package cfca.sadk.cgb.toolkit;

import cfca.sadk.algorithm.common.CBCParam;
import cfca.sadk.algorithm.common.CertKitException;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKCS7SignedData;
import cfca.sadk.algorithm.common.PKCS7SignedFile;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.common.ext.MechanismExt;
import cfca.sadk.algorithm.util.SymmetricHelper;
import cfca.sadk.algorithm.util.SymmetricParams;
import cfca.sadk.envelope.EnvelopeEncryptHelper;
import cfca.sadk.lib.crypto.JCrypto;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.sadk.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.sadk.org.bouncycastle.cms.CMSException;
import cfca.sadk.org.bouncycastle.util.Strings;
import cfca.sadk.system.CompatibleAlgorithm;
import cfca.sadk.system.CompatibleConfig;
import cfca.sadk.system.FileHelper;
import cfca.sadk.system.Mechanisms;
import cfca.sadk.util.Base64;
import cfca.sadk.util.CertUtil;
import cfca.sadk.util.KeyUtil;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.PrivateKey;

/* loaded from: input_file:cfca/sadk/cgb/toolkit/Castle.class */
public final class Castle {
    public static final int SIGN_FILE_SIZE = CompatibleConfig.FILEANDBUFFER_SIGNED_FILE_MAXSIZE;
    private static final String encoding = "UTF-16LE";
    private SignerAlgorithmParameters rsaParams;
    private SignerAlgorithmParameters sm2Params;
    private Session session;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cfca/sadk/cgb/toolkit/Castle$SignerAlgorithmParameters.class */
    public static final class SignerAlgorithmParameters {
        final PrivateKey privateKey;
        final X509Cert[] certs;
        final X509Cert cert;

        SignerAlgorithmParameters(X509Cert x509Cert, PrivateKey privateKey) {
            this.cert = x509Cert;
            this.certs = new X509Cert[]{x509Cert};
            this.privateKey = privateKey;
        }
    }

    public Castle() throws PKIException {
        this(JCrypto.JSOFT_LIB);
    }

    public Castle(String str) throws PKIException {
        this.rsaParams = null;
        this.sm2Params = null;
        this.session = null;
        String str2 = JCrypto.JNI_LIB.equals(str) ? JCrypto.JNI_LIB : JCrypto.JSOFT_LIB;
        JCrypto.getInstance().initialize(str2, null);
        this.session = JCrypto.getInstance().openSession(str2);
    }

    public static void setCompatibleSM2WithoutZ(boolean z) {
        CompatibleAlgorithm.setCompatibleSM2WithoutZ(z);
    }

    public void initCertAppContext(String str, String str2, String str3, String str4) throws PKIException {
        if (str != null) {
            this.rsaParams = new SignerAlgorithmParameters(CertUtil.getCertFromPFX(str, str2), KeyUtil.getPrivateKeyFromPFX(str, str2));
        }
        if (str3 != null) {
            this.sm2Params = new SignerAlgorithmParameters(CertUtil.getCertFromSM2(str3), KeyUtil.getPrivateKeyFromSM2(str3, str4));
        }
    }

    public String signData(String str) throws PKIException {
        return signedMessage(true, Mechanisms.M_SHA1_RSA, str);
    }

    public String signData(String str, String str2) throws PKIException {
        return signedMessage(true, mechanismFrom(str), str2);
    }

    private Mechanism mechanismFrom(String str) {
        return Mechanisms.signMechanismFrom(str);
    }

    public String signDataDetached(String str) throws PKIException {
        return signedMessage(false, Mechanisms.M_SHA1_RSA, str);
    }

    public String signDataDetached(String str, String str2) throws PKIException {
        return signedMessage(false, mechanismFrom(str), str2);
    }

