package org.wso2.carbon.crypto.provider.hsm;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.objects.AESSecretKey;
import iaik.pkcs.pkcs11.objects.DES2SecretKey;
import iaik.pkcs.pkcs11.objects.DES3SecretKey;
import iaik.pkcs.pkcs11.objects.DESSecretKey;
import iaik.pkcs.pkcs11.objects.Key;
import iaik.pkcs.pkcs11.objects.PublicKey;
import iaik.pkcs.pkcs11.objects.SecretKey;
import iaik.pkcs.pkcs11.parameters.GcmParameters;
import iaik.pkcs.pkcs11.parameters.InitializationVectorParameters;
import iaik.pkcs.pkcs11.wrapper.CK_GCM_PARAMS;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.crypto.api.CertificateInfo;
import org.wso2.carbon.crypto.api.CryptoContext;
import org.wso2.carbon.crypto.api.CryptoException;
import org.wso2.carbon.crypto.api.ExternalCryptoProvider;
import org.wso2.carbon.crypto.api.HybridEncryptionInput;
import org.wso2.carbon.crypto.api.HybridEncryptionOutput;
import org.wso2.carbon.crypto.api.PrivateKeyInfo;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.exception.HSMCryptoException;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.objecthandlers.CertificateHandler;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.objecthandlers.KeyHandler;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.operators.Cipher;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.operators.SignatureHandler;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.CryptoConstants;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.KeyTemplateGenerator;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.MechanismDataHolder;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.MechanismResolver;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.SessionHandler;

/* loaded from: input_file:org/wso2/carbon/crypto/provider/hsm/HSMBasedExternalCryptoProvider.class */
public class HSMBasedExternalCryptoProvider implements ExternalCryptoProvider {
    private static Log log = LogFactory.getLog(HSMBasedExternalCryptoProvider.class);
    private SessionHandler sessionHandler;
    private MechanismResolver mechanismResolver = MechanismResolver.getInstance();
    private SlotResolver slotResolver;

    public HSMBasedExternalCryptoProvider(ServerConfigurationService serverConfigurationService) throws CryptoException {
        this.sessionHandler = SessionHandler.getDefaultSessionHandler(serverConfigurationService);
        this.slotResolver = new DefaultSlotResolver(serverConfigurationService);
    }

    public byte[] sign(byte[] bArr, String str, String str2, CryptoContext cryptoContext, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        failIfMethodParametersInvalid(str);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Signing data with %s algorithm and %s private key using HSM device.", str, privateKeyInfo.getKeyAlias()));
        }
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(3, str));
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), false);
        try {
            byte[] sign = new SignatureHandler(initiateSession).sign(bArr, retrievePrivateKey(initiateSession, privateKeyInfo), resolveMechanism);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully signed data with %s algorithm and %s private key using HSM device.", str, privateKeyInfo.getKeyAlias()));
            }
            return sign;
        } finally {
            this.sessionHandler.closeSession(initiateSession);
        }
    }

    public byte[] decrypt(byte[] bArr, String str, String str2, CryptoContext cryptoContext, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        failIfMethodParametersInvalid(str);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Decrypting data with %s algorithm and %s private key using HSM device.", str, privateKeyInfo.getKeyAlias()));
        }
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(2, str));
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), false);
        try {
            byte[] decrypt = new Cipher(initiateSession).decrypt(bArr, retrievePrivateKey(initiateSession, privateKeyInfo), resolveMechanism);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully decrypted data with %s algorithm and %s private key using HSM device.", str, privateKeyInfo.getKeyAlias()));
            }
            return decrypt;
        } finally {
            this.sessionHandler.closeSession(initiateSession);
        }
    }

    public byte[] encrypt(byte[] bArr, String str, String str2, CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        failIfMethodParametersInvalid(str);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Encrypting data with %s algorithm using HSM device with public certificate : %s", str, certificateInfo));
        }
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(1, str));
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), false);
        try {
            byte[] encrypt = new Cipher(initiateSession).encrypt(bArr, retrievePublicKey(initiateSession, certificateInfo), resolveMechanism);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully encrypted data with %s algorithm using HSM device with public certificate : %s", str, certificateInfo));
            }
            return encrypt;
        } finally {
            this.sessionHandler.closeSession(initiateSession);
        }
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2, String str, String str2, CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        failIfMethodParametersInvalid(str);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Verifying digital signature with %s algorithm using the HSM device with public certificate : %s", str, certificateInfo));
        }
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(4, str));
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), false);
        try {
            boolean verify = new SignatureHandler(initiateSession).verify(bArr, bArr2, retrievePublicKey(initiateSession, certificateInfo), resolveMechanism);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully verified digital signature with %s algorithm using the HSM device with public certificate : %s", str, certificateInfo));
            }
            return verify;
        } finally {
            this.sessionHandler.closeSession(initiateSession);
        }
    }

