Returning multiple certificate chains in a PE file

[acharyab15]

Is there a way using this package to extract multiple certificate chains that are present in a PE file? I am currently looking at a PE file that has multiple certificate chains. However the Parse function seems to only result 1 of those chains with 2 certs, but seems to skip over the remaining cert chains. Is there a slight modification that can be made to get those? Or do you know of any other go packages that currently do that?

Finally, great job with this package! It was really easy to use compared to some other libraries that I found :)

[LordNoteworthy]

Hey @acharyab15

Would it be possible to attach the sample here ?

Thanks.

[acharyab15]

I have uploaded a sample file in https://github.com/acharyab15/pefile as it's an exe file and I couldn't do it directly here. (This is a sample file that has 2 cert chains)

When running the parse, I see these certs as output:
`
Cert0:
Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
ValidFrom: 2005-06-07 08:09:10 +0000 UTC
ValidTo: 2020-05-30 10:48:38 +0000 UTC

Cert1:
Subject: CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
ValidFrom: 2015-12-31 00:00:00 +0000 UTC
ValidTo: 2019-07-09 18:40:36 +0000 UTC

Cert2:
Subject: CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
ValidFrom: 2011-08-24 00:00:00 +0000 UTC
ValidTo: 2020-05-30 10:48:38 +0000 UTC

Cert3:
Subject: CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL
Subject: CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
ValidFrom: 2014-09-12 00:00:00 +0000 UTC
ValidTo: 2019-09-12 23:59:59 +0000 UTC
`

When I run the osslsigncode tool, I get
`
Signature Index: 0 (Primary Signature)
Signer's certificate:
Signer #0:
Subject: /C=IL/postalCode=52583/ST=Gush Dan/L=Ramat Gan/street=5 Hashoshanim st./O=Nir Sofer/CN=Nir Sofer
Issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2
Serial : 1AF0660E837A35A2CD92EC613FC15DB8
Certificate expiration date:
notBefore : Sep 12 00:00:00 2014 GMT
notAfter : Sep 12 23:59:59 2019 GMT

Number of certificates: 4
Signer #0:
Subject: /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object
Issuer : /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Serial : 421AF2940984191F520A4BC62426A74B
Certificate expiration date:
notBefore : Jun 7 08:09:10 2005 GMT
notAfter : May 30 10:48:38 2020 GMT
------------------
Signer #1:
Subject: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-1 Time Stamping Signer
Issuer : /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object
Serial : 1688F039255E638E69143907E6330B
Certificate expiration date:
notBefore : Dec 31 00:00:00 2015 GMT
notAfter : Jul 9 18:40:36 2019 GMT
------------------
Signer #2:
Subject: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2
Issuer : /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object
Serial : 10709D4FF55408D7306001D8EA9175BB
Certificate expiration date:
notBefore : Aug 24 00:00:00 2011 GMT
notAfter : May 30 10:48:38 2020 GMT
------------------
Signer #3:
Subject: /C=IL/postalCode=52583/ST=Gush Dan/L=Ramat Gan/street=5 Hashoshanim st./O=Nir Sofer/CN=Nir Sofer
Issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2
Serial : 1AF0660E837A35A2CD92EC613FC15DB8
Certificate expiration date:
notBefore : Sep 12 00:00:00 2014 GMT
notAfter : Sep 12 23:59:59 2019 GMT

Signature Index: 1
Signer's certificate:
Signer #0:
Subject: /C=IL/postalCode=52583/ST=Gush Dan/L=Ramat Gan/street=5 Hashoshanim st./O=Nir Sofer/CN=Nir Sofer
Issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Serial : BD1B1E450BBDD5DF88678E7DDA223D17
Certificate expiration date:
notBefore : Mar 30 00:00:00 2016 GMT
notAfter : Jun 30 23:59:59 2019 GMT

Number of certificates: 2
Signer #0:
Subject: /C=IL/postalCode=52583/ST=Gush Dan/L=Ramat Gan/street=5 Hashoshanim st./O=Nir Sofer/CN=Nir Sofer
Issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Serial : BD1B1E450BBDD5DF88678E7DDA223D17
Certificate expiration date:
notBefore : Mar 30 00:00:00 2016 GMT
notAfter : Jun 30 23:59:59 2019 GMT
------------------
Signer #1:
Subject: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
Serial : 2E7C87CC0E934A52FE94FD1CB7CD34AF
Certificate expiration date:
notBefore : May 9 00:00:00 2013 GMT
notAfter : May 8 23:59:59 2028 GMT

`

So seems like only the primary signature is read and returned?

[LordNoteworthy]

Thanks for uploading the sample, I'll have a look.