package org.opensaml.xmlsec.encryption.support;

import com.google.common.base.Strings;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Key;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.XMLConstants;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import net.shibboleth.utilities.java.support.xml.QNameSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.apache.tools.ant.util.XmlConstants;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLRuntimeException;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.Unmarshaller;
import org.opensaml.core.xml.io.UnmarshallerFactory;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.KeyAlgorithmCriterion;
import org.opensaml.security.criteria.KeyLengthCriterion;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.EncryptedType;
import org.opensaml.xmlsec.encryption.EncryptionMethod;
import org.opensaml.xmlsec.encryption.MGF;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCriterion;
import org.opensaml.xmlsec.signature.DigestMethod;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/opensaml-xmlsec-api-3.1.1.jar:org/opensaml/xmlsec/encryption/support/Decrypter.class */
public class Decrypter {
    private final ParserPool parserPool;
    private final UnmarshallerFactory unmarshallerFactory;
    private final Logger log;
    private KeyInfoCredentialResolver resolver;
    private KeyInfoCredentialResolver kekResolver;
    private EncryptedKeyResolver encKeyResolver;
    private Collection<String> whitelistedAlgorithmURIs;
    private Collection<String> blacklistedAlgorithmURIs;
    private CriteriaSet resolverCriteria;
    private CriteriaSet kekResolverCriteria;
    private String jcaProviderName;
    private boolean defaultRootInNewDocument;

    public Decrypter(DecryptionParameters decryptionParameters) {
        this(decryptionParameters.getDataKeyInfoCredentialResolver(), decryptionParameters.getKEKKeyInfoCredentialResolver(), decryptionParameters.getEncryptedKeyResolver(), decryptionParameters.getWhitelistedAlgorithms(), decryptionParameters.getBlacklistedAlgorithms());
    }

    public Decrypter(@Nullable KeyInfoCredentialResolver keyInfoCredentialResolver, @Nullable KeyInfoCredentialResolver keyInfoCredentialResolver2, @Nullable EncryptedKeyResolver encryptedKeyResolver) {
        this(keyInfoCredentialResolver, keyInfoCredentialResolver2, encryptedKeyResolver, null, null);
    }

    public Decrypter(@Nullable KeyInfoCredentialResolver keyInfoCredentialResolver, @Nullable KeyInfoCredentialResolver keyInfoCredentialResolver2, @Nullable EncryptedKeyResolver encryptedKeyResolver, @Nullable Collection<String> collection, @Nullable Collection<String> collection2) {
        this();
        this.resolver = keyInfoCredentialResolver;
        this.kekResolver = keyInfoCredentialResolver2;
        this.encKeyResolver = encryptedKeyResolver;
        this.whitelistedAlgorithmURIs = collection;
        this.blacklistedAlgorithmURIs = collection2;
    }

    private Decrypter() {
        this.log = LoggerFactory.getLogger((Class<?>) Decrypter.class);
        this.resolverCriteria = null;
        this.kekResolverCriteria = null;
        this.parserPool = buildParserPool();
        this.unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
        this.defaultRootInNewDocument = false;
    }

    public boolean isRootInNewDocument() {
        return this.defaultRootInNewDocument;
    }

    public void setRootInNewDocument(boolean z) {
        this.defaultRootInNewDocument = z;
    }

    @Nullable
    public String getJCAProviderName() {
        return this.jcaProviderName;
    }

    public void setJCAProviderName(@Nullable String str) {
        this.jcaProviderName = str;
    }

    public CriteriaSet getKeyResolverCriteria() {
        return this.resolverCriteria;
    }

    public void setKeyResolverCriteria(CriteriaSet criteriaSet) {
        this.resolverCriteria = criteriaSet;
    }

    public CriteriaSet getKEKResolverCriteria() {
        return this.kekResolverCriteria;
    }

    public void setKEKResolverCriteria(CriteriaSet criteriaSet) {
        this.kekResolverCriteria = criteriaSet;
    }

    @Nonnull
    public XMLObject decryptData(@Nonnull EncryptedData encryptedData) throws DecryptionException {
        return decryptData(encryptedData, isRootInNewDocument());
    }

    @Nonnull
    public XMLObject decryptData(@Nonnull EncryptedData encryptedData, boolean z) throws DecryptionException {
        List<XMLObject> decryptDataToList = decryptDataToList(encryptedData, z);
        if (decryptDataToList.size() == 1) {
            return decryptDataToList.get(0);
        }
        this.log.error("The decrypted data contained more than one top-level XMLObject child");
        throw new DecryptionException("The decrypted data contained more than one XMLObject child");
    }

