package org.neo4j.bolt;

import io.netty.channel.Channel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.time.Clock;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import org.bouncycastle.operator.OperatorCreationException;
import org.neo4j.bolt.security.auth.Authentication;
import org.neo4j.bolt.security.auth.BasicAuthentication;
import org.neo4j.bolt.security.ssl.Certificates;
import org.neo4j.bolt.security.ssl.KeyStoreFactory;
import org.neo4j.bolt.security.ssl.KeyStoreInformation;
import org.neo4j.bolt.transport.BoltProtocol;
import org.neo4j.bolt.transport.Netty4LoggerFactory;
import org.neo4j.bolt.transport.NettyServer;
import org.neo4j.bolt.transport.SocketTransport;
import org.neo4j.bolt.v1.runtime.BoltConnectionDescriptor;
import org.neo4j.bolt.v1.runtime.BoltFactory;
import org.neo4j.bolt.v1.runtime.BoltFactoryImpl;
import org.neo4j.bolt.v1.runtime.MonitoredWorkerFactory;
import org.neo4j.bolt.v1.runtime.WorkerFactory;
import org.neo4j.bolt.v1.runtime.concurrent.ThreadedWorkerFactory;
import org.neo4j.bolt.v1.transport.BoltProtocolV1;
import org.neo4j.bolt.v1.transport.ChunkedOutput;
import org.neo4j.configuration.Description;
import org.neo4j.configuration.Internal;
import org.neo4j.graphdb.GraphDatabaseService;
import org.neo4j.graphdb.config.Configuration;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.graphdb.factory.GraphDatabaseSettings;
import org.neo4j.helpers.AdvertisedSocketAddress;
import org.neo4j.helpers.ListenSocketAddress;
import org.neo4j.kernel.api.bolt.BoltConnectionTracker;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.UserManagerSupplier;
import org.neo4j.kernel.configuration.BoltConnector;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.extension.KernelExtensionFactory;
import org.neo4j.kernel.impl.core.ThreadToStatementContextBridge;
import org.neo4j.kernel.impl.logging.LogService;
import org.neo4j.kernel.impl.spi.KernelContext;
import org.neo4j.kernel.impl.util.JobScheduler;
import org.neo4j.kernel.internal.GraphDatabaseAPI;
import org.neo4j.kernel.lifecycle.LifeSupport;
import org.neo4j.kernel.lifecycle.Lifecycle;
import org.neo4j.kernel.monitoring.Monitors;
import org.neo4j.logging.Log;
import org.neo4j.udc.UsageData;

/* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension.class */
public class BoltKernelExtension extends KernelExtensionFactory<Dependencies> {

    /* renamed from: org.neo4j.bolt.BoltKernelExtension$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$neo4j$kernel$configuration$BoltConnector$EncryptionLevel = new int[BoltConnector.EncryptionLevel.values().length];

        static {
            try {
                $SwitchMap$org$neo4j$kernel$configuration$BoltConnector$EncryptionLevel[BoltConnector.EncryptionLevel.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$neo4j$kernel$configuration$BoltConnector$EncryptionLevel[BoltConnector.EncryptionLevel.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$neo4j$kernel$configuration$BoltConnector$EncryptionLevel[BoltConnector.EncryptionLevel.DISABLED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension$Dependencies.class */
    public interface Dependencies {
        LogService logService();

        Config config();

        GraphDatabaseService db();

        JobScheduler scheduler();

        UsageData usageData();

        Monitors monitors();

        ThreadToStatementContextBridge txBridge();

        BoltConnectionTracker sessionTracker();

        Clock clock();

        AuthManager authManager();

        UserManagerSupplier userManagerSupplier();
    }

    /* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension$Settings.class */
    public static class Settings {

        @Description("Directory for storing certificates to be used by Neo4j for TLS connections")
        public static Setting<File> certificates_directory = org.neo4j.kernel.configuration.Settings.pathSetting("dbms.directories.certificates", "certificates");

        @Description("Path to the X.509 public certificate to be used by Neo4j for TLS connections")
        @Internal
        public static Setting<File> tls_certificate_file = org.neo4j.kernel.configuration.Settings.derivedSetting("unsupported.dbms.security.tls_certificate_file", certificates_directory, file -> {
            return new File(file, "neo4j.cert");
        }, org.neo4j.kernel.configuration.Settings.PATH);

        @Description("Path to the X.509 private key to be used by Neo4j for TLS connections")
        @Internal
        public static final Setting<File> tls_key_file = org.neo4j.kernel.configuration.Settings.derivedSetting("unsupported.dbms.security.tls_key_file", certificates_directory, file -> {
            return new File(file, "neo4j.key");
        }, org.neo4j.kernel.configuration.Settings.PATH);
    }

