package org.neo4j.bolt.protocol.common.connector.connection.listener;

import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelPipeline;
import java.time.Duration;
import org.neo4j.bolt.protocol.common.BoltProtocol;
import org.neo4j.bolt.protocol.common.connector.Connector;
import org.neo4j.bolt.protocol.common.connector.connection.Connection;
import org.neo4j.bolt.protocol.common.handler.AuthenticationProtocolLimiterHandler;
import org.neo4j.bolt.protocol.common.handler.AuthenticationTimeoutHandler;
import org.neo4j.bolt.protocol.common.handler.HouseKeeperHandler;
import org.neo4j.bolt.protocol.common.message.request.RequestMessage;
import org.neo4j.internal.kernel.api.security.LoginContext;
import org.neo4j.logging.InternalLog;
import org.neo4j.logging.InternalLogProvider;
import org.neo4j.memory.HeapEstimator;
import org.neo4j.packstream.codec.transport.ChunkFrameDecoder;

/* loaded from: input_file:org/neo4j/bolt/protocol/common/connector/connection/listener/AuthenticationSecurityConnectionListener.class */
public class AuthenticationSecurityConnectionListener implements ConnectionListener {
    public static final long SHALLOW_SIZE = HeapEstimator.shallowSizeOfInstance(AuthenticationSecurityConnectionListener.class);
    private final Connection connection;
    private final Duration timeout;
    private final InternalLog log;
    private volatile AuthenticationTimeoutHandler timeoutHandler;
    private volatile AuthenticationProtocolLimiterHandler protocolLimiterHandler;

    public AuthenticationSecurityConnectionListener(Connection connection, Duration duration, InternalLogProvider internalLogProvider) {
        this.connection = connection;
        this.timeout = duration;
        this.log = internalLogProvider.getLog(AuthenticationSecurityConnectionListener.class);
    }

    @Override // org.neo4j.bolt.protocol.common.connector.connection.listener.ConnectionListener
    public void onListenerRemoved() {
        this.connection.memoryTracker().releaseHeap(SHALLOW_SIZE);
    }

    @Override // org.neo4j.bolt.protocol.common.connector.connection.listener.ConnectionListener
    public void onNetworkPipelineInitialized(ChannelPipeline channelPipeline) {
        this.log.debug("[%s] Installing authentication timeout handler", new Object[]{this.connection.id()});
        this.connection.memoryTracker().allocateHeap(AuthenticationTimeoutHandler.SHALLOW_SIZE);
        this.timeoutHandler = new AuthenticationTimeoutHandler(this.timeout);
        channelPipeline.addLast(new ChannelHandler[]{this.timeoutHandler});
    }

    @Override // org.neo4j.bolt.protocol.common.connector.connection.listener.ConnectionListener
    public void onProtocolSelected(BoltProtocol boltProtocol) {
        installStructureLimitHandler();
    }

    @Override // org.neo4j.bolt.protocol.common.connector.connection.listener.ConnectionListener
    public void onRequestReceived(RequestMessage requestMessage) {
        if (this.timeoutHandler != null) {
            this.log.debug("[%s] Received request during authentication phase", new Object[]{this.connection.id()});
            this.timeoutHandler.setRequestReceived(true);
        }
    }

    @Override // org.neo4j.bolt.protocol.common.connector.connection.listener.ConnectionListener
    public void onLogon(LoginContext loginContext) {
        this.log.debug("[%s] Removing authentication timeout handler", new Object[]{this.connection.id()});
        if (this.timeoutHandler != null) {
            AuthenticationTimeoutHandler authenticationTimeoutHandler = this.timeoutHandler;
            AuthenticationProtocolLimiterHandler authenticationProtocolLimiterHandler = this.protocolLimiterHandler;
            this.connection.modifyPipeline(channelPipeline -> {
                channelPipeline.remove(authenticationTimeoutHandler);
                if (authenticationProtocolLimiterHandler != null) {
                    channelPipeline.remove(authenticationProtocolLimiterHandler);
                }
            });
            this.timeoutHandler = null;
            this.protocolLimiterHandler = null;
        }
    }

    @Override // org.neo4j.bolt.protocol.common.connector.connection.listener.ConnectionListener
    public void onLogoff() {
        this.log.debug("[%s] Re-adding authentication timeout handler", new Object[]{this.connection.id()});
        this.connection.memoryTracker().allocateHeap(AuthenticationTimeoutHandler.SHALLOW_SIZE);
        AuthenticationTimeoutHandler authenticationTimeoutHandler = new AuthenticationTimeoutHandler(this.timeout);
        this.timeoutHandler = authenticationTimeoutHandler;
        this.connection.modifyPipeline(channelPipeline -> {
            channelPipeline.addBefore(HouseKeeperHandler.HANDLER_NAME, "authenticationTimeoutHandler", authenticationTimeoutHandler);
        });
        installStructureLimitHandler();
    }

    private void installStructureLimitHandler() {
        Connector.Configuration configuration = this.connection.connector().configuration();
        int maxAuthenticationStructureElements = configuration.maxAuthenticationStructureElements();
        int maxAuthenticationStructureDepth = configuration.maxAuthenticationStructureDepth();
        if (maxAuthenticationStructureElements == 0 && maxAuthenticationStructureDepth == 0) {
            this.log.debug("[%s] Authentication structure limit is disabled", new Object[]{this.connection.id()});
            return;
        }
        this.log.debug("[%s] Imposing authentication structure limits of %d elements with a maximum depth of %d", new Object[]{this.connection.id(), Integer.valueOf(maxAuthenticationStructureElements), Integer.valueOf(maxAuthenticationStructureDepth)});
        this.connection.memoryTracker().allocateHeap(AuthenticationProtocolLimiterHandler.SHALLOW_SIZE);
        AuthenticationProtocolLimiterHandler authenticationProtocolLimiterHandler = new AuthenticationProtocolLimiterHandler(maxAuthenticationStructureElements, maxAuthenticationStructureDepth);
        this.protocolLimiterHandler = authenticationProtocolLimiterHandler;
        this.connection.modifyPipeline(channelPipeline -> {
            channelPipeline.addAfter(ChunkFrameDecoder.NAME, "protocolLimiterHandler", authenticationProtocolLimiterHandler);
        });
    }
}