    @Nonnull
    public List<XMLObject> decryptDataToList(@Nonnull EncryptedData encryptedData) throws DecryptionException {
        return decryptDataToList(encryptedData, isRootInNewDocument());
    }

    @Nonnull
    public List<XMLObject> decryptDataToList(@Nonnull EncryptedData encryptedData, boolean z) throws DecryptionException {
        LinkedList linkedList = new LinkedList();
        NodeList childNodes = decryptDataToDOM(encryptedData).getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() != 1) {
                this.log.error("Decryption returned a top-level node that was not of type Element: " + ((int) item.getNodeType()));
                throw new DecryptionException("Top-level node was not of type Element");
            }
            Element element = (Element) item;
            if (z) {
                try {
                    Document newDocument = this.parserPool.newDocument();
                    newDocument.adoptNode(element);
                    newDocument.appendChild(element);
                } catch (XMLParserException e) {
                    this.log.error("There was an error creating a new DOM Document", (Throwable) e);
                    throw new DecryptionException("Error creating new DOM Document", e);
                }
            }
            try {
                Unmarshaller unmarshaller = this.unmarshallerFactory.getUnmarshaller(element);
                if (unmarshaller == null) {
                    unmarshaller = this.unmarshallerFactory.getUnmarshaller(XMLObjectProviderRegistrySupport.getDefaultProviderQName());
                    if (unmarshaller == null) {
                        String str = "No unmarshaller available for " + QNameSupport.getNodeQName(element);
                        this.log.error(str);
                        throw new UnmarshallingException(str);
                    }
                    this.log.debug("No unmarshaller was registered for {}. Using default unmarshaller.", QNameSupport.getNodeQName(element));
                }
                linkedList.add(unmarshaller.unmarshall(element));
            } catch (UnmarshallingException e2) {
                this.log.error("There was an error during unmarshalling of the decrypted element", (Throwable) e2);
                throw new DecryptionException("Unmarshalling error during decryption", e2);
            }
        }
        return linkedList;
    }

    @Nonnull
    public DocumentFragment decryptDataToDOM(@Nonnull EncryptedData encryptedData) throws DecryptionException {
        Constraint.isNotNull(encryptedData, "EncryptedData cannot be null");
        if (this.resolver == null && this.encKeyResolver == null) {
            this.log.error("Decryption can not be attempted, required resolvers are not available");
            throw new DecryptionException("Unable to decrypt EncryptedData, required resolvers are not available");
        }
        if (this.resolver != null) {
            DocumentFragment decryptUsingResolvedKey = decryptUsingResolvedKey(encryptedData);
            if (decryptUsingResolvedKey != null) {
                return decryptUsingResolvedKey;
            }
            this.log.debug("Failed to decrypt EncryptedData using standard KeyInfo resolver");
        }
        String algorithm = encryptedData.getEncryptionMethod().getAlgorithm();
        if (Strings.isNullOrEmpty(algorithm)) {
            this.log.error("EncryptedData's EncryptionMethod Algorithm attribute was empty, key decryption could not be attempted");
            throw new DecryptionException("EncryptedData's EncryptionMethod Algorithm attribute was empty, key decryption could not be attempted");
        }
        if (this.encKeyResolver != null) {
            DocumentFragment decryptUsingResolvedEncryptedKey = decryptUsingResolvedEncryptedKey(encryptedData, algorithm);
            if (decryptUsingResolvedEncryptedKey != null) {
                return decryptUsingResolvedEncryptedKey;
            }
            this.log.debug("Failed to decrypt EncryptedData using EncryptedKeyResolver");
        }
        this.log.error("Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver");
        throw new DecryptionException("Failed to decrypt EncryptedData");
    }

