diff --git a/lib/oids.js b/lib/oids.js index 6a937f571..93d0afb5e 100644 --- a/lib/oids.js +++ b/lib/oids.js @@ -42,6 +42,8 @@ _IN('1.2.840.10040.4.3', 'dsa-with-sha1'); _IN('1.3.14.3.2.7', 'desCBC'); _IN('1.3.14.3.2.26', 'sha1'); +// Deprecated equivalent of sha1WithRSAEncryption +_IN('1.3.14.3.2.29', 'sha1WithRSASignature'); _IN('2.16.840.1.101.3.4.2.1', 'sha256'); _IN('2.16.840.1.101.3.4.2.2', 'sha384'); _IN('2.16.840.1.101.3.4.2.3', 'sha512'); diff --git a/lib/x509.js b/lib/x509.js index 95dbc2946..ef338a782 100644 --- a/lib/x509.js +++ b/lib/x509.js @@ -1081,8 +1081,9 @@ pki.createCertificate = function() { var oid = oids[child.signatureOid]; switch(oid) { case 'sha1WithRSAEncryption': - md = forge.md.sha1.create(); - break; + case 'sha1WithRSASignature': + md = forge.md.sha1.create(); + break; case 'md5WithRSAEncryption': md = forge.md.md5.create(); break; @@ -1118,8 +1119,9 @@ pki.createCertificate = function() { switch(child.signatureOid) { case oids.sha1WithRSAEncryption: - scheme = undefined; /* use PKCS#1 v1.5 padding scheme */ - break; + case oids.sha1WithRSASignature: + scheme = undefined; /* use PKCS#1 v1.5 padding scheme */ + break; case oids['RSASSA-PSS']: var hash, mgf; @@ -1339,8 +1341,9 @@ pki.certificateFromAsn1 = function(obj, computeHash) { var oid = oids[cert.signatureOid]; switch(oid) { case 'sha1WithRSAEncryption': - cert.md = forge.md.sha1.create(); - break; + case 'sha1WithRSASignature': + cert.md = forge.md.sha1.create(); + break; case 'md5WithRSAEncryption': cert.md = forge.md.md5.create(); break; @@ -1683,6 +1686,7 @@ pki.certificationRequestFromAsn1 = function(obj, computeHash) { var oid = oids[csr.signatureOid]; switch(oid) { case 'sha1WithRSAEncryption': + case 'sha1WithRSASignature': csr.md = forge.md.sha1.create(); break; case 'md5WithRSAEncryption': @@ -1853,6 +1857,7 @@ pki.createCertificationRequest = function() { var oid = oids[csr.signatureOid]; switch(oid) { case 'sha1WithRSAEncryption': + case 'sha1WithRSASignature': md = forge.md.sha1.create(); break; case 'md5WithRSAEncryption': @@ -1892,6 +1897,7 @@ pki.createCertificationRequest = function() { switch(csr.signatureOid) { case oids.sha1WithRSAEncryption: + case oids.sha1WithRSASignature: /* use PKCS#1 v1.5 padding scheme */ break; case oids['RSASSA-PSS']: diff --git a/tests/unit/x509.js b/tests/unit/x509.js index 43a9ea61b..f3eabae4c 100644 --- a/tests/unit/x509.js +++ b/tests/unit/x509.js @@ -1206,6 +1206,24 @@ var UTIL = require('../../lib/util'); ASSERT.ok(issuer.verify(cert)); }); + it('should verify certificate with sha1WithRSASignature signature', function() { + var certPem = '-----BEGIN CERTIFICATE-----\r\n' + + 'MIIBwjCCAS+gAwIBAgIQj2d4hVEz0L1DYFVhA9CxCzAJBgUrDgMCHQUAMA8xDTAL\r\n' + + 'BgNVBAMTBFZQUzEwHhcNMDcwODE4MDkyODUzWhcNMDgwODE3MDkyODUzWjAPMQ0w\r\n' + + 'CwYDVQQDEwRWUFMxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaqKn40uaU\r\n' + + 'DbFL1NXXZ8/b4ZqDJ6eSI5lysMZHfZDs60G3ocbNKofBvURIutabrFuBCB2S5f/z\r\n' + + 'ICan0LR4uFpGuZ2I/PuVaU8X5fT8gBh7L636cWzHPPScYts00OyywEq381UB7XwX\r\n' + + 'YuWpM5kUW5rkbq1JV3ystTR/4YnLl48YtQIDAQABoycwJTATBgNVHSUEDDAKBggr\r\n' + + 'BgEFBQcDATAOBgNVHQ8EBwMFALAAAAAwCQYFKw4DAh0FAAOBgQBuUrU+J2Z5WKcO\r\n' + + 'VNjJHFUKo8qpbn8jKQZDl2nvVaXCTXQZblz/qxOm4FaGGzJ/m3GybVZNVfdyHg+U\r\n' + + 'lmDpFpOITkvcyNc3xjJCf2GVBo/VvdtVt7Myq0IQtAi/CXRK22BRNhSt9uu2EcRu\r\n' + + 'HIXdFWHEzi6eD4PpNw/0X3ID6Gxk4A==\r\n' + + '-----END CERTIFICATE-----\r\n'; + var cert = PKI.certificateFromPem(certPem, true); + ASSERT.equal(cert.signatureOid, PKI.oids['sha1WithRSASignature']); + ASSERT.equal(cert.md.algorithm, 'sha1'); + }); + it('should verify certificate with sha256WithRSAEncryption signature', function() { var certPem = '-----BEGIN CERTIFICATE-----\r\n' + 'MIIDuzCCAqOgAwIBAgIEO5vZjDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJE\r\n' +