// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "storage/browser/file_system/obfuscated_file_util.h"

#include <stddef.h>
#include <stdint.h>

#include <memory>
#include <tuple>
#include <utility>

#include "base/containers/queue.h"
#include "base/files/file_error_or.h"
#include "base/files/file_util.h"
#include "base/format_macros.h"
#include "base/functional/bind.h"
#include "base/logging.h"
#include "base/memory/ptr_util.h"
#include "base/memory/raw_ptr.h"
#include "base/metrics/histogram.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
#include "base/threading/thread_restrictions.h"
#include "base/time/time.h"
#include "components/services/storage/public/cpp/buckets/bucket_init_params.h"
#include "storage/browser/file_system/file_observers.h"
#include "storage/browser/file_system/file_system_context.h"
#include "storage/browser/file_system/file_system_operation_context.h"
#include "storage/browser/file_system/file_system_util.h"
#include "storage/browser/file_system/obfuscated_file_util_disk_delegate.h"
#include "storage/browser/file_system/obfuscated_file_util_memory_delegate.h"
#include "storage/browser/file_system/quota/quota_limit_type.h"
#include "storage/browser/file_system/sandbox_file_system_backend.h"
#include "storage/browser/file_system/sandbox_origin_database.h"
#include "storage/browser/quota/quota_manager.h"
#include "storage/common/database/database_identifier.h"
#include "storage/common/file_system/file_system_types.h"
#include "storage/common/file_system/file_system_util.h"
#include "third_party/blink/public/common/storage_key/storage_key.h"
#include "third_party/leveldatabase/leveldb_chrome.h"
#include "url/gurl.h"

// Example of various paths:
//   void ObfuscatedFileUtil::DoSomething(const FileSystemURL& url) {
//     base::FilePath virtual_path = url.path();
//     base::FilePath local_path = GetLocalFilePath(url);
//
//     NativeFileUtil::DoSomething(local_path);
//     file_util::DoAnother(local_path);
//  }

namespace storage {

namespace {

using FileId = SandboxDirectoryDatabase::FileId;
using FileInfo = SandboxDirectoryDatabase::FileInfo;

void InitFileInfo(SandboxDirectoryDatabase::FileInfo* file_info,
                  SandboxDirectoryDatabase::FileId parent_id,
                  const base::FilePath::StringType& file_name) {
  DCHECK(file_info);
  file_info->parent_id = parent_id;
  file_info->name = file_name;
}

// Costs computed as per crbug.com/86114, based on the LevelDB implementation of
// path storage under Linux.  It's not clear if that will differ on Windows, on
// which base::FilePath uses wide chars [since they're converted to UTF-8 for
// storage anyway], but as long as the cost is high enough that one can't cheat
// on quota by storing data in paths, it doesn't need to be all that accurate.
const int64_t kPathCreationQuotaCost = 146;  // Bytes per inode, basically.
const int64_t kPathByteQuotaCost =
    2;  // Bytes per byte of path length in UTF-8.

int64_t UsageForPath(size_t length) {
  return kPathCreationQuotaCost +
         static_cast<int64_t>(length) * kPathByteQuotaCost;
}

bool AllocateQuota(FileSystemOperationContext* context, int64_t growth) {
  if (context->allowed_bytes_growth() == QuotaManager::kNoLimit)
    return true;

  int64_t new_quota = context->allowed_bytes_growth() - growth;
  if (growth > 0 && new_quota < 0)
    return false;
  context->set_allowed_bytes_growth(new_quota);
  return true;
}

void UpdateUsage(FileSystemOperationContext* context,
                 const FileSystemURL& url,
                 int64_t growth) {
  context->update_observers()->Notify(&FileUpdateObserver::OnUpdate, url,
                                      growth);
}

void TouchDirectory(SandboxDirectoryDatabase* db, FileId dir_id) {
  DCHECK(db);
  if (!db->UpdateModificationTime(dir_id, base::Time::Now()))
    NOTREACHED();
}

enum IsolatedOriginStatus {
  kIsolatedOriginMatch,
  kIsolatedOriginDontMatch,
  kIsolatedOriginStatusMax,
};

}  // namespace

// Implementing the DatabaseKey for the directories_ map.
DatabaseKey::DatabaseKey() = default;
DatabaseKey::~DatabaseKey() = default;

// Copyable and moveable
DatabaseKey::DatabaseKey(const DatabaseKey& other) = default;
DatabaseKey& DatabaseKey::operator=(const DatabaseKey& other) = default;
DatabaseKey::DatabaseKey(DatabaseKey&& other) = default;
DatabaseKey& DatabaseKey::operator=(DatabaseKey&& other) = default;

DatabaseKey::DatabaseKey(const blink::StorageKey& storage_key,
                         const absl::optional<BucketLocator>& bucket,
                         const std::string& type) {
  storage_key_ = storage_key;
  bucket_ = bucket;
  type_ = type;
}

bool DatabaseKey::operator==(const DatabaseKey& other) const {
  return std::tie(storage_key_, bucket_, type_) ==
         std::tie(other.storage_key_, other.bucket_, other.type_);
}

bool DatabaseKey::operator!=(const DatabaseKey& other) const {
  return std::tie(storage_key_, bucket_, type_) !=
         std::tie(other.storage_key_, other.bucket_, other.type_);
}

bool DatabaseKey::operator<(const DatabaseKey& other) const {
  return std::tie(storage_key_, bucket_, type_) <
         std::tie(other.storage_key_, other.bucket_, other.type_);
}

// end DatabaseKey implementation.

class ObfuscatedFileEnumerator final
    : public FileSystemFileUtil::AbstractFileEnumerator {
 public:
  ObfuscatedFileEnumerator(SandboxDirectoryDatabase* db,
                           FileSystemOperationContext* context,
                           ObfuscatedFileUtil* obfuscated_file_util,
                           const FileSystemURL& root_url,
                           bool recursive)
      : db_(db),
        context_(context),
        obfuscated_file_util_(obfuscated_file_util),
        root_url_(root_url),
        recursive_(recursive),
        current_file_id_(0) {
    base::FilePath root_virtual_path = root_url.path();
    FileId file_id;

    if (!db_->GetFileWithPath(root_virtual_path, &file_id))
      return;

    FileRecord record = {file_id, root_virtual_path};
    recurse_queue_.push(record);
  }

  ~ObfuscatedFileEnumerator() override = default;

  base::FilePath Next() override {
    FileInfo file_info;
    base::File::Error error;
    do {
      ProcessRecurseQueue();
      if (display_stack_.empty())
        return base::FilePath();

      current_file_id_ = display_stack_.back();
      display_stack_.pop_back();

      base::FilePath platform_file_path;
      error = obfuscated_file_util_->GetFileInfoInternal(
          db_, context_, root_url_, current_file_id_, &file_info,
          &current_platform_file_info_, &platform_file_path);
    } while (error != base::File::FILE_OK);

    base::FilePath virtual_path =
        current_parent_virtual_path_.Append(file_info.name);
    if (recursive_ && file_info.is_directory()) {
      FileRecord record = {current_file_id_, virtual_path};
      recurse_queue_.push(record);
    }
    return virtual_path;
  }

  int64_t Size() override { return current_platform_file_info_.size; }

  base::Time LastModifiedTime() override {
    return current_platform_file_info_.last_modified;
  }

  bool IsDirectory() override {
    return current_platform_file_info_.is_directory;
  }

 private:
  using FileId = SandboxDirectoryDatabase::FileId;
  using FileInfo = SandboxDirectoryDatabase::FileInfo;

  struct FileRecord {
    FileId file_id;
    base::FilePath virtual_path;
  };

  void ProcessRecurseQueue() {
    while (display_stack_.empty() && !recurse_queue_.empty()) {
      FileRecord entry = recurse_queue_.front();
      recurse_queue_.pop();
      if (!db_->ListChildren(entry.file_id, &display_stack_)) {
        display_stack_.clear();
        return;
      }
      current_parent_virtual_path_ = entry.virtual_path;
    }
  }

  raw_ptr<SandboxDirectoryDatabase> db_;
  raw_ptr<FileSystemOperationContext> context_;
  raw_ptr<ObfuscatedFileUtil> obfuscated_file_util_;
  FileSystemURL root_url_;
  bool recursive_;

  base::queue<FileRecord> recurse_queue_;
  std::vector<FileId> display_stack_;
  base::FilePath current_parent_virtual_path_;

