package org.neo4j.bolt;

import io.netty.channel.Channel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.time.Clock;
import java.util.ArrayList;
import java.util.List;
import java.util.function.BiFunction;
import java.util.function.Function;
import org.bouncycastle.operator.OperatorCreationException;
import org.neo4j.bolt.security.ssl.Certificates;
import org.neo4j.bolt.security.ssl.KeyStoreFactory;
import org.neo4j.bolt.security.ssl.KeyStoreInformation;
import org.neo4j.bolt.transport.BoltProtocol;
import org.neo4j.bolt.transport.NettyServer;
import org.neo4j.bolt.transport.SocketTransport;
import org.neo4j.bolt.v1.runtime.MonitoredSessions;
import org.neo4j.bolt.v1.runtime.Sessions;
import org.neo4j.bolt.v1.runtime.internal.EncryptionRequiredSessions;
import org.neo4j.bolt.v1.runtime.internal.StandardSessions;
import org.neo4j.bolt.v1.runtime.internal.concurrent.ThreadedSessions;
import org.neo4j.bolt.v1.transport.BoltProtocolV1;
import org.neo4j.bolt.v1.transport.ChunkedOutput;
import org.neo4j.collection.primitive.Primitive;
import org.neo4j.collection.primitive.PrimitiveLongObjectMap;
import org.neo4j.graphdb.GraphDatabaseService;
import org.neo4j.graphdb.config.Configuration;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.graphdb.factory.Description;
import org.neo4j.helpers.HostnamePort;
import org.neo4j.kernel.GraphDatabaseAPI;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.configuration.ConfigValues;
import org.neo4j.kernel.extension.KernelExtensionFactory;
import org.neo4j.kernel.impl.logging.LogService;
import org.neo4j.kernel.impl.spi.KernelContext;
import org.neo4j.kernel.impl.util.JobScheduler;
import org.neo4j.kernel.lifecycle.LifeSupport;
import org.neo4j.kernel.lifecycle.Lifecycle;
import org.neo4j.kernel.monitoring.Monitors;
import org.neo4j.logging.Log;
import org.neo4j.udc.UsageData;

/* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension.class */
public class BoltKernelExtension extends KernelExtensionFactory<Dependencies> {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.bolt.BoltKernelExtension$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$neo4j$bolt$BoltKernelExtension$EncryptionLevel = new int[EncryptionLevel.values().length];

        static {
            try {
                $SwitchMap$org$neo4j$bolt$BoltKernelExtension$EncryptionLevel[EncryptionLevel.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$neo4j$bolt$BoltKernelExtension$EncryptionLevel[EncryptionLevel.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension$Dependencies.class */
    public interface Dependencies {
        LogService logService();

        Config config();

        GraphDatabaseService db();

        JobScheduler scheduler();

        UsageData usageData();

        Monitors monitors();
    }

    /* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension$EncryptionLevel.class */
    public enum EncryptionLevel {
        REQUIRED,
        OPTIONAL,
        DISABLED
    }

    /* loaded from: input_file:org/neo4j/bolt/BoltKernelExtension$Settings.class */
    public static class Settings {
        public static final Function<ConfigValues, List<Configuration>> connector_group = Config.groups("dbms.connector");

        @Description("Enable Neo4j Bolt")
        public static final Setting<Boolean> enabled = org.neo4j.kernel.configuration.Settings.setting("enabled", org.neo4j.kernel.configuration.Settings.BOOLEAN, "false");

        @Description("Set the encryption level for Neo4j Bolt protocol ports")
        public static final Setting<EncryptionLevel> tls_level = org.neo4j.kernel.configuration.Settings.setting("tls.level", org.neo4j.kernel.configuration.Settings.options(EncryptionLevel.class), EncryptionLevel.OPTIONAL.name());

        @Description("Host and port for the Neo4j Bolt Protocol")
        public static final Setting<HostnamePort> socket_address = org.neo4j.kernel.configuration.Settings.setting("address", org.neo4j.kernel.configuration.Settings.HOSTNAME_PORT, "localhost:7687");

        @Description("Path to the X.509 public certificate to be used by Neo4j for TLS connections")
        public static Setting<File> tls_certificate_file = org.neo4j.kernel.configuration.Settings.setting("dbms.security.tls_certificate_file", org.neo4j.kernel.configuration.Settings.PATH, "neo4j-home/ssl/snakeoil.cert");

        @Description("Path to the X.509 private key to be used by Neo4j for TLS connections")
        public static final Setting<File> tls_key_file = org.neo4j.kernel.configuration.Settings.setting("dbms.security.tls_key_file", org.neo4j.kernel.configuration.Settings.PATH, "neo4j-home/ssl/snakeoil.key");

