package org.neo4j.bolt;

import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.EventLoopGroup;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslProvider;
import io.netty.util.internal.PlatformDependent;
import java.net.InetSocketAddress;
import java.nio.file.Path;
import java.time.Duration;
import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import javax.net.ssl.SSLException;
import org.neo4j.bolt.dbapi.BoltGraphDatabaseManagementServiceSPI;
import org.neo4j.bolt.dbapi.CustomBookmarkFormatParser;
import org.neo4j.bolt.protocol.BoltProtocolRegistry;
import org.neo4j.bolt.protocol.common.bookmark.BookmarkParser;
import org.neo4j.bolt.protocol.common.connection.BoltConnectionMetricsMonitor;
import org.neo4j.bolt.protocol.common.connection.ConnectionHintProvider;
import org.neo4j.bolt.protocol.common.connection.DefaultConnectionHintProvider;
import org.neo4j.bolt.protocol.common.connector.Connector;
import org.neo4j.bolt.protocol.common.connector.connection.AtomicSchedulingConnection;
import org.neo4j.bolt.protocol.common.connector.connection.Connection;
import org.neo4j.bolt.protocol.common.connector.executor.ExecutorServiceFactory;
import org.neo4j.bolt.protocol.common.connector.executor.NettyThreadFactory;
import org.neo4j.bolt.protocol.common.connector.executor.ThreadPoolExecutorServiceFactory;
import org.neo4j.bolt.protocol.common.connector.listener.AuthenticationTimeoutConnectorListener;
import org.neo4j.bolt.protocol.common.connector.listener.KeepAliveConnectorListener;
import org.neo4j.bolt.protocol.common.connector.listener.MetricsConnectorListener;
import org.neo4j.bolt.protocol.common.connector.listener.ReadLimitConnectorListener;
import org.neo4j.bolt.protocol.common.connector.listener.ResetMessageConnectorListener;
import org.neo4j.bolt.protocol.common.connector.listener.ResponseMetricsConnectorListener;
import org.neo4j.bolt.protocol.common.connector.netty.DomainSocketNettyConnector;
import org.neo4j.bolt.protocol.common.connector.netty.SocketNettyConnector;
import org.neo4j.bolt.protocol.common.connector.transport.ConnectorTransport;
import org.neo4j.bolt.protocol.v40.BoltProtocolV40;
import org.neo4j.bolt.protocol.v40.bookmark.BookmarkParserV40;
import org.neo4j.bolt.protocol.v41.BoltProtocolV41;
import org.neo4j.bolt.protocol.v42.BoltProtocolV42;
import org.neo4j.bolt.protocol.v43.BoltProtocolV43;
import org.neo4j.bolt.protocol.v44.BoltProtocolV44;
import org.neo4j.bolt.protocol.v50.BoltProtocolV50;
import org.neo4j.bolt.protocol.v51.BoltProtocolV51;
import org.neo4j.bolt.security.Authentication;
import org.neo4j.bolt.security.basic.BasicAuthentication;
import org.neo4j.bolt.transport.BoltMemoryPool;
import org.neo4j.bolt.transport.NettyMemoryPool;
import org.neo4j.bolt.tx.TransactionManager;
import org.neo4j.common.DependencyResolver;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseInternalSettings;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.configuration.SslSystemSettings;
import org.neo4j.configuration.connectors.BoltConnector;
import org.neo4j.configuration.connectors.BoltConnectorInternalSettings;
import org.neo4j.configuration.connectors.CommonConnectorConfig;
import org.neo4j.configuration.connectors.ConnectorPortRegister;
import org.neo4j.configuration.connectors.ConnectorType;
import org.neo4j.configuration.helpers.SocketAddress;
import org.neo4j.configuration.ssl.SslPolicyScope;
import org.neo4j.function.Suppliers;
import org.neo4j.kernel.api.net.NetworkConnectionTracker;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.database.DatabaseIdRepository;
import org.neo4j.kernel.database.DefaultDatabaseResolver;
import org.neo4j.kernel.impl.factory.DbmsInfo;
import org.neo4j.kernel.lifecycle.LifeSupport;
import org.neo4j.kernel.lifecycle.LifecycleAdapter;
import org.neo4j.logging.InternalLog;
import org.neo4j.logging.internal.LogService;
import org.neo4j.memory.MemoryPools;
import org.neo4j.monitoring.Monitors;
import org.neo4j.scheduler.Group;
import org.neo4j.scheduler.JobScheduler;
import org.neo4j.server.config.AuthConfigProvider;
import org.neo4j.ssl.config.SslPolicyLoader;
import org.neo4j.time.SystemNanoClock;
import org.neo4j.util.VisibleForTesting;

