package de.governikus.autent.eudiwallet.keycloak.provider.signingservices;

import de.governikus.autent.eudiwallet.keycloak.constants.Constants;
import de.governikus.autent.eudiwallet.keycloak.constants.UtilityMethods;
import de.governikus.autent.eudiwallet.keycloak.models.CredentialRequest;
import java.util.Optional;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.JsonWebToken;

/* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/provider/signingservices/JwtJsonSigningProvider.class */
public class JwtJsonSigningProvider implements OpenId4VciSigningProvider<JsonWebToken> {
    private final KeycloakSession keycloakSession;

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.signingservices.OpenId4VciSigningProvider
    public String signCredential(ClientScopeModel clientScopeModel, JsonWebToken jsonWebToken) {
        KeyWrapper pidProviderSigningKey = UtilityMethods.getPidProviderSigningKey(this.keycloakSession, clientScopeModel, (String) Optional.ofNullable((CredentialRequest) this.keycloakSession.getAttribute(Constants.ProtocolAttributes.CREDENTIAL_REQUEST, CredentialRequest.class)).map((v0) -> {
            return v0.getSignatureAlgorithm();
        }).orElse(null));
        return new JWSBuilder().jsonContent(jsonWebToken).sign(this.keycloakSession.getProvider(SignatureProvider.class, pidProviderSigningKey.getAlgorithm()).signer(pidProviderSigningKey));
    }

    public JwtJsonSigningProvider(KeycloakSession keycloakSession) {
        this.keycloakSession = keycloakSession;
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.signingservices.OpenId4VciSigningProvider
    public KeycloakSession getKeycloakSession() {
        return this.keycloakSession;
    }
}
