package org.neo4j.bolt;

import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.unix.DomainSocketAddress;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslProvider;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.Files;
import java.nio.file.Path;
import java.time.Clock;
import java.time.Duration;
import javax.net.ssl.SSLException;
import org.neo4j.bolt.dbapi.BoltGraphDatabaseManagementServiceSPI;
import org.neo4j.bolt.dbapi.CustomBookmarkFormatParser;
import org.neo4j.bolt.runtime.BoltConnectionFactory;
import org.neo4j.bolt.runtime.DefaultBoltConnectionFactory;
import org.neo4j.bolt.runtime.scheduling.BoltSchedulerProvider;
import org.neo4j.bolt.runtime.scheduling.CachedThreadPoolExecutorFactory;
import org.neo4j.bolt.runtime.scheduling.ExecutorBoltSchedulerProvider;
import org.neo4j.bolt.runtime.scheduling.NettyThreadFactory;
import org.neo4j.bolt.runtime.statemachine.BoltStateMachineFactory;
import org.neo4j.bolt.runtime.statemachine.impl.BoltStateMachineFactoryImpl;
import org.neo4j.bolt.security.auth.Authentication;
import org.neo4j.bolt.security.auth.BasicAuthentication;
import org.neo4j.bolt.transport.BoltMemoryPool;
import org.neo4j.bolt.transport.BoltProtocolFactory;
import org.neo4j.bolt.transport.DefaultBoltProtocolFactory;
import org.neo4j.bolt.transport.Netty4LoggerFactory;
import org.neo4j.bolt.transport.NettyServer;
import org.neo4j.bolt.transport.SocketTransport;
import org.neo4j.bolt.transport.TransportThrottleGroup;
import org.neo4j.buffer.CentralBufferMangerHolder;
import org.neo4j.common.DependencyResolver;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.configuration.SslSystemSettings;
import org.neo4j.configuration.connectors.BoltConnector;
import org.neo4j.configuration.connectors.BoltConnectorInternalSettings;
import org.neo4j.configuration.connectors.CommonConnectorConfig;
import org.neo4j.configuration.connectors.ConnectorPortRegister;
import org.neo4j.configuration.helpers.SocketAddress;
import org.neo4j.configuration.ssl.SslPolicyScope;
import org.neo4j.kernel.api.net.NetworkConnectionTracker;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.database.DatabaseIdRepository;
import org.neo4j.kernel.database.DefaultDatabaseResolver;
import org.neo4j.kernel.lifecycle.LifeSupport;
import org.neo4j.kernel.lifecycle.LifecycleAdapter;
import org.neo4j.logging.Log;
import org.neo4j.logging.internal.LogService;
import org.neo4j.memory.MemoryPools;
import org.neo4j.monitoring.Monitors;
import org.neo4j.scheduler.Group;
import org.neo4j.scheduler.JobScheduler;
import org.neo4j.ssl.config.SslPolicyLoader;
import org.neo4j.time.SystemNanoClock;
import org.neo4j.util.VisibleForTesting;

/* loaded from: input_file:org/neo4j/bolt/BoltServer.class */
public class BoltServer extends LifecycleAdapter {

    @VisibleForTesting
    public static final PooledByteBufAllocator NETTY_BUF_ALLOCATOR = new PooledByteBufAllocator(PlatformDependent.directBufferPreferred());
    private final BoltGraphDatabaseManagementServiceSPI boltGraphDatabaseManagementServiceSPI;
    private final JobScheduler jobScheduler;
    private final ConnectorPortRegister connectorPortRegister;
    private final NetworkConnectionTracker connectionTracker;
    private final DatabaseIdRepository databaseIdRepository;
    private final Config config;
    private final SystemNanoClock clock;
    private final Monitors monitors;
    private final LogService logService;
    private final AuthManager externalAuthManager;
    private final AuthManager internalAuthManager;
    private final AuthManager loopbackAuthManager;
    private final MemoryPools memoryPools;
    private final DefaultDatabaseResolver defaultDatabaseResolver;
    private final CentralBufferMangerHolder centralBufferMangerHolder;
    private final DependencyResolver dependencyResolver;
    private final LifeSupport life = new LifeSupport();
    private BoltMemoryPool boltMemoryPool;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.bolt.BoltServer$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/bolt/BoltServer$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$neo4j$configuration$connectors$BoltConnector$EncryptionLevel = new int[BoltConnector.EncryptionLevel.values().length];

