Skip to content

Commit 5d93bb3

Browse files
committed
Added nesting for Authenticode timestamps.
In theory this won't happen because Windows doesn't support counter-counter signatures, but it's easy enough to catch them and this results in a cleaner implementation down to the base class anyway.
1 parent 793ad75 commit 5d93bb3

File tree

1 file changed

+34
-41
lines changed

1 file changed

+34
-41
lines changed

AuthenticodeLint/Signature.cs

Lines changed: 34 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,40 @@ internal X509Certificate2Collection GetCertificatesFromMessage(CryptMsgSafeHandl
115115
return certs;
116116
}
117117

118-
public abstract IReadOnlyList<ISignature> GetNestedSignatures();
118+
public IReadOnlyList<ISignature> GetNestedSignatures()
119+
{
120+
var list = new List<ISignature>();
121+
foreach (var attribute in UnsignedAttributes)
122+
{
123+
foreach (var value in attribute.Values)
124+
{
125+
ISignature signature;
126+
if (attribute.Oid.Value == KnownOids.AuthenticodeCounterSignature)
127+
{
128+
signature = new AuthenticodeSignature(value);
129+
}
130+
else if (attribute.Oid.Value == KnownOids.Rfc3161CounterSignature)
131+
{
132+
signature = new Signature(value, SignatureKind.Rfc3161Signature);
133+
}
134+
else if (attribute.Oid.Value == KnownOids.NestedSignatureOid)
135+
{
136+
signature = new Signature(value, SignatureKind.NestedSignature);
137+
}
138+
else
139+
{
140+
continue;
141+
}
142+
var childAttributes = new CryptographicAttributeObjectCollection();
143+
foreach (var childAttribute in signature.UnsignedAttributes)
144+
{
145+
childAttributes.Add(childAttribute);
146+
}
147+
list.Add(signature);
148+
}
149+
}
150+
return list.AsReadOnly();
151+
}
119152
}
120153

121154
public class AuthenticodeSignature : SignatureBase
@@ -164,11 +197,6 @@ public unsafe AuthenticodeSignature(AsnEncodedData data)
164197
}
165198
}
166199
}
167-
168-
public override IReadOnlyList<ISignature> GetNestedSignatures()
169-
{
170-
return new List<ISignature>().AsReadOnly();
171-
}
172200
}
173201

174202
public class Signature : SignatureBase
@@ -256,41 +284,6 @@ internal unsafe Signature(AsnEncodedData data, SignatureKind kind)
256284
}
257285
}
258286
}
259-
260-
public override IReadOnlyList<ISignature> GetNestedSignatures()
261-
{
262-
var list = new List<ISignature>();
263-
foreach (var attribute in UnsignedAttributes)
264-
{
265-
foreach (var value in attribute.Values)
266-
{
267-
ISignature signature;
268-
if (attribute.Oid.Value == KnownOids.AuthenticodeCounterSignature)
269-
{
270-
signature = new AuthenticodeSignature(value);
271-
}
272-
else if (attribute.Oid.Value == KnownOids.Rfc3161CounterSignature)
273-
{
274-
signature = new Signature(value, SignatureKind.Rfc3161Signature);
275-
}
276-
else if (attribute.Oid.Value == KnownOids.NestedSignatureOid)
277-
{
278-
signature = new Signature(value, SignatureKind.NestedSignature);
279-
}
280-
else
281-
{
282-
continue;
283-
}
284-
var childAttributes = new CryptographicAttributeObjectCollection();
285-
foreach (var childAttribute in signature.UnsignedAttributes)
286-
{
287-
childAttributes.Add(childAttribute);
288-
}
289-
list.Add(signature);
290-
}
291-
}
292-
return list.AsReadOnly();
293-
}
294287
}
295288

296289
internal class UniversalSubjectIdentifier

0 commit comments

Comments
 (0)