package org.keycloak.models.utils;

import java.util.HashMap;
import java.util.LinkedList;
import java.util.Objects;
import org.keycloak.authentication.AuthenticationFlow;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;

/* loaded from: input_file:org/keycloak/models/utils/DefaultAuthenticationFlows.class */
public class DefaultAuthenticationFlows {
    public static final String REGISTRATION_FLOW = "registration";
    public static final String REGISTRATION_FORM_FLOW = "registration form";
    public static final String BROWSER_FLOW = "browser";
    public static final String DIRECT_GRANT_FLOW = "direct grant";
    public static final String RESET_CREDENTIALS_FLOW = "reset credentials";
    public static final String LOGIN_FORMS_FLOW = "forms";
    public static final String SAML_ECP_FLOW = "saml ecp";
    public static final String DOCKER_AUTH = "docker auth";
    public static final String HTTP_CHALLENGE_FLOW = "http challenge";
    public static final String CLIENT_AUTHENTICATION_FLOW = "clients";
    public static final String FIRST_BROKER_LOGIN_FLOW = "first broker login";
    public static final String FIRST_BROKER_LOGIN_HANDLE_EXISTING_SUBFLOW = "Handle Existing Account";
    public static final String IDP_REVIEW_PROFILE_CONFIG_ALIAS = "review profile config";
    public static final String IDP_CREATE_UNIQUE_USER_CONFIG_ALIAS = "create unique user config";

    public static void addFlows(RealmModel realmModel) {
        if (realmModel.getFlowByAlias(BROWSER_FLOW) == null) {
            browserFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(DIRECT_GRANT_FLOW) == null) {
            directGrantFlow(realmModel, false);
        }
        if (realmModel.getFlowByAlias(REGISTRATION_FLOW) == null) {
            registrationFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) {
            resetCredentialsFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) {
            clientAuthFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(FIRST_BROKER_LOGIN_FLOW) == null) {
            firstBrokerLoginFlow(realmModel, false);
        }
        if (realmModel.getFlowByAlias(SAML_ECP_FLOW) == null) {
            samlEcpProfile(realmModel);
        }
        if (realmModel.getFlowByAlias(DOCKER_AUTH) == null) {
            dockerAuthenticationFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(HTTP_CHALLENGE_FLOW) == null) {
            httpChallengeFlow(realmModel);
        }
    }

    public static void migrateFlows(RealmModel realmModel) {
        if (realmModel.getFlowByAlias(BROWSER_FLOW) == null) {
            browserFlow(realmModel, true);
        }
        if (realmModel.getFlowByAlias(DIRECT_GRANT_FLOW) == null) {
            directGrantFlow(realmModel, true);
        }
        if (realmModel.getFlowByAlias(REGISTRATION_FLOW) == null) {
            registrationFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) {
            resetCredentialsFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) {
            clientAuthFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(FIRST_BROKER_LOGIN_FLOW) == null) {
            firstBrokerLoginFlow(realmModel, true);
        }
        if (realmModel.getFlowByAlias(SAML_ECP_FLOW) == null) {
            samlEcpProfile(realmModel);
        }
        if (realmModel.getFlowByAlias(DOCKER_AUTH) == null) {
            dockerAuthenticationFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(HTTP_CHALLENGE_FLOW) == null) {
            httpChallengeFlow(realmModel);
        }
    }

    public static void registrationFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(REGISTRATION_FLOW);
        authenticationFlowModel.setDescription("registration flow");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setRegistrationFlow(addAuthenticationFlow);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setAlias(REGISTRATION_FORM_FLOW);
        authenticationFlowModel2.setDescription(REGISTRATION_FORM_FLOW);
        authenticationFlowModel2.setProviderId(AuthenticationFlow.FORM_FLOW);
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("registration-page-form");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow2.getId());
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("registration-user-creation");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("registration-profile-action");
        authenticationExecutionModel3.setPriority(40);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel4.setAuthenticator("registration-password-action");
        authenticationExecutionModel4.setPriority(50);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        authenticationExecutionModel5.setAuthenticator("registration-recaptcha-action");
        authenticationExecutionModel5.setPriority(60);
        authenticationExecutionModel5.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
    }

