package org.keycloak.authentication.user.conditional;

import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;

/* loaded from: input_file:org/keycloak/authentication/user/conditional/ConditionalBearerToken.class */
public class ConditionalBearerToken implements ConditionalAuthenticator {
    static final ConditionalBearerToken SINGLETON = new ConditionalBearerToken();

    public boolean matchCondition(AuthenticationFlowContext authenticationFlowContext) {
        boolean parseBoolean = Boolean.parseBoolean((String) authenticationFlowContext.getAuthenticatorConfig().getConfig().get("not"));
        AuthenticationManager.AuthResult authenticate = new AppAuthManager.BearerTokenAuthenticator(authenticationFlowContext.getSession()).authenticate();
        if (authenticate == null || !authenticate.getToken().isActive()) {
            return parseBoolean;
        }
        UserModel user = authenticate.getUser();
        return user == null ? parseBoolean : (authenticationFlowContext.getUser() == null || authenticationFlowContext.getUser().getId().equals(user.getId())) ? !parseBoolean : parseBoolean;
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
    }

    public boolean requiresUser() {
        return false;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void close() {
    }
}
