package com.google.gerrit.server.schema;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.gerrit.common.Version;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.entities.AccessSection;
import com.google.gerrit.entities.BooleanProjectConfig;
import com.google.gerrit.entities.GroupReference;
import com.google.gerrit.entities.LabelType;
import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.PermissionRule;
import com.google.gerrit.entities.RefNames;
import com.google.gerrit.extensions.client.InheritableBoolean;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.git.meta.MetaDataUpdate;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.notedb.RepoSequence;
import com.google.gerrit.server.project.ProjectConfig;
import com.google.inject.Inject;
import java.io.IOException;
import java.util.Iterator;
import java.util.Objects;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.errors.RepositoryNotFoundException;
import org.eclipse.jgit.lib.BatchRefUpdate;
import org.eclipse.jgit.lib.NullProgressMonitor;
import org.eclipse.jgit.lib.ObjectInserter;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.RevWalk;
import org.eclipse.jgit.transport.ReceiveCommand;

/* loaded from: input_file:com/google/gerrit/server/schema/AllProjectsCreator.class */
public class AllProjectsCreator {
    private final GitRepositoryManager repositoryManager;
    private final AllProjectsName allProjectsName;
    private final PersonIdent serverUser;
    private final NoteDbSchemaVersionManager versionManager;
    private final ProjectConfig.Factory projectConfigFactory;
    private final GroupReference anonymous;
    private final GroupReference registered;
    private final GroupReference owners;

    @Inject
    AllProjectsCreator(GitRepositoryManager gitRepositoryManager, AllProjectsName allProjectsName, @GerritPersonIdent PersonIdent personIdent, NoteDbSchemaVersionManager noteDbSchemaVersionManager, SystemGroupBackend systemGroupBackend, ProjectConfig.Factory factory) {
        this.repositoryManager = gitRepositoryManager;
        this.allProjectsName = allProjectsName;
        this.serverUser = personIdent;
        this.versionManager = noteDbSchemaVersionManager;
        this.projectConfigFactory = factory;
        this.anonymous = systemGroupBackend.getGroup(SystemGroupBackend.ANONYMOUS_USERS);
        this.registered = systemGroupBackend.getGroup(SystemGroupBackend.REGISTERED_USERS);
        this.owners = systemGroupBackend.getGroup(SystemGroupBackend.PROJECT_OWNERS);
    }

    public void create(AllProjectsInput allProjectsInput) throws IOException, ConfigInvalidException {
        try {
            Repository openRepository = this.repositoryManager.openRepository(this.allProjectsName);
            try {
                initAllProjects(openRepository, allProjectsInput);
                if (openRepository != null) {
                    openRepository.close();
                }
            } finally {
            }
        } catch (RepositoryNotFoundException e) {
            try {
                Repository createRepository = this.repositoryManager.createRepository(this.allProjectsName);
                try {
                    initAllProjects(createRepository, allProjectsInput);
                    createRepository.updateRef("HEAD").link(RefNames.REFS_CONFIG);
                    if (createRepository != null) {
                        createRepository.close();
                    }
                } finally {
                }
            } catch (RepositoryNotFoundException e2) {
                throw new IOException("Cannot create repository " + this.allProjectsName.get(), e2);
            }
        }
    }

    private void initAllProjects(Repository repository, AllProjectsInput allProjectsInput) throws ConfigInvalidException, IOException {
        BatchRefUpdate newBatchUpdate = repository.getRefDatabase().newBatchUpdate();
        MetaDataUpdate metaDataUpdate = new MetaDataUpdate(GitReferenceUpdated.DISABLED, this.allProjectsName, repository, newBatchUpdate);
        try {
            metaDataUpdate.getCommitBuilder().setAuthor(this.serverUser);
            metaDataUpdate.getCommitBuilder().setCommitter(this.serverUser);
            metaDataUpdate.setMessage(allProjectsInput.commitMessage().isPresent() ? allProjectsInput.commitMessage().get() : "Initialized Gerrit Code Review " + Version.getVersion());
            ProjectConfig read = this.projectConfigFactory.read(metaDataUpdate);
            read.updateProject(builder -> {
                builder.setDescription(allProjectsInput.projectDescription().orElse("Access inherited by all other projects."));
                ImmutableMap<BooleanProjectConfig, InheritableBoolean> booleanProjectConfigs = allProjectsInput.booleanProjectConfigs();
                Objects.requireNonNull(builder);
                booleanProjectConfigs.forEach(builder::setBooleanConfig);
            });
            allProjectsInput.codeReviewLabel().ifPresent(labelType -> {
                read.upsertLabelType(labelType);
            });
            if (allProjectsInput.initDefaultAcls()) {
                initDefaultAcls(read, allProjectsInput);
            }
            read.commitToNewRef(metaDataUpdate, RefNames.REFS_CONFIG);
            initSequences(repository, newBatchUpdate, allProjectsInput.firstChangeIdForNoteDb());
            this.versionManager.init();
            execute(repository, newBatchUpdate);
            metaDataUpdate.close();
        } catch (Throwable th) {
            try {
                metaDataUpdate.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void initDefaultAcls(ProjectConfig projectConfig, AllProjectsInput allProjectsInput) {
        Preconditions.checkArgument(allProjectsInput.codeReviewLabel().isPresent());
        LabelType labelType = allProjectsInput.codeReviewLabel().get();
        projectConfig.upsertAccessSection(AccessSection.HEADS, builder -> {
            initDefaultAclsForRegisteredUsers(builder, labelType, projectConfig);
        });
        projectConfig.upsertAccessSection(AccessSection.GLOBAL_CAPABILITIES, builder2 -> {
            allProjectsInput.serviceUsersGroup().ifPresent(groupReference -> {
                initDefaultAclsForBatchUsers(builder2, projectConfig, groupReference);
            });
        });
        allProjectsInput.administratorsGroup().ifPresent(groupReference -> {
            initDefaultAclsForAdmins(projectConfig, labelType, groupReference);
        });
    }