    public static void browserFlow(RealmModel realmModel) {
        browserFlow(realmModel, false);
    }

    private static boolean hasCredentialType(RealmModel realmModel, String str) {
        return realmModel.getRequiredCredentialsStream().anyMatch(requiredCredentialModel -> {
            return Objects.equals(requiredCredentialModel.getType(), str);
        });
    }

    public static void resetCredentialsFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(RESET_CREDENTIALS_FLOW);
        authenticationFlowModel.setDescription("Reset credentials for a user if they forgot their password or something");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setResetCredentialsFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("reset-credentials-choose-user");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("reset-credential-email");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("reset-password");
        authenticationExecutionModel3.setPriority(30);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        authenticationFlowModel2.setAlias("Reset - Conditional OTP");
        authenticationFlowModel2.setDescription("Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.");
        authenticationFlowModel2.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        authenticationExecutionModel4.setFlowId(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setPriority(40);
        authenticationExecutionModel4.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel5.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel5.setPriority(10);
        authenticationExecutionModel5.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
        AuthenticationExecutionModel authenticationExecutionModel6 = new AuthenticationExecutionModel();
        authenticationExecutionModel6.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel6.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel6.setAuthenticator("reset-otp");
        authenticationExecutionModel6.setPriority(20);
        authenticationExecutionModel6.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel6);
    }

    public static void directGrantFlow(RealmModel realmModel, boolean z) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(DIRECT_GRANT_FLOW);
        authenticationFlowModel.setDescription("OpenID Connect Resource Owner Grant");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setDirectGrantFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("direct-grant-validate-username");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        if (z && !hasCredentialType(realmModel, RequiredCredentialModel.PASSWORD.getType())) {
            authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        }
        authenticationExecutionModel2.setAuthenticator("direct-grant-validate-password");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        authenticationFlowModel2.setAlias("Direct Grant - Conditional OTP");
        authenticationFlowModel2.setDescription("Flow to determine if the OTP is required for the authentication");
        authenticationFlowModel2.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        if (z && hasCredentialType(realmModel, RequiredCredentialModel.TOTP.getType())) {
            authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        }
        authenticationExecutionModel3.setFlowId(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setPriority(30);
        authenticationExecutionModel3.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel4.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel4.setPriority(10);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel5.setAuthenticator("direct-grant-validate-otp");
        authenticationExecutionModel5.setPriority(20);
        authenticationExecutionModel5.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
    }

    public static void browserFlow(RealmModel realmModel, boolean z) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(BROWSER_FLOW);
        authenticationFlowModel.setDescription("browser based authentication");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setBrowserFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setAuthenticator("auth-cookie");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        if (z && hasCredentialType(realmModel, RequiredCredentialModel.KERBEROS.getType())) {
            authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        }
        authenticationExecutionModel2.setAuthenticator("auth-spnego");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        addIdentityProviderAuthenticator(realmModel, null);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        authenticationFlowModel2.setAlias(LOGIN_FORMS_FLOW);
        authenticationFlowModel2.setDescription("Username, password, otp and other auth forms.");
        authenticationFlowModel2.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel3.setFlowId(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setPriority(30);
        authenticationExecutionModel3.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel4.setAuthenticator("auth-username-password-form");
        authenticationExecutionModel4.setPriority(10);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationFlowModel authenticationFlowModel3 = new AuthenticationFlowModel();
        authenticationFlowModel3.setTopLevel(false);
        authenticationFlowModel3.setBuiltIn(true);
        authenticationFlowModel3.setAlias("Browser - Conditional OTP");
        authenticationFlowModel3.setDescription("Flow to determine if the OTP is required for the authentication");
        authenticationFlowModel3.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow3 = realmModel.addAuthenticationFlow(authenticationFlowModel3);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        if (z && hasCredentialType(realmModel, RequiredCredentialModel.TOTP.getType())) {
            authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        }
        authenticationExecutionModel5.setFlowId(addAuthenticationFlow3.getId());
        authenticationExecutionModel5.setPriority(20);
        authenticationExecutionModel5.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
        AuthenticationExecutionModel authenticationExecutionModel6 = new AuthenticationExecutionModel();
        authenticationExecutionModel6.setParentFlow(addAuthenticationFlow3.getId());
        authenticationExecutionModel6.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel6.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel6.setPriority(10);
        authenticationExecutionModel6.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel6);
        AuthenticationExecutionModel authenticationExecutionModel7 = new AuthenticationExecutionModel();
        authenticationExecutionModel7.setParentFlow(addAuthenticationFlow3.getId());
        authenticationExecutionModel7.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel7.setAuthenticator("auth-otp-form");
        authenticationExecutionModel7.setPriority(20);
        authenticationExecutionModel7.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel7);
    }

