Closed netmackan closed 1 year ago
Thank you, but it looks like it breaks one of the unit tests:
PESignerTest.testWithSignatureAlgorithmSHA256withRSAandMGF1:542 Digest algorithm expected:<2.16.840.1.101.3.4.2.1> but was:<1.3.14.3.2.26>
I have pushed an update to the PR. I made a mix-up with which digest algorithm to look at. Before it used the configured digestAlgorithm while it should actually use the digest algorithm from the ContentSigner (i.e. being the digest algorithm from the signature algorithm).
Merged, thank you!
Solves the difference in signature output as discussed in #139 by making sure that the digest algorithm identifier contains the parameters and if not includes a DER NULL. With this change the ASN.1 of a signature created with signtool is identical to what was produced by Jsign.
Note that this implementation still uses the DefaultDigestAlgorithmIdentifierFinder in order to support existing and future algorithms with other parameters (today I believe only Ed448 would have a digest algorithm with parameters but may be others). The method is marked protected so that it can be overriden in case it turns out some special case would need some other logic.