package org.keycloak.protocol.oid4vc.issuance.signing;

import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.models.KeyManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oid4vc.model.CredentialBuildConfig;

/* loaded from: input_file:org/keycloak/protocol/oid4vc/issuance/signing/AbstractCredentialSigner.class */
public abstract class AbstractCredentialSigner<T> implements CredentialSigner<T> {
    protected final KeycloakSession keycloakSession;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCredentialSigner(KeycloakSession keycloakSession) {
        this.keycloakSession = keycloakSession;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SignatureSignerContext getSigner(CredentialBuildConfig credentialBuildConfig) {
        if (credentialBuildConfig.getSigningAlgorithm() == null) {
            throw new CredentialSignerException(String.format("A signing algorithm must be configured for credential %s", credentialBuildConfig.getCredentialId()));
        }
        return this.keycloakSession.getProvider(SignatureProvider.class, credentialBuildConfig.getSigningAlgorithm()).signer(getKeyWithKidSubstitute(credentialBuildConfig.getSigningKeyId(), credentialBuildConfig.getSigningAlgorithm(), credentialBuildConfig.getOverrideKeyId()));
    }

    protected KeyWrapper getKeyWithKidSubstitute(String str, String str2, String str3) {
        KeyWrapper key = getKey(str, str2);
        if (key == null) {
            throw new CredentialSignerException(String.format("No key for id %s and algorithm %s available.", str, str2));
        }
        if (str3 != null) {
            key = key.cloneKey();
            key.setKid(str3);
        }
        return key;
    }

    protected KeyWrapper getKey(String str, String str2) {
        RealmModel realm = this.keycloakSession.getContext().getRealm();
        KeyManager keys = this.keycloakSession.keys();
        return str == null ? keys.getActiveKey(realm, KeyUse.SIG, str2) : keys.getKey(realm, str, KeyUse.SIG, str2);
    }
}
