package org.keycloak.protocol.oid4vc.issuance.signing.vcdm;

import com.apicatalog.jsonld.JsonLd;
import com.apicatalog.jsonld.JsonLdError;
import com.apicatalog.jsonld.document.JsonDocument;
import com.apicatalog.jsonld.http.DefaultHttpClient;
import com.apicatalog.jsonld.http.media.MediaType;
import com.apicatalog.jsonld.json.JsonUtils;
import com.apicatalog.jsonld.loader.HttpLoader;
import com.apicatalog.rdf.Rdf;
import com.apicatalog.rdf.RdfDataset;
import com.apicatalog.rdf.io.error.RdfWriterException;
import com.apicatalog.rdf.io.error.UnsupportedContentException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.setl.rdf.normalization.RdfNormalize;
import jakarta.json.JsonArray;
import jakarta.json.JsonStructure;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Optional;
import org.keycloak.crypto.SHA256HashProviderFactory;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.protocol.oid4vc.issuance.signing.SigningServiceException;
import org.keycloak.protocol.oid4vc.model.VerifiableCredential;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/signing/vcdm/Ed255192018Suite.class */
public class Ed255192018Suite implements LinkedDataCryptographicSuite {
    private final ObjectMapper objectMapper;
    private final SignatureSignerContext signerContext;
    public static final String PROOF_TYPE = "Ed25519Signature2018";

    public Ed255192018Suite(ObjectMapper objectMapper, SignatureSignerContext signatureSignerContext) {
        this.objectMapper = objectMapper;
        this.signerContext = signatureSignerContext;
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.signing.vcdm.LinkedDataCryptographicSuite
    public byte[] getSignature(VerifiableCredential verifiableCredential) {
        return sign(digest(transform(verifiableCredential)));
    }

    private byte[] transform(VerifiableCredential verifiableCredential) {
        try {
            try {
                JsonArray jsonArray = JsonLd.expand(JsonDocument.of(new StringReader(this.objectMapper.writeValueAsString(verifiableCredential)))).loader(new HttpLoader(DefaultHttpClient.defaultInstance())).get();
                Optional empty = Optional.empty();
                if (JsonUtils.isArray(jsonArray)) {
                    empty = jsonArray.asJsonArray().stream().filter(JsonUtils::isObject).map((v0) -> {
                        return v0.asJsonObject();
                    }).findFirst();
                } else if (JsonUtils.isObject(jsonArray)) {
                    empty = Optional.of(jsonArray.asJsonObject());
                }
                if (!empty.isPresent()) {
                    throw new SigningServiceException("Was not able to get the expanded json.");
                }
                RdfDataset normalize = RdfNormalize.normalize(JsonLd.toRdf(JsonDocument.of((JsonStructure) empty.get())).get());
                StringWriter stringWriter = new StringWriter();
                Rdf.createWriter(MediaType.N_QUADS, stringWriter).write(normalize);
                return stringWriter.toString().getBytes(StandardCharsets.UTF_8);
            } catch (UnsupportedContentException | IOException | RdfWriterException e) {
                throw new SigningServiceException("Was not able to canonicalize the json-ld.", e);
            }
        } catch (JsonLdError e2) {
            throw new SigningServiceException("Was not able to create a JsonLD Document from the serialized string.", e2);
        } catch (JsonProcessingException e3) {
            throw new SigningServiceException("Was not able to serialize the credential", e3);
        }
    }

    private byte[] digest(byte[] bArr) {
        try {
            return MessageDigest.getInstance(SHA256HashProviderFactory.ID).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new SigningServiceException("Algorithm SHA-256 not supported.", e);
        }
    }

    private byte[] sign(byte[] bArr) {
        return this.signerContext.sign(bArr);
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.signing.vcdm.LinkedDataCryptographicSuite
    public String getProofType() {
        return PROOF_TYPE;
    }
}