    public BoltKernelExtension() {
        super("bolt-server");
    }

    public Lifecycle newInstance(KernelContext kernelContext, Dependencies dependencies) throws Throwable {
        Config config = dependencies.config();
        GraphDatabaseAPI db = dependencies.db();
        LogService logService = dependencies.logService();
        Clock clock = dependencies.clock();
        Log internalLog = logService.getInternalLog(WorkerFactory.class);
        LifeSupport lifeSupport = new LifeSupport();
        JobScheduler scheduler = dependencies.scheduler();
        InternalLoggerFactory.setDefaultFactory(new Netty4LoggerFactory(logService.getInternalLogProvider()));
        WorkerFactory createWorkerFactory = createWorkerFactory((BoltFactory) lifeSupport.add(new BoltFactoryImpl(db, dependencies.usageData(), logService, dependencies.txBridge(), authentication(dependencies.authManager(), dependencies.userManagerSupplier()), dependencies.sessionTracker(), config)), scheduler, dependencies, logService, clock);
        List list = (List) config.enabledBoltConnectors().stream().map(boltConnector -> {
            boolean z;
            SslContext sslContext;
            ListenSocketAddress listenSocketAddress = (ListenSocketAddress) config.get(boltConnector.listen_address);
            AdvertisedSocketAddress advertisedSocketAddress = (AdvertisedSocketAddress) config.get(boltConnector.advertised_address);
            BoltConnector.EncryptionLevel encryptionLevel = (BoltConnector.EncryptionLevel) config.get(boltConnector.encryption_level);
            switch (AnonymousClass1.$SwitchMap$org$neo4j$kernel$configuration$BoltConnector$EncryptionLevel[encryptionLevel.ordinal()]) {
                case BoltProtocolV1.VERSION /* 1 */:
                    z = true;
                    sslContext = createSslContext(config, internalLog, advertisedSocketAddress);
                    break;
                case ChunkedOutput.CHUNK_HEADER_SIZE /* 2 */:
                    z = false;
                    sslContext = createSslContext(config, internalLog, advertisedSocketAddress);
                    break;
                case 3:
                    z = false;
                    sslContext = null;
                    break;
                default:
                    internalLog.warn(String.format("Unhandled encryption level %s - assuming DISABLED.", encryptionLevel.name()));
                    z = false;
                    sslContext = null;
                    break;
            }
            return new SocketTransport(listenSocketAddress, sslContext, z, logService.getInternalLogProvider(), newVersions(logService, createWorkerFactory));
        }).collect(Collectors.toList());
        if (list.size() > 0 && !((Boolean) config.get(GraphDatabaseSettings.disconnected)).booleanValue()) {
            lifeSupport.add(new NettyServer(scheduler.threadFactory(JobScheduler.Groups.boltNetworkIO), list));
            internalLog.info("Bolt Server extension loaded.");
            Iterator it = list.iterator();
            while (it.hasNext()) {
                logService.getUserLog(WorkerFactory.class).info("Bolt enabled on %s.", new Object[]{((NettyServer.ProtocolInitializer) it.next()).address()});
            }
        }
        return lifeSupport;
    }

    protected WorkerFactory createWorkerFactory(BoltFactory boltFactory, JobScheduler jobScheduler, Dependencies dependencies, LogService logService, Clock clock) {
        return new MonitoredWorkerFactory(dependencies.monitors(), new ThreadedWorkerFactory(boltFactory, jobScheduler, logService, clock), clock);
    }

    private SslContext createSslContext(Config config, Log log, AdvertisedSocketAddress advertisedSocketAddress) {
        try {
            KeyStoreInformation createKeyStore = createKeyStore(config, log, advertisedSocketAddress);
            return SslContextBuilder.forServer(createKeyStore.getCertificatePath(), createKeyStore.getPrivateKeyPath()).build();
        } catch (IOException | OperatorCreationException | GeneralSecurityException e) {
            throw new RuntimeException("Failed to initialize SSL encryption support, which is required to start this connector. Error was: " + e.getMessage(), e);
        }
    }

    private Map<Long, BiFunction<Channel, Boolean, BoltProtocol>> newVersions(LogService logService, WorkerFactory workerFactory) {
        HashMap hashMap = new HashMap();
        hashMap.put(1L, (channel, bool) -> {
            BoltConnectionDescriptor boltConnectionDescriptor = new BoltConnectionDescriptor(channel.remoteAddress(), channel.localAddress());
            channel.getClass();
            return new BoltProtocolV1(workerFactory.newWorker(boltConnectionDescriptor, channel::close), channel, logService);
        });
        return hashMap;
    }

    private KeyStoreInformation createKeyStore(Configuration configuration, Log log, AdvertisedSocketAddress advertisedSocketAddress) throws GeneralSecurityException, IOException, OperatorCreationException {
        File absoluteFile = ((File) configuration.get(Settings.tls_key_file)).getAbsoluteFile();
        File absoluteFile2 = ((File) configuration.get(Settings.tls_certificate_file)).getAbsoluteFile();
        if (!absoluteFile2.exists() && !absoluteFile.exists()) {
            log.info("No SSL certificate found, generating a self-signed certificate..");
            new Certificates().createSelfSignedCertificate(absoluteFile2, absoluteFile, advertisedSocketAddress.getHostname());
        }
        if (!absoluteFile2.exists()) {
            throw new IllegalStateException(String.format("TLS private key found, but missing certificate at '%s'. Cannot start server without certificate.", absoluteFile2));
        }
        if (absoluteFile.exists()) {
            return new KeyStoreFactory().createKeyStore(absoluteFile, absoluteFile2);
        }
        throw new IllegalStateException(String.format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", absoluteFile));
    }

    private Authentication authentication(AuthManager authManager, UserManagerSupplier userManagerSupplier) {
        return new BasicAuthentication(authManager, userManagerSupplier);
    }
}
