package org.apache.hadoop.hdfs.server.namenode;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.io.MD5Hash;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/hadoop-core-0.20.2-cdh3u4.jar:org/apache/hadoop/hdfs/server/namenode/GetImageServlet.class */
public class GetImageServlet extends HttpServlet {
    private static final long serialVersionUID = -7669068179452648952L;
    private static final Log LOG = LogFactory.getLog(GetImageServlet.class);
    private Object fsImageTransferLock = new Object();

    public void doGet(HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Map parameterMap = httpServletRequest.getParameterMap();
        try {
            try {
                final FSImage fSImage = (FSImage) getServletContext().getAttribute("name.system.image");
                final TransferFsImage transferFsImage = new TransferFsImage(parameterMap, httpServletRequest, httpServletResponse);
                final Configuration configuration = (Configuration) getServletContext().getAttribute(JspHelper.CURRENT_CONF);
                if (!UserGroupInformation.isSecurityEnabled() || isValidRequestor(httpServletRequest.getRemoteUser(), configuration)) {
                    UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.GetImageServlet.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public Void run() throws Exception {
                            if (transferFsImage.getImage()) {
                                httpServletResponse.setHeader("Content-Length", String.valueOf(fSImage.getFsImageName().length()));
                                TransferFsImage.getFileServer(httpServletResponse.getOutputStream(), fSImage.getFsImageName());
                                return null;
                            }
                            if (transferFsImage.getEdit()) {
                                httpServletResponse.setHeader("Content-Length", String.valueOf(fSImage.getFsEditName().length()));
                                TransferFsImage.getFileServer(httpServletResponse.getOutputStream(), fSImage.getFsEditName());
                                return null;
                            }
                            if (!transferFsImage.putImage()) {
                                return null;
                            }
                            synchronized (GetImageServlet.this.fsImageTransferLock) {
                                final MD5Hash newChecksum = transferFsImage.getNewChecksum();
                                fSImage.validateCheckpointUpload(transferFsImage.getToken());
                                reloginIfNecessary().doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.GetImageServlet.1.1
                                    /* JADX WARN: Can't rename method to resolve collision */
                                    @Override // java.security.PrivilegedExceptionAction
                                    public Void run() throws Exception {
                                        MD5Hash fileClient = TransferFsImage.getFileClient(transferFsImage.getInfoServer(), "getimage=1", fSImage.getFsImageNameCheckpoint(), true);
                                        GetImageServlet.LOG.info("Downloaded new fsimage with checksum: " + fileClient);
                                        if (fileClient.equals(newChecksum)) {
                                            return null;
                                        }
                                        throw new IOException("Actual checksum of transferred fsimage: " + fileClient + " does not match expected checksum: " + newChecksum);
                                    }
                                });
                                fSImage.checkpointUploadDone();
                            }
                            return null;
                        }

                        private UserGroupInformation reloginIfNecessary() throws IOException {
                            return UserGroupInformation.loginUserFromKeytabAndReturnUGI(SecurityUtil.getServerPrincipal(configuration.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY), NameNode.getAddress(configuration).getHostName()), configuration.get(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY));
                        }
                    });
                    httpServletResponse.getOutputStream().close();
                } else {
                    httpServletResponse.sendError(403, "Only Namenode and Secondary Namenode may access this servlet");
                    LOG.warn("Received non-NN/SNN request for image or edits from " + httpServletRequest.getRemoteHost());
                    httpServletResponse.getOutputStream().close();
                }
            } catch (Exception e) {
                String str = "GetImage failed. " + StringUtils.stringifyException(e);
                httpServletResponse.sendError(410, str);
                throw new IOException(str);
            }
        } catch (Throwable th) {
            httpServletResponse.getOutputStream().close();
            throw th;
        }
    }

    private boolean isValidRequestor(String str, Configuration configuration) throws IOException {
        if (str == null) {
            LOG.warn("Received null remoteUser while authorizing access to getImage servlet");
            return false;
        }
        for (String str2 : new String[]{SecurityUtil.getServerPrincipal(configuration.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY), NameNode.getAddress(configuration).getHostName()), SecurityUtil.getServerPrincipal(configuration.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY), NameNode.getAddress(configuration).getHostName()), SecurityUtil.getServerPrincipal(configuration.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KRB_HTTPS_USER_NAME_KEY), SecondaryNameNode.getHttpAddress(configuration).getHostName()), SecurityUtil.getServerPrincipal(configuration.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY), SecondaryNameNode.getHttpAddress(configuration).getHostName())}) {
            if (str2 != null && str2.equals(str)) {
                if (!LOG.isDebugEnabled()) {
                    return true;
                }
                LOG.debug("isValidRequestor is allowing: " + str);
                return true;
            }
        }
        if (!LOG.isDebugEnabled()) {
            return false;
        }
        LOG.debug("isValidRequestor is rejecting: " + str);
        return false;
    }
}