/* loaded from: input_file:org/neo4j/bolt/BoltServer.class */
public class BoltServer extends LifecycleAdapter {

    @VisibleForTesting
    public static final Suppliers.Lazy<PooledByteBufAllocator> NETTY_BUF_ALLOCATOR = Suppliers.lazySingleton(() -> {
        return new PooledByteBufAllocator(PlatformDependent.directBufferPreferred());
    });
    private final DbmsInfo dbmsInfo;
    private final JobScheduler jobScheduler;
    private final ConnectorPortRegister connectorPortRegister;
    private final NetworkConnectionTracker connectionTracker;
    private final Config config;
    private final SystemNanoClock clock;
    private final Monitors monitors;
    private final LogService logService;
    private final AuthManager externalAuthManager;
    private final AuthManager internalAuthManager;
    private final AuthManager loopbackAuthManager;
    private final MemoryPools memoryPools;
    private final DefaultDatabaseResolver defaultDatabaseResolver;
    private final ConnectionHintProvider connectionHintProvider;
    private final ExecutorServiceFactory executorServiceFactory;
    private final SslPolicyLoader sslPolicyLoader;
    private final BoltProtocolRegistry protocolRegistry;
    private final AuthConfigProvider authConfigProvider;
    private final BookmarkParser bookmarkParser;
    private final TransactionManager transactionManager;
    private final InternalLog log;
    private final LifeSupport connectorLife = new LifeSupport();
    private BoltMemoryPool memoryPool;
    private EventLoopGroup eventLoopGroup;
    private ExecutorService executorService;
    private BoltConnectionMetricsMonitor metricsMonitor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/bolt/BoltServer$BoltMemoryPoolLifeCycleAdapter.class */
    public static class BoltMemoryPoolLifeCycleAdapter extends LifecycleAdapter {
        private final NettyMemoryPool pool;

        private BoltMemoryPoolLifeCycleAdapter(NettyMemoryPool nettyMemoryPool) {
            this.pool = nettyMemoryPool;
        }

        @Override // org.neo4j.kernel.lifecycle.LifecycleAdapter, org.neo4j.kernel.lifecycle.Lifecycle
        public void shutdown() {
            this.pool.close();
        }
    }

    public BoltServer(DbmsInfo dbmsInfo, BoltGraphDatabaseManagementServiceSPI boltGraphDatabaseManagementServiceSPI, JobScheduler jobScheduler, ConnectorPortRegister connectorPortRegister, NetworkConnectionTracker networkConnectionTracker, DatabaseIdRepository databaseIdRepository, TransactionManager transactionManager, Config config, SystemNanoClock systemNanoClock, Monitors monitors, LogService logService, DependencyResolver dependencyResolver, AuthManager authManager, AuthManager authManager2, AuthManager authManager3, MemoryPools memoryPools, DefaultDatabaseResolver defaultDatabaseResolver) {
        this.dbmsInfo = dbmsInfo;
        this.jobScheduler = jobScheduler;
        this.connectorPortRegister = connectorPortRegister;
        this.connectionTracker = networkConnectionTracker;
        this.transactionManager = transactionManager;
        this.config = config;
        this.clock = systemNanoClock;
        this.monitors = monitors;
        this.logService = logService;
        this.externalAuthManager = authManager;
        this.internalAuthManager = authManager2;
        this.loopbackAuthManager = authManager3;
        this.memoryPools = memoryPools;
        this.defaultDatabaseResolver = defaultDatabaseResolver;
        this.connectionHintProvider = DefaultConnectionHintProvider.CONNECTION_HINT_PROVIDER_FUNCTION.apply(config);
        this.executorServiceFactory = new ThreadPoolExecutorServiceFactory(((Integer) config.get(BoltConnector.thread_pool_min_size)).intValue(), ((Integer) config.get(BoltConnector.thread_pool_max_size)).intValue(), true, (Duration) config.get(BoltConnector.thread_pool_keep_alive), ((Integer) config.get(BoltConnectorInternalSettings.unsupported_thread_pool_queue_size)).intValue(), this.jobScheduler.threadFactory(Group.BOLT_WORKER));
        this.sslPolicyLoader = (SslPolicyLoader) dependencyResolver.resolveDependency(SslPolicyLoader.class);
        this.authConfigProvider = (AuthConfigProvider) dependencyResolver.resolveDependency(AuthConfigProvider.class);
        this.log = logService.getInternalLog(BoltServer.class);
        this.bookmarkParser = new BookmarkParserV40(databaseIdRepository, boltGraphDatabaseManagementServiceSPI.getCustomBookmarkFormatParser().orElse(CustomBookmarkFormatParser.DEFAULT));
        this.protocolRegistry = BoltProtocolRegistry.builder().register(new BoltProtocolV40(logService, boltGraphDatabaseManagementServiceSPI, systemNanoClock)).register(new BoltProtocolV41(logService, boltGraphDatabaseManagementServiceSPI, systemNanoClock)).register(new BoltProtocolV42(logService, boltGraphDatabaseManagementServiceSPI, systemNanoClock)).register(new BoltProtocolV43(logService, boltGraphDatabaseManagementServiceSPI, systemNanoClock)).register(new BoltProtocolV44(logService, boltGraphDatabaseManagementServiceSPI, systemNanoClock)).register(new BoltProtocolV50(logService, boltGraphDatabaseManagementServiceSPI, systemNanoClock)).register(new BoltProtocolV51(logService, boltGraphDatabaseManagementServiceSPI, systemNanoClock)).build();
    }