  FileId current_file_id_;
  base::File::Info current_platform_file_info_;
};

// NOTE: currently, ObfuscatedFileUtil still relies on SandboxOriginDatabases
// for first-party StorageKeys/default buckets. The AbstractStorageKeyEnumerator
// class is only used in these cases. While this class stores and iterates
// through StorageKeys types, it works by retrieving OriginRecords from the
// SandboxOriginDatabase and converting those origins into first-party
// StorageKey values (e.g. blink::StorageKey(origin)). The goal is to eventually
// deprecate SandboxOriginDatabases and AbstractStorageKeyEnumerators and rely
// entirely on Storage Buckets.
class ObfuscatedStorageKeyEnumerator
    : public ObfuscatedFileUtil::AbstractStorageKeyEnumerator {
 public:
  using OriginRecord = SandboxOriginDatabase::OriginRecord;
  ObfuscatedStorageKeyEnumerator(
      SandboxOriginDatabaseInterface* origin_database,
      base::WeakPtr<ObfuscatedFileUtilMemoryDelegate> memory_file_util,
      const base::FilePath& base_file_path)
      : base_file_path_(base_file_path),
        memory_file_util_(std::move(memory_file_util)) {
    if (origin_database)
      origin_database->ListAllOrigins(&origin_records_);
  }

  ~ObfuscatedStorageKeyEnumerator() override = default;

  // Returns the next StorageKey. Returns empty if there are no more
  // StorageKeys.
  absl::optional<blink::StorageKey> Next() override {
    OriginRecord record;
    if (origin_records_.empty()) {
      current_ = record;
      return absl::nullopt;
    }
    record = origin_records_.back();
    origin_records_.pop_back();
    current_ = record;
    return blink::StorageKey::CreateFirstParty(
        GetOriginFromIdentifier(record.origin));
  }

  // Returns the current StorageKey.origin()'s information.
  bool HasTypeDirectory(const std::string& type_string) const override {
    if (current_.path.empty())
      return false;
    if (type_string.empty()) {
      NOTREACHED();
      return false;
    }
    base::FilePath path =
        base_file_path_.Append(current_.path).AppendASCII(type_string);
    if (memory_file_util_)
      return memory_file_util_->DirectoryExists(path);
    else
      return base::DirectoryExists(path);
  }

 private:
  std::vector<OriginRecord> origin_records_;
  OriginRecord current_;
  base::FilePath base_file_path_;
  base::WeakPtr<ObfuscatedFileUtilMemoryDelegate> memory_file_util_;
};

const base::FilePath::CharType ObfuscatedFileUtil::kFileSystemDirectory[] =
    FILE_PATH_LITERAL("File System");

ObfuscatedFileUtil::ObfuscatedFileUtil(
    scoped_refptr<SpecialStoragePolicy> special_storage_policy,
    const base::FilePath& profile_path,
    leveldb::Env* env_override,
    const std::set<std::string>& known_type_strings,
    SandboxFileSystemBackendDelegate* sandbox_delegate,
    bool is_incognito)
    : special_storage_policy_(std::move(special_storage_policy)),
      env_override_(env_override),
      is_incognito_(is_incognito),
      db_flush_delay_seconds_(10 * 60),  // 10 mins.
      known_type_strings_(known_type_strings),
      sandbox_delegate_(sandbox_delegate) {
  DETACH_FROM_SEQUENCE(sequence_checker_);
  DCHECK(!is_incognito_ ||
         (env_override && leveldb_chrome::IsMemEnv(env_override)));
  file_system_directory_ = profile_path.Append(kFileSystemDirectory);

  if (is_incognito_) {
    // profile_path is passed here, so that the delegate is able to accommodate
    // both codepaths of {{profile_path}}/File System (first-party) and
    // {{profile_path}}/WebStorage (buckets-based).
    // See https://crrev.com/c/3817542 for more context.
    delegate_ =
        std::make_unique<ObfuscatedFileUtilMemoryDelegate>(profile_path);
  } else {
    delegate_ = std::make_unique<ObfuscatedFileUtilDiskDelegate>();
  }
}

ObfuscatedFileUtil::~ObfuscatedFileUtil() {
  DropDatabases();
}

base::File ObfuscatedFileUtil::CreateOrOpen(FileSystemOperationContext* context,
                                            const FileSystemURL& url,
                                            int file_flags) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  base::File file = CreateOrOpenInternal(context, url, file_flags);
  if (file.IsValid() && file_flags & base::File::FLAG_WRITE &&
      context->quota_limit_type() == QuotaLimitType::kUnlimited &&
      sandbox_delegate_) {
    sandbox_delegate_->StickyInvalidateUsageCache(url.storage_key(),
                                                  url.type());
  }
  return file;
}

base::File::Error ObfuscatedFileUtil::EnsureFileExists(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    bool* created) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, true);
  if (!db)
    return base::File::FILE_ERROR_FAILED;

  FileId file_id;
  if (db->GetFileWithPath(url.path(), &file_id)) {
    FileInfo file_info;
    if (!db->GetFileInfo(file_id, &file_info)) {
      return base::File::FILE_ERROR_FAILED;
    }
    if (file_info.is_directory())
      return base::File::FILE_ERROR_NOT_A_FILE;
    if (created)
      *created = false;
    return base::File::FILE_OK;
  }
  FileId parent_id;
  if (!db->GetFileWithPath(VirtualPath::DirName(url.path()), &parent_id))
    return base::File::FILE_ERROR_NOT_FOUND;

  FileInfo file_info;
  InitFileInfo(&file_info, parent_id,
               VirtualPath::BaseName(url.path()).value());

  int64_t growth = UsageForPath(file_info.name.size());
  if (!AllocateQuota(context, growth))
    return base::File::FILE_ERROR_NO_SPACE;
  base::File::Error error = CreateFile(
      context, base::FilePath(), false /* foreign_source */, url, &file_info);
  if (created && base::File::FILE_OK == error) {
    *created = true;
    UpdateUsage(context, url, growth);
    context->change_observers()->Notify(&FileChangeObserver::OnCreateFile, url);
  }
  return error;
}

base::File::Error ObfuscatedFileUtil::CreateDirectory(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    bool exclusive,
    bool recursive) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, true);
  if (!db)
    return base::File::FILE_ERROR_FAILED;