        @Description("Hostname for the Neo4j REST API")
        public static final Setting<String> webserver_address = org.neo4j.kernel.configuration.Settings.setting("org.neo4j.server.webserver.address", org.neo4j.kernel.configuration.Settings.STRING, "localhost", new BiFunction[]{org.neo4j.kernel.configuration.Settings.illegalValueMessage("Must be a valid hostname", org.neo4j.kernel.configuration.Settings.matches(".+"))});

        public static <T> Setting<T> connector(int i, final Setting<T> setting) {
            final String format = String.format("dbms.connector.%s", Integer.valueOf(i));
            return new Setting<T>() { // from class: org.neo4j.bolt.BoltKernelExtension.Settings.1
                public String name() {
                    return String.format("%s.%s", format, setting.name());
                }

                public String getDefaultValue() {
                    return setting.getDefaultValue();
                }

                public T apply(Function<String, String> function) {
                    return (T) setting.apply(function);
                }

                public int hashCode() {
                    return name().hashCode();
                }

                public boolean equals(Object obj) {
                    return (obj instanceof Setting) && ((Setting) obj).name().equals(name());
                }
            };
        }
    }

    public BoltKernelExtension() {
        super("bolt-server");
    }

    public Lifecycle newInstance(KernelContext kernelContext, Dependencies dependencies) throws Throwable {
        SslContext sslContext;
        Config config = dependencies.config();
        GraphDatabaseAPI db = dependencies.db();
        LogService logService = dependencies.logService();
        Log internalLog = logService.getInternalLog(Sessions.class);
        LifeSupport lifeSupport = new LifeSupport();
        JobScheduler scheduler = dependencies.scheduler();
        MonitoredSessions monitoredSessions = new MonitoredSessions(dependencies.monitors(), new ThreadedSessions(lifeSupport.add(new StandardSessions(db, dependencies.usageData(), logService)), scheduler, logService), Clock.systemUTC());
        ArrayList arrayList = new ArrayList();
        for (Configuration configuration : (List) config.view(Settings.connector_group)) {
            HostnamePort hostnamePort = (HostnamePort) configuration.get(Settings.socket_address);
            if (((Boolean) configuration.get(Settings.enabled)).booleanValue()) {
                boolean z = false;
                switch (AnonymousClass1.$SwitchMap$org$neo4j$bolt$BoltKernelExtension$EncryptionLevel[((EncryptionLevel) configuration.get(Settings.tls_level)).ordinal()]) {
                    case 1:
                        z = true;
                        break;
                    case ChunkedOutput.CHUNK_HEADER_SIZE /* 2 */:
                        break;
                    default:
                        sslContext = null;
                        break;
                }
                KeyStoreInformation createKeyStore = createKeyStore(config, internalLog);
                sslContext = SslContextBuilder.forServer(createKeyStore.getCertificatePath(), createKeyStore.getPrivateKeyPath()).build();
                arrayList.add(new SocketTransport(hostnamePort, sslContext, logService.getInternalLogProvider(), newVersions(logService, z ? new EncryptionRequiredSessions(monitoredSessions) : monitoredSessions)));
            }
        }
        if (arrayList.size() > 0) {
            lifeSupport.add(new NettyServer(scheduler.threadFactory(JobScheduler.Groups.boltNetworkIO), arrayList));
            internalLog.info("Bolt Server extension loaded.");
        }
        return lifeSupport;
    }

    private PrimitiveLongObjectMap<BiFunction<Channel, Boolean, BoltProtocol>> newVersions(LogService logService, Sessions sessions) {
        PrimitiveLongObjectMap<BiFunction<Channel, Boolean, BoltProtocol>> longObjectMap = Primitive.longObjectMap();
        longObjectMap.put(1L, (channel, bool) -> {
            return new BoltProtocolV1(logService, sessions.newSession(bool.booleanValue()), channel);
        });
        return longObjectMap;
    }

    private KeyStoreInformation createKeyStore(Configuration configuration, Log log) throws GeneralSecurityException, IOException, OperatorCreationException {
        File absoluteFile = ((File) configuration.get(Settings.tls_key_file)).getAbsoluteFile();
        File absoluteFile2 = ((File) configuration.get(Settings.tls_certificate_file)).getAbsoluteFile();
        if (!absoluteFile2.exists() && !absoluteFile.exists()) {
            log.info("No SSL certificate found, generating a self-signed certificate..");
            new Certificates().createSelfSignedCertificate(absoluteFile2, absoluteFile, (String) configuration.get(Settings.webserver_address));
        }
        if (!absoluteFile2.exists()) {
            throw new IllegalStateException(String.format("TLS private key found, but missing certificate at '%s'. Cannot start server without certificate.", absoluteFile2));
        }
        if (absoluteFile.exists()) {
            return new KeyStoreFactory().createKeyStore(absoluteFile, absoluteFile2);
        }
        throw new IllegalStateException(String.format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", absoluteFile));
    }
}
