/**
* Tests that it is possible to specify a signature algorithm who's name is not simply a
* concatenation of a digest algorithm and the key algorithm.
*
* <p>This test also sets the signature provider as a provider supporting the RSASSA-PSS
* algorithms might not be installed.
*
* @throws Exception
*/
public void testWithSignatureAlgorithmSHA256withRSAandMGF1() throws Exception {
File sourceFile = new File("target/test-classes/wineyes.exe");
File targetFile = new File("target/test-classes/wineyes-signed.exe");
FileUtils.copyFile(sourceFile, targetFile);
PEFile peFile = null;
try {
peFile = new PEFile(targetFile);
PESigner signer =
new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD)
.withTimestamping(false)
.withDigestAlgorithm(DigestAlgorithm.SHA1)
.withSignatureAlgorithm("SHA256withRSAandMGF1", new BouncyCastleProvider());
signer.sign(peFile);
peFile = new PEFile(targetFile);
List<CMSSignedData> signatures = peFile.getSignatures();
assertNotNull(signatures);
assertEquals(1, signatures.size());
CMSSignedData signedData = signatures.get(0);
assertNotNull(signedData);
// Check the signature algorithm
final SignerInformation si =
(SignerInformation) signedData.getSignerInfos().getSigners().iterator().next();
assertEquals(
"Digest algorithm",
NISTObjectIdentifiers.id_sha256,
si.getDigestAlgorithmID().getAlgorithm());
assertEquals(
"Encryption algorithm",
PKCSObjectIdentifiers.id_RSASSA_PSS.getId(),
si.getEncryptionAlgOID());
} finally {
if (peFile != null) {
peFile.close();
}
}
}