    private String signedMessage(boolean z, Mechanism mechanism, String str) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for signAlg");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for srcMessage");
        }
        SignerAlgorithmParameters buildAndCheckSignerAlgorithmParameters = buildAndCheckSignerAlgorithmParameters(mechanism);
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(this.session);
        try {
            byte[] bytes = str.getBytes(encoding);
            byte[] sign = this.session.sign(mechanism, buildAndCheckSignerAlgorithmParameters.privateKey, bytes);
            if (!z) {
                bytes = null;
            }
            try {
                return Strings.fromByteArray(Base64.encode(pKCS7SignedData.packageSignedData(z, null, bytes, sign, mechanism, buildAndCheckSignerAlgorithmParameters.certs)));
            } catch (PKIException e) {
                throw new PKIException(PKIException.SIGN, "Failure on packageSignedData", e);
            } catch (Exception e2) {
                throw new PKIException(PKIException.SIGN, "Failure on packageSignedData", e2);
            }
        } catch (PKIException e3) {
            throw new PKIException(PKIException.SIGN_DES, "Failure on signedMessage", e3);
        } catch (Exception e4) {
            throw new PKIException(PKIException.SIGN_DES, "Failure on signedMessage", e4);
        }
    }

    public String signFile(String str) throws PKIException {
        return signedFile(true, Mechanisms.M_SHA1_RSA, str);
    }

    public String signFile(String str, String str2) throws PKIException {
        return signedFile(true, mechanismFrom(str), str2);
    }

    public String signFileDetached(String str) throws PKIException {
        return signedFile(false, Mechanisms.M_SHA1_RSA, str);
    }

    public String signFileDetached(String str, String str2) throws PKIException {
        return signedFile(false, mechanismFrom(str), str2);
    }

    private String signedFile(boolean z, Mechanism mechanism, String str) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for signAlg");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for srcFilePath");
        }
        SignerAlgorithmParameters buildAndCheckSignerAlgorithmParameters = buildAndCheckSignerAlgorithmParameters(mechanism);
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    fileInputStream = new FileInputStream(str);
                    byte[] sign = this.session.sign(mechanism, buildAndCheckSignerAlgorithmParameters.privateKey, fileInputStream);
                    FileHelper.closedStream(fileInputStream, "signedFile closeFile failure");
                    if (!z) {
                        try {
                            return Strings.fromByteArray(Base64.encode(new PKCS7SignedData(this.session).packageSignedData(false, null, null, sign, mechanism, buildAndCheckSignerAlgorithmParameters.certs)));
                        } catch (PKIException e) {
                            throw new PKIException(PKIException.SIGN, "Failure on packageSignedData", e);
                        } catch (Exception e2) {
                            throw new PKIException(PKIException.SIGN, "Failure on packageSignedData", e2);
                        }
                    }
                    String str2 = str + ".p7s";
                    try {
                        new PKCS7SignedFile(this.session).packageSignedFile(str, str2, sign, mechanism, buildAndCheckSignerAlgorithmParameters.certs);
                        return str2;
                    } catch (PKIException e3) {
                        throw new PKIException(PKIException.SIGN, "Failure on packageSignedFile", e3);
                    } catch (Exception e4) {
                        throw new PKIException(PKIException.SIGN, "Failure on packageSignedFile", e4);
                    }
                } catch (PKIException e5) {
                    throw new PKIException(PKIException.SIGN_DES, "Failure on signedFile", e5);
                }
            } catch (Exception e6) {
                throw new PKIException(PKIException.SIGN_DES, "Failure on signedFile", e6);
            }
        } catch (Throwable th) {
            FileHelper.closedStream(fileInputStream, "signedFile closeFile failure");
            throw th;
        }
    }

    public byte[] getCertificate(String str) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for signedMessage");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(this.session);
        pKCS7SignedData.loadBase64(Strings.toByteArray(str));
        X509Cert signerX509Cert = pKCS7SignedData.getSignerX509Cert();
        if (signerX509Cert == null) {
            throw new SecurityException("signed certificate not found");
        }
        return signerX509Cert.getEncoding();
    }

    public String verifySignedData(String str) throws PKIException {
        return verifySignedMessage(str, null);
    }

    public boolean verifyDetachedSignedData(String str, String str2) throws PKIException {
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for srcMessage");
        }
        try {
            return verifySignedMessage(str, str2.getBytes(encoding)) != null;
        } catch (UnsupportedEncodingException e) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on encoding sourceData", e);
        }
    }

