#17 added tests with PSS signOpts

certstore_test.go

@@ -139,6 +139,19 @@ func TestSignerRSA(t *testing.T) {
 			}
 		}
 
+		// SHA256WithRSAPSS
+		sha256Digest = sha256.Sum256([]byte("hello"))
+		sig, err = signer.Sign(rand.Reader, sha256Digest[:], &rsa.PSSOptions{Hash: crypto.SHA256})
+		if err == ErrUnsupportedHash {
+			// Some Windows CSPs may not support this algorithm. Pass...
+		} else if err != nil {
+			t.Fatal(err)
+		} else {
+			if err = leafRSA.Certificate.CheckSignature(x509.SHA256WithRSAPSS, []byte("hello"), sig); err != nil {
+				t.Fatal(err)
+			}
+		}
+
 		// SHA384WithRSA
 		sha384Digest := sha512.Sum384([]byte("hello"))
 		sig, err = signer.Sign(rand.Reader, sha384Digest[:], crypto.SHA384)
@@ -152,6 +165,19 @@ func TestSignerRSA(t *testing.T) {
 			}
 		}
 
+		// SHA384WithRSA
+		sha384Digest = sha512.Sum384([]byte("hello"))
+		sig, err = signer.Sign(rand.Reader, sha384Digest[:], &rsa.PSSOptions{Hash: crypto.SHA3_384})
+		if err == ErrUnsupportedHash {
+			// Some Windows CSPs may not support this algorithm. Pass...
+		} else if err != nil {
+			t.Fatal(err)
+		} else {
+			if err = leafRSA.Certificate.CheckSignature(x509.SHA384WithRSAPSS, []byte("hello"), sig); err != nil {
+				t.Fatal(err)
+			}
+		}
+
 		// SHA512WithRSA
 		sha512Digest := sha512.Sum512([]byte("hello"))
 		sig, err = signer.Sign(rand.Reader, sha512Digest[:], crypto.SHA512)
@@ -165,6 +191,19 @@ func TestSignerRSA(t *testing.T) {
 			}
 		}
 
+		// SHA512WithRSA
+		sha512Digest = sha512.Sum512([]byte("hello"))
+		sig, err = signer.Sign(rand.Reader, sha512Digest[:], &rsa.PSSOptions{Hash: crypto.SHA512})
+		if err == ErrUnsupportedHash {
+			// Some Windows CSPs may not support this algorithm. Pass...
+		} else if err != nil {
+			t.Fatal(err)
+		} else {
+			if err = leafRSA.Certificate.CheckSignature(x509.SHA512WithRSAPSS, []byte("hello"), sig); err != nil {
+				t.Fatal(err)
+			}
+		}
+
 		// Bad digest size
 		_, err = signer.Sign(rand.Reader, sha1Digest[5:], crypto.SHA1)
 		if err == nil {