package com.atlassian.stash.internal.server;

import com.atlassian.bitbucket.Product;
import com.atlassian.bitbucket.cluster.ClusterNode;
import com.atlassian.bitbucket.cluster.ClusterService;
import com.atlassian.bitbucket.concurrent.LockService;
import com.atlassian.bitbucket.dmz.server.AttachDataStoreRequest;
import com.atlassian.bitbucket.dmz.server.DataStoreConfig;
import com.atlassian.bitbucket.dmz.server.DataStoreType;
import com.atlassian.bitbucket.dmz.server.DmzDataStoreService;
import com.atlassian.bitbucket.dmz.server.InvalidDataStoreException;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.i18n.KeyedMessage;
import com.atlassian.bitbucket.license.LicenseService;
import com.atlassian.bitbucket.util.MoreFiles;
import com.atlassian.bitbucket.util.SimpleCancelState;
import com.atlassian.bitbucket.util.Version;
import com.atlassian.bitbucket.util.concurrent.LockGuard;
import com.atlassian.bitbucket.validation.ArgumentValidationException;
import com.atlassian.extras.api.bitbucket.BitbucketServerLicense;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.security.random.SecureTokenGenerator;
import com.atlassian.stash.internal.HomeLayout;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.cluster.HazelcastClusterNode;
import com.atlassian.stash.internal.repository.InternalRepository_;
import com.atlassian.stash.internal.server.InternalDataStore;
import com.atlassian.stash.internal.server.SimpleDataStoreConfig;
import com.hazelcast.core.IExecutorService;
import com.hazelcast.core.Member;
import com.hazelcast.core.MemberSelector;
import com.hazelcast.core.MultiExecutionCallback;
import com.hazelcast.spring.context.SpringAware;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.nio.file.AccessDeniedException;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.BasicFileAttributes;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@AvailableToPlugins(DmzDataStoreService.class)
@Service("dataStoreService")
/* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/server/DefaultDataStoreService.class */
public class DefaultDataStoreService implements InternalDataStoreService {
    static final String UUID_SHARED_HOME = "shared";
    static final String UUID_VALIDATED = "validated";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultDataStoreService.class);
    private final ClusterService clusterService;
    private final IExecutorService executorService;
    private final HomeLayout homeLayout;
    private final I18nService i18nService;
    private final LicenseService licenseService;
    private final DataStoreListenerRegistry listenerRegistry;
    private final LockService lockService;
    private final DataStoreDao storeDao;
    private final SecureTokenGenerator tokenGenerator;

    @Value("${storage.datastore.validation.timeout:60}")
    private long validationTimeout = 60;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/server/DefaultDataStoreService$SerializableI18nKey.class */
    public static class SerializableI18nKey implements Serializable {
        private final Serializable[] arguments;
        private final String key;

        private SerializableI18nKey(@Nonnull String str, @Nonnull Serializable... serializableArr) {
            this.arguments = serializableArr;
            this.key = str;
        }

        public SerializableI18nKey() {
            this.arguments = null;
            this.key = null;
        }

        @Nonnull
        public Object[] getArguments() {
            return this.arguments;
        }

        @Nonnull
        public String getKey() {
            return this.key;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @SpringAware
    /* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/server/DefaultDataStoreService$ValidateDataStore.class */
    public static final class ValidateDataStore implements Callable<SerializableI18nKey>, Serializable {
        private final String path;
        private final String uuid;
        private volatile transient HomeLayout homeLayout;