  FileId file_id;
  if (db->GetFileWithPath(url.path(), &file_id)) {
    FileInfo file_info;
    if (exclusive)
      return base::File::FILE_ERROR_EXISTS;
    if (!db->GetFileInfo(file_id, &file_info)) {
      return base::File::FILE_ERROR_FAILED;
    }
    if (!file_info.is_directory())
      return base::File::FILE_ERROR_NOT_A_DIRECTORY;
    return base::File::FILE_OK;
  }

  std::vector<base::FilePath::StringType> components =
      VirtualPath::GetComponents(url.path());
  FileId parent_id = 0;
  size_t index;
  for (index = 0; index < components.size(); ++index) {
    base::FilePath::StringType name = components[index];
    if (name == FILE_PATH_LITERAL("/"))
      continue;
    if (!db->GetChildWithName(parent_id, name, &parent_id))
      break;
  }
  if (!db->IsDirectory(parent_id))
    return base::File::FILE_ERROR_NOT_A_DIRECTORY;
  if (!recursive && components.size() - index > 1)
    return base::File::FILE_ERROR_NOT_FOUND;
  bool first = true;
  for (; index < components.size(); ++index) {
    FileInfo file_info;
    file_info.name = components[index];
    if (file_info.name == FILE_PATH_LITERAL("/"))
      continue;
    file_info.modification_time = base::Time::Now();
    file_info.parent_id = parent_id;
    int64_t growth = UsageForPath(file_info.name.size());
    if (!AllocateQuota(context, growth))
      return base::File::FILE_ERROR_NO_SPACE;
    base::File::Error error = db->AddFileInfo(file_info, &parent_id);
    if (error != base::File::FILE_OK)
      return error;
    UpdateUsage(context, url, growth);
    context->change_observers()->Notify(&FileChangeObserver::OnCreateDirectory,
                                        url);
    if (first) {
      first = false;
      TouchDirectory(db, file_info.parent_id);
    }
  }
  return base::File::FILE_OK;
}

base::File::Error ObfuscatedFileUtil::GetFileInfo(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    base::File::Info* file_info,
    base::FilePath* platform_file_path) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, false);
  if (!db)
    return base::File::FILE_ERROR_NOT_FOUND;
  FileId file_id;
  if (!db->GetFileWithPath(url.path(), &file_id))
    return base::File::FILE_ERROR_NOT_FOUND;
  FileInfo local_info;
  return GetFileInfoInternal(db, context, url, file_id, &local_info, file_info,
                             platform_file_path);
}

base::File::Error ObfuscatedFileUtil::GetLocalFilePath(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    base::FilePath* local_path) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, false);
  if (!db)
    return base::File::FILE_ERROR_NOT_FOUND;
  FileId file_id;
  if (!db->GetFileWithPath(url.path(), &file_id))
    return base::File::FILE_ERROR_NOT_FOUND;
  FileInfo file_info;
  if (!db->GetFileInfo(file_id, &file_info) || file_info.is_directory()) {
    // Directories have no local file path.
    return base::File::FILE_ERROR_NOT_FOUND;
  }
  *local_path = DataPathToLocalPath(url, file_info.data_path);

  if (local_path->empty())
    return base::File::FILE_ERROR_NOT_FOUND;
  return base::File::FILE_OK;
}

base::File::Error ObfuscatedFileUtil::Touch(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    const base::Time& last_access_time,
    const base::Time& last_modified_time) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, false);
  if (!db)
    return base::File::FILE_ERROR_NOT_FOUND;
  FileId file_id;
  if (!db->GetFileWithPath(url.path(), &file_id))
    return base::File::FILE_ERROR_NOT_FOUND;

  FileInfo file_info;
  if (!db->GetFileInfo(file_id, &file_info)) {
    return base::File::FILE_ERROR_FAILED;
  }
  if (file_info.is_directory()) {
    if (!db->UpdateModificationTime(file_id, last_modified_time))
      return base::File::FILE_ERROR_FAILED;
    return base::File::FILE_OK;
  }
  return delegate_->Touch(DataPathToLocalPath(url, file_info.data_path),
                          last_access_time, last_modified_time);
}

base::File::Error ObfuscatedFileUtil::Truncate(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    int64_t length) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  base::File::Info file_info;
  base::FilePath local_path;
  base::File::Error error = GetFileInfo(context, url, &file_info, &local_path);
  if (error != base::File::FILE_OK)
    return error;

  int64_t growth = length - file_info.size;
  if (!AllocateQuota(context, growth))
    return base::File::FILE_ERROR_NO_SPACE;
  error = delegate_->Truncate(local_path, length);
  if (error == base::File::FILE_OK) {
    UpdateUsage(context, url, growth);
    context->change_observers()->Notify(&FileChangeObserver::OnModifyFile, url);
  }
  return error;
}

base::File::Error ObfuscatedFileUtil::CopyOrMoveFile(
    FileSystemOperationContext* context,
    const FileSystemURL& src_url,
    const FileSystemURL& dest_url,
    CopyOrMoveOptionSet options,
    bool copy) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  // Cross-filesystem copies and moves should be handled via CopyInForeignFile.
  DCHECK(src_url.origin() == dest_url.origin());
  DCHECK(src_url.type() == dest_url.type());

  SandboxDirectoryDatabase* db = GetDirectoryDatabase(src_url, true);
  if (!db)
    return base::File::FILE_ERROR_FAILED;

  FileId src_file_id;
  if (!db->GetFileWithPath(src_url.path(), &src_file_id))
    return base::File::FILE_ERROR_NOT_FOUND;

  FileId dest_file_id;
  bool overwrite = db->GetFileWithPath(dest_url.path(), &dest_file_id);

  FileInfo src_file_info;
  base::File::Info src_platform_file_info;
  base::FilePath src_local_path;
  base::File::Error error =
      GetFileInfoInternal(db, context, src_url, src_file_id, &src_file_info,
                          &src_platform_file_info, &src_local_path);
  if (error != base::File::FILE_OK)
    return error;
  if (src_file_info.is_directory())
    return base::File::FILE_ERROR_NOT_A_FILE;

  FileInfo dest_file_info;
  base::File::Info dest_platform_file_info;  // overwrite case only
  base::FilePath dest_local_path;            // overwrite case only
  if (overwrite) {
    error = GetFileInfoInternal(db, context, dest_url, dest_file_id,
                                &dest_file_info, &dest_platform_file_info,
                                &dest_local_path);
    if (error == base::File::FILE_ERROR_NOT_FOUND)
      overwrite = false;  // fallback to non-overwrite case
    else if (error != base::File::FILE_OK)
      return error;
    else if (dest_file_info.is_directory())
      return base::File::FILE_ERROR_INVALID_OPERATION;
  }
  if (!overwrite) {
    FileId dest_parent_id;
    if (!db->GetFileWithPath(VirtualPath::DirName(dest_url.path()),
                             &dest_parent_id)) {
      return base::File::FILE_ERROR_NOT_FOUND;
    }

    dest_file_info = src_file_info;
    dest_file_info.parent_id = dest_parent_id;
    dest_file_info.name = VirtualPath::BaseName(dest_url.path()).value();
  }

  int64_t growth = 0;
  if (copy)
    growth += src_platform_file_info.size;
  else
    growth -= UsageForPath(src_file_info.name.size());
  if (overwrite)
    growth -= dest_platform_file_info.size;
  else
    growth += UsageForPath(dest_file_info.name.size());
  if (!AllocateQuota(context, growth))
    return base::File::FILE_ERROR_NO_SPACE;