    public boolean verifyDetachedSignedDataAU(String str, String str2) throws PKIException {
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for srcMessage");
        }
        try {
            return verifySignedMessage(str, str2.getBytes("UTF-8")) != null;
        } catch (UnsupportedEncodingException e) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on encoding sourceData", e);
        }
    }

    private String verifySignedMessage(String str, byte[] bArr) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for signedMessage");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(this.session);
        try {
            pKCS7SignedData.loadBase64(Strings.toByteArray(str));
            if (bArr != null) {
                try {
                    if (pKCS7SignedData.verifyP7SignedData(bArr)) {
                        return "Okay";
                    }
                    return null;
                } catch (PKIException e) {
                    throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedData", e);
                } catch (Exception e2) {
                    throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedData", e2);
                }
            }
            try {
                if (!pKCS7SignedData.verifyP7SignedDataAttach()) {
                    return null;
                }
                try {
                    return new String(pKCS7SignedData.getSourceData(), encoding);
                } catch (UnsupportedEncodingException e3) {
                    throw new PKIException(PKIException.VERIFY_SIGN, "Failure on encoding sourceData", e3);
                }
            } catch (PKIException e4) {
                throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedDataAttach", e4);
            } catch (Exception e5) {
                throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedDataAttach", e5);
            }
        } catch (PKIException e6) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on loadSignedData", e6);
        } catch (Exception e7) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on loadSignedData", e7);
        }
    }

    public boolean verifySignedFile(String str, String str2) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for signedFilePath");
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new SecurityException("signedFilePath invalid");
        }
        if (file.length() > SIGN_FILE_SIZE) {
            try {
                return new PKCS7SignedFile(this.session).verifyP7SignedFile(str, str2);
            } catch (Exception e) {
                throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedFile", e);
            }
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(this.session);
        try {
            pKCS7SignedData.loadBase64(FileHelper.read(str));
            try {
                boolean verifyP7SignedDataAttach = pKCS7SignedData.verifyP7SignedDataAttach();
                if (verifyP7SignedDataAttach && str2 != null && str2.trim().length() != 0) {
                    FileOutputStream fileOutputStream = null;
                    try {
                        try {
                            fileOutputStream = new FileOutputStream(str2);
                            FileHelper.writeBytesToFile(pKCS7SignedData.getSourceData(), fileOutputStream);
                            FileHelper.closedStream(fileOutputStream, "verifySignedFile closedFile failed");
                        } catch (Throwable th) {
                            FileHelper.closedStream(fileOutputStream, "verifySignedFile closedFile failed");
                            throw th;
                        }
                    } catch (FileNotFoundException e2) {
                        throw new PKIException(PKIException.VERIFY_SIGN, "Failure on write srcFilePath", e2);
                    } catch (Exception e3) {
                        throw new PKIException(PKIException.VERIFY_SIGN, "Failure on write srcFilePath", e3);
                    }
                }
                return verifyP7SignedDataAttach;
            } catch (PKIException e4) {
                throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedDataAttach", e4);
            } catch (Exception e5) {
                throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedDataAttach", e5);
            }
        } catch (PKIException e6) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on loadSignedData", e6);
        } catch (Exception e7) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on loadSignedData", e7);
        }
    }

    public boolean verifyDetachedSignedFile(String str, String str2) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for signedResult");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for srcFilePath");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(this.session);
        try {
            pKCS7SignedData.loadBase64(Strings.toByteArray(str));
            FileInputStream fileInputStream = null;
            try {
                try {
                    try {
                        fileInputStream = new FileInputStream(str2);
                        boolean verifyP7SignedData = pKCS7SignedData.verifyP7SignedData(fileInputStream);
                        FileHelper.closedStream(fileInputStream, "verifyDetachedSignedFile closeFile failure");
                        return verifyP7SignedData;
                    } catch (Exception e) {
                        throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedData", e);
                    }
                } catch (PKIException e2) {
                    throw new PKIException(PKIException.VERIFY_SIGN_DES, "Failure on verifyP7SignedData", e2);
                }
            } catch (Throwable th) {
                FileHelper.closedStream(fileInputStream, "verifyDetachedSignedFile closeFile failure");
                throw th;
            }
        } catch (PKIException e3) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on loadSignedData", e3);
        } catch (Exception e4) {
            throw new PKIException(PKIException.VERIFY_SIGN, "Failure on loadSignedData", e4);
        }
    }

