package net.shibboleth.oidc.security.jose.impl;

import com.google.common.base.Strings;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import java.security.Key;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.function.BiFunction;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.security.CredentialConversionUtil;
import net.shibboleth.oidc.security.credential.JWKCredential;
import net.shibboleth.oidc.security.credential.impl.DataEncryptionAlgorithmCriterion;
import net.shibboleth.oidc.security.credential.impl.KeyManagmentAlgorithmCriterion;
import net.shibboleth.oidc.security.jose.EncryptionConfiguration;
import net.shibboleth.oidc.security.jose.EncryptionParameters;
import net.shibboleth.oidc.security.jose.EncryptionParametersResolver;
import net.shibboleth.oidc.security.jose.criterion.EncryptionConfigurationCriterion;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.ResolverException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion;
import org.opensaml.security.criteria.KeyAlgorithmCriterion;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.criterion.EncryptionOptionalCriterion;
import org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver;
import org.opensaml.xmlsec.impl.AlgorithmRuntimeSupportedPredicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/oidc/security/jose/impl/DefaultEncryptionParametersResolver.class */
public class DefaultEncryptionParametersResolver extends AbstractSecurityParametersResolver<EncryptionParameters> implements EncryptionParametersResolver {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultEncryptionParametersResolver.class);

    @Nonnull
    private AlgorithmRegistry algorithmRegistry = AlgorithmSupport.getGlobalAlgorithmRegistry();

    @Nonnull
    private BiFunction<CriteriaSet, Predicate<String>, List<String>> keyTransportEncryptionAlgorithmsLookupStrategy = new DefaultKeyTransportEncryptionAlgorithmsLookupStrategy(null);

    @Nonnull
    private BiFunction<CriteriaSet, Predicate<String>, List<String>> dataEncryptionAlgorithmsLookupStrategy = new DefaultDataEncryptionAlgorithmsLookupStrategy(null);

    public void setDataEncryptionAlgorithmsLookupStrategy(BiFunction<CriteriaSet, Predicate<String>, List<String>> biFunction) {
        this.dataEncryptionAlgorithmsLookupStrategy = (BiFunction) Constraint.isNotNull(biFunction, "dataEncryptionAlgorithmsLookupStrategy can not be null");
    }

    public void setKeyTransportEncryptionAlgorithmsLookupStrategy(BiFunction<CriteriaSet, Predicate<String>, List<String>> biFunction) {
        this.keyTransportEncryptionAlgorithmsLookupStrategy = (BiFunction) Constraint.isNotNull(biFunction, "keyTransportEncryptionAlgorithmsLookupStrategy can not be null");
    }

    @Nonnull
    public AlgorithmRegistry getAlgorithmRegistry() {
        return this.algorithmRegistry == null ? AlgorithmSupport.getGlobalAlgorithmRegistry() : this.algorithmRegistry;
    }

    public void setAlgorithmRegistry(@Nonnull AlgorithmRegistry algorithmRegistry) {
        this.algorithmRegistry = (AlgorithmRegistry) Constraint.isNotNull(algorithmRegistry, "AlgorithmRegistry was null");
    }

    @Nonnull
    public Iterable<EncryptionParameters> resolve(@Nonnull CriteriaSet criteriaSet) throws ResolverException {
        EncryptionParameters resolveSingle = resolveSingle(criteriaSet);
        return resolveSingle != null ? Collections.singletonList(resolveSingle) : Collections.emptyList();
    }

    @Nullable
    public EncryptionParameters resolveSingle(@Nonnull CriteriaSet criteriaSet) throws ResolverException {
        Constraint.isNotNull(criteriaSet, "CriteriaSet was null");
        Constraint.isNotNull((EncryptionConfigurationCriterion) criteriaSet.get(EncryptionConfigurationCriterion.class), "Resolver requires an instance of JWTEncryptionConfigurationCriterion");
        Predicate<String> includeExcludePredicate = getIncludeExcludePredicate(criteriaSet);
        EncryptionParameters encryptionParameters = new EncryptionParameters();
        resolveAndPopulateCredentialsAndAlgorithms(encryptionParameters, criteriaSet, includeExcludePredicate);
        boolean z = false;
        EncryptionOptionalCriterion encryptionOptionalCriterion = (EncryptionOptionalCriterion) criteriaSet.get(EncryptionOptionalCriterion.class);
        if (encryptionOptionalCriterion != null) {
            z = encryptionOptionalCriterion.isEncryptionOptional();
        }
        if (!validate(encryptionParameters, z)) {
            return null;
        }
        logResult(encryptionParameters);
        return encryptionParameters;
    }