  /*
   * Copy-with-overwrite
   *  Just overwrite data file
   * Copy-without-overwrite
   *  Copy backing file
   *  Create new metadata pointing to new backing file.
   * Move-with-overwrite
   *  transaction:
   *    Remove source entry.
   *    Point target entry to source entry's backing file.
   *  Delete target entry's old backing file
   * Move-without-overwrite
   *  Just update metadata
   */
  error = base::File::FILE_ERROR_FAILED;
  if (copy) {
    if (overwrite) {
      error = delegate_->CopyOrMoveFile(
          src_local_path, dest_local_path, options,
          delegate_->CopyOrMoveModeForDestination(dest_url, true /* copy */));
    } else {  // non-overwrite
      error = CreateFile(context, src_local_path, false /* foreign_source */,
                         dest_url, &dest_file_info);
    }
  } else {
    if (overwrite) {
      if (db->OverwritingMoveFile(src_file_id, dest_file_id)) {
        if (base::File::FILE_OK != delegate_->DeleteFile(dest_local_path))
          LOG(WARNING) << "Leaked a backing file.";
        error = base::File::FILE_OK;
      } else {
        error = base::File::FILE_ERROR_FAILED;
      }
    } else {  // non-overwrite
      if (db->UpdateFileInfo(src_file_id, dest_file_info))
        error = base::File::FILE_OK;
      else
        error = base::File::FILE_ERROR_FAILED;
    }
  }

  if (error != base::File::FILE_OK)
    return error;

  if (overwrite) {
    context->change_observers()->Notify(&FileChangeObserver::OnModifyFile,
                                        dest_url);
  } else {
    context->change_observers()->Notify(&FileChangeObserver::OnCreateFileFrom,
                                        dest_url, src_url);
  }

  if (!copy) {
    context->change_observers()->Notify(&FileChangeObserver::OnRemoveFile,
                                        src_url);
    TouchDirectory(db, src_file_info.parent_id);
  }

  TouchDirectory(db, dest_file_info.parent_id);

  UpdateUsage(context, dest_url, growth);
  return error;
}

base::File::Error ObfuscatedFileUtil::CopyInForeignFile(
    FileSystemOperationContext* context,
    const base::FilePath& src_file_path,
    const FileSystemURL& dest_url) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(dest_url, true);
  if (!db)
    return base::File::FILE_ERROR_FAILED;

  base::File::Info src_platform_file_info;
  // Foreign files are from another on-disk file system and don't require path
  // conversion.
  if (ObfuscatedFileUtilDiskDelegate().GetFileInfo(
          src_file_path, &src_platform_file_info) != base::File::FILE_OK)
    return base::File::FILE_ERROR_NOT_FOUND;

  FileId dest_file_id;
  bool overwrite = db->GetFileWithPath(dest_url.path(), &dest_file_id);

  FileInfo dest_file_info;
  base::File::Info dest_platform_file_info;  // overwrite case only
  if (overwrite) {
    base::FilePath dest_local_path;
    base::File::Error error = GetFileInfoInternal(
        db, context, dest_url, dest_file_id, &dest_file_info,
        &dest_platform_file_info, &dest_local_path);
    if (error == base::File::FILE_ERROR_NOT_FOUND)
      overwrite = false;  // fallback to non-overwrite case
    else if (error != base::File::FILE_OK)
      return error;
    else if (dest_file_info.is_directory())
      return base::File::FILE_ERROR_INVALID_OPERATION;
  }
  if (!overwrite) {
    FileId dest_parent_id;
    if (!db->GetFileWithPath(VirtualPath::DirName(dest_url.path()),
                             &dest_parent_id)) {
      return base::File::FILE_ERROR_NOT_FOUND;
    }
    if (!dest_file_info.is_directory())
      return base::File::FILE_ERROR_FAILED;
    InitFileInfo(&dest_file_info, dest_parent_id,
                 VirtualPath::BaseName(dest_url.path()).value());
  }

  int64_t growth = src_platform_file_info.size;
  if (overwrite)
    growth -= dest_platform_file_info.size;
  else
    growth += UsageForPath(dest_file_info.name.size());
  if (!AllocateQuota(context, growth))
    return base::File::FILE_ERROR_NO_SPACE;

  base::File::Error error;
  if (overwrite) {
    base::FilePath dest_local_path =
        DataPathToLocalPath(dest_url, dest_file_info.data_path);
    error = delegate_->CopyInForeignFile(
        src_file_path, dest_local_path,
        FileSystemOperation::CopyOrMoveOptionSet(),
        delegate_->CopyOrMoveModeForDestination(dest_url, true /* copy */));
  } else {
    error = CreateFile(context, src_file_path, true /* foreign_source */,
                       dest_url, &dest_file_info);
  }

  if (error != base::File::FILE_OK)
    return error;

  if (overwrite) {
    context->change_observers()->Notify(&FileChangeObserver::OnModifyFile,
                                        dest_url);
  } else {
    context->change_observers()->Notify(&FileChangeObserver::OnCreateFile,
                                        dest_url);
  }

  UpdateUsage(context, dest_url, growth);
  TouchDirectory(db, dest_file_info.parent_id);
  return base::File::FILE_OK;
}

base::File::Error ObfuscatedFileUtil::DeleteFile(
    FileSystemOperationContext* context,
    const FileSystemURL& url) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, true);
  if (!db)
    return base::File::FILE_ERROR_FAILED;
  FileId file_id;
  if (!db->GetFileWithPath(url.path(), &file_id))
    return base::File::FILE_ERROR_NOT_FOUND;

  FileInfo file_info;
  base::File::Info platform_file_info;
  base::FilePath local_path;
  base::File::Error error = GetFileInfoInternal(
      db, context, url, file_id, &file_info, &platform_file_info, &local_path);
  if (error != base::File::FILE_ERROR_NOT_FOUND && error != base::File::FILE_OK)
    return error;

  if (file_info.is_directory())
    return base::File::FILE_ERROR_NOT_A_FILE;

  int64_t growth =
      -UsageForPath(file_info.name.size()) - platform_file_info.size;
  AllocateQuota(context, growth);
  if (!db->RemoveFileInfo(file_id)) {
    NOTREACHED();
    return base::File::FILE_ERROR_FAILED;
  }
  UpdateUsage(context, url, growth);
  TouchDirectory(db, file_info.parent_id);

  context->change_observers()->Notify(&FileChangeObserver::OnRemoveFile, url);

  if (error == base::File::FILE_ERROR_NOT_FOUND)
    return base::File::FILE_OK;

  error = delegate_->DeleteFile(local_path);
  if (base::File::FILE_OK != error)
    LOG(WARNING) << "Leaked a backing file.";
  return base::File::FILE_OK;
}

base::File::Error ObfuscatedFileUtil::DeleteDirectory(
    FileSystemOperationContext* context,
    const FileSystemURL& url) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, true);
  if (!db)
    return base::File::FILE_ERROR_FAILED;

  FileId file_id;
  if (!db->GetFileWithPath(url.path(), &file_id))
    return base::File::FILE_ERROR_NOT_FOUND;
  if (!file_id) {
    // Attempting to remove the root directory. Delete the whole file system.
    // This code should only be reached by the File System Access API when
    // deleting the root of an Origin Private File System. All sandboxed URLs
    // coming from that API are guaranteed to include bucket information.
    DCHECK(url.bucket().has_value());
    DCHECK(url.type() == kFileSystemTypeTemporary);
    DeleteDirectoryForBucketAndType(url.bucket().value(), url.type());
    context->change_observers()->Notify(&FileChangeObserver::OnRemoveDirectory,
                                        url);
    return base::File::FILE_OK;
  }
  FileInfo file_info;
  if (!db->GetFileInfo(file_id, &file_info)) {
    return base::File::FILE_ERROR_FAILED;
  }
  if (!file_info.is_directory())
    return base::File::FILE_ERROR_NOT_A_DIRECTORY;
  if (!db->RemoveFileInfo(file_id))
    return base::File::FILE_ERROR_NOT_EMPTY;
  int64_t growth = -UsageForPath(file_info.name.size());
  AllocateQuota(context, growth);
  UpdateUsage(context, url, growth);
  TouchDirectory(db, file_info.parent_id);
  context->change_observers()->Notify(&FileChangeObserver::OnRemoveDirectory,
                                      url);
  return base::File::FILE_OK;
}

