package org.keycloak.protocol.oid4vc.issuance.signing;

import java.io.IOException;
import java.time.Instant;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oid4vc.issuance.TimeProvider;
import org.keycloak.protocol.oid4vc.issuance.credentialbuilder.CredentialBody;
import org.keycloak.protocol.oid4vc.issuance.credentialbuilder.LDCredentialBody;
import org.keycloak.protocol.oid4vc.issuance.signing.vcdm.Ed255192018Suite;
import org.keycloak.protocol.oid4vc.issuance.signing.vcdm.LinkedDataCryptographicSuite;
import org.keycloak.protocol.oid4vc.model.CredentialBuildConfig;
import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
import org.keycloak.protocol.oid4vc.model.vcdm.LdProof;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/signing/LDCredentialSigner.class */
public class LDCredentialSigner extends AbstractCredentialSigner<VerifiableCredential> {
    private static final Logger LOGGER = Logger.getLogger(LDCredentialSigner.class);
    public static final String PROOF_PURPOSE_ASSERTION = "assertionMethod";
    public static final String PROOF_KEY = "proof";
    private final TimeProvider timeProvider;

    public LDCredentialSigner(KeycloakSession keycloakSession, TimeProvider timeProvider) {
        super(keycloakSession);
        this.timeProvider = timeProvider;
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.signing.CredentialSigner
    public VerifiableCredential signCredential(CredentialBody credentialBody, CredentialBuildConfig credentialBuildConfig) throws CredentialSignerException {
        if (!(credentialBody instanceof LDCredentialBody)) {
            throw new CredentialSignerException("Credential body unexpectedly not of type LDCredentialBody");
        }
        LDCredentialBody lDCredentialBody = (LDCredentialBody) credentialBody;
        LOGGER.debugf("Sign credentials to ldp-vc format.", new Object[0]);
        return addProof(lDCredentialBody.getVerifiableCredential(), credentialBuildConfig);
    }

    private LinkedDataCryptographicSuite getLinkedDataCryptographicSuite(CredentialBuildConfig credentialBuildConfig) {
        String ldpProofType = credentialBuildConfig.getLdpProofType();
        SignatureSignerContext signer = getSigner(credentialBuildConfig);
        if (Objects.equals(ldpProofType, Ed255192018Suite.PROOF_TYPE)) {
            return new Ed255192018Suite(signer);
        }
        throw new CredentialSignerException(String.format("Proof Type %s is not supported.", ldpProofType));
    }

    private VerifiableCredential addProof(VerifiableCredential verifiableCredential, CredentialBuildConfig credentialBuildConfig) {
        String str = (String) Optional.ofNullable(credentialBuildConfig.getOverrideKeyId()).orElse(credentialBuildConfig.getSigningKeyId());
        LinkedDataCryptographicSuite linkedDataCryptographicSuite = getLinkedDataCryptographicSuite(credentialBuildConfig);
        byte[] signature = linkedDataCryptographicSuite.getSignature(verifiableCredential);
        LdProof ldProof = new LdProof();
        ldProof.setProofPurpose(PROOF_PURPOSE_ASSERTION);
        ldProof.setType(linkedDataCryptographicSuite.getProofType());
        ldProof.setCreated(Date.from(Instant.ofEpochSecond(this.timeProvider.currentTimeSeconds())));
        ldProof.setVerificationMethod(str);
        try {
            ldProof.setProofValue(Base64.encodeBytes(signature, 16));
            verifiableCredential.setAdditionalProperties(PROOF_KEY, ldProof);
            return verifiableCredential;
        } catch (IOException e) {
            throw new CredentialSignerException("Was not able to encode the signature.", e);
        }
    }
}
