package org.keycloak.migration.migrators;

import java.util.Collections;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlow;
import org.keycloak.broker.provider.IdentityProviderMapper;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;

/* loaded from: input_file:org/keycloak/migration/migrators/MigrateTo8_0_0.class */
public class MigrateTo8_0_0 implements Migration {
    public static final ModelVersion VERSION = new ModelVersion("8.0.0");
    private static final Logger LOG = Logger.getLogger(MigrateTo8_0_0.class);

    @Override // org.keycloak.migration.migrators.Migration
    public ModelVersion getVersion() {
        return VERSION;
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrate(KeycloakSession keycloakSession) {
        keycloakSession.realms().getRealms().stream().forEach(realmModel -> {
            migrateRealmCommon(realmModel);
        });
        keycloakSession.realms().getRealms().stream().forEach(realmModel2 -> {
            migrateRealmMFA(keycloakSession, realmModel2, false);
        });
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrateImport(KeycloakSession keycloakSession, RealmModel realmModel, RealmRepresentation realmRepresentation, boolean z) {
        migrateRealmCommon(realmModel);
    }

    protected void migrateRealmCommon(RealmModel realmModel) {
        ClientModel clientByClientId = realmModel.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
        if (clientByClientId != null) {
            clientByClientId.setRootUrl(Constants.AUTH_ADMIN_URL_PROP);
            String str = "/admin/" + realmModel.getName() + "/console/";
            clientByClientId.setBaseUrl(str);
            clientByClientId.setRedirectUris(Collections.singleton(str + IdentityProviderMapper.ANY_PROVIDER));
            clientByClientId.setWebOrigins(Collections.singleton("+"));
        }
        ClientModel clientByClientId2 = realmModel.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
        if (clientByClientId2 != null) {
            clientByClientId2.setRootUrl(Constants.AUTH_BASE_URL_PROP);
            String str2 = "/realms/" + realmModel.getName() + "/account/";
            clientByClientId2.setBaseUrl(str2);
            clientByClientId2.setRedirectUris(Collections.singleton(str2 + IdentityProviderMapper.ANY_PROVIDER));
        }
    }

    protected void migrateRealmMFA(KeycloakSession keycloakSession, RealmModel realmModel, boolean z) {
        for (AuthenticationFlowModel authenticationFlowModel : realmModel.getAuthenticationFlows()) {
            for (AuthenticationExecutionModel authenticationExecutionModel : realmModel.getAuthenticationExecutions(authenticationFlowModel.getId())) {
                if (authenticationExecutionModel.getRequirement() == AuthenticationExecutionModel.Requirement.CONDITIONAL) {
                    migrateOptionalAuthenticationExecution(realmModel, authenticationFlowModel, authenticationExecutionModel, true);
                }
            }
        }
    }

    public static void migrateOptionalAuthenticationExecution(RealmModel realmModel, AuthenticationFlowModel authenticationFlowModel, AuthenticationExecutionModel authenticationExecutionModel, boolean z) {
        LOG.debugf("Migrating optional execution '%s' of flow '%s' of realm '%s' to subflow", authenticationExecutionModel.getAuthenticator(), authenticationFlowModel.getAlias(), realmModel.getName());
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(authenticationFlowModel.isBuiltIn());
        authenticationFlowModel2.setAlias(authenticationFlowModel.getAlias() + " - " + authenticationExecutionModel.getAuthenticator() + " - Conditional");
        authenticationFlowModel2.setDescription("Flow to determine if the " + authenticationExecutionModel.getAuthenticator() + " authenticator should be used or not.");
        authenticationFlowModel2.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(authenticationFlowModel.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        authenticationExecutionModel2.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setPriority(authenticationExecutionModel.getPriority());
        authenticationExecutionModel2.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel3.setPriority(10);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setPriority(20);
        if (z) {
            realmModel.updateAuthenticatorExecution(authenticationExecutionModel);
        }
    }
}