    public static void addIdentityProviderAuthenticator(RealmModel realmModel, String str) {
        String str2 = (String) realmModel.getAuthenticationFlowsStream().filter(authenticationFlowModel -> {
            return Objects.equals(authenticationFlowModel.getAlias(), BROWSER_FLOW);
        }).map((v0) -> {
            return v0.getId();
        }).findFirst().orElse(null);
        if (str2 == null || realmModel.getAuthenticationExecutionsStream(str2).anyMatch(authenticationExecutionModel -> {
            return Objects.equals(authenticationExecutionModel.getAuthenticator(), "identity-provider-redirector");
        })) {
            return;
        }
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(str2);
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel2.setAuthenticator("identity-provider-redirector");
        authenticationExecutionModel2.setPriority(25);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        if (str != null) {
            AuthenticatorConfigModel authenticatorConfigModel = new AuthenticatorConfigModel();
            HashMap hashMap = new HashMap();
            hashMap.put("defaultProvider", str);
            authenticatorConfigModel.setConfig(hashMap);
            authenticatorConfigModel.setAlias(str);
            authenticationExecutionModel2.setAuthenticatorConfig(realmModel.addAuthenticatorConfig(authenticatorConfigModel).getId());
        }
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
    }

    public static void clientAuthFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(CLIENT_AUTHENTICATION_FLOW);
        authenticationFlowModel.setDescription("Base authentication for clients");
        authenticationFlowModel.setProviderId(AuthenticationFlow.CLIENT_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setClientAuthenticationFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setAuthenticator("client-secret");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel2.setAuthenticator("client-jwt");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel3.setAuthenticator("client-secret-jwt");
        authenticationExecutionModel3.setPriority(30);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel4.setAuthenticator("client-x509");
        authenticationExecutionModel4.setPriority(40);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
    }

