package org.jgroups.protocols;

import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.jgroups.Address;
import org.jgroups.Event;
import org.jgroups.Global;
import org.jgroups.MergeView;
import org.jgroups.Message;
import org.jgroups.View;
import org.jgroups.annotations.MBean;
import org.jgroups.annotations.ManagedAttribute;
import org.jgroups.annotations.Property;
import org.jgroups.conf.ClassConfigurator;
import org.jgroups.logging.Log;
import org.jgroups.protocols.pbcast.GMS;
import org.jgroups.util.AsciiString;
import org.jgroups.util.ByteArray;
import org.jgroups.util.ByteArrayDataInputStream;
import org.jgroups.util.ByteArrayDataOutputStream;
import org.jgroups.util.MessageBatch;
import org.jgroups.util.Tuple;
import org.jgroups.util.Util;

@MBean(description = "Asymmetric encryption protocol. The secret key for encryption and decryption of messages is fetched from a key server (the coordinator) via asymmetric encryption")
/* loaded from: input_file:org/jgroups/protocols/ASYM_ENCRYPT.class */
public class ASYM_ENCRYPT extends Encrypt<KeyStore.PrivateKeyEntry> {

    @Property(description = "When a node leaves, change the secret group key, preventing old members from eavesdropping")
    protected boolean change_key_on_leave;

    @Property(description = "If true, a separate KeyExchange protocol (somewhere in the stack) is used to fetch the shared secret key. If false, the default (built-in) key exchange protocol will be used.")
    protected boolean use_external_key_exchange;
    protected KeyExchange key_exchange;
    protected volatile Address key_server_addr;
    protected volatile boolean send_group_keys;
    protected KeyPair key_pair;
    protected Cipher asym_cipher;
    protected static final short GMS_ID = ClassConfigurator.getProtocolId(GMS.class);
    protected static final ThreadLocal<Address> srv_addr = new ThreadLocal<>();

    @Property(description = "Change the secret group key when the coordinator changes. If enabled, this will take place even if change_key_on_leave is disabled.")
    protected boolean change_key_on_coord_leave = true;
    protected final Map<Address, byte[]> pub_map = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/jgroups/protocols/ASYM_ENCRYPT$Processing.class */
    public enum Processing {
        SKIP,
        PROCESS,
        DROP
    }

    @Override // org.jgroups.protocols.Encrypt
    public ASYM_ENCRYPT setKeyStoreEntry(KeyStore.PrivateKeyEntry privateKeyEntry) {
        this.key_pair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        return this;
    }

    public boolean getChangeKeyOnLeave() {
        return this.change_key_on_leave;
    }

    public ASYM_ENCRYPT setChangeKeyOnLeave(boolean z) {
        this.change_key_on_leave = z;
        return this;
    }

    public boolean getChangeKeyOnCoordLeave() {
        return this.change_key_on_coord_leave;
    }

    public ASYM_ENCRYPT setChangeKeyOnCoordLeave(boolean z) {
        this.change_key_on_coord_leave = z;
        return this;
    }

    public boolean getUseExternalKeyExchange() {
        return this.use_external_key_exchange;
    }

    public ASYM_ENCRYPT setUseExternalKeyExchange(boolean z) {
        this.use_external_key_exchange = z;
        return this;
    }

    public KeyPair keyPair() {
        return this.key_pair;
    }

    public Cipher asymCipher() {
        return this.asym_cipher;
    }

    public Address keyServerAddr() {
        return this.key_server_addr;
    }

    public ASYM_ENCRYPT keyServerAddr(Address address) {
        this.key_server_addr = address;
        return this;
    }

    @Override // org.jgroups.stack.Protocol
    public List<Integer> providedDownServices() {
        return Arrays.asList(Integer.valueOf(Event.GET_SECRET_KEY), Integer.valueOf(Event.SET_SECRET_KEY));
    }

    @ManagedAttribute(description = "Keys in the public key map")
    public String getPublicKeys() {
        return this.pub_map.keySet().toString();
    }