    private boolean isEnabled() {
        return ((Boolean) this.config.get(BoltConnector.enabled)).booleanValue();
    }

    @VisibleForTesting
    public ExecutorService getExecutorService() {
        return this.executorService;
    }

    @Override // org.neo4j.kernel.lifecycle.LifecycleAdapter, org.neo4j.kernel.lifecycle.Lifecycle
    public void init() {
        if (isEnabled()) {
            if (((Boolean) this.config.get(CommonConnectorConfig.ocsp_stapling_enabled)).booleanValue()) {
                enableOcspStapling();
                this.log.info("Enabled OCSP stapling support");
            }
            this.jobScheduler.setThreadFactory(Group.BOLT_NETWORK_IO, NettyThreadFactory::new);
            ConnectorTransport orElseThrow = ConnectorTransport.selectOptimal(((Boolean) this.config.get(BoltConnectorInternalSettings.use_native_transport)).booleanValue() ? connectorTransport -> {
                return true;
            } : Predicate.not((v0) -> {
                return v0.isNative();
            })).orElseThrow(() -> {
                return new IllegalStateException("No transport implementations available within current environment");
            });
            this.log.info("Using connector transport %s", orElseThrow.getName());
            this.eventLoopGroup = orElseThrow.createEventLoopGroup(this.jobScheduler.threadFactory(Group.BOLT_NETWORK_IO));
            this.executorService = this.executorServiceFactory.create();
            this.metricsMonitor = (BoltConnectionMetricsMonitor) this.monitors.newMonitor(BoltConnectionMetricsMonitor.class, new String[0]);
            ByteBufAllocator bufferAllocator = getBufferAllocator();
            Connection.Factory createConnectionFactory = createConnectionFactory();
            Integer num = (Integer) this.config.get(BoltConnectorInternalSettings.streaming_buffer_size);
            Integer num2 = (Integer) this.config.get(BoltConnectorInternalSettings.streaming_flush_threshold);
            if (((Boolean) this.config.get(BoltConnectorInternalSettings.enable_loopback_auth)).booleanValue()) {
                registerConnector(createDomainSocketConnector(createConnectionFactory, orElseThrow, createAuthentication(this.loopbackAuthManager), bufferAllocator, num.intValue(), num2.intValue()));
                this.log.info("Configured loopback (domain socket) Bolt connector");
            }
            InetSocketAddress socketAddress = ((SocketAddress) this.config.get(BoltConnector.listen_address)).socketAddress();
            BoltConnector.EncryptionLevel encryptionLevel = (BoltConnector.EncryptionLevel) this.config.get(BoltConnector.encryption_level);
            boolean z = encryptionLevel == BoltConnector.EncryptionLevel.REQUIRED;
            SslContext sslContext = null;
            if (encryptionLevel != BoltConnector.EncryptionLevel.DISABLED) {
                if (!this.sslPolicyLoader.hasPolicyForSource(SslPolicyScope.BOLT)) {
                    throw new IllegalStateException("Requested encryption level " + encryptionLevel + " for Bolt connector but no SSL policy was given");
                }
                try {
                    sslContext = this.sslPolicyLoader.getPolicy(SslPolicyScope.BOLT).nettyServerContext();
                } catch (SSLException e) {
                    throw new IllegalStateException("Failed to load SSL policy for Bolt connector", e);
                }
            }
            registerConnector(createSocketConnector(socketAddress, createConnectionFactory, z, orElseThrow, sslContext, createAuthentication(this.externalAuthManager), ConnectorType.BOLT, bufferAllocator, num.intValue(), num2.intValue()));
            this.log.info("Configured external Bolt connector with listener address %s", socketAddress);
            if (((Boolean) this.config.get(GraphDatabaseSettings.routing_enabled)).booleanValue() && this.dbmsInfo == DbmsInfo.ENTERPRISE) {
                InetSocketAddress socketAddress2 = this.config.isExplicitlySet(GraphDatabaseSettings.routing_listen_address) ? ((SocketAddress) this.config.get(GraphDatabaseSettings.routing_listen_address)).socketAddress() : new InetSocketAddress(((SocketAddress) this.config.get(BoltConnector.listen_address)).getHostname(), ((SocketAddress) this.config.get(GraphDatabaseSettings.routing_listen_address)).getPort());
                boolean z2 = false;
                SslContext sslContext2 = null;
                if (this.sslPolicyLoader.hasPolicyForSource(SslPolicyScope.CLUSTER)) {
                    z2 = true;
                    try {
                        sslContext2 = this.sslPolicyLoader.getPolicy(SslPolicyScope.CLUSTER).nettyServerContext();
                    } catch (SSLException e2) {
                        throw new IllegalStateException("Failed to load SSL policy for server side routing within Bolt: Cluster policy", e2);
                    }
                }
                registerConnector(createSocketConnector(socketAddress2, createConnectionFactory, z2, orElseThrow, sslContext2, createAuthentication(this.internalAuthManager), ConnectorType.INTRA_BOLT, bufferAllocator, num.intValue(), num2.intValue()));
                this.log.info("Configured internal Bolt connector with listener address %s", socketAddress2);
            }
            this.log.info("Bolt server loaded");
            this.connectorLife.init();
        }
    }

