Added nesting for Authenticode timestamps.

In theory this won't happen because Windows doesn't support counter-counter
signatures, but it's easy enough to catch them and this results in a cleaner
implementation down to the base class anyway.

Author: vcsjones

AuthenticodeLint/Signature.cs

@@ -115,7 +115,40 @@ internal X509Certificate2Collection GetCertificatesFromMessage(CryptMsgSafeHandl
             return certs;
         }
 
-        public abstract IReadOnlyList<ISignature> GetNestedSignatures();
+        public IReadOnlyList<ISignature> GetNestedSignatures()
+        {
+            var list = new List<ISignature>();
+            foreach (var attribute in UnsignedAttributes)
+            {
+                foreach (var value in attribute.Values)
+                {
+                    ISignature signature;
+                    if (attribute.Oid.Value == KnownOids.AuthenticodeCounterSignature)
+                    {
+                        signature = new AuthenticodeSignature(value);
+                    }
+                    else if (attribute.Oid.Value == KnownOids.Rfc3161CounterSignature)
+                    {
+                        signature = new Signature(value, SignatureKind.Rfc3161Signature);
+                    }
+                    else if (attribute.Oid.Value == KnownOids.NestedSignatureOid)
+                    {
+                        signature = new Signature(value, SignatureKind.NestedSignature);
+                    }
+                    else
+                    {
+                        continue;
+                    }
+                    var childAttributes = new CryptographicAttributeObjectCollection();
+                    foreach (var childAttribute in signature.UnsignedAttributes)
+                    {
+                        childAttributes.Add(childAttribute);
+                    }
+                    list.Add(signature);
+                }
+            }
+            return list.AsReadOnly();
+        }
     }
 
     public class AuthenticodeSignature : SignatureBase
@@ -164,11 +197,6 @@ public unsafe AuthenticodeSignature(AsnEncodedData data)
                 }
             }
         }
-
-        public override IReadOnlyList<ISignature> GetNestedSignatures()
-        {
-            return new List<ISignature>().AsReadOnly();
-        }
     }
 
     public class Signature : SignatureBase
@@ -256,41 +284,6 @@ internal unsafe Signature(AsnEncodedData data, SignatureKind kind)
                 }
             }
         }
-
-        public override IReadOnlyList<ISignature> GetNestedSignatures()
-        {
-            var list = new List<ISignature>();
-            foreach (var attribute in UnsignedAttributes)
-            {
-                foreach (var value in attribute.Values)
-                {
-                    ISignature signature;
-                    if (attribute.Oid.Value == KnownOids.AuthenticodeCounterSignature)
-                    {
-                        signature = new AuthenticodeSignature(value);
-                    }
-                    else if (attribute.Oid.Value == KnownOids.Rfc3161CounterSignature)
-                    {
-                        signature = new Signature(value, SignatureKind.Rfc3161Signature);
-                    }
-                    else if (attribute.Oid.Value == KnownOids.NestedSignatureOid)
-                    {
-                        signature = new Signature(value, SignatureKind.NestedSignature);
-                    }
-                    else
-                    {
-                        continue;
-                    }
-                    var childAttributes = new CryptographicAttributeObjectCollection();
-                    foreach (var childAttribute in signature.UnsignedAttributes)
-                    {
-                        childAttributes.Add(childAttribute);
-                    }
-                    list.Add(signature);
-                }
-            }
-            return list.AsReadOnly();
-        }
     }
 
     internal class UniversalSubjectIdentifier