    @ManagedAttribute(description = "The current key server")
    public String getKeyServerAddress() {
        return this.key_server_addr != null ? this.key_server_addr.toString() : "null";
    }

    @ManagedAttribute(description = "True if this member is the current key server, false otherwise")
    public boolean isKeyServer() {
        return Objects.equals(this.key_server_addr, this.local_addr);
    }

    @Override // org.jgroups.protocols.Encrypt, org.jgroups.stack.Protocol
    public void init() throws Exception {
        this.send_group_keys = false;
        initKeyPair();
        super.init();
        if (this.use_external_key_exchange) {
            fetchAndSetKeyExchange();
        }
    }

    @Override // org.jgroups.stack.Protocol
    public void start() throws Exception {
        super.start();
        this.pub_map.put(this.local_addr, this.key_pair.getPublic().getEncoded());
    }

    @Override // org.jgroups.protocols.Encrypt, org.jgroups.stack.Protocol
    public Object down(Event event) {
        if (event.type() == 114) {
            createNewKey("because of an INSTALL_MERGE_VIEW event");
        }
        return super.down(event);
    }

    @Override // org.jgroups.protocols.Encrypt, org.jgroups.stack.Protocol
    public Object down(Message message) {
        Processing skipDownMessage = skipDownMessage(message);
        if (skipDownMessage == Processing.PROCESS) {
            return super.down(message);
        }
        if (skipDownMessage == Processing.SKIP) {
            return this.down_prot.down(message);
        }
        return null;
    }

    @Override // org.jgroups.protocols.Encrypt, org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Event event) {
        switch (event.type()) {
            case Event.GET_SECRET_KEY /* 111 */:
                return new Tuple(this.secret_key, this.sym_version);
            case Event.SET_SECRET_KEY /* 112 */:
                Tuple tuple = (Tuple) event.arg();
                try {
                    installSharedGroupKey(null, (SecretKey) tuple.getVal1(), (byte[]) tuple.getVal2());
                    return null;
                } catch (Exception e) {
                    this.log.error("failed setting group key", e);
                    return null;
                }
            default:
                return this.up_prot.up(event);
        }
    }

    @Override // org.jgroups.protocols.Encrypt, org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Message message) {
        if (dropMulticastMessageFromNonMember(message)) {
            return null;
        }
        return skipUpMessage(message) ? this.up_prot.up(message) : super.up(message);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.jgroups.util.MessageIterator] */
    @Override // org.jgroups.protocols.Encrypt, org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public void up(MessageBatch messageBatch) {
        ?? iterator2 = messageBatch.iterator2();
        while (iterator2.hasNext()) {
            Message message = (Message) iterator2.next();
            if (dropMulticastMessageFromNonMember(message)) {
                iterator2.remove();
            } else if (skipUpMessage(message)) {
                try {
                    this.up_prot.up(message);
                    iterator2.remove();
                } catch (Throwable th) {
                    this.log.error("failed passing up message from %s: %s, ex=%s", message.src(), message.printHeaders(), th);
                }
            }
        }
        if (messageBatch.isEmpty()) {
            return;
        }
        super.up(messageBatch);
    }

    protected boolean dropMulticastMessageFromNonMember(Message message) {
        return message.dest() == null && !inView(message.src(), String.format("%s: dropped multicast message from non-member %s", this.local_addr, message.getSrc()));
    }

    public ASYM_ENCRYPT fetchAndSetKeyExchange() {
        KeyExchange keyExchange = (KeyExchange) this.stack.findProtocol(KeyExchange.class);
        this.key_exchange = keyExchange;
        if (keyExchange == null) {
            throw new IllegalStateException(KeyExchange.class.getSimpleName() + " not found in stack");
        }
        return this;
    }

    protected static void cacheServerAddress(Address address) {
        srv_addr.set(address);
    }

    protected static Address getCachedServerAddress() {
        Address address = srv_addr.get();
        srv_addr.remove();
        return address;
    }

