package org.keycloak.protocol.oid4vc.issuance;

import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oid4vc.OID4VCClientRegistrationProvider;
import org.keycloak.protocol.oid4vc.OID4VCLoginProtocolFactory;
import org.keycloak.protocol.oid4vc.issuance.signing.VCSigningServiceProviderFactory;
import org.keycloak.protocol.oid4vc.issuance.signing.VerifiableCredentialsSigningService;
import org.keycloak.protocol.oid4vc.model.CredentialIssuer;
import org.keycloak.protocol.oid4vc.model.SupportedCredentialConfiguration;
import org.keycloak.services.Urls;
import org.keycloak.urls.UrlType;
import org.keycloak.wellknown.WellKnownProvider;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerWellKnownProvider.class */
public class OID4VCIssuerWellKnownProvider implements WellKnownProvider {
    private final KeycloakSession keycloakSession;

    public OID4VCIssuerWellKnownProvider(KeycloakSession keycloakSession) {
        this.keycloakSession = keycloakSession;
    }

    public void close() {
    }

    @Override // org.keycloak.wellknown.WellKnownProvider
    public Object getConfig() {
        return new CredentialIssuer().setCredentialIssuer(getIssuer(this.keycloakSession.getContext())).setCredentialEndpoint(getCredentialsEndpoint(this.keycloakSession.getContext())).setCredentialsSupported(getSupportedCredentials(this.keycloakSession)).setAuthorizationServers(List.of(getIssuer(this.keycloakSession.getContext())));
    }

    public static Map<String, SupportedCredentialConfiguration> getSupportedCredentials(KeycloakSession keycloakSession) {
        RealmModel realm = keycloakSession.getContext().getRealm();
        Stream map = realm.getComponentsStream(realm.getId(), VerifiableCredentialsSigningService.class.getName()).map(componentModel -> {
            return keycloakSession.getKeycloakSessionFactory().getProviderFactory(VerifiableCredentialsSigningService.class, componentModel.getProviderId());
        });
        Class<VCSigningServiceProviderFactory> cls = VCSigningServiceProviderFactory.class;
        Objects.requireNonNull(VCSigningServiceProviderFactory.class);
        Stream filter = map.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<VCSigningServiceProviderFactory> cls2 = VCSigningServiceProviderFactory.class;
        Objects.requireNonNull(VCSigningServiceProviderFactory.class);
        List list = filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.supportedFormat();
        }).toList();
        return (Map) keycloakSession.getContext().getRealm().getClientsStream().filter(clientModel -> {
            return clientModel.getProtocol() != null;
        }).filter(clientModel2 -> {
            return clientModel2.getProtocol().equals(OID4VCLoginProtocolFactory.PROTOCOL_ID);
        }).map(clientModel3 -> {
            return OID4VCClientRegistrationProvider.fromClientAttributes(clientModel3.getClientId(), clientModel3.getAttributes());
        }).map((v0) -> {
            return v0.getSupportedVCTypes();
        }).flatMap((v0) -> {
            return v0.stream();
        }).filter(supportedCredentialConfiguration -> {
            return list.contains(supportedCredentialConfiguration.getFormat());
        }).distinct().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, supportedCredentialConfiguration2 -> {
            return supportedCredentialConfiguration2;
        }, (supportedCredentialConfiguration3, supportedCredentialConfiguration4) -> {
            return supportedCredentialConfiguration3;
        }));
    }

    public static String getIssuer(KeycloakContext keycloakContext) {
        return Urls.realmIssuer(keycloakContext.getUri(UrlType.FRONTEND).getBaseUri(), keycloakContext.getRealm().getName());
    }

    public static String getCredentialsEndpoint(KeycloakContext keycloakContext) {
        return getIssuer(keycloakContext) + "/protocol/oid4vc/credential";
    }
}
