package org.keycloak.migration.migrators;

import org.jboss.logging.Logger;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.DefaultKeyProviders;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.userprofile.UserProfileProvider;

/* loaded from: input_file:org/keycloak/migration/migrators/MigrateTo24_0_0.class */
public class MigrateTo24_0_0 implements Migration {
    private static final Logger LOG = Logger.getLogger(MigrateTo24_0_0.class);
    public static final ModelVersion VERSION = new ModelVersion("24.0.0");
    public static final String REALM_USER_PROFILE_ENABLED = "userProfileEnabled";

    public void migrate(KeycloakSession keycloakSession) {
        keycloakSession.realms().getRealmsStream().forEach(realmModel -> {
            migrateRealm(keycloakSession, realmModel);
        });
    }

    public void migrateImport(KeycloakSession keycloakSession, RealmModel realmModel, RealmRepresentation realmRepresentation, boolean z) {
        migrateRealm(keycloakSession, realmModel);
    }

    public ModelVersion getVersion() {
        return VERSION;
    }

    private void migrateRealm(KeycloakSession keycloakSession, RealmModel realmModel) {
        KeycloakContext context = keycloakSession.getContext();
        try {
            context.setRealm(realmModel);
            updateUserProfileSettings(keycloakSession);
            updateLdapProviderConfig(keycloakSession);
            createHS512ComponentModelKey(keycloakSession);
            bindFirstBrokerLoginFlow(keycloakSession);
            context.setRealm((RealmModel) null);
        } catch (Throwable th) {
            context.setRealm((RealmModel) null);
            throw th;
        }
    }

    private void updateUserProfileSettings(KeycloakSession keycloakSession) {
        RealmModel realm = keycloakSession.getContext().getRealm();
        boolean parseBoolean = Boolean.parseBoolean(realm.getAttribute(REALM_USER_PROFILE_ENABLED));
        realm.removeAttribute(REALM_USER_PROFILE_ENABLED);
        if (parseBoolean) {
            LOG.debugf("Skipping migration for realm %s. The declarative user profile is already enabled.", realm.getName());
            return;
        }
        UserProfileProvider provider = keycloakSession.getProvider(UserProfileProvider.class);
        UPConfig configuration = provider.getConfiguration();
        configuration.setUnmanagedAttributePolicy(UPConfig.UnmanagedAttributePolicy.ENABLED);
        provider.setConfiguration(configuration);
        LOG.debugf("Enabled the declarative user profile to realm %s with support for unmanaged attributes", realm.getName());
    }

    private void updateLdapProviderConfig(KeycloakSession keycloakSession) {
        RealmModel realm = keycloakSession.getContext().getRealm();
        realm.getComponentsStream(realm.getId(), UserStorageProvider.class.getName()).filter(componentModel -> {
            return "ldapsOnly".equals(componentModel.getConfig().getFirst("useTruststoreSpi"));
        }).forEach(componentModel2 -> {
            componentModel2.getConfig().putSingle("useTruststoreSpi", "always");
            realm.updateComponent(componentModel2);
        });
    }

    private void createHS512ComponentModelKey(KeycloakSession keycloakSession) {
        DefaultKeyProviders.createSecretProvider(keycloakSession.getContext().getRealm());
    }

    private void bindFirstBrokerLoginFlow(KeycloakSession keycloakSession) {
        RealmModel realm = keycloakSession.getContext().getRealm();
        AuthenticationFlowModel flowByAlias = realm.getFlowByAlias("first broker login");
        if (flowByAlias == null) {
            LOG.debugf("No flow found for alias '%s'. Skipping.", "first broker login");
        } else {
            realm.setFirstBrokerLoginFlow(flowByAlias);
            LOG.debugf("Flow '%s' has been bound to realm %s as 'First broker login' flow", flowByAlias.getId(), realm.getName());
        }
    }
}
