Fix for #177, Regression of certificate signing

Module/Cmdlets/PIV/BuildYubikeyPIVSignCertificate.cs

@@ -141,27 +141,37 @@ protected override void ProcessRecord()
                 // If a subject name override is provided, create a new CertificateRequest
                 if (Subjectname is null)
                 {
+                    WriteDebug("No Subjectname provided, using the submitted CertificateRequest as is.");
                     _request = (CertificateRequest)CertificateRequest!.BaseObject;
                 }
                 else
                 {
                     if (((CertificateRequest)CertificateRequest!.BaseObject).PublicKey.Oid.FriendlyName == "RSA")
                     {
+                        WriteDebug("Subjectname submitted, building new RSA Certificate Request");
                         _request = new CertificateRequest(Subjectname, ((CertificateRequest)CertificateRequest!.BaseObject).PublicKey.GetRSAPublicKey()!, HashAlgorithm, RSASignaturePadding.Pkcs1);
                     }
-                    else
+                    else if (((CertificateRequest)CertificateRequest!.BaseObject).PublicKey.Oid.FriendlyName == "ECDSA")
                     {
+                        WriteDebug("Subjectname submitted, building new ECDSA Certificate Request");
                         _request = new CertificateRequest(Subjectname, ((CertificateRequest)CertificateRequest!.BaseObject).PublicKey.GetECDsaPublicKey()!, HashAlgorithm);
                     }
+                    else
+                    {
+                        WriteError(new ErrorRecord(new Exception("Unknown public key algorithm in CertificateRequest"), "UnknownPublicKeyAlgorithm", ErrorCategory.InvalidArgument, null));
+                        return;
+                    }
                 }
 
                 // Add certificate extensions
                 if (CertificateAuthority.IsPresent)
                 {
+                    WriteDebug("Adding constraings for CA usage");
                     _request.CertificateExtensions.Add(new X509BasicConstraintsExtension(true, true, 2, true));
                 }
                 else
                 {
+                    WriteDebug("Adding constraints for non CA usage");
                     _request.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, true));
                     _request.CertificateExtensions.Add(new X509KeyUsageExtension(KeyUsage, true));
                     _request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new Oid("1.3.6.1.5.5.7.3.1"), new Oid("1.3.6.1.5.5.7.3.2"), new Oid("1.3.6.1.4.1.311.20.2.2") }, false));

Module/Cmdlets/Yubikey/ConnectYubikey.cs

@@ -72,7 +72,7 @@ protected override void ProcessRecord()
                     if (yubikeys.Count() == 1)
                     {
                         _yubikey = (YubiKeyDevice)yubikeys.First();
-                        WriteDebug($"Found only one device, using {_yubikey.SerialNumber.ToString() ?? "N/A"}.");
+                        WriteDebug($"[{MyInvocation.MyCommand.Name}] Found only one device, using {_yubikey.SerialNumber.ToString() ?? "N/A"}.");
                     }
                     break;
 

Module/Cmdlets/Yubikey/GetYubikey.cs

@@ -23,7 +23,7 @@ protected override void BeginProcessing()
             // Check if a YubiKey is connected, if not attempt to connect
             if (YubiKeyModule._yubikey is null)
             {
-                WriteDebug("No YubiKey selected, calling Connect-Yubikey...");
+                WriteDebug("[{MyInvocation.MyCommand.Name}]No YubiKey selected, calling Connect-Yubikey...");
                 try
                 {
                     // Create a new PowerShell instance to run Connect-Yubikey

Module/support/Yubico/YubiKeySignatureGenerator.cs

@@ -177,7 +177,7 @@
             }
 
             _ = digester.TransformFinalBlock(data, 0, data.Length);
-            Array.Copy(digester.Hash!, 0, digest, offset, digest.Length);
+            Array.Copy(digester.Hash!, 0, digest, offset, digester.Hash.Length);
 
             return digest;
         }

build.ps1

@@ -19,7 +19,7 @@ dotnet publish module --nologo --framework 'net8.0' --output "$($Directory.fulln
 
 # Only Windows Powershell use format.ps1xml
 #& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\signtool.exe" sign /sha1 "8079DD82969461B1B7A8769B26262726AA0F6D89" /fd SHA256 /t http://timestamp.sectigo.com "$($Directory.fullname)\powershellYK.format.ps1xml"
-& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\signtool.exe" sign /sha1 "8079DD82969461B1B7A8769B26262726AA0F6D89" /fd SHA256 /t http://timestamp.sectigo.com "$($Directory.fullname)\powershellYK.dll"
+& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\signtool.exe" sign /sha1 "A502DF63C4109BE4BCAD42D8AFF43932709FB0C4" /fd SHA256 /t http://timestamp.sectigo.com "$($Directory.fullname)\powershellYK.dll"
 
 Read-Host -Prompt "Press Enter to continue"