package org.keycloak.protocol.oid4vc.issuance.signing;

import java.net.URI;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.jboss.logging.Logger;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oid4vc.issuance.TimeProvider;
import org.keycloak.protocol.oid4vc.issuance.VCIssuanceContext;
import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
import org.keycloak.representations.JsonWebToken;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/signing/JwtSigningService.class */
public class JwtSigningService extends SigningService<String> {
    private static final Logger LOGGER = Logger.getLogger(JwtSigningService.class);
    private static final String ID_TEMPLATE = "urn:uuid:%s";
    private static final String VC_CLAIM_KEY = "vc";
    private static final String ID_CLAIM_KEY = "id";
    private final SignatureSignerContext signatureSignerContext;
    private final TimeProvider timeProvider;
    private final String tokenType;
    protected final String issuerDid;

    public JwtSigningService(KeycloakSession keycloakSession, String str, String str2, String str3, String str4, TimeProvider timeProvider) {
        super(keycloakSession, str, "jwt_vc", str2);
        this.issuerDid = str4;
        this.timeProvider = timeProvider;
        this.tokenType = str3;
        KeyWrapper key = getKey(str, str2);
        if (key == null) {
            throw new SigningServiceException(String.format("No key for id %s and algorithm %s available.", str, str2));
        }
        this.signatureSignerContext = keycloakSession.getProvider(SignatureProvider.class, str2).signer(key);
        LOGGER.debugf("Successfully initiated the JWT Signing Service with algorithm %s.", str2);
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.signing.VerifiableCredentialsSigningService
    public String signCredential(VCIssuanceContext vCIssuanceContext) {
        LOGGER.debugf("Sign credentials to jwt-vc format.", new Object[0]);
        VerifiableCredential verifiableCredential = vCIssuanceContext.getVerifiableCredential();
        JsonWebToken id = new JsonWebToken().issuer(verifiableCredential.getIssuer().toString()).nbf(Long.valueOf(((Long) Optional.ofNullable(verifiableCredential.getIssuanceDate()).map((v0) -> {
            return v0.getEpochSecond();
        }).orElse(Long.valueOf(this.timeProvider.currentTimeSeconds()))).longValue())).id(createCredentialId(verifiableCredential));
        id.setOtherClaims(VC_CLAIM_KEY, verifiableCredential);
        Optional.ofNullable(verifiableCredential.getExpirationDate()).ifPresent(instant -> {
            id.exp(Long.valueOf(instant.getEpochSecond()));
        });
        Optional map = Optional.ofNullable(verifiableCredential.getCredentialSubject().getClaims().get(ID_CLAIM_KEY)).map((v0) -> {
            return v0.toString();
        });
        Objects.requireNonNull(id);
        map.ifPresent(id::subject);
        return new JWSBuilder().type(this.tokenType).jsonContent(id).sign(this.signatureSignerContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createCredentialId(VerifiableCredential verifiableCredential) {
        return ((URI) Optional.ofNullable(verifiableCredential.getId()).orElse(URI.create(String.format(ID_TEMPLATE, UUID.randomUUID())))).toString();
    }
}