    @Override // org.neo4j.kernel.lifecycle.LifecycleAdapter, org.neo4j.kernel.lifecycle.Lifecycle
    public void start() throws Exception {
        if (isEnabled()) {
            this.connectorLife.start();
            this.log.info("Bolt server started");
        }
    }

    @Override // org.neo4j.kernel.lifecycle.LifecycleAdapter, org.neo4j.kernel.lifecycle.Lifecycle
    public void stop() throws Exception {
        if (isEnabled()) {
            this.log.info("Requested Bolt server shutdown");
            this.connectorLife.stop();
        }
    }

    @Override // org.neo4j.kernel.lifecycle.LifecycleAdapter, org.neo4j.kernel.lifecycle.Lifecycle
    public void shutdown() {
        if (isEnabled()) {
            this.log.info("Shutting down Bolt server");
            this.connectorLife.shutdown();
            this.eventLoopGroup.shutdownGracefully(((Integer) this.config.get(GraphDatabaseInternalSettings.netty_server_shutdown_quiet_period)).intValue(), ((Duration) this.config.get(GraphDatabaseInternalSettings.netty_server_shutdown_timeout)).toSeconds(), TimeUnit.SECONDS).syncUninterruptibly2();
            List<Runnable> shutdownNow = this.executorService.shutdownNow();
            if (!shutdownNow.isEmpty()) {
                this.log.warn("Forcefully killed %d remaining Bolt jobs to fulfill shutdown request", Integer.valueOf(shutdownNow.size()));
            }
            this.log.info("Bolt server has been shut down");
        }
        if (this.memoryPool != null) {
            this.memoryPool.close();
        }
    }

