package org.keycloak.protocol.oid4vc.issuance.signing;

import org.jboss.logging.Logger;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oid4vc.issuance.VCIssuanceContext;
import org.keycloak.protocol.oid4vc.issuance.VCIssuerException;
import org.keycloak.protocol.oid4vc.issuance.credentialbuilder.CredentialBody;
import org.keycloak.protocol.oid4vc.issuance.credentialbuilder.JwtCredentialBody;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/signing/JwtSigningService.class */
public class JwtSigningService extends SigningService<String> {
    private static final Logger LOGGER = Logger.getLogger(JwtSigningService.class);
    private final SignatureSignerContext signatureSignerContext;

    public JwtSigningService(KeycloakSession keycloakSession, String str, String str2) {
        super(keycloakSession, str, "jwt_vc", str2);
        KeyWrapper key = getKey(str, str2);
        if (key == null) {
            throw new SigningServiceException(String.format("No key for id %s and algorithm %s available.", str, str2));
        }
        this.signatureSignerContext = keycloakSession.getProvider(SignatureProvider.class, str2).signer(key);
        LOGGER.debugf("Successfully initiated the JWT Signing Service with algorithm %s.", str2);
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.signing.VerifiableCredentialsSigningService
    public String signCredential(VCIssuanceContext vCIssuanceContext) {
        LOGGER.debugf("Sign credentials to jwt-vc format.", new Object[0]);
        CredentialBody credentialBody = vCIssuanceContext.getCredentialBody();
        if (!(credentialBody instanceof JwtCredentialBody)) {
            throw new VCIssuerException("Credential body unexpectedly not of type JwtCredentialBody");
        }
        return ((JwtCredentialBody) credentialBody).sign(this.signatureSignerContext);
    }
}