    @Nonnull
    public DocumentFragment decryptDataToDOM(@Nonnull EncryptedData encryptedData, @Nonnull Key key) throws DecryptionException {
        Constraint.isNotNull(encryptedData, "EncryptedData cannot be null");
        Constraint.isNotNull(key, "Data decryption key cannot be null");
        if (!"http://www.w3.org/2001/04/xmlenc#Element".equals(encryptedData.getType())) {
            this.log.error("EncryptedData was of unsupported type '" + encryptedData.getType() + "', could not attempt decryption");
            throw new DecryptionException("EncryptedData of unsupported type was encountered");
        }
        validateAlgorithms(encryptedData);
        try {
            checkAndMarshall(encryptedData);
            Element dom = encryptedData.getDOM();
            try {
                XMLCipher providerInstance = getJCAProviderName() != null ? XMLCipher.getProviderInstance(getJCAProviderName()) : XMLCipher.getInstance();
                providerInstance.init(2, key);
                try {
                    byte[] decryptToByteArray = providerInstance.decryptToByteArray(dom);
                    if (decryptToByteArray == null) {
                        throw new DecryptionException("EncryptedData could not be decrypted");
                    }
                    return parseInputStream(new ByteArrayInputStream(decryptToByteArray), encryptedData.getDOM().getOwnerDocument());
                } catch (XMLEncryptionException e) {
                    this.log.error("Error decrypting the encrypted data element", (Throwable) e);
                    throw new DecryptionException("Error decrypting the encrypted data element", e);
                } catch (Exception e2) {
                    throw new DecryptionException("Probable runtime exception on decryption:" + e2.getMessage(), e2);
                }
            } catch (XMLEncryptionException e3) {
                this.log.error("Error initialzing cipher instance on data decryption", (Throwable) e3);
                throw new DecryptionException("Error initialzing cipher instance on data decryption", e3);
            }
        } catch (DecryptionException e4) {
            this.log.error("Error marshalling EncryptedData for decryption", (Throwable) e4);
            throw e4;
        }
    }

    @Nonnull
    public Key decryptKey(@Nonnull EncryptedKey encryptedKey, @Nonnull String str) throws DecryptionException {
        if (this.kekResolver == null) {
            this.log.warn("No KEK KeyInfo credential resolver is available, cannot attempt EncryptedKey decryption");
            throw new DecryptionException("No KEK KeyInfo resolver is available for EncryptedKey decryption");
        }
        if (Strings.isNullOrEmpty(str)) {
            this.log.error("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
            throw new DecryptionException("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
        }
        try {
            Iterator<Credential> it = this.kekResolver.resolve(buildCredentialCriteria(encryptedKey, this.kekResolverCriteria)).iterator();
            while (it.hasNext()) {
                try {
                    return decryptKey(encryptedKey, str, CredentialSupport.extractDecryptionKey(it.next()));
                } catch (DecryptionException e) {
                    this.log.debug("Attempt to decrypt EncryptedKey using credential from KEK KeyInfo resolver failed: ", (Throwable) e);
                }
            }
        } catch (ResolverException e2) {
            this.log.error("Error resolving credentials from EncryptedKey KeyInfo", (Throwable) e2);
        }
        this.log.error("Failed to decrypt EncryptedKey, valid decryption key could not be resolved");
        throw new DecryptionException("Valid decryption key for EncryptedKey could not be resolved");
    }

    @Nonnull
    public Key decryptKey(@Nonnull EncryptedKey encryptedKey, @Nonnull String str, @Nonnull Key key) throws DecryptionException {
        if (key == null) {
            this.log.error("Data encryption key was null");
            throw new IllegalArgumentException("Data encryption key cannot be null");
        }
        if (Strings.isNullOrEmpty(str)) {
            this.log.error("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
            throw new DecryptionException("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
        }
        validateAlgorithms(encryptedKey);
        try {
            checkAndMarshall(encryptedKey);
            preProcessEncryptedKey(encryptedKey, str, key);
            try {
                XMLCipher providerInstance = getJCAProviderName() != null ? XMLCipher.getProviderInstance(getJCAProviderName()) : XMLCipher.getInstance();
                providerInstance.init(4, key);
                try {
                    Element dom = encryptedKey.getDOM();
                    try {
                        Key decryptKey = providerInstance.decryptKey(providerInstance.loadEncryptedKey(dom.getOwnerDocument(), dom), str);
                        if (decryptKey == null) {
                            throw new DecryptionException("Key could not be decrypted");
                        }
                        return decryptKey;
                    } catch (XMLEncryptionException e) {
                        this.log.error("Error decrypting encrypted key", (Throwable) e);
                        throw new DecryptionException("Error decrypting encrypted key", e);
                    } catch (Exception e2) {
                        throw new DecryptionException("Probable runtime exception on decryption:" + e2.getMessage(), e2);
                    }
                } catch (XMLEncryptionException e3) {
                    this.log.error("Error when loading library native encrypted key representation", (Throwable) e3);
                    throw new DecryptionException("Error when loading library native encrypted key representation", e3);
                }
            } catch (XMLEncryptionException e4) {
                this.log.error("Error initialzing cipher instance on key decryption", (Throwable) e4);
                throw new DecryptionException("Error initialzing cipher instance on key decryption", e4);
            }
        } catch (DecryptionException e5) {
            this.log.error("Error marshalling EncryptedKey for decryption", (Throwable) e5);
            throw e5;
        }
    }

    protected void preProcessEncryptedKey(@Nonnull EncryptedKey encryptedKey, @Nonnull String str, @Nonnull Key key) throws DecryptionException {
    }

