fix: Adjust signature verification for rsaEncryption algorithm

PeculiarVentures · Jul 22, 2024 · a9c594b · a9c594b
1 parent ef24a16
commit a9c594b
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/src/SignedData.ts b/src/SignedData.ts
@@ -847,12 +847,11 @@ export class SignedData extends PkiObject implements ISignedData {
       }
       //#endregion
 
-      const signAlg = crypto.getAlgorithmByOID(signerInfo.signatureAlgorithm.algorithmId, true);
-      // In some cases, the signature algorithm may not include a hash component.
-      // In such scenarios, we utilize the hash mechanism specified in signerInfo.digestAlgorithm.
-      const verifyResult = ("hash" in signAlg)
-        ? await crypto.verifyWithPublicKey(data, signerInfo.signature, signerCert.subjectPublicKeyInfo, signerCert.signatureAlgorithm)
-        : await crypto.verifyWithPublicKey(data, signerInfo.signature, signerCert.subjectPublicKeyInfo, signerCert.signatureAlgorithm, shaAlgorithm);
+      // This adjustment is specifically for cases where the signature algorithm is rsaEncryption.
+      // In such cases, we rely on the hash mechanism defined in signerInfo.digestAlgorithm for verification.
+      const verifyResult = signerInfo.signatureAlgorithm.algorithmId === "1.2.840.113549.1.1.1"
+        ? await crypto.verifyWithPublicKey(data, signerInfo.signature, signerCert.subjectPublicKeyInfo, signerCert.signatureAlgorithm, shaAlgorithm)
+        : await crypto.verifyWithPublicKey(data, signerInfo.signature, signerCert.subjectPublicKeyInfo, signerCert.signatureAlgorithm);
 
       //#region Make a final result