    public Certificate getCertificate(CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        failIfContextInformationIsMissing(cryptoContext);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Retrieving certificate with alias %s related to crypto context : '%s' from the HSM device.", certificateInfo.getCertificateAlias(), cryptoContext));
        }
        Certificate mapCertificatePKCS11ToJCE = PKCS11JCEObjectMapper.mapCertificatePKCS11ToJCE(retrieveCertificate(certificateInfo.getCertificateAlias(), cryptoContext));
        if (log.isDebugEnabled()) {
            log.debug(String.format("Successfully retrieved the certificate related to crypto context : ", cryptoContext));
        }
        return mapCertificatePKCS11ToJCE;
    }

    public PrivateKey getPrivateKey(CryptoContext cryptoContext, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        failIfContextInformationIsMissing(cryptoContext);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Retrieving %s private key related crypto context : '%s' from HSM device", privateKeyInfo.getKeyAlias(), cryptoContext));
        }
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), false);
        try {
            iaik.pkcs.pkcs11.objects.PrivateKey retrievePrivateKey = retrievePrivateKey(initiateSession, privateKeyInfo);
            this.sessionHandler.closeSession(initiateSession);
            if (retrievePrivateKey.getSensitive().getBooleanValue().booleanValue() || !retrievePrivateKey.getExtractable().getBooleanValue().booleanValue()) {
                throw new CryptoException(String.format("Requested private key %s is not extractable.", privateKeyInfo.getKeyAlias()));
            }
            PrivateKey mapPrivateKeyPKCS11ToJCE = PKCS11JCEObjectMapper.mapPrivateKeyPKCS11ToJCE(retrievePrivateKey);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully retrieved the private key related to crypto context : %s", cryptoContext));
            }
            return mapPrivateKeyPKCS11ToJCE;
        } catch (Throwable th) {
            this.sessionHandler.closeSession(initiateSession);
            throw th;
        }
    }

    public HybridEncryptionOutput hybridEncrypt(HybridEncryptionInput hybridEncryptionInput, String str, String str2, String str3, CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Hybrid encrypting data with %s symmetric algorithm and %s asymmetric algorithm, using HSM device with certificate : %s.", str, str2, certificateInfo));
        }
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(1, str, hybridEncryptionInput.getAuthData()));
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), true);
        try {
            SecretKey generateRandomSymmetricKey = generateRandomSymmetricKey(initiateSession, str);
            byte[] symmetricEncrypt = symmetricEncrypt(initiateSession, resolveMechanism, generateRandomSymmetricKey, hybridEncryptionInput.getPlainData());
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully encrypted the plain data with %s symmetric algorithm and %s symmetric key.", str, generateRandomSymmetricKey.getClass().getName()));
            }
            byte[] encryptSymmetricKey = encryptSymmetricKey(generateRandomSymmetricKey, str2, cryptoContext, certificateInfo);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully encrypted '%s' symmetric key for hybrid encryption with %s asymmetric algorithm and public certificate : %s", generateRandomSymmetricKey.getClass().getName(), str2, certificateInfo));
            }
            HybridEncryptionOutput generateHybridEncryptionOutput = generateHybridEncryptionOutput(resolveMechanism, symmetricEncrypt, encryptSymmetricKey);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully hybrid encrypted data with %s symmetric algorithm and %s asymmetric algorithm, using HSM device with certificate : %s.", str, str2, certificateInfo));
            }
            return generateHybridEncryptionOutput;
        } finally {
            this.sessionHandler.closeSession(initiateSession);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v14, types: [byte[], byte[][]] */
    public byte[] hybridDecrypt(HybridEncryptionOutput hybridEncryptionOutput, String str, String str2, String str3, CryptoContext cryptoContext, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Hybrid decrypting data with %s symmetric algorithm and %s asymmetric algorithm, using HSM device with private key %s.", str, str2, privateKeyInfo.getKeyAlias()));
        }
        byte[] decrypt = decrypt(hybridEncryptionOutput.getEncryptedSymmetricKey(), str2, str3, cryptoContext, privateKeyInfo);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Successfully decrypted the value of symmetric key used for hybrid encryption.", new Object[0]));
        }
        Mechanism resolveMechanism = this.mechanismResolver.resolveMechanism(new MechanismDataHolder(2, str, hybridEncryptionOutput.getParameterSpec(), hybridEncryptionOutput.getAuthData()));
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), true);
        try {
            Key generateSecretKeyHandle = generateSecretKeyHandle(initiateSession, str, decrypt);
            Cipher cipher = new Cipher(initiateSession);
            if (hybridEncryptionOutput.getAuthTag() != null) {
                byte[] decrypt2 = cipher.decrypt(concatByteArrays(new byte[]{hybridEncryptionOutput.getCipherData(), hybridEncryptionOutput.getAuthTag()}), generateSecretKeyHandle, resolveMechanism);
                this.sessionHandler.closeSession(initiateSession);
                return decrypt2;
            }
            byte[] decrypt3 = cipher.decrypt(hybridEncryptionOutput.getCipherData(), generateSecretKeyHandle, resolveMechanism);
            this.sessionHandler.closeSession(initiateSession);
            return decrypt3;
        } catch (Throwable th) {
            this.sessionHandler.closeSession(initiateSession);
            throw th;
        }
    }

