package org.keycloak.protocol.oid4vc.issuance.credentialbuilder;

import java.util.List;
import java.util.Map;
import java.util.stream.IntStream;
import org.keycloak.protocol.oid4vc.model.CredentialBuildConfig;
import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
import org.keycloak.sdjwt.DisclosureSpec;
import org.keycloak.sdjwt.SdJwt;
import org.keycloak.sdjwt.SdJwtUtils;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/credentialbuilder/SdJwtCredentialBuilder.class */
public class SdJwtCredentialBuilder implements CredentialBuilder {
    public static final String ISSUER_CLAIM = "iss";
    public static final String VERIFIABLE_CREDENTIAL_TYPE_CLAIM = "vct";
    private final String credentialIssuer;

    public SdJwtCredentialBuilder(String str) {
        this.credentialIssuer = str;
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.credentialbuilder.CredentialBuilder
    public String getSupportedFormat() {
        return "vc+sd-jwt";
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.credentialbuilder.CredentialBuilder
    public SdJwtCredentialBody buildCredentialBody(VerifiableCredential verifiableCredential, CredentialBuildConfig credentialBuildConfig) throws CredentialBuilderException {
        Map<String, Object> claims = verifiableCredential.getCredentialSubject().getClaims();
        DisclosureSpec.Builder builder = DisclosureSpec.builder();
        claims.entrySet().stream().filter(entry -> {
            return !credentialBuildConfig.getVisibleClaims().contains(entry.getKey());
        }).forEach(entry2 -> {
            if (entry2 instanceof List) {
                IntStream.range(0, ((List) entry2).size()).forEach(i -> {
                    builder.withUndisclosedArrayElt((String) entry2.getKey(), Integer.valueOf(i), SdJwtUtils.randomSalt());
                });
            } else {
                builder.withUndisclosedClaim((String) entry2.getKey(), SdJwtUtils.randomSalt());
            }
        });
        claims.put("iss", this.credentialIssuer);
        claims.put("vct", credentialBuildConfig.getCredentialType());
        if (credentialBuildConfig.getNumberOfDecoys() > 0) {
            IntStream.range(0, credentialBuildConfig.getNumberOfDecoys()).forEach(i -> {
                builder.withDecoyClaim(SdJwtUtils.randomSalt());
            });
        }
        return new SdJwtCredentialBody(SdJwt.builder().withDisclosureSpec(builder.build()).withHashAlgorithm(credentialBuildConfig.getHashAlgorithm()).withJwsType(credentialBuildConfig.getTokenJwsType()), claims);
    }
}