    @Nullable
    protected CredentialResolver resolveKEKCredentialResolver(@Nonnull CriteriaSet criteriaSet) {
        for (EncryptionConfiguration encryptionConfiguration : ((EncryptionConfigurationCriterion) criteriaSet.get(EncryptionConfigurationCriterion.class)).getConfigurations()) {
            if (encryptionConfiguration.getKEKCredentialResolver() != null) {
                return encryptionConfiguration.getKEKCredentialResolver();
            }
        }
        return null;
    }

    @Nullable
    protected CredentialResolver resolveContentEncryptionKeyCredentialResolver(@Nonnull CriteriaSet criteriaSet) {
        for (EncryptionConfiguration encryptionConfiguration : ((EncryptionConfigurationCriterion) criteriaSet.get(EncryptionConfigurationCriterion.class)).getConfigurations()) {
            if (encryptionConfiguration.getContentEncryptionKeyCredentialResolver() != null) {
                return encryptionConfiguration.getContentEncryptionKeyCredentialResolver();
            }
        }
        return null;
    }

    protected void logResult(@Nonnull EncryptionParameters encryptionParameters) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Resolved EncryptionParameters:");
            Credential keyTransportEncryptionCredential = encryptionParameters.getKeyTransportEncryptionCredential();
            Key extractEncryptionKey = keyTransportEncryptionCredential == null ? null : CredentialSupport.extractEncryptionKey(keyTransportEncryptionCredential);
            if (extractEncryptionKey != null) {
                this.log.debug("\tKey transport credential with key algorithm: {}", extractEncryptionKey.getAlgorithm());
            } else {
                this.log.debug("\tKey transport credential: null");
            }
            this.log.debug("\tKey transport algorithm URI: {}", encryptionParameters.getKeyTransportEncryptionAlgorithm());
            Credential dataEncryptionCredential = encryptionParameters.getDataEncryptionCredential();
            Key extractEncryptionKey2 = dataEncryptionCredential == null ? null : CredentialSupport.extractEncryptionKey(dataEncryptionCredential);
            if (extractEncryptionKey2 != null) {
                this.log.debug("\tData encryption credential with key algorithm: {}", extractEncryptionKey2.getAlgorithm());
            } else {
                this.log.debug("\tData encryption credential: null");
            }
            this.log.debug("\tData encryption algorithm URI: {}", encryptionParameters.getDataEncryptionAlgorithm());
        }
    }

    protected boolean validate(@Nonnull EncryptionParameters encryptionParameters, boolean z) {
        if (encryptionParameters.getKeyTransportEncryptionCredential() == null && encryptionParameters.getDataEncryptionCredential() == null) {
            if (z) {
                this.log.debug("Validation failure: Failed to resolve an encryption key");
                return false;
            }
            this.log.warn("Validation failure: Failed to resolve an encryption key");
            return false;
        }
        if (encryptionParameters.getKeyTransportEncryptionCredential() != null && encryptionParameters.getKeyTransportEncryptionAlgorithm() == null) {
            if (z) {
                this.log.debug("Validation failure: Unable to resolve key encryption algorithm URI for credential");
                return false;
            }
            this.log.warn("Validation failure: Unable to resolve key encryption algorithm URI for credential");
            return false;
        }
        if (encryptionParameters.getDataEncryptionCredential() != null && encryptionParameters.getDataEncryptionAlgorithm() == null) {
            if (z) {
                this.log.debug("Validation failure: Unable to resolve data encryption algorithm URI for credential");
                return false;
            }
            this.log.warn("Validation failure: Unable to resolve data encryption algorithm URI for credential");
            return false;
        }
        if (encryptionParameters.getKeyTransportEncryptionCredential() == null || encryptionParameters.getDataEncryptionCredential() != null || encryptionParameters.getDataEncryptionAlgorithm() != null) {
            return true;
        }
        if (z) {
            this.log.debug("Validation failure: Unable to resolve a data encryption algorithm URI for auto-generation of data encryption key");
            return false;
        }
        this.log.warn("Validation failure: Unable to resolve a data encryption algorithm URI for auto-generation of data encryption key");
        return false;
    }