        static {
            try {
                $SwitchMap$org$neo4j$configuration$connectors$BoltConnector$EncryptionLevel[BoltConnector.EncryptionLevel.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$neo4j$configuration$connectors$BoltConnector$EncryptionLevel[BoltConnector.EncryptionLevel.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$neo4j$configuration$connectors$BoltConnector$EncryptionLevel[BoltConnector.EncryptionLevel.DISABLED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/bolt/BoltServer$BoltMemoryPoolLifeCycleAdapter.class */
    public static class BoltMemoryPoolLifeCycleAdapter extends LifecycleAdapter {
        private final BoltMemoryPool pool;

        private BoltMemoryPoolLifeCycleAdapter(BoltMemoryPool boltMemoryPool) {
            this.pool = boltMemoryPool;
        }

        public void shutdown() {
            this.pool.close();
        }
    }

    public BoltServer(BoltGraphDatabaseManagementServiceSPI boltGraphDatabaseManagementServiceSPI, JobScheduler jobScheduler, ConnectorPortRegister connectorPortRegister, NetworkConnectionTracker networkConnectionTracker, DatabaseIdRepository databaseIdRepository, Config config, SystemNanoClock systemNanoClock, Monitors monitors, LogService logService, DependencyResolver dependencyResolver, AuthManager authManager, AuthManager authManager2, AuthManager authManager3, MemoryPools memoryPools, DefaultDatabaseResolver defaultDatabaseResolver, CentralBufferMangerHolder centralBufferMangerHolder) {
        this.boltGraphDatabaseManagementServiceSPI = boltGraphDatabaseManagementServiceSPI;
        this.jobScheduler = jobScheduler;
        this.connectorPortRegister = connectorPortRegister;
        this.connectionTracker = networkConnectionTracker;
        this.databaseIdRepository = databaseIdRepository;
        this.config = config;
        this.clock = systemNanoClock;
        this.monitors = monitors;
        this.logService = logService;
        this.dependencyResolver = dependencyResolver;
        this.externalAuthManager = authManager;
        this.internalAuthManager = authManager2;
        this.loopbackAuthManager = authManager3;
        this.memoryPools = memoryPools;
        this.defaultDatabaseResolver = defaultDatabaseResolver;
        this.centralBufferMangerHolder = centralBufferMangerHolder;
    }

    public void init() {
        Log internalLog = this.logService.getInternalLog(BoltServer.class);
        this.boltMemoryPool = new BoltMemoryPool(this.memoryPools, NETTY_BUF_ALLOCATOR.metric());
        this.life.add(new BoltMemoryPoolLifeCycleAdapter(this.boltMemoryPool));
        InternalLoggerFactory.setDefaultFactory(new Netty4LoggerFactory(this.logService.getInternalLogProvider()));
        TransportThrottleGroup transportThrottleGroup = new TransportThrottleGroup(this.config, this.clock);
        BoltConnectionFactory createConnectionFactory = createConnectionFactory(this.config, (BoltSchedulerProvider) this.life.setLast(new ExecutorBoltSchedulerProvider(this.config, new CachedThreadPoolExecutorFactory(), this.jobScheduler, this.logService)), this.logService, this.clock);
        BoltStateMachineFactory createBoltStateMachineFactory = createBoltStateMachineFactory(createAuthentication(this.externalAuthManager), this.clock);
        BoltStateMachineFactory createBoltStateMachineFactory2 = createBoltStateMachineFactory(createAuthentication(this.internalAuthManager), this.clock);
        BoltStateMachineFactory createBoltStateMachineFactory3 = createBoltStateMachineFactory(createAuthentication(this.loopbackAuthManager), this.clock);
        BoltProtocolFactory createBoltProtocolFactory = createBoltProtocolFactory(createConnectionFactory, createBoltStateMachineFactory, transportThrottleGroup, this.clock, (Duration) this.config.get(BoltConnectorInternalSettings.connection_keep_alive));
        BoltProtocolFactory createBoltProtocolFactory2 = createBoltProtocolFactory(createConnectionFactory, createBoltStateMachineFactory2, transportThrottleGroup, this.clock, (Duration) this.config.get(BoltConnectorInternalSettings.connection_keep_alive));
        BoltProtocolFactory createBoltProtocolFactory3 = createBoltProtocolFactory(createConnectionFactory, createBoltStateMachineFactory3, transportThrottleGroup, this.clock, (Duration) this.config.get(BoltConnectorInternalSettings.connection_keep_alive));
        if (((Boolean) this.config.get(CommonConnectorConfig.ocsp_stapling_enabled)).booleanValue()) {
            enableOcspStapling();
        }
        ByteBufAllocator bufferAllocator = getBufferAllocator();
        if (((Boolean) this.config.get(BoltConnector.enabled)).booleanValue()) {
            this.jobScheduler.setThreadFactory(Group.BOLT_NETWORK_IO, NettyThreadFactory::new);
            boolean z = this.config.get(GraphDatabaseSettings.mode) != GraphDatabaseSettings.Mode.READ_REPLICA;
            NettyServer.ProtocolInitializer createLoopbackProtocolInitializer = createLoopbackProtocolInitializer(createBoltProtocolFactory3, transportThrottleGroup, bufferAllocator);
            this.life.add((((Boolean) this.config.get(GraphDatabaseSettings.routing_enabled)).booleanValue() && z) ? new NettyServer(this.jobScheduler.threadFactory(Group.BOLT_NETWORK_IO), createExternalProtocolInitializer(createBoltProtocolFactory, transportThrottleGroup, internalLog, bufferAllocator), createInternalProtocolInitializer(createBoltProtocolFactory2, transportThrottleGroup, bufferAllocator), createLoopbackProtocolInitializer, this.connectorPortRegister, this.logService, this.config) : new NettyServer(this.jobScheduler.threadFactory(Group.BOLT_NETWORK_IO), createExternalProtocolInitializer(createBoltProtocolFactory, transportThrottleGroup, internalLog, bufferAllocator), createLoopbackProtocolInitializer, this.connectorPortRegister, this.logService, this.config));
            internalLog.info("Bolt server loaded");
        }
        this.life.init();
    }

