package de.governikus.autent.eudiwallet.keycloak.provider.signingservices;

import de.governikus.autent.eudiwallet.keycloak.constants.Constants;
import de.governikus.autent.eudiwallet.keycloak.constants.StaticContext;
import de.governikus.autent.eudiwallet.keycloak.constants.UtilityMethods;
import de.governikus.autent.eudiwallet.keycloak.models.CredentialRequest;
import java.net.URI;
import java.time.Instant;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
import org.keycloak.representations.JsonWebToken;

/* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/provider/signingservices/VcJwtSigningProvider.class */
public class VcJwtSigningProvider implements OpenId4VciSigningProvider<VerifiableCredential> {
    private static final String ID_CLAIM_KEY = "id";
    private final KeycloakSession keycloakSession;

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.signingservices.OpenId4VciSigningProvider
    public String signCredential(ClientScopeModel clientScopeModel, VerifiableCredential verifiableCredential) {
        long longValue = ((Long) Optional.ofNullable(verifiableCredential.getIssuanceDate()).map((v0) -> {
            return v0.getEpochSecond();
        }).orElseGet(() -> {
            return Long.valueOf(Instant.now().getEpochSecond());
        })).longValue();
        Object issuer = verifiableCredential.getIssuer();
        JsonWebToken iat = new JsonWebToken().issuer(issuer instanceof URI ? ((URI) issuer).toString() : issuer instanceof Map ? ((Map) issuer).get(ID_CLAIM_KEY).toString() : StaticContext.getIssuer(this.keycloakSession)).iat(Long.valueOf(longValue));
        iat.setOtherClaims(Constants.ProtocolAttributes.VC_CLAIM_KEY, verifiableCredential);
        Optional.ofNullable(verifiableCredential.getExpirationDate()).ifPresent(instant -> {
            iat.exp(Long.valueOf(instant.getEpochSecond()));
        });
        Optional map = Optional.ofNullable(verifiableCredential.getCredentialSubject().getClaims().get(ID_CLAIM_KEY)).map((v0) -> {
            return v0.toString();
        });
        Objects.requireNonNull(iat);
        map.ifPresent(iat::subject);
        KeyWrapper pidProviderSigningKey = UtilityMethods.getPidProviderSigningKey(this.keycloakSession, clientScopeModel, (String) Optional.ofNullable((CredentialRequest) this.keycloakSession.getAttribute(Constants.ProtocolAttributes.CREDENTIAL_REQUEST, CredentialRequest.class)).map((v0) -> {
            return v0.getSignatureAlgorithm();
        }).orElse(null));
        return new JWSBuilder().jsonContent(iat).sign(this.keycloakSession.getProvider(SignatureProvider.class, pidProviderSigningKey.getAlgorithm()).signer(pidProviderSigningKey));
    }

    public VcJwtSigningProvider(KeycloakSession keycloakSession) {
        this.keycloakSession = keycloakSession;
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.signingservices.OpenId4VciSigningProvider
    public KeycloakSession getKeycloakSession() {
        return this.keycloakSession;
    }
}