    @Nullable
    private DocumentFragment decryptUsingResolvedKey(@Nonnull EncryptedData encryptedData) {
        if (this.resolver == null) {
            return null;
        }
        try {
            Iterator<Credential> it = this.resolver.resolve(buildCredentialCriteria(encryptedData, this.resolverCriteria)).iterator();
            while (it.hasNext()) {
                try {
                    return decryptDataToDOM(encryptedData, CredentialSupport.extractDecryptionKey(it.next()));
                } catch (DecryptionException e) {
                    this.log.debug("Decryption attempt using credential from standard KeyInfo resolver failed: ", (Throwable) e);
                }
            }
            return null;
        } catch (ResolverException e2) {
            this.log.error("Error resolving credentials from EncryptedData KeyInfo", (Throwable) e2);
            return null;
        }
    }

    @Nullable
    private DocumentFragment decryptUsingResolvedEncryptedKey(@Nonnull EncryptedData encryptedData, @Nonnull String str) {
        if (this.encKeyResolver == null) {
            return null;
        }
        Iterator<EncryptedKey> it = this.encKeyResolver.resolve(encryptedData).iterator();
        while (it.hasNext()) {
            try {
                return decryptDataToDOM(encryptedData, decryptKey(it.next(), str));
            } catch (DecryptionException e) {
                this.log.debug("Attempt to decrypt EncryptedData using key extracted from EncryptedKey failed: ", (Throwable) e);
            }
        }
        return null;
    }

    @Nonnull
    private DocumentFragment parseInputStream(@Nonnull InputStream inputStream, @Nonnull Document document) throws DecryptionException {
        try {
            Element documentElement = this.parserPool.parse(inputStream).getDocumentElement();
            document.adoptNode(documentElement);
            DocumentFragment createDocumentFragment = document.createDocumentFragment();
            createDocumentFragment.appendChild(documentElement);
            return createDocumentFragment;
        } catch (XMLParserException e) {
            this.log.error("Error parsing decrypted input stream", (Throwable) e);
            throw new DecryptionException("Error parsing input stream", e);
        }
    }

    @Nonnull
    private CriteriaSet buildCredentialCriteria(@Nonnull EncryptedType encryptedType, @Nullable CriteriaSet criteriaSet) {
        CriteriaSet criteriaSet2 = new CriteriaSet();
        criteriaSet2.add(new KeyInfoCriterion(encryptedType.getKeyInfo()));
        Set<Criterion> buildKeyCriteria = buildKeyCriteria(encryptedType);
        if (buildKeyCriteria != null && !buildKeyCriteria.isEmpty()) {
            criteriaSet2.addAll(buildKeyCriteria);
        }
        if (criteriaSet != null && !criteriaSet.isEmpty()) {
            criteriaSet2.addAll(criteriaSet);
        }
        if (!criteriaSet2.contains(UsageCriterion.class)) {
            criteriaSet2.add(new UsageCriterion(UsageType.ENCRYPTION));
        }
        return criteriaSet2;
    }

    @Nullable
    private Set<Criterion> buildKeyCriteria(@Nonnull EncryptedType encryptedType) {
        String trimOrNull;
        EncryptionMethod encryptionMethod = encryptedType.getEncryptionMethod();
        if (encryptionMethod == null || (trimOrNull = StringSupport.trimOrNull(encryptionMethod.getAlgorithm())) == null) {
            return null;
        }
        HashSet hashSet = new HashSet(2);
        KeyAlgorithmCriterion buildKeyAlgorithmCriteria = buildKeyAlgorithmCriteria(trimOrNull);
        if (buildKeyAlgorithmCriteria != null) {
            hashSet.add(buildKeyAlgorithmCriteria);
            this.log.debug("Added decryption key algorithm criteria: {}", buildKeyAlgorithmCriteria.getKeyAlgorithm());
        }
        KeyLengthCriterion buildKeyLengthCriteria = buildKeyLengthCriteria(trimOrNull);
        if (buildKeyLengthCriteria != null) {
            hashSet.add(buildKeyLengthCriteria);
            this.log.debug("Added decryption key length criteria from EncryptionMethod algorithm URI: {}", buildKeyLengthCriteria.getKeyLength());
        } else if (encryptionMethod.getKeySize() != null && encryptionMethod.getKeySize().getValue() != null) {
            KeyLengthCriterion keyLengthCriterion = new KeyLengthCriterion(encryptionMethod.getKeySize().getValue());
            hashSet.add(keyLengthCriterion);
            this.log.debug("Added decryption key length criteria from EncryptionMethod/KeySize: {}", keyLengthCriterion.getKeyLength());
        }
        return hashSet;
    }