    @Nonnull
    protected Predicate<String> getIncludeExcludePredicate(@Nonnull CriteriaSet criteriaSet) {
        return resolveIncludeExcludePredicate(criteriaSet, ((EncryptionConfigurationCriterion) criteriaSet.get(EncryptionConfigurationCriterion.class)).getConfigurations());
    }

    protected void resolveAndPopulateCredentialsAndAlgorithms(@Nonnull EncryptionParameters encryptionParameters, @Nonnull CriteriaSet criteriaSet, @Nonnull Predicate<String> predicate) {
        if (!criteriaSet.contains(EncryptionConfigurationCriterion.class)) {
            this.log.debug("No encryption configuration criterion, encryption parameters can not be resolved");
            return;
        }
        if (!criteriaSet.contains(UsageCriterion.class)) {
            criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
        }
        List<String> apply = this.keyTransportEncryptionAlgorithmsLookupStrategy.apply(criteriaSet, predicate);
        this.log.trace("Resolved effective key transport algorithms: {}", apply);
        List<String> apply2 = this.dataEncryptionAlgorithmsLookupStrategy.apply(criteriaSet, predicate);
        this.log.trace("Resolved effective data encryption algorithms: {}", apply2);
        resolveCredentialForSupportedAlgorithm(criteriaSet, convertStringAlgorithmURIsToJwkAlgorithms(apply), convertStringEncryptionMethodURIsToEncryptionMethods(apply2), encryptionParameters);
    }

    protected void resolveCredentialForSupportedAlgorithm(@Nonnull CriteriaSet criteriaSet, @Nonnull List<JWEAlgorithm> list, @Nonnull List<EncryptionMethod> list2, @Nonnull EncryptionParameters encryptionParameters) {
        for (JWEAlgorithm jWEAlgorithm : list) {
            if (JWEAlgorithm.DIR.equals(jWEAlgorithm)) {
                if (buildDirectEncryptionParameters(encryptionParameters, criteriaSet, list2, jWEAlgorithm)) {
                    return;
                }
            } else if (JWEAlgorithm.Family.AES_GCM_KW.contains(jWEAlgorithm) || JWEAlgorithm.Family.AES_KW.contains(jWEAlgorithm)) {
                if (buildKeyWrappingParameters(encryptionParameters, criteriaSet, list2, jWEAlgorithm)) {
                    return;
                }
            } else if (!JWEAlgorithm.Family.ASYMMETRIC.contains(jWEAlgorithm)) {
                this.log.trace("Algorithm '{}' is not supported, moving on", jWEAlgorithm);
            } else if (buildKeyEncryptionOrAgreementParameters(encryptionParameters, criteriaSet, list2, jWEAlgorithm)) {
                return;
            }
        }
    }

