package org.keycloak.migration.migrators;

import java.util.List;
import java.util.Objects;
import org.jboss.logging.Logger;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.DefaultClientScopes;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.RealmRepresentation;

/* loaded from: input_file:org/keycloak/migration/migrators/MigrateTo4_0_0.class */
public class MigrateTo4_0_0 implements Migration {
    public static final ModelVersion VERSION = new ModelVersion("4.0.0");
    private static final Logger LOG = Logger.getLogger(MigrateTo4_0_0.class);

    @Override // org.keycloak.migration.migrators.Migration
    public ModelVersion getVersion() {
        return VERSION;
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrate(KeycloakSession keycloakSession) {
        keycloakSession.realms().getRealmsStream().forEach(realmModel -> {
            migrateRealm(keycloakSession, realmModel, false);
        });
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrateImport(KeycloakSession keycloakSession, RealmModel realmModel, RealmRepresentation realmRepresentation, boolean z) {
        migrateRealm(keycloakSession, realmModel, true);
    }

    protected void migrateRealm(KeycloakSession keycloakSession, RealmModel realmModel, boolean z) {
        realmModel.getClientScopesStream().filter(clientScopeModel -> {
            return clientScopeModel.getName().contains(LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
        }).forEach(clientScopeModel2 -> {
            LOG.debugf("Replacing spaces with underscores in the name of client scope '%s' of realm '%s'", clientScopeModel2.getName(), realmModel.getName());
            clientScopeModel2.setName(clientScopeModel2.getName().replaceAll(LDAPConstants.EMPTY_ATTRIBUTE_VALUE, "_"));
        });
        if (!z) {
            LOG.debugf("Adding defaultClientScopes for realm '%s'", realmModel.getName());
            DefaultClientScopes.createDefaultClientScopes(keycloakSession, realmModel, false);
        }
        realmModel.getComponentsStream(realmModel.getId(), "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy").filter(componentModel -> {
            return Objects.equals(componentModel.getProviderId(), "allowed-client-templates");
        }).forEach(componentModel2 -> {
            List list = (List) componentModel2.getConfig().remove("allowed-client-templates");
            if (list != null) {
                componentModel2.getConfig().put("allowed-client-scopes", list);
            }
            componentModel2.put("allow-default-scopes", true);
            realmModel.updateComponent(componentModel2);
        });
        RoleModel role = realmModel.getRole(Constants.OFFLINE_ACCESS_ROLE);
        if (role == null) {
            LOG.infof("Role 'offline_access' not available in realm '%s'. Skip migration of offline_access client scope.", realmModel.getName());
        } else {
            ClientScopeModel clientScopeByName = KeycloakModelUtils.getClientScopeByName(realmModel, Constants.OFFLINE_ACCESS_ROLE);
            if (clientScopeByName == null) {
                LOG.infof("Client scope 'offline_access' not available in realm '%s'. Skip migration of offline_access client scope.", realmModel.getName());
            } else {
                realmModel.getClientsStream().filter(MigrationUtils::isOIDCNonBearerOnlyClient).filter(clientModel -> {
                    return clientModel.hasScope(role);
                }).filter(clientModel2 -> {
                    return !clientModel2.getClientScopes(false).containsKey(Constants.OFFLINE_ACCESS_ROLE);
                }).peek(clientModel3 -> {
                    LOG.debugf("Adding client scope 'offline_access' as optional scope to client '%s' in realm '%s'.", clientModel3.getClientId(), realmModel.getName());
                    clientModel3.addClientScope(clientScopeByName, false);
                }).filter(clientModel4 -> {
                    return !clientModel4.isFullScopeAllowed();
                }).forEach(clientModel5 -> {
                    LOG.debugf("Removing role scope mapping for role 'offline_access' from client '%s' in realm '%s'.", clientModel5.getClientId(), realmModel.getName());
                    clientModel5.deleteScopeMapping(role);
                });
            }
        }
        realmModel.getClientsStream().filter((v0) -> {
            return v0.isConsentRequired();
        }).filter(clientModel6 -> {
            return clientModel6.getClientScopes(true).isEmpty();
        }).forEach(clientModel7 -> {
            LOG.debugf("Adding client '%s' of realm '%s' to display itself on consent screen", clientModel7.getClientId(), realmModel.getName());
            clientModel7.setDisplayOnConsentScreen(true);
            clientModel7.setConsentScreenText(clientModel7.getName() == null ? clientModel7.getClientId() : clientModel7.getName());
        });
    }
}