ScopedFile ObfuscatedFileUtil::CreateSnapshotFile(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    base::File::Error* error,
    base::File::Info* file_info,
    base::FilePath* platform_path) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  // We're just returning the local file information.
  *error = GetFileInfo(context, url, file_info, platform_path);
  if (*error == base::File::FILE_OK && file_info->is_directory) {
    *file_info = base::File::Info();
    *error = base::File::FILE_ERROR_NOT_A_FILE;
  }
  // An empty ScopedFile does not have any on-disk operation, therefore it can
  // be handled the same way by on-disk and in-memory implementations.
  return ScopedFile();
}

std::unique_ptr<FileSystemFileUtil::AbstractFileEnumerator>
ObfuscatedFileUtil::CreateFileEnumerator(FileSystemOperationContext* context,
                                         const FileSystemURL& root_url,
                                         bool recursive) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(root_url, false);
  if (!db) {
    return std::make_unique<EmptyFileEnumerator>();
  }
  return std::make_unique<ObfuscatedFileEnumerator>(
      db, context, this, root_url, recursive);
}

bool ObfuscatedFileUtil::IsDirectoryEmpty(FileSystemOperationContext* context,
                                          const FileSystemURL& url) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, false);
  if (!db)
    return true;  // Not a great answer, but it's what others do.
  FileId file_id;
  if (!db->GetFileWithPath(url.path(), &file_id))
    return true;  // Ditto.
  FileInfo file_info;
  if (!db->GetFileInfo(file_id, &file_info)) {
    // It's the root directory and the database hasn't been initialized yet.
    return true;
  }
  if (!file_info.is_directory())
    return true;
  std::vector<FileId> children;
  // TODO(ericu): This could easily be made faster with help from the database.
  if (!db->ListChildren(file_id, &children))
    return true;
  return children.empty();
}

base::FileErrorOr<base::FilePath>
ObfuscatedFileUtil::GetDirectoryForBucketAndType(
    const BucketLocator& bucket,
    const absl::optional<FileSystemType>& type,
    bool create) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  // A default bucket in a first-party context uses
  // GetDirectoryForStorageKeyAndType() to determine its file path.
  // In tests, `sandbox_delegate_->quota_manager_proxy()` may be null.
  if ((bucket.storage_key.IsFirstPartyContext() && bucket.is_default) ||
      !sandbox_delegate_->quota_manager_proxy()) {
    return GetDirectoryForStorageKeyAndType(bucket.storage_key, type, create);
  }

  // All other contexts use the provided bucket information to construct the
  // file path.
  base::FilePath path =
      sandbox_delegate_->quota_manager_proxy()->GetClientBucketPath(
          bucket, QuotaClientType::kFileSystem);
  // Append the file system type and verify the path is valid.
  if (type) {
    path = path.AppendASCII(
        SandboxFileSystemBackendDelegate::GetTypeString(type.value()));
  }
  base::File::Error error = GetDirectoryHelper(path, create);
  if (error != base::File::FILE_OK)
    return base::unexpected(error);
  return path;
}

base::FileErrorOr<base::FilePath>
ObfuscatedFileUtil::GetDirectoryForStorageKeyAndType(
    const blink::StorageKey& storage_key,
    const absl::optional<FileSystemType>& type,
    bool create) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  base::FileErrorOr<base::FilePath> dir =
      GetDirectoryForStorageKey(storage_key, create);
  if (!dir.has_value()) {
    return dir;
  }
  DCHECK(!dir->empty());
  if (!type) {
    return dir;
  }
  // Append the file system type and verify the path is valid.
  base::FilePath path = dir->AppendASCII(
      SandboxFileSystemBackendDelegate::GetTypeString(type.value()));
  base::File::Error error = GetDirectoryHelper(path, create);
  if (error != base::File::FILE_OK)
    return base::unexpected(error);
  return path;
}

bool ObfuscatedFileUtil::DeleteDirectoryForStorageKeyAndType(
    const blink::StorageKey& storage_key,
    const absl::optional<FileSystemType>& type) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  DestroyDirectoryDatabaseForStorageKey(storage_key, type);

  base::FileErrorOr<base::FilePath> origin_path =
      GetDirectoryForStorageKey(storage_key, false);
  if (!origin_path.has_value() || origin_path->empty())
    return true;

  if (type) {
    // Delete the filesystem type directory.
    const base::FileErrorOr<base::FilePath> origin_type_path =
        GetDirectoryForStorageKeyAndType(storage_key, type.value(), false);
    if (!origin_type_path.has_value() &&
        origin_type_path.error() == base::File::FILE_ERROR_FAILED) {
      return false;
    }
    if (origin_type_path.has_value() && !origin_type_path->empty() &&
        !delegate_->DeleteFileOrDirectory(origin_type_path.value(),
                                          true /* recursive */)) {
      return false;
    }

    // At this point we are sure we had successfully deleted the origin/type
    // directory (i.e. we're ready to just return true).
    // See if we have other directories in this origin directory.
    const std::string type_string =
        SandboxFileSystemBackendDelegate::GetTypeString(type.value());
    for (const std::string& known_type : known_type_strings_) {
      if (known_type == type_string)
        continue;
      if (delegate_->DirectoryExists(origin_path->AppendASCII(known_type))) {
        // Other type's directory exists; just return true here.
        return true;
      }
    }
  }

  // No other directories seem exist. If we have a first-party StorageKey,
  // try deleting the entire origin directory.
  if (storage_key.IsFirstPartyContext()) {
    InitOriginDatabase(storage_key.origin(), false);
    if (origin_database_) {
      origin_database_->RemovePathForOrigin(
          GetIdentifierFromOrigin(storage_key.origin()));
    }
  }
  return delegate_->DeleteFileOrDirectory(origin_path.value(),
                                          true /* recursive */);
}

bool ObfuscatedFileUtil::DeleteDirectoryForBucketAndType(
    const BucketLocator& bucket_locator,
    const absl::optional<FileSystemType>& type) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  if (bucket_locator.is_default &&
      bucket_locator.storage_key.IsFirstPartyContext())
    return DeleteDirectoryForStorageKeyAndType(bucket_locator.storage_key,
                                               type);

  DestroyDirectoryDatabaseForBucket(bucket_locator, type);

  // Get the base path for the bucket without the type string appended.
  base::FilePath path =
      sandbox_delegate_->quota_manager_proxy()->GetClientBucketPath(
          bucket_locator, QuotaClientType::kFileSystem);
  base::File::Error error = GetDirectoryHelper(path, /*create=*/false);
  if (error != base::File::FILE_OK || path.empty())
    return true;

  if (type) {
    // Delete the filesystem type directory.
    const base::FileErrorOr<base::FilePath> path_with_type =
        GetDirectoryForBucketAndType(bucket_locator, type.value(), false);
    if (!path_with_type.has_value())
      return false;
    if (!path_with_type->empty() &&
        !delegate_->DeleteFileOrDirectory(path_with_type.value(),
                                          true /* recursive */)) {
      return false;
    }

    // At this point we are sure we had successfully deleted the bucket/type
    // directory. Now we need to see if we have other sub-type-directories under
    // the higher-level `path` directory. If so, we need to return early to
    // avoid deleting the higher-level `path` directory.
    const std::string type_string =
        SandboxFileSystemBackendDelegate::GetTypeString(type.value());
    for (const std::string& known_type : known_type_strings_) {
      if (known_type == type_string)
        continue;
      if (delegate_->DirectoryExists(path.AppendASCII(known_type))) {
        // Other type's directory exists; return to avoid deleting the higher
        // level directory.
        return true;
      }
    }
  }