    protected byte[] symmetricEncrypt(Session session, Mechanism mechanism, Key key, byte[] bArr) throws CryptoException {
        return new Cipher(session).encrypt(bArr, key, mechanism);
    }

    protected Session initiateSession(SlotInfo slotInfo, boolean z) throws CryptoException {
        return this.sessionHandler.initiateSession(slotInfo.getSlotID(), slotInfo.getPin(), z);
    }

    protected void failIfContextInformationIsMissing(CryptoContext cryptoContext) throws CryptoException {
        if (cryptoContext == null || cryptoContext.getTenantId() == 0 || StringUtils.isBlank(cryptoContext.getTenantDomain())) {
            throw new CryptoException("Tenant information is missing in the crypto context.");
        }
    }

    protected void failIfMethodParametersInvalid(String str) throws CryptoException {
        if (str == null || !MechanismResolver.getSupportedMechanisms().containsKey(str)) {
            throw new CryptoException(String.format("Requested algorithm '%s' is not valid/supported.", str));
        }
    }

    protected PublicKey retrievePublicKey(Session session, CertificateInfo certificateInfo) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Retrieving public key from certificate with alias %s", certificateInfo.getCertificateAlias()));
        }
        if (certificateInfo.getCertificate() == null) {
            PublicKey publicKey = new PublicKey();
            publicKey.getLabel().setCharArrayValue(certificateInfo.getCertificateAlias().toCharArray());
            publicKey.getObjectClass().setLongValue(2L);
            return retrieveKey(publicKey, session);
        }
        if (!(certificateInfo.getCertificate().getPublicKey() instanceof RSAPublicKey)) {
            throw new CryptoException("HSM based crypto provider supports only for RSA public key session objects.");
        }
        PKCS11CertificateData mapCertificateJCEToPKCS11 = PKCS11JCEObjectMapper.mapCertificateJCEToPKCS11(certificateInfo.getCertificate());
        mapCertificateJCEToPKCS11.getPublicKey().getLabel().setCharArrayValue("RSA".toCharArray());
        return retrieveKeyHandle(session, mapCertificateJCEToPKCS11.getPublicKey());
    }

    protected PublicKey retrieveKeyHandle(Session session, PublicKey publicKey) throws HSMCryptoException {
        return new KeyHandler(session).getKeyHandle(publicKey);
    }

    protected iaik.pkcs.pkcs11.objects.PrivateKey retrievePrivateKey(Session session, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Retrieving private key with alias '%s' from HSM device.", privateKeyInfo.getKeyAlias()));
        }
        iaik.pkcs.pkcs11.objects.PrivateKey privateKey = new iaik.pkcs.pkcs11.objects.PrivateKey();
        privateKey.getLabel().setCharArrayValue(privateKeyInfo.getKeyAlias().toCharArray());
        privateKey.getObjectClass().setLongValue(3L);
        return retrieveKey(privateKey, session);
    }