        ValidateDataStore(String str, String str2) {
            this.path = str;
            this.uuid = str2;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public SerializableI18nKey call() {
            Path path = Paths.get(this.path, new String[0]);
            try {
                try {
                    BasicFileAttributes readAttributes = Files.readAttributes(path, (Class<BasicFileAttributes>) BasicFileAttributes.class, LinkOption.NOFOLLOW_LINKS);
                    if (readAttributes.isRegularFile()) {
                        return new SerializableI18nKey("bitbucket.storage.datastore.invalidtype.file", new Serializable[]{this.path});
                    }
                    if (readAttributes.isSymbolicLink()) {
                        return new SerializableI18nKey("bitbucket.storage.datastore.invalidtype.symlink", new Serializable[]{this.path});
                    }
                    if (!readAttributes.isDirectory()) {
                        return new SerializableI18nKey("bitbucket.storage.datastore.invalidtype.unknown", new Serializable[]{this.path});
                    }
                    Path realPath = path.toRealPath(new LinkOption[0]);
                    if (!this.path.equals(realPath.toString())) {
                        return new SerializableI18nKey("bitbucket.storage.datastore.userealpath", new Serializable[]{this.path, realPath.toString()});
                    }
                    Path sharedHomeDir = this.homeLayout.getSharedHomeDir();
                    if (DefaultDataStoreService.isNested(path, sharedHomeDir)) {
                        return new SerializableI18nKey("bitbucket.storage.datastore.nested.sharedhome", new Serializable[]{this.path, Product.NAME, sharedHomeDir.toString()});
                    }
                    Properties properties = new Properties();
                    BufferedReader newBufferedReader = Files.newBufferedReader(path.resolve("store.properties"), StandardCharsets.UTF_8);
                    Throwable th = null;
                    try {
                        try {
                            properties.load(newBufferedReader);
                            if (newBufferedReader != null) {
                                if (0 != 0) {
                                    try {
                                        newBufferedReader.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    newBufferedReader.close();
                                }
                            }
                            String property = properties.getProperty("store.uuid");
                            if (!this.uuid.equals(property)) {
                                return new SerializableI18nKey("bitbucket.storage.datastore.uuidmismatch", new Serializable[]{property, this.uuid});
                            }
                            String property2 = properties.getProperty("store.version");
                            if (property2 == null) {
                                return new SerializableI18nKey("bitbucket.storage.datastore.versioninvalid", new Serializable[]{"store.properties"});
                            }
                            if (DataStoreLayout.VERSION.getMajor() < new Version(property2).getMajor()) {
                                return new SerializableI18nKey("bitbucket.storage.datastore.versionunsupported", new Serializable[]{property2, Integer.valueOf(DataStoreLayout.VERSION.getMajor())});
                            }
                            return null;
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (newBufferedReader != null) {
                            if (th != null) {
                                try {
                                    newBufferedReader.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                newBufferedReader.close();
                            }
                        }
                        throw th3;
                    }
                } catch (IOException e) {
                    DefaultDataStoreService.log.error("{}", path, e);
                    return new SerializableI18nKey("bitbucket.storage.datastore.validationfailed", new Serializable[]{Product.NAME, this.path});
                }
            } catch (FileNotFoundException | NoSuchFileException e2) {
                return new SerializableI18nKey("bitbucket.storage.datastore.propertiesnotexist", new Serializable[]{"store.properties"});
            }
        }

        @Autowired
        public void setHomeLayout(HomeLayout homeLayout) {
            this.homeLayout = homeLayout;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/server/DefaultDataStoreService$ValidateDataStoreCallback.class */
    public static class ValidateDataStoreCallback implements MultiExecutionCallback, MemberSelector {
        private final I18nService i18nService;
        private final Path path;
        private final Map<ClusterNode, KeyedMessage> errors = new ConcurrentHashMap();
        private final CountDownLatch latch = new CountDownLatch(1);
        private final Set<Member> pending = new HashSet();

        ValidateDataStoreCallback(I18nService i18nService, Path path) {
            this.i18nService = i18nService;
            this.path = path;
        }

        @Override // com.hazelcast.core.MultiExecutionCallback
        public void onResponse(@Nonnull Member member, Object obj) {
            SerializableI18nKey serializableI18nKey;
            this.pending.remove(member);
            if (obj != null) {
                if (obj instanceof Throwable) {
                    serializableI18nKey = new SerializableI18nKey("bitbucket.storage.datastore.validationfailed", new Serializable[]{Product.NAME, this.path.toString()});
                    DefaultDataStoreService.log.error("{} failed to validate {}", memberToString(member), this.path, obj);
                } else {
                    serializableI18nKey = (SerializableI18nKey) obj;
                    DefaultDataStoreService.log.error("{} failed to validate {}: {}", memberToString(member), this.path, this.i18nService.getMessage(Locale.US, serializableI18nKey.getKey(), serializableI18nKey.getArguments()));
                }
                this.errors.put(HazelcastClusterNode.transform(member), this.i18nService.createKeyedMessage(serializableI18nKey.getKey(), serializableI18nKey.getArguments()));
            }
        }