    private ByteBufAllocator getBufferAllocator() {
        PooledByteBufAllocator pooledByteBufAllocator = NETTY_BUF_ALLOCATOR.get();
        BoltMemoryPool boltMemoryPool = new BoltMemoryPool(this.memoryPools, pooledByteBufAllocator.metric());
        this.connectorLife.add(new BoltMemoryPoolLifeCycleAdapter(boltMemoryPool));
        this.memoryPool = boltMemoryPool;
        return pooledByteBufAllocator;
    }

    private void registerConnector(Connector connector) {
        connector.registerListener(new MetricsConnectorListener(this.metricsMonitor));
        if (((Boolean) this.config.get(BoltConnectorInternalSettings.enable_response_metrics)).booleanValue()) {
            connector.registerListener(new ResponseMetricsConnectorListener(this.metricsMonitor));
        }
        Duration duration = (Duration) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_timeout);
        if (!duration.isZero()) {
            connector.registerListener(new AuthenticationTimeoutConnectorListener(duration, this.logService.getInternalLogProvider()));
        }
        BoltConnector.KeepAliveRequestType keepAliveRequestType = (BoltConnector.KeepAliveRequestType) this.config.get(BoltConnector.connection_keep_alive_type);
        long millis = ((Duration) this.config.get(BoltConnector.connection_keep_alive)).toMillis();
        if (keepAliveRequestType != BoltConnector.KeepAliveRequestType.OFF) {
            connector.registerListener(new KeepAliveConnectorListener(keepAliveRequestType != BoltConnector.KeepAliveRequestType.ALL, millis, this.logService.getInternalLogProvider()));
        }
        Long l = (Long) this.config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_max_inbound_bytes);
        if (l.longValue() != 0) {
            connector.registerListener(new ReadLimitConnectorListener(l.longValue(), this.logService.getInternalLogProvider()));
        }
        connector.registerListener(new ResetMessageConnectorListener(this.logService.getInternalLogProvider()));
        this.connectorLife.add(connector);
    }

    private Connection.Factory createConnectionFactory() {
        return new AtomicSchedulingConnection.Factory(this.executorService, this.clock, this.logService);
    }

    private static Authentication createAuthentication(AuthManager authManager) {
        return new BasicAuthentication(authManager);
    }

    private void enableOcspStapling() {
        if (!SslProvider.JDK.equals(this.config.get(SslSystemSettings.netty_ssl_provider))) {
            throw new IllegalArgumentException("OCSP Server stapling can only be used with JDK ssl provider (see " + SslSystemSettings.netty_ssl_provider.name() + ")");
        }
        System.setProperty("jdk.tls.server.enableStatusRequestExtension", "true");
    }

    private Connector createSocketConnector(java.net.SocketAddress socketAddress, Connection.Factory factory, boolean z, ConnectorTransport connectorTransport, SslContext sslContext, Authentication authentication, ConnectorType connectorType, ByteBufAllocator byteBufAllocator, int i, int i2) {
        return new SocketNettyConnector("bolt", socketAddress, this.config, connectorType, this.connectorPortRegister, this.memoryPool, byteBufAllocator, this.eventLoopGroup, connectorTransport, factory, this.connectionTracker, sslContext, z, ((Boolean) this.config.get(BoltConnectorInternalSettings.tcp_keep_alive)).booleanValue(), this.protocolRegistry, authentication, this.authConfigProvider, this.defaultDatabaseResolver, this.connectionHintProvider, this.bookmarkParser, this.transactionManager, i, i2, this.logService.getUserLogProvider(), this.logService.getInternalLogProvider());
    }

    private Connector createDomainSocketConnector(Connection.Factory factory, ConnectorTransport connectorTransport, Authentication authentication, ByteBufAllocator byteBufAllocator, int i, int i2) {
        if (this.config.get(BoltConnectorInternalSettings.unsupported_loopback_listen_file) == null) {
            throw new IllegalArgumentException("A file has not been specified for use with the loopback domain socket.");
        }
        return new DomainSocketNettyConnector(BoltConnectorInternalSettings.LOOPBACK_NAME, (Path) this.config.get(BoltConnectorInternalSettings.unsupported_loopback_listen_file), this.config, this.memoryPool, byteBufAllocator, this.eventLoopGroup, connectorTransport, factory, this.connectionTracker, this.protocolRegistry, authentication, this.authConfigProvider, this.defaultDatabaseResolver, this.connectionHintProvider, this.bookmarkParser, this.transactionManager, i, i2, this.logService.getUserLogProvider(), this.logService.getInternalLogProvider());
    }
}
