package org.keycloak.migration.migrators;

import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.DefaultClientScopes;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.RealmRepresentation;

/* loaded from: input_file:org/keycloak/migration/migrators/MigrateTo4_0_0.class */
public class MigrateTo4_0_0 implements Migration {
    public static final ModelVersion VERSION = new ModelVersion("4.0.0");
    private static final Logger LOG = Logger.getLogger(MigrateTo4_0_0.class);

    @Override // org.keycloak.migration.migrators.Migration
    public ModelVersion getVersion() {
        return VERSION;
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrate(KeycloakSession keycloakSession) {
        keycloakSession.realms().getRealms().stream().forEach(realmModel -> {
            migrateRealm(keycloakSession, realmModel, false);
        });
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrateImport(KeycloakSession keycloakSession, RealmModel realmModel, RealmRepresentation realmRepresentation, boolean z) {
        migrateRealm(keycloakSession, realmModel, true);
    }

    protected void migrateRealm(KeycloakSession keycloakSession, RealmModel realmModel, boolean z) {
        for (ClientScopeModel clientScopeModel : realmModel.getClientScopes()) {
            if (clientScopeModel.getName().contains(LDAPConstants.EMPTY_ATTRIBUTE_VALUE)) {
                LOG.debugf("Replacing spaces with underscores in the name of client scope '%s' of realm '%s'", clientScopeModel.getName(), realmModel.getName());
                clientScopeModel.setName(clientScopeModel.getName().replaceAll(LDAPConstants.EMPTY_ATTRIBUTE_VALUE, "_"));
            }
        }
        if (!z) {
            LOG.debugf("Adding defaultClientScopes for realm '%s'", realmModel.getName());
            DefaultClientScopes.createDefaultClientScopes(keycloakSession, realmModel, false);
        }
        for (ComponentModel componentModel : realmModel.getComponents(realmModel.getId(), "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy")) {
            if ("allowed-client-templates".equals(componentModel.getProviderId())) {
                List list = (List) componentModel.getConfig().remove("allowed-client-templates");
                if (list != null) {
                    componentModel.getConfig().put("allowed-client-scopes", list);
                }
                componentModel.put("allow-default-scopes", true);
                realmModel.updateComponent(componentModel);
            }
        }
        RoleModel role = realmModel.getRole(Constants.OFFLINE_ACCESS_ROLE);
        if (role == null) {
            LOG.infof("Role 'offline_access' not available in realm '%s'. Skip migration of offline_access client scope.", realmModel.getName());
        } else {
            ClientScopeModel clientScopeByName = KeycloakModelUtils.getClientScopeByName(realmModel, Constants.OFFLINE_ACCESS_ROLE);
            if (clientScopeByName == null) {
                LOG.infof("Client scope 'offline_access' not available in realm '%s'. Skip migration of offline_access client scope.", realmModel.getName());
            } else {
                for (ClientModel clientModel : realmModel.getClients()) {
                    if (RepresentationToModel.OIDC.equals(clientModel.getProtocol()) && !clientModel.isBearerOnly() && clientModel.hasScope(role) && !clientModel.getClientScopes(false, true).containsKey(Constants.OFFLINE_ACCESS_ROLE)) {
                        LOG.debugf("Adding client scope 'offline_access' as optional scope to client '%s' in realm '%s'.", clientModel.getClientId(), realmModel.getName());
                        clientModel.addClientScope(clientScopeByName, false);
                        if (!clientModel.isFullScopeAllowed()) {
                            LOG.debugf("Removing role scope mapping for role 'offline_access' from client '%s' in realm '%s'.", clientModel.getClientId(), realmModel.getName());
                            clientModel.deleteScopeMapping(role);
                        }
                    }
                }
            }
        }
        for (ClientModel clientModel2 : realmModel.getClients()) {
            if (clientModel2.isConsentRequired() && clientModel2.getClientScopes(true, true).isEmpty()) {
                LOG.debugf("Adding client '%s' of realm '%s' to display itself on consent screen", clientModel2.getClientId(), realmModel.getName());
                clientModel2.setDisplayOnConsentScreen(true);
                clientModel2.setConsentScreenText(clientModel2.getName() == null ? clientModel2.getClientId() : clientModel2.getName());
            }
        }
    }
}