    protected Processing skipDownMessage(Message message) {
        GMS.GmsHeader gmsHeader = (GMS.GmsHeader) message.getHeader(GMS_ID);
        if (gmsHeader == null) {
            return Processing.PROCESS;
        }
        switch (gmsHeader.getType()) {
            case 1:
            case 7:
            case 11:
                if (this.use_external_key_exchange) {
                    return Processing.SKIP;
                }
                this.down_prot.down(addKeysToMessage(message, true, false, null));
                return Processing.DROP;
            case 2:
                return addMetadata(message, false, message.getDest(), true);
            case 5:
                boolean z = this.send_group_keys;
                this.send_group_keys = false;
                return addMetadata(message, z, null, z);
            case 6:
            case 10:
            case 13:
            case 14:
                return Processing.SKIP;
            case 8:
                if (!Objects.equals(this.local_addr, message.dest())) {
                    return addMetadata(message, true, null, true);
                }
                break;
        }
        return Processing.PROCESS;
    }

    protected boolean skipUpMessage(Message message) {
        GMS.GmsHeader gmsHeader = (GMS.GmsHeader) message.getHeader(GMS_ID);
        if (gmsHeader == null) {
            return false;
        }
        EncryptHeader encryptHeader = (EncryptHeader) message.getHeader(this.id);
        switch (gmsHeader.getType()) {
            case 1:
            case 7:
            case 11:
                return processEncryptMessage(message, encryptHeader, true);
            case 2:
            case 5:
            case 8:
                if (gmsHeader.getType() == 8) {
                    cacheServerAddress(encryptHeader.server());
                }
                return processEncryptMessage(message, encryptHeader, false);
            case 3:
            case 4:
            case 9:
            case 12:
            default:
                return false;
            case 6:
            case 10:
            case 13:
            case 14:
                return true;
        }
    }

    protected boolean processEncryptMessage(Message message, EncryptHeader encryptHeader, boolean z) {
        if (encryptHeader == null) {
            return z;
        }
        switch (encryptHeader.type) {
            case 1:
                removeKeysFromMessageAndInstall(message, encryptHeader.version());
                break;
            case 2:
                if (!Objects.equals(this.local_addr, message.getSrc())) {
                    try {
                        Address server = encryptHeader.server() != null ? encryptHeader.server() : message.src();
                        if (this.log.isTraceEnabled()) {
                            this.log.trace("%s: fetching group key from %s", this.local_addr, server);
                        }
                        this.key_exchange.fetchSecretKeyFrom(server);
                        break;
                    } catch (Exception e) {
                        this.log.warn("%s: failed fetching group key from %s: %s", this.local_addr, message.src(), e);
                        break;
                    }
                }
                break;
        }
        return z;
    }

    protected void installPublicKeys(Address address, byte[] bArr, int i, int i2) {
        ByteArrayDataInputStream byteArrayDataInputStream = new ByteArrayDataInputStream(bArr, i, i2);
        try {
            int readInt = byteArrayDataInputStream.readInt();
            for (int i3 = 0; i3 < readInt; i3++) {
                Address readAddress = Util.readAddress(byteArrayDataInputStream);
                byte[] bArr2 = new byte[byteArrayDataInputStream.readInt()];
                byteArrayDataInputStream.readFully(bArr2, 0, bArr2.length);
                this.pub_map.put(readAddress, bArr2);
            }
            this.log.trace("%s: added %d public keys to local cache", this.local_addr, Integer.valueOf(readInt));
        } catch (Exception e) {
            this.log.error("%s: failed reading public keys received from %s: %s", this.local_addr, address, e);
        }
    }

