The X509Certificate2Collection.Import method allows to retrieve all certificates from an executable file or from an MSI package. That's fine.
Now I want to validate the certificates. The X509Certificate.Verify method validates a certificate against the current time (the Reflector confirms: it uses DateTime.Now).
So my first question is how to validate the certificates against the signed time? An option would be to retrieve an Authenticode data, but there are no built-in support in .NET.
The second question is how to validate the signatures?