  // Delete the higher-level directory.
  return delegate_->DeleteFileOrDirectory(path, true /* recursive */);
}

std::unique_ptr<ObfuscatedFileUtil::AbstractStorageKeyEnumerator>
ObfuscatedFileUtil::CreateStorageKeyEnumerator() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  InitOriginDatabase(url::Origin(), false);
  base::WeakPtr<ObfuscatedFileUtilMemoryDelegate> file_util_delegate;
  if (is_incognito()) {
    file_util_delegate =
        static_cast<ObfuscatedFileUtilMemoryDelegate*>(delegate())
            ->GetWeakPtr();
  }
  return std::make_unique<ObfuscatedStorageKeyEnumerator>(
      origin_database_.get(), file_util_delegate, file_system_directory_);
}

void ObfuscatedFileUtil::DestroyDirectoryDatabaseForStorageKey(
    const blink::StorageKey& storage_key,
    const absl::optional<FileSystemType>& type) {
  DestroyDirectoryDatabaseHelper(absl::nullopt, storage_key, type);
}

void ObfuscatedFileUtil::DestroyDirectoryDatabaseForBucket(
    const BucketLocator& bucket_locator,
    const absl::optional<FileSystemType>& type) {
  DestroyDirectoryDatabaseHelper(bucket_locator, bucket_locator.storage_key,
                                 type);
}

void ObfuscatedFileUtil::DestroyDirectoryDatabaseHelper(
    const absl::optional<BucketLocator>& bucket_locator,
    const blink::StorageKey& storage_key,
    const absl::optional<FileSystemType>& type) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  DatabaseKey key_prefix;
  const std::string type_string =
      type ? SandboxFileSystemBackendDelegate::GetTypeString(type.value())
           : std::string();
  // `key.bucket()` is absl::nullopt for all non-kTemporary types.
  if (type && (FileSystemTypeToQuotaStorageType(type.value()) ==
               ::blink::mojom::StorageType::kTemporary)) {
    if (bucket_locator.has_value()) {
      key_prefix =
          DatabaseKey(bucket_locator->storage_key, bucket_locator, type_string);
    } else {
      // If we are not provided a custom bucket value we must find the default
      // bucket corresponding to the StorageKey.
      QuotaErrorOr<BucketLocator> default_bucket =
          GetOrCreateDefaultBucket(storage_key);
      // If there is no default bucket for a given StorageKey, there is not a
      // valid FileSystem to close, so we return.
      if (!default_bucket.has_value()) {
        return;
      }
      key_prefix =
          DatabaseKey(storage_key, default_bucket.value(), type_string);
    }
  } else {  // All other storage types.
    key_prefix = DatabaseKey(storage_key, absl::nullopt, type_string);
  }

  // If `type` is empty, delete all filesystem types under `storage_key`.
  for (auto iter = directories_.lower_bound(key_prefix);
       iter != directories_.end();) {
    // If the key matches exactly or `type` is absl::nullopt and just the
    // StorageKey and BucketLocator match exactly, delete the database.
    if (iter->first == key_prefix ||
        (type == absl::nullopt &&
         iter->first.storage_key() == key_prefix.storage_key() &&
         iter->first.bucket() == key_prefix.bucket())) {
      std::unique_ptr<SandboxDirectoryDatabase> database =
          std::move(iter->second);
      directories_.erase(iter++);
      database->DestroyDatabase();
    } else {
      break;
    }
  }
}

// static
int64_t ObfuscatedFileUtil::ComputeFilePathCost(const base::FilePath& path) {
  return UsageForPath(VirtualPath::BaseName(path).value().size());
}

base::FileErrorOr<base::FilePath> ObfuscatedFileUtil::GetDirectoryForURL(
    const FileSystemURL& url,
    bool create) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  if (!url.bucket().has_value()) {
    // Access the SandboxDirectoryDatabase to construct the file path.
    return GetDirectoryForStorageKeyAndType(url.storage_key(), url.type(),
                                            create);
  }
  // Construct the file path using the provided bucket information.
  return GetDirectoryForBucketAndType(url.bucket().value(), url.type(), create);
}

QuotaErrorOr<BucketLocator> ObfuscatedFileUtil::GetOrCreateDefaultBucket(
    const blink::StorageKey& storage_key) {
  // If we have already looked up this default bucket for this StorageKey,
  // return the cached value.
  auto iter = default_buckets_.find(storage_key);
  if (iter != default_buckets_.end()) {
    return iter->second;
  }
  // GetOrCreateBucketSync() called below requires the use of the
  // base::WaitableEvent sync primitive. We must explicitly declare the usage
  // of this primitive to avoid thread restriction errors.
  base::ScopedAllowBaseSyncPrimitives allow_wait;
  // Instead of crashing, return a QuotaError if the proxy is a nullptr.
  if (!sandbox_delegate_->quota_manager_proxy()) {
    LOG(WARNING) << "Failed to GetOrCreateBucket: QuotaManagerProxy is null";
    return base::unexpected(QuotaError::kUnknownError);
  }
  // Retrieve or create the default bucket for this StorageKey.
  QuotaErrorOr<BucketInfo> bucket =
      sandbox_delegate_->quota_manager_proxy()->GetOrCreateBucketSync(
          BucketInitParams::ForDefaultBucket(storage_key));
  if (!bucket.has_value()) {
    return base::unexpected(bucket.error());
  }
  default_buckets_[storage_key] = bucket->ToBucketLocator();
  return bucket->ToBucketLocator();
}

base::File::Error ObfuscatedFileUtil::GetFileInfoInternal(
    SandboxDirectoryDatabase* db,
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    FileId file_id,
    FileInfo* local_info,
    base::File::Info* file_info,
    base::FilePath* platform_file_path) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  DCHECK(db);
  DCHECK(context);
  DCHECK(file_info);
  DCHECK(platform_file_path);

  if (!db->GetFileInfo(file_id, local_info)) {
    return base::File::FILE_ERROR_FAILED;
  }

  if (local_info->is_directory()) {
    file_info->size = 0;
    file_info->is_directory = true;
    file_info->is_symbolic_link = false;
    file_info->last_modified = local_info->modification_time;
    *platform_file_path = base::FilePath();
    // We don't fill in ctime or atime.
    return base::File::FILE_OK;
  }
  if (local_info->data_path.empty())
    return base::File::FILE_ERROR_INVALID_OPERATION;
  base::FilePath local_path = DataPathToLocalPath(url, local_info->data_path);
  base::File::Error error = delegate_->GetFileInfo(local_path, file_info);
  // We should not follow symbolic links in sandboxed file system.
  if (delegate_->IsLink(local_path)) {
    LOG(WARNING) << "Found a symbolic file.";
    error = base::File::FILE_ERROR_NOT_FOUND;
  }
  if (error == base::File::FILE_OK) {
    *platform_file_path = local_path;
  } else if (error == base::File::FILE_ERROR_NOT_FOUND) {
    LOG(WARNING) << "Lost a backing file.";
    InvalidateUsageCache(context, url.storage_key(), url.type());
    if (!db->RemoveFileInfo(file_id))
      return base::File::FILE_ERROR_FAILED;
  }
  return error;
}

base::File ObfuscatedFileUtil::CreateAndOpenFile(
    FileSystemOperationContext* context,
    const FileSystemURL& dest_url,
    FileInfo* dest_file_info,
    int file_flags) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(dest_url, true);

  base::FilePath root, dest_local_path;
  base::File::Error error =
      GenerateNewLocalPath(db, context, dest_url, &root, &dest_local_path);
  if (error != base::File::FILE_OK)
    return base::File(error);