    protected Processing addMetadata(Message message, boolean z, Address address, boolean z2) {
        try {
            if (this.use_external_key_exchange && !z2) {
                return Processing.PROCESS;
            }
            Message encrypt = encrypt(message);
            if (this.use_external_key_exchange) {
                Address serverLocation = this.key_exchange.getServerLocation();
                if (serverLocation == null) {
                    serverLocation = getCachedServerAddress();
                }
                Log log = this.log;
                Object[] objArr = new Object[4];
                objArr[0] = this.local_addr;
                objArr[1] = encrypt.getDest() == null ? "all members" : encrypt.getDest();
                objArr[2] = Util.byteArrayToHexString(this.sym_version);
                objArr[3] = serverLocation;
                log.trace("%s: asking %s to fetch the shared group key %s via an external key exchange protocol (srv=%s)", objArr);
                encrypt.putHeader(this.id, new EncryptHeader((byte) 2, symVersion(), getIv(encrypt)).server(serverLocation));
            } else {
                encrypt = addKeysToMessage(encrypt, false, z, address);
                if (z || address != null) {
                    Log log2 = this.log;
                    Object[] objArr2 = new Object[3];
                    objArr2[0] = this.local_addr;
                    objArr2[1] = encrypt.getDest() == null ? "all members" : encrypt.getDest();
                    objArr2[2] = Util.byteArrayToHexString(this.sym_version);
                    log2.trace("%s: sending encrypted group key to %s (version: %s)", objArr2);
                }
            }
            this.down_prot.down(encrypt);
            return Processing.DROP;
        } catch (Exception e) {
            this.log.warn("%s: unable to send message down: %s", this.local_addr, e.getMessage());
            return Processing.PROCESS;
        }
    }

    protected Message addKeysToMessage(Message message, boolean z, boolean z2, Address address) {
        ByteArrayDataOutputStream byteArrayDataOutputStream = new ByteArrayDataOutputStream((this.pub_map.size() * Global.BLOCKS_START_ID) + message.getLength());
        try {
            serializeKeys(byteArrayDataOutputStream, z2, address);
            if (message.getLength() > 0) {
                byteArrayDataOutputStream.write(message.getArray(), message.getOffset(), message.getLength());
            }
            return (z ? message.copy(true, true) : message).setArray(byteArrayDataOutputStream.getBuffer()).putHeader(this.id, new EncryptHeader((byte) 1, symVersion(), getIv(message)));
        } catch (Throwable th) {
            this.log.error("%s: failed adding keys to message: %s", this.local_addr, th);
            return null;
        }
    }

    protected void removeKeysFromMessageAndInstall(Message message, byte[] bArr) {
        ByteArrayDataInputStream byteArrayDataInputStream = new ByteArrayDataInputStream(message.getArray(), message.getOffset(), message.getLength());
        unserializeAndInstallKeys(message.getSrc(), bArr, byteArrayDataInputStream);
        int length = message.getLength();
        int offset = message.getOffset();
        int position = byteArrayDataInputStream.position();
        if (offset + position == length) {
            message.setArray(null, 0, 0);
        } else {
            message.setArray(message.getArray(), offset + position, length - position);
        }
    }

    protected void serializeKeys(ByteArrayDataOutputStream byteArrayDataOutputStream, boolean z, Address address) throws Exception {
        byteArrayDataOutputStream.writeInt(this.pub_map.size());
        int i = 0;
        for (Map.Entry<Address, byte[]> entry : this.pub_map.entrySet()) {
            Address key = entry.getKey();
            byte[] value = entry.getValue();
            Util.writeAddress(key, byteArrayDataOutputStream);
            byteArrayDataOutputStream.writeInt(value.length);
            byteArrayDataOutputStream.write(value, 0, value.length);
            if (z || Objects.equals(key, address)) {
                byte[] encryptSecretKey = encryptSecretKey(this.secret_key, makePublicKey(value));
                byteArrayDataOutputStream.writeInt(encryptSecretKey.length);
                byteArrayDataOutputStream.write(encryptSecretKey, 0, encryptSecretKey.length);
            } else {
                byteArrayDataOutputStream.writeInt(0);
            }
            i++;
        }
        int position = byteArrayDataOutputStream.position();
        byteArrayDataOutputStream.position(0).writeInt(i);
        byteArrayDataOutputStream.position(position);
    }