    public void start() throws Exception {
        this.life.start();
    }

    public void stop() throws Exception {
        this.life.stop();
    }

    public void shutdown() {
        this.life.shutdown();
    }

    private BoltConnectionFactory createConnectionFactory(Config config, BoltSchedulerProvider boltSchedulerProvider, LogService logService, Clock clock) {
        return new DefaultBoltConnectionFactory(boltSchedulerProvider, config, logService, clock, this.monitors);
    }

    private NettyServer.ProtocolInitializer createInternalProtocolInitializer(BoltProtocolFactory boltProtocolFactory, TransportThrottleGroup transportThrottleGroup, ByteBufAllocator byteBufAllocator) {
        SslContext sslContext = null;
        SslPolicyLoader sslPolicyLoader = (SslPolicyLoader) this.dependencyResolver.resolveDependency(SslPolicyLoader.class);
        boolean hasPolicyForSource = sslPolicyLoader.hasPolicyForSource(SslPolicyScope.CLUSTER);
        if (hasPolicyForSource) {
            try {
                sslContext = sslPolicyLoader.getPolicy(SslPolicyScope.CLUSTER).nettyServerContext();
            } catch (SSLException e) {
                throw new RuntimeException("Failed to initialize SSL encryption support, which is required to start this connector. Error was: " + e.getMessage(), e);
            }
        }
        return new SocketTransport("bolt", this.config.isExplicitlySet(GraphDatabaseSettings.routing_listen_address) ? ((SocketAddress) this.config.get(GraphDatabaseSettings.routing_listen_address)).socketAddress() : new InetSocketAddress(((SocketAddress) this.config.get(BoltConnector.listen_address)).getHostname(), ((SocketAddress) this.config.get(GraphDatabaseSettings.routing_listen_address)).getPort()), sslContext, hasPolicyForSource, this.logService.getInternalLogProvider(), transportThrottleGroup, boltProtocolFactory, this.connectionTracker, (Duration) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_timeout), ((Long) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_max_inbound_bytes)).longValue(), byteBufAllocator, this.boltMemoryPool);
    }

    private NettyServer.ProtocolInitializer createLoopbackProtocolInitializer(BoltProtocolFactory boltProtocolFactory, TransportThrottleGroup transportThrottleGroup, ByteBufAllocator byteBufAllocator) {
        if (!((Boolean) this.config.get(BoltConnectorInternalSettings.enable_loopback_auth)).booleanValue()) {
            return null;
        }
        if (this.config.get(BoltConnectorInternalSettings.unsupported_loopback_listen_file) == null) {
            throw new IllegalArgumentException("A file has not been specified for use with the loopback domain socket.");
        }
        File file = new File(((Path) this.config.get(BoltConnectorInternalSettings.unsupported_loopback_listen_file)).toString());
        if (file.exists()) {
            if (!((Boolean) this.config.get(BoltConnectorInternalSettings.unsupported_loopback_delete)).booleanValue()) {
                throw new IllegalArgumentException("Loopback listen file: " + file + " already exists.");
            }
            try {
                Files.deleteIfExists(Path.of(file.getPath(), new String[0]));
            } catch (IOException e) {
                throw new IllegalStateException("Failed to delete loopback domain socket file '" + file + "': " + e.getMessage(), e);
            }
        }
        return new SocketTransport("bolt-loopback", new DomainSocketAddress(file), null, false, this.logService.getInternalLogProvider(), transportThrottleGroup, boltProtocolFactory, this.connectionTracker, (Duration) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_timeout), ((Long) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_max_inbound_bytes)).longValue(), byteBufAllocator, this.boltMemoryPool);
    }

