wintrust: Load secondary signatures in SoftpubLoadSignature().

dlls/wintrust/softpub.c

@@ -830,6 +830,57 @@ static DWORD WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
     return err;
 }
 
+static void load_secondary_signatures(CRYPT_PROVIDER_DATA *data, HCRYPTMSG msg)
+{
+    CRYPT_PROVIDER_SIGSTATE *s = data->pSigState;
+    CRYPT_ATTRIBUTES *attrs;
+    unsigned int i, j;
+    DWORD size;
+
+    if (!CryptMsgGetParam(msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, NULL, &size))
+        return;
+
+    if (!(attrs = data->psPfns->pfnAlloc(size)))
+    {
+        ERR("No memory.\n");
+        return;
+    }
+    if (!CryptMsgGetParam(msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, attrs, &size))
+        goto done;
+
+    for (i = 0; i < attrs->cAttr; ++i)
+    {
+        if (strcmp(attrs->rgAttr[i].pszObjId, szOID_NESTED_SIGNATURE))
+            continue;
+
+        if (!(s->rhSecondarySigs = data->psPfns->pfnAlloc(attrs->rgAttr[i].cValue * sizeof(*s->rhSecondarySigs))))
+        {
+            ERR("No memory");
+            goto done;
+        }
+        s->cSecondarySigs = 0;
+        for (j = 0; j < attrs->rgAttr[i].cValue; ++j)
+        {
+            if (!(msg = CryptMsgOpenToDecode(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL)))
+            {
+                ERR("Could not create crypt message.\n");
+                goto done;
+            }
+            if (!CryptMsgUpdate(msg, attrs->rgAttr[i].rgValue[j].pbData, attrs->rgAttr[i].rgValue[j].cbData, TRUE))
+            {
+                ERR("Could not update crypt message, err %lu.\n", GetLastError());
+                CryptMsgClose(msg);
+                goto done;
+            }
+            s->rhSecondarySigs[j] = msg;
+            ++s->cSecondarySigs;
+        }
+        break;
+    }
+done:
+    data->psPfns->pfnFree(attrs);
+}
+
 HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
 {
     DWORD err = ERROR_SUCCESS;
@@ -854,7 +905,10 @@ HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
         data->pSigState->fSupportMultiSig = TRUE;
         data->pSigState->dwCryptoPolicySupport = WSS_SIGTRUST_SUPPORT | WSS_OBJTRUST_SUPPORT | WSS_CERTTRUST_SUPPORT;
         if (data->hMsg)
+        {
             data->pSigState->hPrimarySig = CryptMsgDuplicate(data->hMsg);
+            load_secondary_signatures(data, data->pSigState->hPrimarySig);
+        }
     }
 
     if (!err && data->hMsg)

dlls/wintrust/tests/softpub.c

@@ -1840,7 +1840,7 @@ static void test_multiple_signatures(void)
         ok(prov->pSigState->fSupportMultiSig, "Got %d.\n", prov->pSigState->fSupportMultiSig);
         ok(prov->pSigState->dwCryptoPolicySupport == (WSS_SIGTRUST_SUPPORT | WSS_OBJTRUST_SUPPORT
                 | WSS_CERTTRUST_SUPPORT), "Got %#lx.\n", prov->pSigState->dwCryptoPolicySupport);
-        todo_wine ok(prov->pSigState->cSecondarySigs == 2, "Got %lu.\n", prov->pSigState->cSecondarySigs);
+        ok(prov->pSigState->cSecondarySigs == 2, "Got %lu.\n", prov->pSigState->cSecondarySigs);
 
         size = sizeof(buf);
         bret = CryptMsgGetParam(prov->pSigState->hPrimarySig, CMSG_SIGNER_CERT_INFO_PARAM, 0, buf, &size);

include/wintrust.h

@@ -475,6 +475,8 @@ CRYPT_PROVIDER_SGNR * WINAPI WTHelperGetProvSignerFromChain(
 CRYPT_PROVIDER_DATA * WINAPI WTHelperProvDataFromStateData(HANDLE hStateData);
 CRYPT_PROVIDER_PRIVDATA * WINAPI WTHelperGetProvPrivateDataFromChain(CRYPT_PROVIDER_DATA *,GUID *);
 
+#define szOID_NESTED_SIGNATURE       "1.3.6.1.4.1.311.2.4.1"
+
 #define SPC_INDIRECT_DATA_OBJID      "1.3.6.1.4.1.311.2.1.4"
 #define SPC_SP_AGENCY_INFO_OBJID     "1.3.6.1.4.1.311.2.1.10"
 #define SPC_STATEMENT_TYPE_OBJID     "1.3.6.1.4.1.311.2.1.11"