package org.keycloak.migration.migrators;

import org.jboss.logging.Logger;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;

/* loaded from: input_file:BOOT-INF/lib/keycloak-server-spi-private-11.0.2.jar:org/keycloak/migration/migrators/MigrateTo4_6_0.class */
public class MigrateTo4_6_0 implements Migration {
    public static final ModelVersion VERSION = new ModelVersion("4.6.0");
    private static final Logger LOG = Logger.getLogger((Class<?>) MigrateTo4_6_0.class);

    @Override // org.keycloak.migration.migrators.Migration
    public ModelVersion getVersion() {
        return VERSION;
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrate(KeycloakSession keycloakSession) {
        keycloakSession.realms().getRealms().stream().forEach(realmModel -> {
            migrateRealm(keycloakSession, realmModel, false);
        });
    }

    @Override // org.keycloak.migration.migrators.Migration
    public void migrateImport(KeycloakSession keycloakSession, RealmModel realmModel, RealmRepresentation realmRepresentation, boolean z) {
        migrateRealm(keycloakSession, realmModel, true);
    }

    protected void migrateRealm(KeycloakSession keycloakSession, RealmModel realmModel, boolean z) {
        MigrationProvider migrationProvider = (MigrationProvider) keycloakSession.getProvider(MigrationProvider.class);
        ClientScopeModel addOIDCRolesClientScope = migrationProvider.addOIDCRolesClientScope(realmModel);
        ClientScopeModel addOIDCWebOriginsClientScope = migrationProvider.addOIDCWebOriginsClientScope(realmModel);
        LOG.debugf("Added '%s' and '%s' default client scopes", addOIDCRolesClientScope.getName(), addOIDCWebOriginsClientScope.getName());
        for (ClientModel clientModel : realmModel.getClients()) {
            if (clientModel.getProtocol() == null || "openid-connect".equals(clientModel.getProtocol())) {
                if (!clientModel.isBearerOnly()) {
                    clientModel.addClientScope(addOIDCRolesClientScope, true);
                    clientModel.addClientScope(addOIDCWebOriginsClientScope, true);
                }
            }
        }
        LOG.debugf("Client scope '%s' assigned to all the clients", addOIDCRolesClientScope.getName());
    }
}