    private NettyServer.ProtocolInitializer createExternalProtocolInitializer(BoltProtocolFactory boltProtocolFactory, TransportThrottleGroup transportThrottleGroup, Log log, ByteBufAllocator byteBufAllocator) {
        boolean z;
        SslContext sslContext;
        BoltConnector.EncryptionLevel encryptionLevel = (BoltConnector.EncryptionLevel) this.config.get(BoltConnector.encryption_level);
        SslPolicyLoader sslPolicyLoader = (SslPolicyLoader) this.dependencyResolver.resolveDependency(SslPolicyLoader.class);
        switch (AnonymousClass1.$SwitchMap$org$neo4j$configuration$connectors$BoltConnector$EncryptionLevel[encryptionLevel.ordinal()]) {
            case 1:
                z = true;
                sslContext = createSslContext(sslPolicyLoader);
                break;
            case 2:
                z = false;
                sslContext = createSslContext(sslPolicyLoader);
                break;
            case 3:
                z = false;
                sslContext = null;
                break;
            default:
                log.warn("Unhandled encryption level %s - assuming DISABLED.", new Object[]{encryptionLevel.name()});
                z = false;
                sslContext = null;
                break;
        }
        return new SocketTransport("bolt", ((SocketAddress) this.config.get(BoltConnector.listen_address)).socketAddress(), sslContext, z, this.logService.getInternalLogProvider(), transportThrottleGroup, boltProtocolFactory, this.connectionTracker, (Duration) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_timeout), ((Long) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_max_inbound_bytes)).longValue(), byteBufAllocator, this.boltMemoryPool);
    }

    private ByteBufAllocator getBufferAllocator() {
        if (this.centralBufferMangerHolder.getNettyBufferAllocator() != null) {
            return this.centralBufferMangerHolder.getNettyBufferAllocator();
        }
        this.life.add(new BoltMemoryPoolLifeCycleAdapter(this.boltMemoryPool));
        return NETTY_BUF_ALLOCATOR;
    }

    private static SslContext createSslContext(SslPolicyLoader sslPolicyLoader) {
        try {
            if (sslPolicyLoader.hasPolicyForSource(SslPolicyScope.BOLT)) {
                return sslPolicyLoader.getPolicy(SslPolicyScope.BOLT).nettyServerContext();
            }
            throw new IllegalArgumentException("No SSL policy has been configured for Bolt server");
        } catch (Exception e) {
            throw new RuntimeException("Failed to initialize SSL encryption support, which is required to start this connector. Error was: " + e.getMessage(), e);
        }
    }

    private void enableOcspStapling() {
        if (!SslProvider.JDK.equals(this.config.get(SslSystemSettings.netty_ssl_provider))) {
            throw new IllegalArgumentException("OCSP Server stapling can only be used with JDK ssl provider (see " + SslSystemSettings.netty_ssl_provider.name() + ")");
        }
        System.setProperty("jdk.tls.server.enableStatusRequestExtension", "true");
    }

    private Authentication createAuthentication(AuthManager authManager) {
        return new BasicAuthentication(authManager);
    }

    private BoltProtocolFactory createBoltProtocolFactory(BoltConnectionFactory boltConnectionFactory, BoltStateMachineFactory boltStateMachineFactory, TransportThrottleGroup transportThrottleGroup, SystemNanoClock systemNanoClock, Duration duration) {
        return new DefaultBoltProtocolFactory(boltConnectionFactory, boltStateMachineFactory, this.config, this.logService, this.databaseIdRepository, this.boltGraphDatabaseManagementServiceSPI.getCustomBookmarkFormatParser().orElse(CustomBookmarkFormatParser.DEFAULT), transportThrottleGroup, systemNanoClock, duration);
    }

    private BoltStateMachineFactory createBoltStateMachineFactory(Authentication authentication, SystemNanoClock systemNanoClock) {
        return new BoltStateMachineFactoryImpl(this.boltGraphDatabaseManagementServiceSPI, authentication, systemNanoClock, this.config, this.logService, this.defaultDatabaseResolver);
    }
}