    @Nullable
    private KeyAlgorithmCriterion buildKeyAlgorithmCriteria(@Nullable String str) {
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        String keyAlgorithm = AlgorithmSupport.getKeyAlgorithm(str);
        if (Strings.isNullOrEmpty(keyAlgorithm)) {
            return null;
        }
        return new KeyAlgorithmCriterion(keyAlgorithm);
    }

    @Nullable
    private KeyLengthCriterion buildKeyLengthCriteria(@Nullable String str) {
        Integer keyLength;
        if (Strings.isNullOrEmpty(str) && (keyLength = AlgorithmSupport.getKeyLength(str)) != null) {
            return new KeyLengthCriterion(keyLength);
        }
        return null;
    }

    protected void checkAndMarshall(@Nonnull XMLObject xMLObject) throws DecryptionException {
        Constraint.isNotNull(xMLObject, "XMLObject cannot be null");
        if (xMLObject.getDOM() == null) {
            Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject);
            if (marshaller == null) {
                marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(XMLObjectProviderRegistrySupport.getDefaultProviderQName());
                if (marshaller == null) {
                    String str = "No marshaller available for " + xMLObject.getElementQName();
                    this.log.error(str);
                    throw new DecryptionException(str);
                }
            }
            try {
                marshaller.marshall(xMLObject);
            } catch (MarshallingException e) {
                this.log.error("Error marshalling target XMLObject", (Throwable) e);
                throw new DecryptionException("Error marshalling target XMLObject", e);
            }
        }
    }

    protected ParserPool buildParserPool() {
        BasicParserPool basicParserPool = new BasicParserPool();
        HashMap hashMap = new HashMap();
        basicParserPool.setNamespaceAware(true);
        hashMap.put("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.FALSE);
        basicParserPool.setExpandEntityReferences(false);
        hashMap.put(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        hashMap.put(XmlConstants.FEATURE_DISALLOW_DTD, true);
        basicParserPool.setBuilderFeatures(hashMap);
        try {
            basicParserPool.initialize();
            return basicParserPool;
        } catch (ComponentInitializationException e) {
            throw new XMLRuntimeException("Problem initializing Decrypter internal ParserPool", e);
        }
    }

    protected void validateAlgorithms(@Nonnull EncryptedKey encryptedKey) throws DecryptionException {
        String algorithm = encryptedKey.getEncryptionMethod().getAlgorithm();
        validateAlgorithmURI(algorithm);
        if (AlgorithmSupport.isRSAOAEP(algorithm)) {
            String str = null;
            List<XMLObject> unknownXMLObjects = encryptedKey.getEncryptionMethod().getUnknownXMLObjects(DigestMethod.DEFAULT_ELEMENT_NAME);
            if (unknownXMLObjects.size() > 0) {
                str = StringSupport.trimOrNull(((DigestMethod) unknownXMLObjects.get(0)).getAlgorithm());
            }
            if (str == null) {
                str = "http://www.w3.org/2000/09/xmldsig#sha1";
            }
            validateAlgorithmURI(str);
            String str2 = null;
            List<XMLObject> unknownXMLObjects2 = encryptedKey.getEncryptionMethod().getUnknownXMLObjects(MGF.DEFAULT_ELEMENT_NAME);
            if (unknownXMLObjects2.size() > 0) {
                str2 = StringSupport.trimOrNull(((MGF) unknownXMLObjects2.get(0)).getAlgorithm());
            }
            if (str2 == null) {
                str2 = "http://www.w3.org/2009/xmlenc11#mgf1sha1";
            }
            validateAlgorithmURI(str2);
        }
    }

    protected void validateAlgorithms(@Nonnull EncryptedData encryptedData) throws DecryptionException {
        validateAlgorithmURI(encryptedData.getEncryptionMethod().getAlgorithm());
    }

    protected void validateAlgorithmURI(@Nonnull String str) throws DecryptionException {
        this.log.debug("Validating algorithm URI against whitelist and blacklist: algorithm: {}, whitelist: {}, blacklist: {}", str, this.whitelistedAlgorithmURIs, this.blacklistedAlgorithmURIs);
        if (!AlgorithmSupport.validateAlgorithmURI(str, this.whitelistedAlgorithmURIs, this.blacklistedAlgorithmURIs)) {
            throw new DecryptionException("Algorithm failed whitelist/blacklist validation: " + str);
        }
    }

    static {
        if (Init.isInitialized()) {
            return;
        }
        Init.init();
    }
}