    public String generateEnvelope(String str, String str2, byte[] bArr) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for srcMessage");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for encryptAlg");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for certBytes");
        }
        try {
            X509Cert x509Cert = new X509Cert(bArr);
            X509Cert[] x509CertArr = {x509Cert};
            boolean isSM2Cert = x509Cert.isSM2Cert();
            if (isSM2Cert) {
                if (!MechanismExt.SM4.equals(str2)) {
                    throw new PKIException(PKIException.NOT_SUP_DES + ",SM2 cert:" + str2);
                }
            } else if (!MechanismKit.DES3_CBC.equals(str2) && !MechanismKit.DES3_ECB.equals(str2) && !"RC4".equals(str2)) {
                throw new PKIException(PKIException.NOT_SUP_DES + ",RSA cert:" + str2);
            }
            try {
                return Strings.fromByteArray(new EnvelopeEncryptHelper(isSM2Cert).envelopeMessage(str.getBytes(encoding), str2, x509CertArr, this.session, 0));
            } catch (UnsupportedEncodingException e) {
                throw new PKIException(PKIException.ENCRYPT_DES, "failure on envelopeMessage", e);
            } catch (Exception e2) {
                throw new PKIException(PKIException.ENCRYPT_DES, "failure on envelopeMessage", e2);
            }
        } catch (Exception e3) {
            throw new PKIException(PKIException.ENCRYPT, "invalid encrypt certificate", e3);
        }
    }

    public String decodeEnvelope(String str) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for envelopedMessage");
        }
        try {
            try {
                EnvelopedData envelopedData = EnvelopedData.getInstance(new CMSEnvelopedData(Base64.decode(str)).toASN1Structure().getContent());
                ASN1Set recipientInfos = envelopedData.getRecipientInfos();
                EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
                ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
                Mechanism buildMechanism = buildMechanism(encryptedContentInfo.getContentEncryptionAlgorithm());
                return new String(SymmetricHelper.dataDecrypt(this.session != null && this.session.useJniNativeOperation(), buildMechanism, decodedSymmetricKey(buildMechanism.getMechanismType().indexOf(MechanismKit.SM4_KEY) >= 0, recipientInfos), encryptedContent.getOctets()), encoding);
            } catch (Exception e) {
                e.printStackTrace();
                throw new PKIException(CertKitException.API_PARSER_MSG_ENVELOP_ERR, CertKitException.API_PARSER_MSG_ENVELOP_ERR_DES, e);
            }
        } catch (CMSException e2) {
            throw new PKIException(PKIException.DECRYPT, "load EnvelopedData failure", e2);
        }
    }

    private byte[] decodedSymmetricKey(boolean z, ASN1Set aSN1Set) throws PKIException {
        SignerAlgorithmParameters signerAlgorithmParameters = z ? this.sm2Params : this.rsaParams;
        if (signerAlgorithmParameters == null) {
            throw new PKIException("recipient' certificate/privatekey not  initial");
        }
        X500Name issuerX500Name = signerAlgorithmParameters.cert.getIssuerX500Name();
        BigInteger serialNumber = signerAlgorithmParameters.cert.getSerialNumber();
        byte[] keyIdentifier = signerAlgorithmParameters.cert.getSubjectKeyIdentifier().getKeyIdentifier();
        if (aSN1Set == null) {
            throw new PKIException("the receiver is null!!!");
        }
        ASN1OctetString aSN1OctetString = null;
        int size = aSN1Set.size();
        int i = 0;
        while (true) {
            if (i >= size) {
                break;
            }
            RecipientInfo recipientInfo = RecipientInfo.getInstance(aSN1Set.getObjectAt(i));
            if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                if (hasRecipent(keyTransRecipientInfo, keyIdentifier, issuerX500Name, serialNumber)) {
                    aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                    break;
                }
            }
            i++;
        }
        if (aSN1OctetString == null) {
            throw new PKIException("can not find the receiver!!!");
        }
        return this.session.decrypt(z ? new Mechanism(MechanismKit.SM2) : new Mechanism(MechanismKit.RSA_PKCS), signerAlgorithmParameters.privateKey, aSN1OctetString.getOctets());
    }