    public static void firstBrokerLoginFlow(RealmModel realmModel, boolean z) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(FIRST_BROKER_LOGIN_FLOW);
        authenticationFlowModel.setDescription("Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticatorConfigModel authenticatorConfigModel = new AuthenticatorConfigModel();
        authenticatorConfigModel.setAlias(IDP_REVIEW_PROFILE_CONFIG_ALIAS);
        HashMap hashMap = new HashMap();
        hashMap.put("update.profile.on.first.login", "missing");
        authenticatorConfigModel.setConfig(hashMap);
        AuthenticatorConfigModel addAuthenticatorConfig = realmModel.addAuthenticatorConfig(authenticatorConfigModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("idp-review-profile");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        authenticationExecutionModel.setAuthenticatorConfig(addAuthenticatorConfig.getId());
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        authenticationFlowModel2.setAlias("User creation or linking");
        authenticationFlowModel2.setDescription("Flow for the existing/non-existing user alternatives");
        authenticationFlowModel2.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setFlowId(addAuthenticationFlow2.getId());
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticatorConfigModel authenticatorConfigModel2 = new AuthenticatorConfigModel();
        authenticatorConfigModel2.setAlias(IDP_CREATE_UNIQUE_USER_CONFIG_ALIAS);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("require.password.update.after.registration", "false");
        authenticatorConfigModel2.setConfig(hashMap2);
        AuthenticatorConfigModel addAuthenticatorConfig2 = realmModel.addAuthenticatorConfig(authenticatorConfigModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel3.setAuthenticator("idp-create-user-if-unique");
        authenticationExecutionModel3.setPriority(10);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        authenticationExecutionModel3.setAuthenticatorConfig(addAuthenticatorConfig2.getId());
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationFlowModel authenticationFlowModel3 = new AuthenticationFlowModel();
        authenticationFlowModel3.setTopLevel(false);
        authenticationFlowModel3.setBuiltIn(true);
        authenticationFlowModel3.setAlias(FIRST_BROKER_LOGIN_HANDLE_EXISTING_SUBFLOW);
        authenticationFlowModel3.setDescription("Handle what to do if there is existing account with same email/username like authenticated identity provider");
        authenticationFlowModel3.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow3 = realmModel.addAuthenticationFlow(authenticationFlowModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel4.setFlowId(addAuthenticationFlow3.getId());
        authenticationExecutionModel4.setPriority(20);
        authenticationExecutionModel4.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow3.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel5.setAuthenticator("idp-confirm-link");
        authenticationExecutionModel5.setPriority(10);
        authenticationExecutionModel5.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
        AuthenticationFlowModel authenticationFlowModel4 = new AuthenticationFlowModel();
        authenticationFlowModel4.setTopLevel(false);
        authenticationFlowModel4.setBuiltIn(true);
        authenticationFlowModel4.setAlias("Account verification options");
        authenticationFlowModel4.setDescription("Method with which to verity the existing account");
        authenticationFlowModel4.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow4 = realmModel.addAuthenticationFlow(authenticationFlowModel4);
        AuthenticationExecutionModel authenticationExecutionModel6 = new AuthenticationExecutionModel();
        authenticationExecutionModel6.setParentFlow(addAuthenticationFlow3.getId());
        authenticationExecutionModel6.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel6.setFlowId(addAuthenticationFlow4.getId());
        authenticationExecutionModel6.setPriority(20);
        authenticationExecutionModel6.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel6);
        AuthenticationExecutionModel authenticationExecutionModel7 = new AuthenticationExecutionModel();
        authenticationExecutionModel7.setParentFlow(addAuthenticationFlow4.getId());
        authenticationExecutionModel7.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel7.setAuthenticator("idp-email-verification");
        authenticationExecutionModel7.setPriority(10);
        authenticationExecutionModel7.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel7);
        AuthenticationFlowModel authenticationFlowModel5 = new AuthenticationFlowModel();
        authenticationFlowModel5.setTopLevel(false);
        authenticationFlowModel5.setBuiltIn(true);
        authenticationFlowModel5.setAlias("Verify Existing Account by Re-authentication");
        authenticationFlowModel5.setDescription("Reauthentication of existing account");
        authenticationFlowModel5.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow5 = realmModel.addAuthenticationFlow(authenticationFlowModel5);
        AuthenticationExecutionModel authenticationExecutionModel8 = new AuthenticationExecutionModel();
        authenticationExecutionModel8.setParentFlow(addAuthenticationFlow4.getId());
        authenticationExecutionModel8.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel8.setFlowId(addAuthenticationFlow5.getId());
        authenticationExecutionModel8.setPriority(20);
        authenticationExecutionModel8.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel8);
        AuthenticationExecutionModel authenticationExecutionModel9 = new AuthenticationExecutionModel();
        authenticationExecutionModel9.setParentFlow(addAuthenticationFlow5.getId());
        authenticationExecutionModel9.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel9.setAuthenticator("idp-username-password-form");
        authenticationExecutionModel9.setPriority(10);
        authenticationExecutionModel9.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel9);
        AuthenticationFlowModel authenticationFlowModel6 = new AuthenticationFlowModel();
        authenticationFlowModel6.setTopLevel(false);
        authenticationFlowModel6.setBuiltIn(true);
        authenticationFlowModel6.setAlias("First broker login - Conditional OTP");
        authenticationFlowModel6.setDescription("Flow to determine if the OTP is required for the authentication");
        authenticationFlowModel6.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow6 = realmModel.addAuthenticationFlow(authenticationFlowModel6);
        AuthenticationExecutionModel authenticationExecutionModel10 = new AuthenticationExecutionModel();
        authenticationExecutionModel10.setParentFlow(addAuthenticationFlow5.getId());
        authenticationExecutionModel10.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        if (z) {
            AuthenticationFlowModel browserFlow = realmModel.getBrowserFlow();
            if (browserFlow == null) {
                browserFlow = realmModel.getFlowByAlias(BROWSER_FLOW);
            }
            LinkedList<AuthenticationExecutionModel> linkedList = new LinkedList();
            KeycloakModelUtils.deepFindAuthenticationExecutions(realmModel, browserFlow, linkedList);
            for (AuthenticationExecutionModel authenticationExecutionModel11 : linkedList) {
                if (authenticationExecutionModel11.isAuthenticatorFlow() && realmModel.getAuthenticationExecutionsStream(authenticationExecutionModel11.getFlowId()).anyMatch(authenticationExecutionModel12 -> {
                    return authenticationExecutionModel12.getAuthenticator().equals("auth-otp-form");
                })) {
                    authenticationExecutionModel10.setRequirement(authenticationExecutionModel11.getRequirement());
                }
            }
        }
        authenticationExecutionModel10.setFlowId(addAuthenticationFlow6.getId());
        authenticationExecutionModel10.setPriority(20);
        authenticationExecutionModel10.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel10);
        AuthenticationExecutionModel authenticationExecutionModel13 = new AuthenticationExecutionModel();
        authenticationExecutionModel13.setParentFlow(addAuthenticationFlow6.getId());
        authenticationExecutionModel13.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel13.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel13.setPriority(10);
        authenticationExecutionModel13.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel13);
        AuthenticationExecutionModel authenticationExecutionModel14 = new AuthenticationExecutionModel();
        authenticationExecutionModel14.setParentFlow(addAuthenticationFlow6.getId());
        authenticationExecutionModel14.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel14.setAuthenticator("auth-otp-form");
        authenticationExecutionModel14.setPriority(20);
        authenticationExecutionModel14.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel14);
    }