        @Override // com.hazelcast.core.MultiExecutionCallback
        public void onComplete(Map<Member, Object> map) {
            this.latch.countDown();
        }

        @Override // com.hazelcast.core.MemberSelector
        public boolean select(Member member) {
            if (member.localMember()) {
                return false;
            }
            this.pending.add(member);
            return true;
        }

        Map<ClusterNode, KeyedMessage> await(long j, TimeUnit timeUnit) throws InterruptedException, TimeoutException {
            if (this.latch.await(j, timeUnit)) {
                return this.errors;
            }
            HashSet hashSet = new HashSet(this.pending);
            if (hashSet.isEmpty()) {
                return this.errors;
            }
            DefaultDataStoreService.log.error("Validation timed out for the following member(s):\n{}", hashSet.stream().map(ValidateDataStoreCallback::memberToString).collect(Collectors.joining("\n", "\t", "")));
            throw new TimeoutException();
        }

        private static String memberToString(Member member) {
            HazelcastClusterNode hazelcastClusterNode = new HazelcastClusterNode(member);
            String name = hazelcastClusterNode.getName();
            String str = hazelcastClusterNode.getId() + "@" + hazelcastClusterNode.getAddress();
            return StringUtils.isEmpty(name) ? str : name + " (" + str + ")";
        }
    }

    @Autowired
    public DefaultDataStoreService(ClusterService clusterService, IExecutorService iExecutorService, HomeLayout homeLayout, I18nService i18nService, LicenseService licenseService, DataStoreListenerRegistry dataStoreListenerRegistry, LockService lockService, DataStoreDao dataStoreDao, SecureTokenGenerator secureTokenGenerator) {
        this.clusterService = clusterService;
        this.executorService = iExecutorService;
        this.homeLayout = homeLayout;
        this.i18nService = i18nService;
        this.licenseService = licenseService;
        this.listenerRegistry = dataStoreListenerRegistry;
        this.lockService = lockService;
        this.storeDao = dataStoreDao;
        this.tokenGenerator = secureTokenGenerator;
    }

    @Override // com.atlassian.stash.internal.server.InternalDataStoreService
    @Nonnull
    @Transactional(propagation = Propagation.MANDATORY)
    @Unsecured("This internal API is only called as part of creating a repository, after appropriate permission checks")
    public Optional<InternalDataStore> assignForHierarchy(@Nonnull String str) {
        if (((String) Objects.requireNonNull(str, InternalRepository_.HIERARCHY_ID)).trim().length() < 4) {
            throw new IllegalArgumentException("The provided hierarchy ID, [" + str + "], is too short.");
        }
        InternalDataStore chooseStoreByUsableSpace = chooseStoreByUsableSpace();
        if (chooseStoreByUsableSpace == null) {
            return Optional.empty();
        }
        Path hierarchyDir = DataStoreLayout.getHierarchyDir(chooseStoreByUsableSpace, str);
        Path parent = hierarchyDir.getParent();
        if (!Files.isDirectory(parent, new LinkOption[0])) {
            LockGuard lock = LockGuard.lock(this.lockService.getLock("bitbucket:dataStore:createHierarchy:" + parent.getFileName()));
            Throwable th = null;
            try {
                try {
                    MoreFiles.mkdir(parent);
                    if (lock != null) {
                        if (0 != 0) {
                            try {
                                lock.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            lock.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (lock != null) {
                    if (th != null) {
                        try {
                            lock.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        lock.close();
                    }
                }
                throw th3;
            }
        }
        MoreFiles.mkdir(hierarchyDir);
        return Optional.of(chooseStoreByUsableSpace);
    }

