package org.apache.hadoop.hdfs.server.namenode;

import java.io.DataOutputStream;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;

/* loaded from: input_file:lib/hadoop-hdfs-2.0.3-alpha.jar:org/apache/hadoop/hdfs/server/namenode/GetDelegationTokenServlet.class */
public class GetDelegationTokenServlet extends DfsServlet {
    private static final Log LOG = LogFactory.getLog(GetDelegationTokenServlet.class);
    public static final String PATH_SPEC = "/getDelegationToken";
    public static final String RENEWER = "renewer";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ServletContext servletContext = getServletContext();
        try {
            final UserGroupInformation ugi = getUGI(httpServletRequest, NameNodeHttpServer.getConfFromContext(servletContext));
            LOG.info("Sending token: {" + ugi.getUserName() + StringUtils.COMMA_STR + httpServletRequest.getRemoteAddr() + "}");
            final NameNode nameNodeFromContext = NameNodeHttpServer.getNameNodeFromContext(servletContext);
            String parameter = httpServletRequest.getParameter("renewer");
            final String name = parameter == null ? httpServletRequest.getUserPrincipal().getName() : parameter;
            final DataOutputStream dataOutputStream = null;
            try {
                try {
                    dataOutputStream = new DataOutputStream(httpServletResponse.getOutputStream());
                    ugi.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.GetDelegationTokenServlet.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public Void run() throws IOException {
                            DelegationTokenSecretManager.createCredentials(nameNodeFromContext, ugi, name).write(dataOutputStream);
                            return null;
                        }
                    });
                    if (dataOutputStream != null) {
                        dataOutputStream.close();
                    }
                } catch (Exception e) {
                    LOG.info("Exception while sending token. Re-throwing ", e);
                    httpServletResponse.sendError(500);
                    if (dataOutputStream != null) {
                        dataOutputStream.close();
                    }
                }
            } catch (Throwable th) {
                if (dataOutputStream != null) {
                    dataOutputStream.close();
                }
                throw th;
            }
        } catch (IOException e2) {
            LOG.info("Request for token received with no authentication from " + httpServletRequest.getRemoteAddr(), e2);
            httpServletResponse.sendError(403, "Unable to identify or authenticate user");
        }
    }
}