    protected Key retrieveKey(Key key, Session session) throws CryptoException {
        return new KeyHandler(session).retrieveKey(key);
    }

    protected iaik.pkcs.pkcs11.objects.Certificate retrieveCertificate(String str, CryptoContext cryptoContext) throws CryptoException {
        iaik.pkcs.pkcs11.objects.Certificate certificate = new iaik.pkcs.pkcs11.objects.Certificate();
        certificate.getLabel().setCharArrayValue(str.toCharArray());
        certificate.getObjectClass().setLongValue(1L);
        Session initiateSession = initiateSession(this.slotResolver.resolveSlot(cryptoContext), false);
        try {
            iaik.pkcs.pkcs11.objects.Certificate certificate2 = new CertificateHandler(initiateSession).getCertificate(certificate);
            this.sessionHandler.closeSession(initiateSession);
            return certificate2;
        } catch (Throwable th) {
            this.sessionHandler.closeSession(initiateSession);
            throw th;
        }
    }

    protected SecretKey generateRandomSymmetricKey(Session session, String str) throws CryptoException {
        AESSecretKey generateDES3KeyTemplate;
        String[] split = str.split("/")[0].split("_");
        String str2 = split[0];
        String format = String.format("Requested key type generation is not supported for '%s' algorithm", str);
        boolean z = -1;
        switch (str2.hashCode()) {
            case 64687:
                if (str2.equals(CryptoConstants.KeyType.AES)) {
                    z = false;
                    break;
                }
                break;
            case 67570:
                if (str2.equals(CryptoConstants.KeyType.DES)) {
                    z = true;
                    break;
                }
                break;
            case 1586911:
                if (str2.equals(CryptoConstants.KeyType.DES3)) {
                    z = 3;
                    break;
                }
                break;
            case 2094720:
                if (str2.equals(CryptoConstants.KeyType.DES2)) {
                    z = 2;
                    break;
                }
                break;
            case 2013078132:
                if (str2.equals(CryptoConstants.KeyType.DESede)) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                long j = 32;
                if (split.length > 1) {
                    j = Long.parseLong(split[1]) / 8;
                }
                generateDES3KeyTemplate = KeyTemplateGenerator.generateAESKeyTemplate();
                generateDES3KeyTemplate.getValueLen().setLongValue(Long.valueOf(j));
                break;
            case CryptoConstants.ENCRYPT_MODE /* 1 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDESKeyTemplate();
                break;
            case CryptoConstants.DECRYPT_MODE /* 2 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDES2KeyTemplate();
                break;
            case CryptoConstants.SIGN_MODE /* 3 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDES3KeyTemplate();
                break;
            case CryptoConstants.VERIFY_MODE /* 4 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDES3KeyTemplate();
                break;
            default:
                throw new CryptoException(format);
        }
        return generateKey(generateDES3KeyTemplate, true, str2, session);
    }

    protected SecretKey generateSecretKeyHandle(Session session, String str, byte[] bArr) throws CryptoException {
        AESSecretKey generateDES3KeyTemplate;
        String str2 = str.split("/")[0].split("_")[0];
        String format = String.format("Requested key type generation is not supported for '%s' algorithm", str);
        boolean z = -1;
        switch (str2.hashCode()) {
            case 64687:
                if (str2.equals(CryptoConstants.KeyType.AES)) {
                    z = false;
                    break;
                }
                break;
            case 67570:
                if (str2.equals(CryptoConstants.KeyType.DES)) {
                    z = true;
                    break;
                }
                break;
            case 1586911:
                if (str2.equals(CryptoConstants.KeyType.DES3)) {
                    z = 3;
                    break;
                }
                break;
            case 2094720:
                if (str2.equals(CryptoConstants.KeyType.DES2)) {
                    z = 2;
                    break;
                }
                break;
            case 2013078132:
                if (str2.equals(CryptoConstants.KeyType.DESede)) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateAESKeyTemplate();
                generateDES3KeyTemplate.getValue().setValue(bArr);
                break;
            case CryptoConstants.ENCRYPT_MODE /* 1 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDESKeyTemplate();
                ((DESSecretKey) generateDES3KeyTemplate).getValue().setValue(bArr);
                break;
            case CryptoConstants.DECRYPT_MODE /* 2 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDES2KeyTemplate();
                ((DES2SecretKey) generateDES3KeyTemplate).getValue().setValue(bArr);
                break;
            case CryptoConstants.SIGN_MODE /* 3 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDES3KeyTemplate();
                ((DES3SecretKey) generateDES3KeyTemplate).getValue().setValue(bArr);
                break;
            case CryptoConstants.VERIFY_MODE /* 4 */:
                generateDES3KeyTemplate = KeyTemplateGenerator.generateDES3KeyTemplate();
                ((DES3SecretKey) generateDES3KeyTemplate).getValue().setValue(bArr);
                break;
            default:
                throw new CryptoException(format);
        }
        return generateKey(generateDES3KeyTemplate, false, str2, session);
    }

