package org.keycloak.migration.migrators;

import org.keycloak.migration.ModelVersion;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.representations.idm.RealmRepresentation;

/* loaded from: input_file:org/keycloak/migration/migrators/MigrateTo3_2_0.class */
public class MigrateTo3_2_0 implements Migration {
    public static final ModelVersion VERSION = new ModelVersion("3.2.0");

    public void migrate(KeycloakSession keycloakSession) {
        keycloakSession.realms().getRealmsStream().forEach(realmModel -> {
            migrateRealm(keycloakSession, realmModel);
        });
    }

    public void migrateImport(KeycloakSession keycloakSession, RealmModel realmModel, RealmRepresentation realmRepresentation, boolean z) {
        migrateRealm(keycloakSession, realmModel);
    }

    protected void migrateRealm(KeycloakSession keycloakSession, RealmModel realmModel) {
        PasswordPolicy.Builder builder = realmModel.getPasswordPolicy().toBuilder();
        if (!builder.contains("hashAlgorithm") && "20000".equals(builder.get("hashIterations"))) {
            realmModel.setPasswordPolicy(builder.remove("hashIterations").build(keycloakSession));
        }
        if (realmModel.getDockerAuthenticationFlow() == null) {
            DefaultAuthenticationFlows.dockerAuthenticationFlow(realmModel);
        }
        ClientModel clientByClientId = realmModel.getClientByClientId("realm-management");
        if (clientByClientId != null) {
            addRoles(clientByClientId);
        }
        ClientModel masterAdminClient = realmModel.getMasterAdminClient();
        if (masterAdminClient != null) {
            addRoles(masterAdminClient);
        }
    }

    public void addRoles(ClientModel clientModel) {
        if (clientModel.getRole("query-clients") == null) {
            RoleModel addRole = clientModel.addRole("query-clients");
            RoleModel role = clientModel.getRole("view-clients");
            if (role != null) {
                role.addCompositeRole(addRole);
            }
        }
        RoleModel role2 = clientModel.getRole("query-users");
        if (role2 == null) {
            role2 = clientModel.addRole("query-users");
        }
        RoleModel role3 = clientModel.getRole("query-groups");
        if (role3 == null) {
            role3 = clientModel.addRole("query-groups");
        }
        RoleModel role4 = clientModel.getRole("view-users");
        if (role4 != null) {
            if (!role4.hasRole(role2)) {
                role4.addCompositeRole(role2);
            }
            if (role4.hasRole(role3)) {
                return;
            }
            role4.addCompositeRole(role3);
        }
    }

    public ModelVersion getVersion() {
        return VERSION;
    }
}
