From 1b7acd7bbf8cdfbdbaba8dd8b39c5ff7ddc1aae5 Mon Sep 17 00:00:00 2001
From: Pe-te <pe-te@web.de>
Date: Tue, 22 Jul 2025 09:39:45 +0200
Subject: [PATCH] Added signature method for SHA256-RSA-MGF1, see
 https://github.com/russellhaering/goxmldsig/issues/158

---
 xml_constants.go | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/xml_constants.go b/xml_constants.go
index 0526062..276883e 100644
--- a/xml_constants.go
+++ b/xml_constants.go
@@ -42,14 +42,15 @@ func (id AlgorithmID) String() string {
 }
 
 const (
-	RSASHA1SignatureMethod     = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
-	RSASHA256SignatureMethod   = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
-	RSASHA384SignatureMethod   = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
-	RSASHA512SignatureMethod   = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
-	ECDSASHA1SignatureMethod   = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
-	ECDSASHA256SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
-	ECDSASHA384SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
-	ECDSASHA512SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+	RSASHA1SignatureMethod       = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+	RSASHA256SignatureMethod     = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+	RSASHA384SignatureMethod     = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+	RSASHA512SignatureMethod     = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+	ECDSASHA1SignatureMethod     = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+	SHA256RSAMGF1SignatureMethod = "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+	ECDSASHA256SignatureMethod   = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+	ECDSASHA384SignatureMethod   = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+	ECDSASHA512SignatureMethod   = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
 )
 
 // Well-known signature algorithms
@@ -112,12 +113,13 @@ var signatureMethodIdentifiers = map[x509.PublicKeyAlgorithm]map[crypto.Hash]str
 }
 
 var x509SignatureAlgorithmByIdentifier = map[string]x509.SignatureAlgorithm{
-	RSASHA1SignatureMethod:     x509.SHA1WithRSA,
-	RSASHA256SignatureMethod:   x509.SHA256WithRSA,
-	RSASHA384SignatureMethod:   x509.SHA384WithRSA,
-	RSASHA512SignatureMethod:   x509.SHA512WithRSA,
-	ECDSASHA1SignatureMethod:   x509.ECDSAWithSHA1,
-	ECDSASHA256SignatureMethod: x509.ECDSAWithSHA256,
-	ECDSASHA384SignatureMethod: x509.ECDSAWithSHA384,
-	ECDSASHA512SignatureMethod: x509.ECDSAWithSHA512,
+	RSASHA1SignatureMethod:       x509.SHA1WithRSA,
+	RSASHA256SignatureMethod:     x509.SHA256WithRSA,
+	RSASHA384SignatureMethod:     x509.SHA384WithRSA,
+	RSASHA512SignatureMethod:     x509.SHA512WithRSA,
+	ECDSASHA1SignatureMethod:     x509.ECDSAWithSHA1,
+	SHA256RSAMGF1SignatureMethod: x509.SHA256WithRSAPSS,
+	ECDSASHA256SignatureMethod:   x509.ECDSAWithSHA256,
+	ECDSASHA384SignatureMethod:   x509.ECDSAWithSHA384,
+	ECDSASHA512SignatureMethod:   x509.ECDSAWithSHA512,
 }