    @Override // com.atlassian.bitbucket.dmz.server.DmzDataStoreService
    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public InternalDataStore attach(@Nonnull AttachDataStoreRequest attachDataStoreRequest) {
        Objects.requireNonNull(attachDataStoreRequest, "request");
        BitbucketServerLicense bitbucketServerLicense = this.licenseService.get();
        if (bitbucketServerLicense == null || !bitbucketServerLicense.isClusteringEnabled()) {
            log.warn("{} could not be attached; {}", attachDataStoreRequest.getPath(), bitbucketServerLicense == null ? "no license is installed" : "a Data Center license is not installed");
            throw new AttachDataStoreDisabledException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.attachdisabled", new Object[0]));
        }
        this.storeDao.findByPath(attachDataStoreRequest.getPath()).ifPresent(internalDataStore -> {
            log.warn("{} has already been attached (UUID: {})", internalDataStore.getPath(), internalDataStore.getUuid());
            throw new DataStoreAlreadyExistsException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.alreadyattached", internalDataStore.getPath()));
        });
        Path path = Paths.get(attachDataStoreRequest.getPath(), new String[0]);
        try {
            verifyDirectory(path);
            verifyRealPath(path);
            verifyNotNested(path);
            if (attachDataStoreRequest.isDryRun()) {
                return new InternalDataStore.Builder(path).uuid(UUID_VALIDATED).build();
            }
            try {
                DataStoreLayout.create(path);
                String lowerCase = this.tokenGenerator.generateToken().toLowerCase(Locale.ROOT);
                if (lowerCase.length() > 40) {
                    lowerCase = lowerCase.substring(0, 40);
                }
                Path resolve = path.resolve("store.properties");
                try {
                    Files.write(resolve, Arrays.asList("store.uuid=" + lowerCase, "store.version=" + DataStoreLayout.VERSION), StandardCharsets.UTF_8, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE);
                    if (this.clusterService.isClustered()) {
                        ValidateDataStoreCallback validateDataStoreCallback = new ValidateDataStoreCallback(this.i18nService, path);
                        this.executorService.submitToMembers(new ValidateDataStore(path.toString(), lowerCase), validateDataStoreCallback, validateDataStoreCallback);
                        try {
                            Map<ClusterNode, KeyedMessage> await = validateDataStoreCallback.await(this.validationTimeout, TimeUnit.SECONDS);
                            if (!await.isEmpty()) {
                                MoreFiles.deleteQuietly(resolve);
                                throw new InvalidDataStoreException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.cluster.validationfailed", path), await);
                            }
                        } catch (InterruptedException e) {
                            MoreFiles.deleteQuietly(resolve);
                            log.error("Interrupted while validating {} on other nodes", path, e);
                            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.cluster.validationinterrupted", path));
                        } catch (TimeoutException e2) {
                            MoreFiles.deleteQuietly(resolve);
                            log.error("Timed out while validating {} on other nodes", path, e2);
                            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.cluster.validationtimedout", path));
                        }
                    }
                    InternalDataStore build = new InternalDataStore.Builder(path).uuid(lowerCase).build();
                    SimpleCancelState raiseOnAttach = this.listenerRegistry.raiseOnAttach(build);
                    if (!raiseOnAttach.isCanceled()) {
                        return this.storeDao.create(build);
                    }
                    MoreFiles.deleteQuietly(resolve);
                    throw new ArgumentValidationException(getCancellationMessage(raiseOnAttach));
                } catch (FileAlreadyExistsException e3) {
                    log.error("{} already exists in {}. Newly attached stores should be empty.", "store.properties", path, e3);
                    throw new DataStoreAlreadyExistsException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.propertiesexist", "store.properties", path));
                } catch (IOException e4) {
                    log.error("Cannot write to {}; check your filesystem permissions and try again", path, e4);
                    throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.notwritable", Product.NAME, path));
                }
            } catch (IOException e5) {
                log.error("Cannot write to {}; check your filesystem permissions and try again", path, e5);
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.notwritable", Product.NAME, path), e5);
            }
        } catch (FileNotFoundException | NoSuchFileException e6) {
            log.error("{} does not exist; it cannot be used as a data store", path, e6);
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.notfound", path, Product.NAME), e6);
        } catch (AccessDeniedException e7) {
            log.error("Could not access {}; it cannot be used as a data store", path, e7);
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.accessdenied", Product.NAME, path), e7);
        } catch (IOException e8) {
            log.error("Validation failed for {}; it cannot be used a data store", path, e8);
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.validationfailed", Product.NAME, path), e8);
        }
    }