    private void initDefaultAclsForRegisteredUsers(AccessSection.Builder builder, LabelType labelType, ProjectConfig projectConfig) {
        projectConfig.upsertAccessSection("refs/for/*", builder2 -> {
            AclUtil.grant(projectConfig, builder2, Permission.ADD_PATCH_SET, this.registered);
        });
        projectConfig.upsertAccessSection(RefNames.REFS_VERSION, builder3 -> {
            AclUtil.grant(projectConfig, builder3, Permission.READ, this.anonymous);
        });
        AclUtil.grant(projectConfig, builder, labelType, -1, 1, this.registered);
        AclUtil.grant(projectConfig, builder, Permission.FORGE_AUTHOR, this.registered);
        AclUtil.grant(projectConfig, builder, Permission.READ, this.anonymous);
        AclUtil.grant(projectConfig, builder, Permission.REVERT, this.registered);
        projectConfig.upsertAccessSection("refs/for/refs/*", builder4 -> {
            AclUtil.grant(projectConfig, builder4, Permission.PUSH, this.registered);
            AclUtil.grant(projectConfig, builder4, Permission.PUSH_MERGE, this.registered);
        });
    }

    private void initDefaultAclsForBatchUsers(AccessSection.Builder builder, ProjectConfig projectConfig, GroupReference groupReference) {
        builder.upsertPermission("priority").add(AclUtil.rule(projectConfig, groupReference).setAction(PermissionRule.Action.BATCH));
        builder.upsertPermission(GlobalCapability.STREAM_EVENTS).add(AclUtil.rule(projectConfig, groupReference));
    }

    private void initDefaultAclsForAdmins(ProjectConfig projectConfig, LabelType labelType, GroupReference groupReference) {
        projectConfig.upsertAccessSection(AccessSection.GLOBAL_CAPABILITIES, builder -> {
            AclUtil.grant(projectConfig, builder, GlobalCapability.ADMINISTRATE_SERVER, groupReference);
        });
        projectConfig.upsertAccessSection(AccessSection.ALL, builder2 -> {
            AclUtil.grant(projectConfig, builder2, Permission.READ, groupReference);
        });
        projectConfig.upsertAccessSection(AccessSection.HEADS, builder3 -> {
            AclUtil.grant(projectConfig, builder3, labelType, -2, 2, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder3, Permission.CREATE, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder3, Permission.PUSH, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder3, Permission.SUBMIT, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder3, Permission.FORGE_COMMITTER, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder3, Permission.EDIT_TOPIC_NAME, true, groupReference, this.owners);
        });
        projectConfig.upsertAccessSection("refs/tags/*", builder4 -> {
            AclUtil.grant(projectConfig, builder4, Permission.CREATE, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder4, Permission.CREATE_TAG, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder4, Permission.CREATE_SIGNED_TAG, groupReference, this.owners);
        });
        projectConfig.upsertAccessSection(RefNames.REFS_CONFIG, builder5 -> {
            builder5.upsertPermission(Permission.READ).setExclusiveGroup(true);
            AclUtil.grant(projectConfig, builder5, Permission.READ, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder5, labelType, -2, 2, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder5, Permission.CREATE, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder5, Permission.PUSH, groupReference, this.owners);
            AclUtil.grant(projectConfig, builder5, Permission.SUBMIT, groupReference, this.owners);
        });
    }

    private void initSequences(Repository repository, BatchRefUpdate batchRefUpdate, int i) throws IOException {
        if (repository.exactRef("refs/sequences/changes") == null) {
            ObjectInserter newObjectInserter = repository.newObjectInserter();
            try {
                batchRefUpdate.addCommand(RepoSequence.storeNew(newObjectInserter, "changes", i));
                newObjectInserter.flush();
                if (newObjectInserter != null) {
                    newObjectInserter.close();
                }
            } catch (Throwable th) {
                if (newObjectInserter != null) {
                    try {
                        newObjectInserter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    private void execute(Repository repository, BatchRefUpdate batchRefUpdate) throws IOException {
        RevWalk revWalk = new RevWalk(repository);
        try {
            batchRefUpdate.execute(revWalk, NullProgressMonitor.INSTANCE);
            revWalk.close();
            Iterator<ReceiveCommand> it = batchRefUpdate.getCommands().iterator();
            while (it.hasNext()) {
                if (it.next().getResult() != ReceiveCommand.Result.OK) {
                    throw new IOException("Failed to initialize " + this.allProjectsName + " refs:\n" + batchRefUpdate);
                }
            }
        } catch (Throwable th) {
            try {
                revWalk.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