  if (delegate_->PathExists(dest_local_path)) {
    if (!delegate_->DeleteFileOrDirectory(dest_local_path,
                                          false /* recursive */))
      return base::File(base::File::FILE_ERROR_FAILED);
    LOG(WARNING) << "A stray file detected";
    InvalidateUsageCache(context, dest_url.storage_key(), dest_url.type());
  }

  base::File file = delegate_->CreateOrOpen(dest_local_path, file_flags);
  if (!file.IsValid())
    return file;

  if (!file.created()) {
    file.Close();
    delegate_->DeleteFile(dest_local_path);
    return base::File(base::File::FILE_ERROR_FAILED);
  }

  error = CommitCreateFile(root, dest_local_path, db, dest_file_info);
  if (error != base::File::FILE_OK) {
    file.Close();
    delegate_->DeleteFile(dest_local_path);
    return base::File(error);
  }

  return file;
}

base::File::Error ObfuscatedFileUtil::CreateFile(
    FileSystemOperationContext* context,
    const base::FilePath& src_file_path,
    bool foreign_source,
    const FileSystemURL& dest_url,
    FileInfo* dest_file_info) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(dest_url, true);

  base::FilePath root, dest_local_path;
  base::File::Error error =
      GenerateNewLocalPath(db, context, dest_url, &root, &dest_local_path);
  if (error != base::File::FILE_OK)
    return error;

  bool created = false;
  if (src_file_path.empty()) {
    if (delegate_->PathExists(dest_local_path)) {
      if (!delegate_->DeleteFileOrDirectory(dest_local_path,
                                            false /* recursive */))
        return base::File::FILE_ERROR_FAILED;
      LOG(WARNING) << "A stray file detected";
      InvalidateUsageCache(context, dest_url.storage_key(), dest_url.type());
    }

    error = delegate_->EnsureFileExists(dest_local_path, &created);
  } else {
    if (foreign_source) {
      error = delegate_->CopyInForeignFile(
          src_file_path, dest_local_path,
          FileSystemOperation::CopyOrMoveOptionSet(),
          delegate_->CopyOrMoveModeForDestination(dest_url, true /* copy */));
    } else {
      error = delegate_->CopyOrMoveFile(
          src_file_path, dest_local_path,
          FileSystemOperation::CopyOrMoveOptionSet(),
          delegate_->CopyOrMoveModeForDestination(dest_url, true /* copy */));
    }
    created = true;
  }

  if (error != base::File::FILE_OK)
    return error;
  if (!created)
    return base::File::FILE_ERROR_FAILED;

  return CommitCreateFile(root, dest_local_path, db, dest_file_info);
}

base::File::Error ObfuscatedFileUtil::CommitCreateFile(
    const base::FilePath& root,
    const base::FilePath& local_path,
    SandboxDirectoryDatabase* db,
    FileInfo* dest_file_info) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  // This removes the root, including the trailing slash, leaving a relative
  // path.
  dest_file_info->data_path =
      base::FilePath(local_path.value().substr(root.value().length() + 1));

  FileId file_id;
  base::File::Error error = db->AddFileInfo(*dest_file_info, &file_id);
  if (error != base::File::FILE_OK)
    return error;

  TouchDirectory(db, dest_file_info->parent_id);
  return base::File::FILE_OK;
}

base::FilePath ObfuscatedFileUtil::DataPathToLocalPath(
    const FileSystemURL& url,
    const base::FilePath& data_path) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  base::FileErrorOr<base::FilePath> root = GetDirectoryForURL(url, false);
  if (!root.has_value())
    return base::FilePath();
  return root.value().Append(data_path);
}

// TODO(ericu): How to do the whole validation-without-creation thing?
// We may not have quota even to create the database.
// Ah, in that case don't even get here?
// Still doesn't answer the quota issue, though.
SandboxDirectoryDatabase* ObfuscatedFileUtil::GetDirectoryDatabase(
    const FileSystemURL& url,
    bool create) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  DatabaseKey key;
  const std::string type_string =
      SandboxFileSystemBackendDelegate::GetTypeString(url.type());
  // `key.bucket()` is absl::nullopt for all non-kTemporary types.
  if (FileSystemTypeToQuotaStorageType(url.type()) ==
      ::blink::mojom::StorageType::kTemporary) {
    if (url.bucket().has_value()) {
      key = DatabaseKey(url.storage_key(), url.bucket().value(), type_string);
    } else {
      // If we are not provided a custom bucket value we must find the default
      // bucket corresponding to the url's StorageKey.
      QuotaErrorOr<BucketLocator> default_bucket =
          GetOrCreateDefaultBucket(url.storage_key());
      if (!default_bucket.has_value()) {
        return nullptr;
      }
      key = DatabaseKey(url.storage_key(), default_bucket.value(), type_string);
    }
  } else {  // All other storage types.
    key = DatabaseKey(url.storage_key(), absl::nullopt, type_string);
  }

  auto iter = directories_.find(key);
  if (iter != directories_.end()) {
    MarkUsed();
    return iter->second.get();
  }

  base::FileErrorOr<base::FilePath> path = GetDirectoryForURL(url, create);
  if (!path.has_value()) {
    LOG(WARNING) << "Failed to get origin+type directory: " << url.DebugString()
                 << " error:" << path.error();
    return nullptr;
  }
  MarkUsed();
  directories_[key] =
      std::make_unique<SandboxDirectoryDatabase>(path.value(), env_override_);
  return directories_[key].get();
}

base::FileErrorOr<base::FilePath> ObfuscatedFileUtil::GetDirectoryForStorageKey(
    const blink::StorageKey& storage_key,
    bool create) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  if (storage_key.IsThirdPartyContext()) {
    // Retrieve the default bucket value for `storage_key`.
    QuotaErrorOr<BucketLocator> bucket = GetOrCreateDefaultBucket(storage_key);
    if (!bucket.has_value()) {
      return base::unexpected(base::File::FILE_ERROR_FAILED);
    }
    // Get the path and verify it is valid.
    base::FileErrorOr<base::FilePath> path =
        sandbox_delegate_->quota_manager_proxy()->GetClientBucketPath(
            bucket.value(), QuotaClientType::kFileSystem);
    if (!path.has_value())
      return base::unexpected(path.error());
    base::File::Error error = GetDirectoryHelper(path.value(), create);
    if (error != base::File::FILE_OK)
      return base::unexpected(error);
    return path;
  }

  if (!InitOriginDatabase(storage_key.origin(), create)) {
    return base::FileErrorOr<base::FilePath>(
        base::unexpected(create ? base::File::FILE_ERROR_FAILED
                                : base::File::FILE_ERROR_NOT_FOUND));
  }
  base::FilePath directory_name;
  std::string id = GetIdentifierFromOrigin(storage_key.origin());

  bool exists_in_db = origin_database_->HasOriginPath(id);
  if (!exists_in_db && !create) {
    return base::unexpected(base::File::FILE_ERROR_NOT_FOUND);
  }
  if (!origin_database_->GetPathForOrigin(id, &directory_name)) {
    return base::unexpected(base::File::FILE_ERROR_FAILED);
  }

  base::FilePath path = file_system_directory_.Append(directory_name);
  bool exists_in_fs = delegate_->DirectoryExists(path);
  if (!exists_in_db && exists_in_fs) {
    if (!delegate_->DeleteFileOrDirectory(path, true)) {
      return base::unexpected(base::File::FILE_ERROR_FAILED);
    }
    exists_in_fs = false;
  }

  if (!exists_in_fs) {
    if (!create || delegate_->CreateDirectory(path, false /* exclusive */,
                                              true /* recursive */) !=
                       base::File::FILE_OK) {
      return base::unexpected(create ? base::File::FILE_ERROR_FAILED
                                     : base::File::FILE_ERROR_NOT_FOUND);
    }
  }
  return path;
}