    protected void unserializeAndInstallKeys(Address address, byte[] bArr, ByteArrayDataInputStream byteArrayDataInputStream) {
        try {
            int readInt = byteArrayDataInputStream.readInt();
            for (int i = 0; i < readInt; i++) {
                Address readAddress = Util.readAddress(byteArrayDataInputStream);
                int readInt2 = byteArrayDataInputStream.readInt();
                if (readInt2 > 0) {
                    byte[] bArr2 = new byte[readInt2];
                    byteArrayDataInputStream.readFully(bArr2, 0, bArr2.length);
                    this.pub_map.put(readAddress, bArr2);
                }
                int readInt3 = byteArrayDataInputStream.readInt();
                if (readInt3 > 0) {
                    byte[] bArr3 = new byte[readInt3];
                    byteArrayDataInputStream.readFully(bArr3, 0, bArr3.length);
                    if (this.local_addr.equals(readAddress)) {
                        try {
                            SecretKeySpec decodeKey = decodeKey(bArr3);
                            if (decodeKey != null) {
                                installSharedGroupKey(address, decodeKey, bArr);
                            }
                        } catch (Exception e) {
                            this.log.warn("%s: unable to process key received from %s: %s", this.local_addr, address, e);
                        }
                    }
                }
            }
        } catch (Exception e2) {
            this.log.error("%s: failed reading keys received from %s: %s", this.local_addr, address, e2);
        }
    }

    protected static ByteArray serializeKeys(Map<Address, byte[]> map) throws Exception {
        int size = map.size();
        if (size == 0) {
            return null;
        }
        ByteArrayDataOutputStream byteArrayDataOutputStream = new ByteArrayDataOutputStream(size * 100);
        byteArrayDataOutputStream.writeInt(size);
        for (Map.Entry<Address, byte[]> entry : map.entrySet()) {
            Util.writeAddress(entry.getKey(), byteArrayDataOutputStream);
            byte[] value = entry.getValue();
            byteArrayDataOutputStream.writeInt(value.length);
            byteArrayDataOutputStream.write(value, 0, value.length);
        }
        return byteArrayDataOutputStream.getBuffer();
    }

    protected Map<Address, byte[]> unserializeKeys(Address address, byte[] bArr, int i, int i2) {
        HashMap hashMap = new HashMap();
        ByteArrayDataInputStream byteArrayDataInputStream = new ByteArrayDataInputStream(bArr, i, i2);
        try {
            int readInt = byteArrayDataInputStream.readInt();
            for (int i3 = 0; i3 < readInt; i3++) {
                Address readAddress = Util.readAddress(byteArrayDataInputStream);
                byte[] bArr2 = new byte[byteArrayDataInputStream.readInt()];
                byteArrayDataInputStream.readFully(bArr2, 0, bArr2.length);
                hashMap.put(readAddress, bArr2);
            }
        } catch (Exception e) {
            this.log.error("%s: failed reading keys received from %s: %s", this.local_addr, address, e);
        }
        return hashMap;
    }

    protected SecretKey createSecretKey() throws Exception {
        KeyGenerator keyGenerator = (this.provider == null || this.provider.trim().isEmpty()) ? KeyGenerator.getInstance(getAlgorithm(this.sym_algorithm)) : KeyGenerator.getInstance(getAlgorithm(this.sym_algorithm), this.provider);
        keyGenerator.init(this.sym_keylength);
        return keyGenerator.generateKey();
    }

    protected void initKeyPair() throws Exception {
        if (this.key_pair == null) {
            KeyPairGenerator keyPairGenerator = (this.provider == null || this.provider.trim().isEmpty()) ? KeyPairGenerator.getInstance(getAlgorithm(this.asym_algorithm)) : KeyPairGenerator.getInstance(getAlgorithm(this.asym_algorithm), this.provider);
            keyPairGenerator.initialize(this.asym_keylength, new SecureRandom());
            this.key_pair = keyPairGenerator.generateKeyPair();
        }
        if (this.provider == null || this.provider.trim().isEmpty()) {
            this.asym_cipher = Cipher.getInstance(this.asym_algorithm);
        } else {
            this.asym_cipher = Cipher.getInstance(this.asym_algorithm, this.provider);
        }
        this.asym_cipher.init(2, this.key_pair.getPrivate());
    }

