package org.keycloak.services.managers;

import org.keycloak.Config;
import org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticator;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.DefaultKeyProviders;
import org.keycloak.representations.userprofile.config.UPAttribute;
import org.keycloak.representations.userprofile.config.UPAttributeRequired;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.services.ServicesLogger;
import org.keycloak.userprofile.UserProfileProvider;

/* loaded from: input_file:org/keycloak/services/managers/ApplianceBootstrap.class */
public class ApplianceBootstrap {
    private final KeycloakSession session;

    public ApplianceBootstrap(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public boolean isNewInstall() {
        return this.session.realms().getRealmByName(Config.getAdminRealm()) == null;
    }

    public boolean isNoMasterUser() {
        return this.session.users().getUsersCount(this.session.realms().getRealmByName(Config.getAdminRealm())) == 0;
    }

    public boolean createMasterRealm() {
        if (!isNewInstall()) {
            throw new IllegalStateException("Can't create default realm as realms already exists");
        }
        String adminRealm = Config.getAdminRealm();
        ServicesLogger.LOGGER.initializingAdminRealm(adminRealm);
        RealmModel createRealm = new RealmManager(this.session).createRealm(adminRealm);
        createRealm.setName(adminRealm);
        createRealm.setDisplayName("Keycloak");
        createRealm.setDisplayNameHtml("<div class=\"kc-logo-text\"><span>Keycloak</span></div>");
        createRealm.setEnabled(true);
        createRealm.addRequiredCredential("password");
        createRealm.setDefaultSignatureAlgorithm("RS256");
        createRealm.setSsoSessionIdleTimeout(1800);
        createRealm.setAccessTokenLifespan(60);
        createRealm.setAccessTokenLifespanForImplicitFlow(900);
        createRealm.setSsoSessionMaxLifespan(ConditionalLoaAuthenticator.DEFAULT_MAX_AGE);
        createRealm.setOfflineSessionIdleTimeout(2592000);
        createRealm.setOfflineSessionMaxLifespanEnabled(false);
        createRealm.setOfflineSessionMaxLifespan(5184000);
        createRealm.setAccessCodeLifespan(60);
        createRealm.setAccessCodeLifespanUserAction(300);
        createRealm.setAccessCodeLifespanLogin(1800);
        createRealm.setSslRequired(SslRequired.EXTERNAL);
        createRealm.setRegistrationAllowed(false);
        createRealm.setRegistrationEmailAsUsername(false);
        this.session.getContext().setRealm(createRealm);
        DefaultKeyProviders.createProviders(createRealm);
        UserProfileProvider provider = this.session.getProvider(UserProfileProvider.class);
        UPConfig configuration = provider.getConfiguration();
        for (UPAttribute uPAttribute : configuration.getAttributes()) {
            if (!"username".equals(uPAttribute.getName())) {
                uPAttribute.setRequired((UPAttributeRequired) null);
            }
        }
        provider.setConfiguration(configuration);
        return true;
    }

    public void createMasterRealmUser(String str, String str2) {
        RealmModel realmByName = this.session.realms().getRealmByName(Config.getAdminRealm());
        this.session.getContext().setRealm(realmByName);
        if (this.session.users().getUsersCount(realmByName) > 0) {
            ServicesLogger.LOGGER.addAdminUserFailedAdminExists(Config.getAdminRealm());
            return;
        }
        UserModel addUser = this.session.users().addUser(realmByName, str);
        addUser.setEnabled(true);
        addUser.credentialManager().updateCredential(UserCredentialModel.password(str2));
        addUser.grantRole(realmByName.getRole(AdminRoles.ADMIN));
        ServicesLogger.LOGGER.addUserSuccess(str, Config.getAdminRealm());
    }
}