base::File::Error ObfuscatedFileUtil::GetDirectoryHelper(
    const base::FilePath& path,
    bool create) {
  if (!delegate_->DirectoryExists(path) &&
      (!create ||
       delegate_->CreateDirectory(path, /*exclusive=*/false,
                                  /*recursive=*/true) != base::File::FILE_OK)) {
    return create ? base::File::FILE_ERROR_FAILED
                  : base::File::FILE_ERROR_NOT_FOUND;
  }
  return base::File::FILE_OK;
}

void ObfuscatedFileUtil::InvalidateUsageCache(
    FileSystemOperationContext* context,
    const blink::StorageKey& storage_key,
    FileSystemType type) {
  if (sandbox_delegate_)
    sandbox_delegate_->InvalidateUsageCache(storage_key, type);
}

void ObfuscatedFileUtil::MarkUsed() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  timer_.Start(FROM_HERE, base::Seconds(db_flush_delay_seconds_), this,
               &ObfuscatedFileUtil::DropDatabases);
}

void ObfuscatedFileUtil::DropDatabases() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  origin_database_.reset();
  directories_.clear();
  timer_.Stop();
}

void ObfuscatedFileUtil::RewriteDatabases() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  if (origin_database_)
    origin_database_->RewriteDatabase();
}

void ObfuscatedFileUtil::DeleteDefaultBucketForStorageKey(
    const blink::StorageKey& storage_key) {
  auto default_bucket_iter = default_buckets_.find(storage_key);
  // If we are not already caching the bucket for that StorageKey, it does not
  // need to be deleted.
  if (default_bucket_iter == default_buckets_.end())
    return;
  BucketLocator default_bucket = default_buckets_[storage_key];
  // Ensure that all directories with that StorageKey and bucket have been
  // erased.
  DCHECK(directories_.find(
             DatabaseKey(storage_key, default_bucket,
                         SandboxFileSystemBackendDelegate::GetTypeString(
                             FileSystemType::kFileSystemTypeTemporary))) ==
         directories_.end());
  default_buckets_.erase(default_bucket_iter);
}

bool ObfuscatedFileUtil::InitOriginDatabase(const url::Origin& origin_hint,
                                            bool create) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

  if (origin_database_)
    return true;

  if (!delegate_->DirectoryExists(file_system_directory_)) {
    if (!create)
      return false;
    if (delegate_->CreateDirectory(
            file_system_directory_, false /* exclusive */,
            true /* recursive */) != base::File::FILE_OK) {
      LOG(WARNING) << "Failed to create FileSystem directory: "
                   << file_system_directory_.value();
      return false;
    }
  }

  origin_database_ = std::make_unique<SandboxOriginDatabase>(
      file_system_directory_, env_override_);

  return true;
}

base::File::Error ObfuscatedFileUtil::GenerateNewLocalPath(
    SandboxDirectoryDatabase* db,
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    base::FilePath* root,
    base::FilePath* local_path) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  DCHECK(local_path);
  int64_t number;
  if (!db || !db->GetNextInteger(&number))
    return base::File::FILE_ERROR_FAILED;

  base::FileErrorOr<base::FilePath> directory_for_url =
      GetDirectoryForURL(url, false);
  if (!directory_for_url.has_value())
    return directory_for_url.error();
  *root = directory_for_url.value();

  // We use the third- and fourth-to-last digits as the directory.
  int64_t directory_number = number % 10000 / 100;
  base::FilePath new_local_path =
      root->AppendASCII(base::StringPrintf("%02" PRId64, directory_number));

  base::File::Error error = base::File::FILE_OK;
  error = delegate_->CreateDirectory(new_local_path, false /* exclusive */,
                                     false /* recursive */);
  if (error != base::File::FILE_OK)
    return error;

  *local_path =
      new_local_path.AppendASCII(base::StringPrintf("%08" PRId64, number));
  return base::File::FILE_OK;
}

base::File ObfuscatedFileUtil::CreateOrOpenInternal(
    FileSystemOperationContext* context,
    const FileSystemURL& url,
    int file_flags) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  DCHECK(!(file_flags &
           (base::File::FLAG_DELETE_ON_CLOSE | base::File::FLAG_WIN_HIDDEN |
            base::File::FLAG_WIN_EXCLUSIVE_READ |
            base::File::FLAG_WIN_EXCLUSIVE_WRITE)));
  SandboxDirectoryDatabase* db = GetDirectoryDatabase(url, true);
  if (!db)
    return base::File(base::File::FILE_ERROR_FAILED);
  FileId file_id;
  if (!db->GetFileWithPath(url.path(), &file_id)) {
    // The file doesn't exist.
    if (!(file_flags &
          (base::File::FLAG_CREATE | base::File::FLAG_CREATE_ALWAYS |
           base::File::FLAG_OPEN_ALWAYS))) {
      return base::File(base::File::FILE_ERROR_NOT_FOUND);
    }
    FileId parent_id;
    if (!db->GetFileWithPath(VirtualPath::DirName(url.path()), &parent_id))
      return base::File(base::File::FILE_ERROR_NOT_FOUND);
    FileInfo file_info;
    InitFileInfo(&file_info, parent_id,
                 VirtualPath::BaseName(url.path()).value());

    int64_t growth = UsageForPath(file_info.name.size());
    if (!AllocateQuota(context, growth))
      return base::File(base::File::FILE_ERROR_NO_SPACE);
    base::File file = CreateAndOpenFile(context, url, &file_info, file_flags);
    if (file.IsValid()) {
      UpdateUsage(context, url, growth);
      context->change_observers()->Notify(&FileChangeObserver::OnCreateFile,
                                          url);
    }
    return file;
  }

  if (file_flags & base::File::FLAG_CREATE)
    return base::File(base::File::FILE_ERROR_EXISTS);

  base::File::Info platform_file_info;
  base::FilePath local_path;
  FileInfo file_info;
  base::File::Error error = GetFileInfoInternal(
      db, context, url, file_id, &file_info, &platform_file_info, &local_path);
  if (error != base::File::FILE_OK)
    return base::File(error);
  if (file_info.is_directory())
    return base::File(base::File::FILE_ERROR_NOT_A_FILE);

  int64_t delta = 0;
  if (file_flags &
      (base::File::FLAG_CREATE_ALWAYS | base::File::FLAG_OPEN_TRUNCATED)) {
    // The file exists and we're truncating.
    delta = -platform_file_info.size;
    AllocateQuota(context, delta);
  }

  base::File file = delegate_->CreateOrOpen(local_path, file_flags);
  if (!file.IsValid()) {
    error = file.error_details();
    if (error == base::File::FILE_ERROR_NOT_FOUND) {
      // TODO(tzik): Also invalidate on-memory usage cache in UsageTracker.
      // TODO(tzik): Delete database entry after ensuring the file lost.
      InvalidateUsageCache(context, url.storage_key(), url.type());
      LOG(WARNING) << "Lost a backing file.";
      return base::File(base::File::FILE_ERROR_FAILED);
    }
    return file;
  }

  // If truncating we need to update the usage.
  if (delta) {
    UpdateUsage(context, url, delta);
    context->change_observers()->Notify(&FileChangeObserver::OnModifyFile, url);
  }
  return file;
}

bool ObfuscatedFileUtil::HasIsolatedStorage(
    const blink::StorageKey& storage_key) {
  return special_storage_policy_.get() &&
         special_storage_policy_->HasIsolatedStorage(
             storage_key.origin().GetURL());
}

}  // namespace storage