package org.keycloak.models.utils;

import java.util.Iterator;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;

/* loaded from: input_file:org/keycloak/models/utils/DefaultAuthenticationFlows.class */
public class DefaultAuthenticationFlows {
    public static final String REGISTRATION_FLOW = "registration";
    public static final String REGISTRATION_FORM_FLOW = "registration form";
    public static final String BROWSER_FLOW = "browser";
    public static final String DIRECT_GRANT_FLOW = "direct grant";
    public static final String RESET_CREDENTIALS_FLOW = "reset credentials";
    public static final String LOGIN_FORMS_FLOW = "forms";
    public static final String CLIENT_AUTHENTICATION_FLOW = "clients";

    public static void addFlows(RealmModel realmModel) {
        if (realmModel.getFlowByAlias(BROWSER_FLOW) == null) {
            browserFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(DIRECT_GRANT_FLOW) == null) {
            directGrantFlow(realmModel, false);
        }
        if (realmModel.getFlowByAlias(REGISTRATION_FLOW) == null) {
            registrationFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) {
            resetCredentialsFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) {
            clientAuthFlow(realmModel);
        }
    }

    public static void migrateFlows(RealmModel realmModel) {
        if (realmModel.getFlowByAlias(BROWSER_FLOW) == null) {
            browserFlow(realmModel, true);
        }
        if (realmModel.getFlowByAlias(DIRECT_GRANT_FLOW) == null) {
            directGrantFlow(realmModel, true);
        }
        if (realmModel.getFlowByAlias(REGISTRATION_FLOW) == null) {
            registrationFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) {
            resetCredentialsFlow(realmModel);
        }
        if (realmModel.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) {
            clientAuthFlow(realmModel);
        }
    }

    public static void registrationFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(REGISTRATION_FLOW);
        authenticationFlowModel.setDescription("registration flow");
        authenticationFlowModel.setProviderId("basic-flow");
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setRegistrationFlow(addAuthenticationFlow);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setAlias(REGISTRATION_FORM_FLOW);
        authenticationFlowModel2.setDescription(REGISTRATION_FORM_FLOW);
        authenticationFlowModel2.setProviderId("form-flow");
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("registration-page-form");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow2.getId());
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("registration-user-creation");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("registration-profile-action");
        authenticationExecutionModel3.setPriority(40);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel4.setAuthenticator("registration-password-action");
        authenticationExecutionModel4.setPriority(50);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        authenticationExecutionModel5.setAuthenticator("registration-recaptcha-action");
        authenticationExecutionModel5.setPriority(60);
        authenticationExecutionModel5.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
    }

    public static void browserFlow(RealmModel realmModel) {
        browserFlow(realmModel, false);
    }

    private static boolean hasCredentialType(RealmModel realmModel, String str) {
        Iterator<RequiredCredentialModel> it = realmModel.getRequiredCredentials().iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getType())) {
                return true;
            }
        }
        return false;
    }

    public static void resetCredentialsFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(RESET_CREDENTIALS_FLOW);
        authenticationFlowModel.setDescription("Reset credentials for a user if they forgot their password or something");
        authenticationFlowModel.setProviderId("basic-flow");
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setResetCredentialsFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("reset-credentials-choose-user");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("reset-credential-email");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("reset-password");
        authenticationExecutionModel3.setPriority(30);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL);
        authenticationExecutionModel4.setAuthenticator("reset-otp");
        authenticationExecutionModel4.setPriority(40);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
    }

    public static void directGrantFlow(RealmModel realmModel, boolean z) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(DIRECT_GRANT_FLOW);
        authenticationFlowModel.setDescription("OpenID Connect Resource Owner Grant");
        authenticationFlowModel.setProviderId("basic-flow");
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setDirectGrantFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("direct-grant-validate-username");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        if (z && !hasCredentialType(realmModel, RequiredCredentialModel.PASSWORD.getType())) {
            authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        }
        authenticationExecutionModel2.setAuthenticator("direct-grant-validate-password");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL);
        if (z && hasCredentialType(realmModel, RequiredCredentialModel.TOTP.getType())) {
            authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        }
        authenticationExecutionModel3.setAuthenticator("direct-grant-validate-otp");
        authenticationExecutionModel3.setPriority(30);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
    }

    public static void browserFlow(RealmModel realmModel, boolean z) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(BROWSER_FLOW);
        authenticationFlowModel.setDescription("browser based authentication");
        authenticationFlowModel.setProviderId("basic-flow");
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setBrowserFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setAuthenticator("auth-cookie");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
        if (z && hasCredentialType(realmModel, RequiredCredentialModel.KERBEROS.getType())) {
            authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        }
        authenticationExecutionModel2.setAuthenticator("auth-spnego");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        authenticationFlowModel2.setAlias(LOGIN_FORMS_FLOW);
        authenticationFlowModel2.setDescription("Username, password, otp and other auth forms.");
        authenticationFlowModel2.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel3.setFlowId(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setPriority(30);
        authenticationExecutionModel3.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel4.setAuthenticator("auth-username-password-form");
        authenticationExecutionModel4.setPriority(10);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
        AuthenticationExecutionModel authenticationExecutionModel5 = new AuthenticationExecutionModel();
        authenticationExecutionModel5.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL);
        if (z && hasCredentialType(realmModel, RequiredCredentialModel.TOTP.getType())) {
            authenticationExecutionModel5.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        }
        authenticationExecutionModel5.setAuthenticator("auth-otp-form");
        authenticationExecutionModel5.setPriority(20);
        authenticationExecutionModel5.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel5);
    }

    public static void clientAuthFlow(RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(CLIENT_AUTHENTICATION_FLOW);
        authenticationFlowModel.setDescription("Base authentication for clients");
        authenticationFlowModel.setProviderId("client-flow");
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        realmModel.setClientAuthenticationFlow(addAuthenticationFlow);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setAuthenticator("client-secret");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel2.setAuthenticator("client-jwt");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
    }
}
