Merge pull request #6882 from sujitnayak/main

6732: Default to sha2 digest for clickonce manifest

src/Tasks/ManifestUtil/SecurityUtil.cs

@@ -572,7 +572,11 @@ public static void SignFile(string certPath, SecureString certPassword, Uri time
         private static bool UseSha256Algorithm(X509Certificate2 cert)
         {
             Oid oid = cert.SignatureAlgorithm;
-            return string.Equals(oid.FriendlyName, "sha256RSA", StringComparison.OrdinalIgnoreCase);
+            // Issue 6732: Clickonce does not support sha384/sha512 file hash so we default to sha256 
+            // for certs with that signature algorithm.
+            return string.Equals(oid.FriendlyName, "sha256RSA", StringComparison.OrdinalIgnoreCase) ||
+                   string.Equals(oid.FriendlyName, "sha384RSA", StringComparison.OrdinalIgnoreCase) ||
+                   string.Equals(oid.FriendlyName, "sha512RSA", StringComparison.OrdinalIgnoreCase);
         }
 
         /// <summary>