digitalbazaar · dpwatrous · Oct 21, 2020
diff --git a/lib/oids.js b/lib/oids.js
@@ -42,6 +42,8 @@ _IN('1.2.840.10040.4.3', 'dsa-with-sha1');
 _IN('1.3.14.3.2.7', 'desCBC');
 
 _IN('1.3.14.3.2.26', 'sha1');
+// Deprecated equivalent of sha1WithRSAEncryption
+_IN('1.3.14.3.2.29', 'sha1WithRSASignature');
 _IN('2.16.840.1.101.3.4.2.1', 'sha256');
 _IN('2.16.840.1.101.3.4.2.2', 'sha384');
 _IN('2.16.840.1.101.3.4.2.3', 'sha512');

diff --git a/lib/x509.js b/lib/x509.js
@@ -1081,8 +1081,9 @@ pki.createCertificate = function() {
         var oid = oids[child.signatureOid];
         switch(oid) {
           case 'sha1WithRSAEncryption':
-            md = forge.md.sha1.create();
-            break;
+          case 'sha1WithRSASignature':
+              md = forge.md.sha1.create();
+              break;
           case 'md5WithRSAEncryption':
             md = forge.md.md5.create();
             break;
@@ -1118,8 +1119,9 @@ pki.createCertificate = function() {
 
       switch(child.signatureOid) {
         case oids.sha1WithRSAEncryption:
-          scheme = undefined; /* use PKCS#1 v1.5 padding scheme */
-          break;
+        case oids.sha1WithRSASignature:
+            scheme = undefined; /* use PKCS#1 v1.5 padding scheme */
+            break;
         case oids['RSASSA-PSS']:
           var hash, mgf;
 
@@ -1339,8 +1341,9 @@ pki.certificateFromAsn1 = function(obj, computeHash) {
       var oid = oids[cert.signatureOid];
       switch(oid) {
         case 'sha1WithRSAEncryption':
-          cert.md = forge.md.sha1.create();
-          break;
+        case 'sha1WithRSASignature':
+            cert.md = forge.md.sha1.create();
+            break;
         case 'md5WithRSAEncryption':
           cert.md = forge.md.md5.create();
           break;
@@ -1683,6 +1686,7 @@ pki.certificationRequestFromAsn1 = function(obj, computeHash) {
       var oid = oids[csr.signatureOid];
       switch(oid) {
         case 'sha1WithRSAEncryption':
+        case 'sha1WithRSASignature':
           csr.md = forge.md.sha1.create();
           break;
         case 'md5WithRSAEncryption':
@@ -1853,6 +1857,7 @@ pki.createCertificationRequest = function() {
         var oid = oids[csr.signatureOid];
         switch(oid) {
           case 'sha1WithRSAEncryption':
+          case 'sha1WithRSASignature':
             md = forge.md.sha1.create();
             break;
           case 'md5WithRSAEncryption':
@@ -1892,6 +1897,7 @@ pki.createCertificationRequest = function() {
 
       switch(csr.signatureOid) {
         case oids.sha1WithRSAEncryption:
+        case oids.sha1WithRSASignature:
           /* use PKCS#1 v1.5 padding scheme */
           break;
         case oids['RSASSA-PSS']:

diff --git a/tests/unit/x509.js b/tests/unit/x509.js
@@ -1206,6 +1206,24 @@ var UTIL = require('../../lib/util');
       ASSERT.ok(issuer.verify(cert));
     });
 
+    it('should verify certificate with sha1WithRSASignature signature', function() {
+      var certPem = '-----BEGIN CERTIFICATE-----\r\n' +
+        'MIIBwjCCAS+gAwIBAgIQj2d4hVEz0L1DYFVhA9CxCzAJBgUrDgMCHQUAMA8xDTAL\r\n' +
+        'BgNVBAMTBFZQUzEwHhcNMDcwODE4MDkyODUzWhcNMDgwODE3MDkyODUzWjAPMQ0w\r\n' +
+        'CwYDVQQDEwRWUFMxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaqKn40uaU\r\n' +
+        'DbFL1NXXZ8/b4ZqDJ6eSI5lysMZHfZDs60G3ocbNKofBvURIutabrFuBCB2S5f/z\r\n' +
+        'ICan0LR4uFpGuZ2I/PuVaU8X5fT8gBh7L636cWzHPPScYts00OyywEq381UB7XwX\r\n' +
+        'YuWpM5kUW5rkbq1JV3ystTR/4YnLl48YtQIDAQABoycwJTATBgNVHSUEDDAKBggr\r\n' +
+        'BgEFBQcDATAOBgNVHQ8EBwMFALAAAAAwCQYFKw4DAh0FAAOBgQBuUrU+J2Z5WKcO\r\n' +
+        'VNjJHFUKo8qpbn8jKQZDl2nvVaXCTXQZblz/qxOm4FaGGzJ/m3GybVZNVfdyHg+U\r\n' +
+        'lmDpFpOITkvcyNc3xjJCf2GVBo/VvdtVt7Myq0IQtAi/CXRK22BRNhSt9uu2EcRu\r\n' +
+        'HIXdFWHEzi6eD4PpNw/0X3ID6Gxk4A==\r\n' +
+        '-----END CERTIFICATE-----\r\n';
+      var cert = PKI.certificateFromPem(certPem, true);
+      ASSERT.equal(cert.signatureOid, PKI.oids['sha1WithRSASignature']);
+      ASSERT.equal(cert.md.algorithm, 'sha1');
+    });
+
     it('should verify certificate with sha256WithRSAEncryption signature', function() {
       var certPem = '-----BEGIN CERTIFICATE-----\r\n' +
         'MIIDuzCCAqOgAwIBAgIEO5vZjDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJE\r\n' +