    private static boolean hasRecipent(KeyTransRecipientInfo keyTransRecipientInfo, byte[] bArr, X500Name x500Name, BigInteger bigInteger) {
        RecipientIdentifier recipientIdentifier = keyTransRecipientInfo.getRecipientIdentifier();
        return recipientIdentifier.getId().toASN1Primitive().asn1Equals(new DEROctetString(bArr)) || recipientIdentifier.getId().toASN1Primitive().asn1Equals(new IssuerAndSerialNumber(x500Name, bigInteger).toASN1Primitive());
    }

    private Mechanism buildMechanism(AlgorithmIdentifier algorithmIdentifier) throws PKIException {
        if (algorithmIdentifier == null || algorithmIdentifier.getAlgorithm() == null) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, "invalid AlgorithmIdentifier");
        }
        String symmetricAlgorithmName = SymmetricParams.getSymmetricAlgorithmName(algorithmIdentifier.getAlgorithm());
        if (symmetricAlgorithmName == null) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, "invalid AlgorithmIdentifier: " + algorithmIdentifier.getAlgorithm());
        }
        Mechanism mechanism = null;
        if (symmetricAlgorithmName.indexOf("CBC") != -1) {
            DEROctetString dEROctetString = (DEROctetString) algorithmIdentifier.getParameters();
            if (dEROctetString == null || dEROctetString.getOctets() == null) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, "missing cbc-param");
            }
            CBCParam cBCParam = new CBCParam(dEROctetString.getOctets());
            if (symmetricAlgorithmName.equals(MechanismKit.DES3_CBC)) {
                mechanism = new Mechanism(MechanismKit.DES3_CBC, cBCParam);
            } else {
                MechanismExt.SM4.getClass();
                if (symmetricAlgorithmName.equals("SM4/CBC/PKCS7Padding")) {
                    MechanismExt.SM4.getClass();
                    mechanism = new Mechanism("SM4/CBC/PKCS7Padding", cBCParam);
                }
            }
        } else if (symmetricAlgorithmName.indexOf("ECB") != -1) {
            if (symmetricAlgorithmName.equals(MechanismKit.DES3_ECB)) {
                mechanism = new Mechanism(MechanismKit.DES3_ECB);
            } else {
                MechanismExt.SM4.getClass();
                if (symmetricAlgorithmName.equals("SM4/ECB/PKCS7Padding")) {
                    MechanismExt.SM4.getClass();
                    mechanism = new Mechanism("SM4/ECB/PKCS7Padding");
                }
            }
        } else if (symmetricAlgorithmName.indexOf("RC4") != -1) {
            mechanism = new Mechanism("RC4");
        }
        if (mechanism == null) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR_DES + "Algorithm is:" + symmetricAlgorithmName);
        }
        return mechanism;
    }

    private SignerAlgorithmParameters buildAndCheckSignerAlgorithmParameters(Mechanism mechanism) throws PKIException {
        SignerAlgorithmParameters signerAlgorithmParameters;
        if (!Mechanism.isValid(mechanism)) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES + " " + PKIException.NOT_SUP_DES + " " + mechanism);
        }
        if (Mechanisms.isSM2WithSM3(mechanism)) {
            if (this.sm2Params == null) {
                throw new PKIException(PKIException.SIGN, "null not allowed for sm2Cert/sm2PriKey when signAlg as " + mechanism);
            }
            signerAlgorithmParameters = this.sm2Params;
        } else {
            if (this.rsaParams == null) {
                throw new PKIException(PKIException.SIGN, "null not allowed for rsaCert/rsaPriKey when signAlg as " + mechanism);
            }
            signerAlgorithmParameters = this.rsaParams;
        }
        return signerAlgorithmParameters;
    }
}