    private boolean buildDirectEncryptionParameters(@Nonnull EncryptionParameters encryptionParameters, @Nonnull CriteriaSet criteriaSet, @Nonnull List<EncryptionMethod> list, @Nonnull JWEAlgorithm jWEAlgorithm) {
        this.log.debug("Looking for encryption parameters for algorithm '{}'", jWEAlgorithm);
        for (EncryptionMethod encryptionMethod : list) {
            List<Credential> effectiveDataEncryptionCredentials = getEffectiveDataEncryptionCredentials(buildEncryptionKeyAlgorithmCriteria(criteriaSet, jWEAlgorithm, encryptionMethod));
            this.log.debug("Resolved {} possible direct encryption credential(s) for 'alg={}' and 'enc={}'", new Object[]{Integer.valueOf(effectiveDataEncryptionCredentials.size()), jWEAlgorithm.getName(), encryptionMethod.getName()});
            for (Credential credential : effectiveDataEncryptionCredentials) {
                if (checkCredentialSupportsAlgorithm(credential, jWEAlgorithm) && checkCredentialSupportsEncryptionMethod(credential, encryptionMethod)) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Resolved compatible key '{}' for 'alg={}' and 'enc={}'", new Object[]{CredentialConversionUtil.resolveKid(credential), jWEAlgorithm.getName(), encryptionMethod.getName()});
                    }
                    encryptionParameters.setKeyTransportEncryptionAlgorithm(JWEAlgorithm.DIR.getName());
                    encryptionParameters.setDataEncryptionCredential(credential);
                    encryptionParameters.setDataEncryptionAlgorithm(encryptionMethod.getName());
                    return true;
                }
            }
        }
        this.log.debug("No resolved credentials are compatible with algorithm '{}'", jWEAlgorithm);
        return false;
    }

    private boolean buildKeyWrappingParameters(@Nonnull EncryptionParameters encryptionParameters, @Nonnull CriteriaSet criteriaSet, @Nonnull List<EncryptionMethod> list, @Nonnull JWEAlgorithm jWEAlgorithm) {
        this.log.debug("Looking for encryption parameters for algorithm '{}'", jWEAlgorithm);
        for (EncryptionMethod encryptionMethod : list) {
            List<Credential> effectiveKeyTransportCredentials = getEffectiveKeyTransportCredentials(buildKeyManagmentAlgorithmCriteria(criteriaSet, jWEAlgorithm, encryptionMethod));
            this.log.debug("Resolved {} possible key transport credentials for 'alg={}' and 'enc={}'", new Object[]{Integer.valueOf(effectiveKeyTransportCredentials.size()), jWEAlgorithm.getName(), encryptionMethod.getName()});
            for (Credential credential : effectiveKeyTransportCredentials) {
                if (checkCredentialSupportsAlgorithm(credential, jWEAlgorithm)) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Resolved compatible key '{}' for 'alg={}' and 'enc={}'", new Object[]{CredentialConversionUtil.resolveKid(credential), jWEAlgorithm.getName(), encryptionMethod.getName()});
                    }
                    encryptionParameters.setKeyTransportEncryptionCredential(credential);
                    encryptionParameters.setKeyTransportEncryptionAlgorithm(jWEAlgorithm.getName());
                    encryptionParameters.setDataEncryptionAlgorithm(encryptionMethod.getName());
                    return true;
                }
            }
        }
        this.log.debug("No resolved credentials are compatible with algorithm '{}'", jWEAlgorithm);
        return false;
    }

    private boolean buildKeyEncryptionOrAgreementParameters(@Nonnull EncryptionParameters encryptionParameters, @Nonnull CriteriaSet criteriaSet, @Nonnull List<EncryptionMethod> list, @Nonnull JWEAlgorithm jWEAlgorithm) {
        this.log.debug("Looking for encryption parameters for algorithm '{}'", jWEAlgorithm);
        EncryptionMethod resolveEncryptionMethod = resolveEncryptionMethod(list);
        if (resolveEncryptionMethod == null) {
            this.log.debug("Could not resolve encryption method");
            return false;
        }
        List<Credential> effectiveKeyTransportCredentials = getEffectiveKeyTransportCredentials(buildKeyManagmentAlgorithmCriteria(criteriaSet, jWEAlgorithm, resolveEncryptionMethod));
        this.log.debug("Resolved {} possible key transport credentials for 'alg={}'", Integer.valueOf(effectiveKeyTransportCredentials.size()), jWEAlgorithm.getName());
        for (Credential credential : effectiveKeyTransportCredentials) {
            if (checkCredentialSupportsAlgorithm(credential, jWEAlgorithm)) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Resolved compatible key '{}' for 'alg={}' and 'enc={}'", new Object[]{CredentialConversionUtil.resolveKid(credential), jWEAlgorithm.getName(), resolveEncryptionMethod.getName()});
                }
                encryptionParameters.setKeyTransportEncryptionCredential(credential);
                encryptionParameters.setKeyTransportEncryptionAlgorithm(jWEAlgorithm.getName());
                encryptionParameters.setDataEncryptionAlgorithm(resolveEncryptionMethod.getName());
                return true;
            }
        }
        this.log.debug("No resolved credentials are compatible with algorithm '{}'", jWEAlgorithm);
        return false;
    }

