package com.atlassian.pipelines.runner.core.runtime.linux.docker;

import com.atlassian.pipelines.runner.api.error.ErrorKeys;
import com.atlassian.pipelines.runner.api.factory.DirectoryFactory;
import com.atlassian.pipelines.runner.api.runtime.StepRuntimeSetup;
import com.atlassian.pipelines.runner.api.service.docker.DockerSystemService;
import com.atlassian.pipelines.runner.core.configuration.Runtime;
import com.atlassian.pipelines.runner.core.exception.PrerequisiteFailedRunnerException;
import io.reactivex.Completable;
import io.reactivex.functions.Action;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;

@Profile({Runtime.Strings.LINUX_DOCKER})
@Component
/* loaded from: input_file:com/atlassian/pipelines/runner/core/runtime/linux/docker/LinuxDockerRuntimeSetup.class */
public class LinuxDockerRuntimeSetup implements StepRuntimeSetup {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) LinuxDockerRuntimeSetup.class);
    private static final Set<PosixFilePermission> READ_EXECUTE_FILE_PERMISSIONS = Set.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_EXECUTE);
    private static final Set<PosixFilePermission> FULL_FILE_PERMISSIONS = Set.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE);
    public static final int MINIMUM_DOCKER_VERSION = 19;
    public static final String REQUIRED_LOGGING_DRIVER = "json-file";
    private final DockerSystemService dockerSystemService;
    private final Path dockerContainerPath;
    private final Path dockerCliPath;
    private final Path bundledDockerCliPath;

    @Autowired
    public LinuxDockerRuntimeSetup(DockerSystemService dockerSystemService, DirectoryFactory directoryFactory) {
        this.dockerSystemService = dockerSystemService;
        this.dockerContainerPath = directoryFactory.dockerContainers().getPath();
        this.dockerCliPath = directoryFactory.dockerCli().getPath();
        this.bundledDockerCliPath = directoryFactory.bundledDockerCli().getPath();
    }

    @Override // com.atlassian.pipelines.runner.api.runtime.StepRuntimeSetup
    public Completable setup() {
        return Completable.mergeArray(copyDockerCliToWorkingDirectory(), getAccessToContainerDirectory(), verifyDockerRequirements());
    }

    private Completable getAccessToContainerDirectory() {
        return Completable.fromAction(() -> {
            if (!Files.getPosixFilePermissions(this.dockerContainerPath, new LinkOption[0]).contains(PosixFilePermission.OWNER_READ)) {
                throw new PrerequisiteFailedRunnerException(ErrorKeys.ErrorKey.INVALID_DOCKER_SETTING, "no access to containers directory.");
            }
        });
    }

    private Completable verifyDockerRequirements() {
        return this.dockerSystemService.getDockerSystemInfo().map(systemInfo -> {
            if (Integer.parseInt(systemInfo.getDockerVersion().substring(0, 2)) < 19) {
                throw new PrerequisiteFailedRunnerException(ErrorKeys.ErrorKey.INVALID_DOCKER_VERSION, "The installed Docker client must be at least version 19");
            }
            if (systemInfo.getSecurityOptions().stream().anyMatch(str -> {
                return str.startsWith("userns-remap");
            })) {
                throw new PrerequisiteFailedRunnerException(ErrorKeys.ErrorKey.INVALID_DOCKER_SETTING, "user-ns remapping not allowed in docker settings.");
            }
            if (systemInfo.getLoggingDriver().equals(REQUIRED_LOGGING_DRIVER)) {
                return systemInfo;
            }
            throw new PrerequisiteFailedRunnerException(ErrorKeys.ErrorKey.INVALID_DOCKER_SETTING, String.format("The docker logging driver must be %s.", REQUIRED_LOGGING_DRIVER));
        }).ignoreElement();
    }

    private Completable copyDockerCliToWorkingDirectory() {
        return Completable.fromAction(getFileCopyAction()).doOnSubscribe(disposable -> {
            logger.info("Copying Docker cli to working directory.");
        }).doOnError(th -> {
            logger.error("An error occured copying the docker cli to the working directory", th);
        });
    }

    private Action getFileCopyAction() {
        return () -> {
            File file = this.dockerCliPath.toFile();
            if (!file.exists()) {
                FileUtils.copyFile(this.bundledDockerCliPath.toFile(), file);
            }
            Files.setPosixFilePermissions(this.dockerCliPath, READ_EXECUTE_FILE_PERMISSIONS);
        };
    }
}