    @Override // com.atlassian.bitbucket.dmz.server.DmzDataStoreService
    @Nonnull
    @Transactional(readOnly = true)
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public DataStoreConfig getConfig() {
        return new SimpleDataStoreConfig.Builder(new InternalDataStore.Builder(this.homeLayout.getSharedHomeDir()).type(DataStoreType.SHARED_HOME).uuid("shared").build()).additional(this.storeDao.listAll()).build();
    }

    private KeyedMessage getCancellationMessage(SimpleCancelState simpleCancelState) {
        List<KeyedMessage> cancelMessages = simpleCancelState.getCancelMessages();
        StringBuilder sb = new StringBuilder("Attaching a data store was canceled:");
        cancelMessages.forEach(keyedMessage -> {
            sb.append("\n- ").append(keyedMessage.getRootMessage());
        });
        log.warn(sb.toString());
        return cancelMessages.get(cancelMessages.size() - 1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isNested(Path path, Path path2) {
        try {
            path2 = path2.toRealPath(new LinkOption[0]);
        } catch (IOException e) {
            log.warn("Could not convert {} to a real path", path2, e);
        }
        return path.startsWith(path2) || path2.startsWith(path);
    }

    private InternalDataStore chooseStoreByUsableSpace() {
        InternalDataStore internalDataStore = null;
        long j = 0;
        for (InternalDataStore internalDataStore2 : this.storeDao.listAll()) {
            long orElse = internalDataStore2.getUsableSpace().orElse(-1L);
            if (orElse > j) {
                j = orElse;
                internalDataStore = internalDataStore2;
            }
        }
        return internalDataStore;
    }

    private void verifyDirectory(Path path) throws IOException {
        BasicFileAttributes readAttributes = Files.readAttributes(path, (Class<BasicFileAttributes>) BasicFileAttributes.class, LinkOption.NOFOLLOW_LINKS);
        if (readAttributes.isRegularFile()) {
            log.warn("{} is a file and cannot be used as a data store", path);
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.invalidtype.file", path));
        }
        if (readAttributes.isSymbolicLink()) {
            log.warn("{} is a symbolic link and cannot be used as a data store", path);
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.invalidtype.symlink", path));
        }
        if (readAttributes.isDirectory()) {
            return;
        }
        log.warn("{} is not a directory and cannot be used as a data store", path);
        throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.invalidtype.unknown", path));
    }

    private void verifyNotNested(Path path) {
        Path sharedHomeDir = this.homeLayout.getSharedHomeDir();
        if (isNested(path, sharedHomeDir)) {
            log.warn("{} is nested with the shared home ({}) and cannot be used as a data store", path, sharedHomeDir);
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.nested.sharedhome", path, Product.NAME, sharedHomeDir));
        }
        for (InternalDataStore internalDataStore : this.storeDao.listAll()) {
            if (isNested(path, internalDataStore.getDir())) {
                log.warn("{} is nested with an existing data store ({}); stores may not be nested", path, internalDataStore.getPath());
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.nested.otherstore", path, internalDataStore.getPath()));
            }
        }
    }

    private void verifyRealPath(Path path) throws IOException {
        Path realPath = path.toRealPath(new LinkOption[0]);
        if (path.toString().equals(realPath.toString())) {
            return;
        }
        log.warn("{} does not match the directory's real path ({})", path, realPath);
        throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.storage.datastore.userealpath", path, realPath));
    }
}
