.PrincipalCredentials;
import co.cask.cdap.common.kerberos.UGIWithPrincipal;
import co.cask.cdap.proto.codec.EntityIdTypeAdapter;
import co.cask.cdap.proto.id.NamespacedEntityId;
import co.cask.cdap.security.TokenSecureStoreRenewer;
import co.cask.cdap.security.impersonation.ImpersonationUtils;
import co.cask.cdap.security.impersonation.UGIProvider;
import co.cask.http.AbstractHttpHandler;
import co.cask.http.HttpResponder;
import com.google.common.base.Charsets;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.inject.Inject;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.util.concurrent.Callable;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import org.apache.hadoop.security.Credentials;
import org.apache.twill.filesystem.Location;
import org.apache.twill.filesystem.LocationFactory;
import org.jboss.netty.handler.codec.http.HttpRequest;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/v1/impersonation")
/* loaded from: input_file:co/cask/cdap/gateway/handlers/ImpersonationHandler.class */
public class ImpersonationHandler extends AbstractHttpHandler {
    private static final Logger LOG = LoggerFactory.getLogger(ImpersonationHandler.class);
    private static final Gson GSON = new GsonBuilder().registerTypeAdapter(NamespacedEntityId.class, new EntityIdTypeAdapter()).create();
    private final UGIProvider ugiProvider;
    private final TokenSecureStoreRenewer tokenSecureStoreRenewer;
    private final LocationFactory locationFactory;

    @Inject
    ImpersonationHandler(UGIProvider uGIProvider, TokenSecureStoreRenewer tokenSecureStoreRenewer, LocationFactory locationFactory) {
        this.ugiProvider = uGIProvider;
        this.tokenSecureStoreRenewer = tokenSecureStoreRenewer;
        this.locationFactory = locationFactory;
    }

    @POST
    @Path("/credentials")
    public void getCredentials(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
        String channelBuffer = httpRequest.getContent().toString(Charsets.UTF_8);
        if (channelBuffer == null) {
            throw new BadRequestException("Request body is empty.");
        }
        ImpersonationRequest impersonationRequest = (ImpersonationRequest) GSON.fromJson(channelBuffer, ImpersonationRequest.class);
        LOG.debug("Fetching credentials for {}", impersonationRequest);
        UGIWithPrincipal configuredUGI = this.ugiProvider.getConfiguredUGI(impersonationRequest);
        Credentials credentials = (Credentials) ImpersonationUtils.doAs(configuredUGI.getUGI(), new Callable<Credentials>() { // from class: co.cask.cdap.gateway.handlers.ImpersonationHandler.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Credentials call() throws Exception {
                return ImpersonationHandler.this.tokenSecureStoreRenewer.createCredentials();
            }
        });
        Location create = this.locationFactory.create("credentials");
        if (!create.isDirectory() && !create.mkdirs() && !create.isDirectory()) {
            throw new IllegalStateException("Unable to create credentials directory.");
        }
        Location tempFile = create.append("tmp").getTempFile(".credentials");
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(tempFile.getOutputStream("600")));
        Throwable th = null;
        try {
            try {
                credentials.writeTokenStorageToStream(dataOutputStream);
                if (dataOutputStream != null) {
                    if (0 != 0) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                LOG.debug("Wrote credentials for user {} to {}", configuredUGI.getPrincipal(), tempFile);
                httpResponder.sendJson(HttpResponseStatus.OK, new PrincipalCredentials(configuredUGI.getPrincipal(), tempFile.toURI().toString()));
            } finally {
            }
        } catch (Throwable th3) {
            if (dataOutputStream != null) {
                if (th != null) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dataOutputStream.close();
                }
            }
            throw th3;
        }
    }
}