    private CriteriaSet buildKeyManagmentAlgorithmCriteria(@Nonnull CriteriaSet criteriaSet, @Nonnull JWEAlgorithm jWEAlgorithm, @Nonnull EncryptionMethod encryptionMethod) {
        CriteriaSet criteriaSet2 = new CriteriaSet();
        criteriaSet2.addAll(criteriaSet);
        criteriaSet2.add(new KeyManagmentAlgorithmCriterion(jWEAlgorithm.getName()));
        criteriaSet2.add(new DataEncryptionAlgorithmCriterion(encryptionMethod.getName()));
        String keyAlgorithm = AlgorithmSupport.getKeyAlgorithm(jWEAlgorithm.getName());
        if (!Strings.isNullOrEmpty(keyAlgorithm)) {
            criteriaSet2.add(new EvaluableKeyAlgorithmCredentialCriterion(new KeyAlgorithmCriterion(keyAlgorithm)));
        }
        return criteriaSet2;
    }

    private CriteriaSet buildEncryptionKeyAlgorithmCriteria(@Nonnull CriteriaSet criteriaSet, @Nonnull JWEAlgorithm jWEAlgorithm, @Nonnull EncryptionMethod encryptionMethod) {
        CriteriaSet criteriaSet2 = new CriteriaSet();
        criteriaSet2.addAll(criteriaSet);
        criteriaSet2.add(new KeyManagmentAlgorithmCriterion(jWEAlgorithm.getName()));
        criteriaSet2.add(new DataEncryptionAlgorithmCriterion(encryptionMethod.getName()));
        String keyAlgorithm = AlgorithmSupport.getKeyAlgorithm(encryptionMethod.getName());
        if (!Strings.isNullOrEmpty(keyAlgorithm)) {
            criteriaSet2.add(new EvaluableKeyAlgorithmCredentialCriterion(new KeyAlgorithmCriterion(keyAlgorithm)));
        }
        return criteriaSet2;
    }

    protected boolean checkCredentialSupportsAlgorithm(@Nonnull Credential credential, @Nonnull JWEAlgorithm jWEAlgorithm) {
        if (credential instanceof JWKCredential) {
            return (credential.getUsageType() == UsageType.ENCRYPTION || credential.getUsageType() == UsageType.UNSPECIFIED) && checkKeyWithAlgorithm((JWKCredential) credential, jWEAlgorithm) && checkKeyAlgorithmAndLength(credential, jWEAlgorithm.getName());
        }
        return false;
    }

    protected boolean checkCredentialSupportsEncryptionMethod(@Nonnull Credential credential, @Nonnull EncryptionMethod encryptionMethod) {
        return AlgorithmSupport.checkKeyAlgorithmAndLength(CredentialSupport.extractEncryptionKey(credential), getAlgorithmRegistry().get(encryptionMethod.getName()));
    }

    private boolean checkKeyWithAlgorithm(@Nonnull JWKCredential jWKCredential, @Nonnull JWEAlgorithm jWEAlgorithm) {
        if (jWKCredential.getAlgorithm() != null) {
            return jWEAlgorithm.equals(jWKCredential.getAlgorithm());
        }
        Key extractEncryptionKey = CredentialSupport.extractEncryptionKey(jWKCredential);
        if (JWEAlgorithm.Family.RSA.contains(jWEAlgorithm) && extractEncryptionKey.getAlgorithm().equals("RSA")) {
            return true;
        }
        if (JWEAlgorithm.Family.ECDH_ES.contains(jWEAlgorithm) && extractEncryptionKey.getAlgorithm().equals("EC")) {
            return true;
        }
        return JWEAlgorithm.Family.SYMMETRIC.contains(jWEAlgorithm) && extractEncryptionKey.getAlgorithm().equals("AES");
    }