    @Override // org.jgroups.protocols.Encrypt
    protected void handleView(View view) {
        this.pub_map.keySet().retainAll(view.getMembers());
        synchronized (this) {
            boolean z = !Objects.equals(view.getCoord(), this.key_server_addr);
            boolean z2 = (this.view == null || view.containsMembers(this.view.getMembersRaw())) ? false : true;
            super.handleView(view);
            this.key_server_addr = view.getCoord();
            boolean z3 = (this.secret_key == null || (this.change_key_on_leave && z2) || (this.change_key_on_coord_leave && z)) & (!(view instanceof MergeView));
            this.send_group_keys = z3 || (view instanceof MergeView);
            if (Objects.equals(this.key_server_addr, this.local_addr)) {
                if (z) {
                    this.log.debug("%s: I'm the new key server", this.local_addr);
                }
                if (z3) {
                    createNewKey("because of new view " + view);
                }
            }
        }
    }

    protected void createNewKey(String str) {
        try {
            this.secret_key = createSecretKey();
            initSymCiphers(this.sym_algorithm, this.secret_key);
            this.log.debug("%s: created new group key (version: %s) %s", this.local_addr, Util.byteArrayToHexString(this.sym_version), str);
            cacheGroupKey(this.sym_version);
        } catch (Exception e) {
            this.log.error("%s: failed creating group key and initializing ciphers", this.local_addr, e);
        }
    }

    protected synchronized void installSharedGroupKey(Address address, SecretKey secretKey, byte[] bArr) throws Exception {
        if (Arrays.equals(this.sym_version, bArr)) {
            Log log = this.log;
            Object[] objArr = new Object[3];
            objArr[0] = this.local_addr;
            objArr[1] = address != null ? address : "key exchange protocol";
            objArr[2] = Util.byteArrayToHexString(bArr);
            log.debug("%s: ignoring group key received from %s (version: %s); it has already been installed", objArr);
            return;
        }
        Log log2 = this.log;
        Object[] objArr2 = new Object[3];
        objArr2[0] = this.local_addr;
        objArr2[1] = address != null ? address : "key exchange protocol";
        objArr2[2] = Util.byteArrayToHexString(bArr);
        log2.debug("%s: installing group key received from %s (version: %s)", objArr2);
        this.secret_key = secretKey;
        initSymCiphers(this.sym_algorithm, secretKey);
        this.sym_version = bArr;
        cacheGroupKey(bArr);
    }

    protected void cacheGroupKey(byte[] bArr) throws Exception {
        if (this.secret_key != null) {
            this.key_map.putIfAbsent(new AsciiString(bArr), this.secret_key);
        }
    }

    protected byte[] encryptSecretKey(Key key, PublicKey publicKey) throws Exception {
        Cipher cipher = (this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(this.asym_algorithm) : Cipher.getInstance(this.asym_algorithm, this.provider);
        cipher.init(1, publicKey);
        return cipher.doFinal(key.getEncoded());
    }

    protected SecretKeySpec decodeKey(byte[] bArr) throws Exception {
        byte[] doFinal;
        synchronized (this) {
            try {
                doFinal = this.asym_cipher.doFinal(bArr);
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                this.asym_cipher.init(2, this.key_pair.getPrivate());
                throw e;
            }
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, getAlgorithm(this.sym_algorithm));
            ((this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(this.sym_algorithm) : Cipher.getInstance(this.sym_algorithm, this.provider)).init(3, secretKeySpec);
            return secretKeySpec;
        } catch (Exception e2) {
            this.log.error(Util.getMessage("FailedDecodingKey"), e2);
            return null;
        }
    }

    protected PublicKey makePublicKey(byte[] bArr) {
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance(getAlgorithm(this.asym_algorithm)).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return publicKey;
    }

    protected byte[] getIv(Message message) {
        EncryptHeader encryptHeader = (EncryptHeader) message.getHeader(this.id);
        if (encryptHeader == null) {
            return null;
        }
        return encryptHeader.iv();
    }
}