    public static void samlEcpProfile(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(SAML_ECP_FLOW);
        authenticationFlowModel.setDescription("SAML ECP Profile Authentication Flow");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("http-basic-authenticator");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
    }

    public static void dockerAuthenticationFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(DOCKER_AUTH);
        authenticationFlowModel.setDescription("Used by Docker clients to authenticate against the IDP");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setDockerAuthenticationFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("docker-http-basic-authenticator");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
    }

    public static void httpChallengeFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(HTTP_CHALLENGE_FLOW);
        authenticationFlowModel.setDescription("An authentication flow based on challenge-response HTTP Authentication Schemes");
        authenticationFlowModel.setProviderId(AuthenticationFlow.BASIC_FLOW);
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("no-cookie-redirect");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        authenticationFlowModel2.setAlias("Authentication Options");
        authenticationFlowModel2.setDescription("Authentication options.");
        authenticationFlowModel2.setProviderId(AuthenticationFlow.BASIC_FLOW);
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setFlowId(addAuthenticationFlow2.getId());
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("basic-auth");
        authenticationExecutionModel3.setPriority(10);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        authenticationExecutionModel4.setAuthenticator("basic-auth-otp");
        authenticationExecutionModel4.setPriority(20);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        authenticationExecutionModel5.setAuthenticator("auth-spnego");
        authenticationExecutionModel5.setPriority(30);
        authenticationExecutionModel5.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
    }
}