    @Nonnull
    protected List<Credential> getEffectiveDataEncryptionCredentials(@Nonnull CriteriaSet criteriaSet) {
        CredentialResolver resolveContentEncryptionKeyCredentialResolver = resolveContentEncryptionKeyCredentialResolver(criteriaSet);
        if (resolveContentEncryptionKeyCredentialResolver == null) {
            return Collections.emptyList();
        }
        try {
            ArrayList arrayList = new ArrayList();
            Iterable resolve = resolveContentEncryptionKeyCredentialResolver.resolve(criteriaSet);
            Objects.requireNonNull(arrayList);
            resolve.forEach((v1) -> {
                r1.add(v1);
            });
            return arrayList;
        } catch (ResolverException e) {
            this.log.warn("Unable to resolve data encryption credentials", e);
            return Collections.emptyList();
        }
    }

    @Nonnull
    protected List<Credential> getEffectiveKeyTransportCredentials(@Nonnull CriteriaSet criteriaSet) {
        CredentialResolver resolveKEKCredentialResolver = resolveKEKCredentialResolver(criteriaSet);
        if (resolveKEKCredentialResolver == null) {
            return Collections.emptyList();
        }
        try {
            ArrayList arrayList = new ArrayList();
            Iterable resolve = resolveKEKCredentialResolver.resolve(criteriaSet);
            Objects.requireNonNull(arrayList);
            resolve.forEach((v1) -> {
                r1.add(v1);
            });
            return arrayList;
        } catch (ResolverException e) {
            this.log.warn("Unable to resolve data encryption credentials", e);
            return Collections.emptyList();
        }
    }

    @Nullable
    protected EncryptionMethod resolveEncryptionMethod(@Nonnull List<EncryptionMethod> list) {
        if (list.isEmpty()) {
            return null;
        }
        return list.get(0);
    }

    @Nonnull
    protected List<JWEAlgorithm> convertStringAlgorithmURIsToJwkAlgorithms(@Nonnull List<String> list) {
        return (List) list.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(JWEAlgorithm::parse).collect(Collectors.toList());
    }

    @Nonnull
    protected List<EncryptionMethod> convertStringEncryptionMethodURIsToEncryptionMethods(@Nonnull List<String> list) {
        return (List) list.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(EncryptionMethod::parse).collect(Collectors.toList());
    }

    @Nonnull
    protected Predicate<String> getAlgorithmRuntimeSupportedPredicate() {
        return new AlgorithmRuntimeSupportedPredicate(getAlgorithmRegistry());
    }

    protected boolean credentialSupportsAlgorithm(@Nonnull Credential credential, @Nonnull @NotEmpty String str) {
        return AlgorithmSupport.credentialSupportsAlgorithmForEncryption(credential, getAlgorithmRegistry().get(str));
    }

    protected boolean checkKeyAlgorithmAndLength(@Nonnull Credential credential, @Nonnull @NotEmpty String str) {
        Key extractEncryptionKey = CredentialSupport.extractEncryptionKey(credential);
        if (extractEncryptionKey == null) {
            return false;
        }
        boolean checkKeyAlgorithmAndLength = AlgorithmSupport.checkKeyAlgorithmAndLength(extractEncryptionKey, getAlgorithmRegistry().get(str));
        if (!checkKeyAlgorithmAndLength) {
            this.log.trace("Key '{}' does not match algorithm and key length requirement for '{}'", CredentialConversionUtil.resolveKid(credential), str);
        }
        return checkKeyAlgorithmAndLength;
    }

    protected boolean isKeyEncryptionAlgorithm(@Nonnull String str) {
        return AlgorithmSupport.isKeyEncryptionAlgorithm(getAlgorithmRegistry().get(str));
    }

    protected boolean isDataEncryptionAlgorithm(String str) {
        return AlgorithmSupport.isDataEncryptionAlgorithm(getAlgorithmRegistry().get(str));
    }
}