    protected SecretKey generateKey(SecretKey secretKey, boolean z, String str, Session session) throws CryptoException {
        KeyHandler keyHandler = new KeyHandler(session);
        return z ? keyHandler.generateSecretKey(secretKey, this.mechanismResolver.resolveMechanism(new MechanismDataHolder(1, str))) : keyHandler.getKeyHandle(secretKey);
    }

    protected HybridEncryptionOutput generateHybridEncryptionOutput(Mechanism mechanism, byte[] bArr, byte[] bArr2) throws CryptoException {
        InitializationVectorParameters parameters = mechanism.getParameters();
        if (!(parameters instanceof GcmParameters)) {
            if (parameters instanceof InitializationVectorParameters) {
                return new HybridEncryptionOutput(bArr, bArr2, new IvParameterSpec(parameters.getInitializationVector()));
            }
            throw new CryptoException(String.format("Invalid / Unsupported parameter specification for '%s' symmetric encryption algorithm.", mechanism.getName()));
        }
        CK_GCM_PARAMS ck_gcm_params = (CK_GCM_PARAMS) parameters.getPKCS11ParamsObject();
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec((int) ck_gcm_params.ulTagBits, ck_gcm_params.pIv);
        int length = bArr.length - (((int) ck_gcm_params.ulTagBits) / 8);
        return new HybridEncryptionOutput(subArray(bArr, 0, length), bArr2, ck_gcm_params.pAAD, subArray(bArr, length, ((int) ck_gcm_params.ulTagBits) / 8), gCMParameterSpec);
    }

    protected byte[] encryptSymmetricKey(SecretKey secretKey, String str, CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Encrypting generated '%s' symmetric key for hybrid encryption with %s asymmetric algorithm and public certificate : %s", secretKey.getClass().getName(), str, certificateInfo));
        }
        if (secretKey instanceof AESSecretKey) {
            return encrypt(((AESSecretKey) secretKey).getValue().getByteArrayValue(), str, null, cryptoContext, certificateInfo);
        }
        if (secretKey instanceof DESSecretKey) {
            return encrypt(((DESSecretKey) secretKey).getValue().getByteArrayValue(), str, null, cryptoContext, certificateInfo);
        }
        if (secretKey instanceof DES2SecretKey) {
            return encrypt(((DES2SecretKey) secretKey).getValue().getByteArrayValue(), str, null, cryptoContext, certificateInfo);
        }
        if (secretKey instanceof DES3SecretKey) {
            return encrypt(((DES3SecretKey) secretKey).getValue().getByteArrayValue(), str, null, cryptoContext, certificateInfo);
        }
        throw new CryptoException(String.format("Symmetric encryption key instance '%s' provided for hybrid encryption is not supported by the provider", secretKey.getClass().getName()));
    }

    protected byte[] subArray(byte[] bArr, int i, int i2) {
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        return bArr2;
    }

    protected byte[] concatByteArrays(byte[][] bArr) throws CryptoException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (byte[] bArr2 : bArr) {
            try {
                byteArrayOutputStream.write(bArr2);
            } catch (IOException e) {
                throw new CryptoException(String.format("Error occurred while decrypting hybrid encrypted data.", new Object[0]), e);
            }
        }
        return byteArrayOutputStream.toByteArray();
    }
}
