package org.keycloak.protocol.oid4vc.issuance.signing;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.time.Instant;
import java.util.Date;
import java.util.Optional;
import org.keycloak.common.util.Base64;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oid4vc.issuance.TimeProvider;
import org.keycloak.protocol.oid4vc.issuance.signing.vcdm.Ed255192018Suite;
import org.keycloak.protocol.oid4vc.issuance.signing.vcdm.LinkedDataCryptographicSuite;
import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
import org.keycloak.protocol.oid4vc.model.vcdm.LdProof;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/signing/LDSigningService.class */
public class LDSigningService extends SigningService<VerifiableCredential> {
    private final LinkedDataCryptographicSuite linkedDataCryptographicSuite;
    private final TimeProvider timeProvider;
    private final String keyId;

    public LDSigningService(KeycloakSession keycloakSession, String str, String str2, String str3, ObjectMapper objectMapper, TimeProvider timeProvider, Optional<String> optional) {
        super(keycloakSession, str, str2);
        this.timeProvider = timeProvider;
        this.keyId = optional.orElse(str);
        KeyWrapper key = getKey(str, str2);
        if (key == null) {
            throw new SigningServiceException(String.format("No key for id %s and algorithm %s available.", str, str2));
        }
        if (optional.isPresent()) {
            key = key.cloneKey();
            key.setKid(str);
        }
        SignatureProvider provider = keycloakSession.getProvider(SignatureProvider.class, str2);
        boolean z = -1;
        switch (str3.hashCode()) {
            case -1632410942:
                if (str3.equals(Ed255192018Suite.PROOF_TYPE)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.linkedDataCryptographicSuite = new Ed255192018Suite(objectMapper, provider.signer(key));
                return;
            default:
                throw new SigningServiceException(String.format("Proof Type %s is not supported.", str3));
        }
    }

    @Override // org.keycloak.protocol.oid4vc.issuance.signing.VerifiableCredentialsSigningService
    public VerifiableCredential signCredential(VerifiableCredential verifiableCredential) {
        return addProof(verifiableCredential);
    }

    private VerifiableCredential addProof(VerifiableCredential verifiableCredential) {
        byte[] signature = this.linkedDataCryptographicSuite.getSignature(verifiableCredential);
        LdProof ldProof = new LdProof();
        ldProof.setProofPurpose("assertionMethod");
        ldProof.setType(this.linkedDataCryptographicSuite.getProofType());
        ldProof.setCreated(Date.from(Instant.ofEpochSecond(this.timeProvider.currentTimeSeconds())));
        ldProof.setVerificationMethod(this.keyId);
        try {
            ldProof.setProofValue(Base64.encodeBytes(signature, 16));
            verifiableCredential.setAdditionalProperties("proof", ldProof);
            return verifiableCredential;
        } catch (IOException e) {
            throw new SigningServiceException("Was not able to encode the signature.", e);
        }
    }
}
