Author: cwittich Date: Sun Dec 6 10:36:50 2009 New Revision: 44432 URL: http://svn.reactos.org/svn/reactos?rev=44432&view=rev Log: sync crypt32_winetest with wine 1.1.34 Modified: trunk/rostests/winetests/crypt32/cert.c trunk/rostests/winetests/crypt32/chain.c trunk/rostests/winetests/crypt32/crl.c trunk/rostests/winetests/crypt32/encode.c trunk/rostests/winetests/crypt32/protectdata.c Modified: trunk/rostests/winetests/crypt32/cert.c URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/crypt32/cert.c?… ============================================================================== --- trunk/rostests/winetests/crypt32/cert.c [iso-8859-1] (original) +++ trunk/rostests/winetests/crypt32/cert.c [iso-8859-1] Sun Dec 6 10:36:50 2009 @@ -2541,6 +2541,29 @@ CertFreeCertificateContext(contexts[2]); } +static BYTE cn[] = { +0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75, +0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67 }; +static BYTE cnWithLeadingSpace[] = { +0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x20,0x4a, +0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67 }; +static BYTE cnWithTrailingSpace[] = { +0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75, +0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x20 }; +static BYTE cnWithIntermediateSpace[] = { +0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75, +0x61,0x6e,0x20,0x20,0x4c,0x61,0x6e,0x67 }; +static BYTE cnThenO[] = { +0x30,0x2d,0x31,0x2b,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75, +0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x17,0x06,0x03,0x55,0x04,0x0a,0x13, +0x10,0x54,0x68,0x65,0x20,0x57,0x69,0x6e,0x65,0x20,0x50,0x72,0x6f,0x6a,0x65, +0x63,0x74 }; +static BYTE oThenCN[] = { +0x30,0x2d,0x31,0x2b,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x4a,0x75, +0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13, +0x10,0x54,0x68,0x65,0x20,0x57,0x69,0x6e,0x65,0x20,0x50,0x72,0x6f,0x6a,0x65, +0x63,0x74 }; + static void testCompareCertName(void) { static BYTE bogus[] = { 1, 2, 3, 4 }; @@ -2572,6 +2595,167 @@ blob2.cbData = sizeof(emptyPrime); ret = CertCompareCertificateName(0, &blob1, &blob2); ok(!ret, "Expected failure\n"); + /* Tests to show that CertCompareCertificateName doesn't decode the name + * to remove spaces, or to do an order-independent comparison. + */ + /* Compare CN="Juan Lang" with CN=" Juan Lang" */ + blob1.pbData = cn; + blob1.cbData = sizeof(cn); + blob2.pbData = cnWithLeadingSpace; + blob2.cbData = sizeof(cnWithLeadingSpace); + ret = CertCompareCertificateName(0, &blob1, &blob2); + ok(!ret, "Expected failure\n"); + ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2); + ok(!ret, "Expected failure\n"); + /* Compare CN="Juan Lang" with CN="Juan Lang " */ + blob2.pbData = cnWithTrailingSpace; + blob2.cbData = sizeof(cnWithTrailingSpace); + ret = CertCompareCertificateName(0, &blob1, &blob2); + ok(!ret, "Expected failure\n"); + ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2); + ok(!ret, "Expected failure\n"); + /* Compare CN="Juan Lang" with CN="Juan Lang" */ + blob2.pbData = cnWithIntermediateSpace; + blob2.cbData = sizeof(cnWithIntermediateSpace); + ret = CertCompareCertificateName(0, &blob1, &blob2); + ok(!ret, "Expected failure\n"); + ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2); + ok(!ret, "Expected failure\n"); + /* Compare 'CN="Juan Lang", O="The Wine Project"' with + * 'O="The Wine Project", CN="Juan Lang"' + */ + blob1.pbData = cnThenO; + blob1.cbData = sizeof(cnThenO); + blob2.pbData = oThenCN; + blob2.cbData = sizeof(oThenCN); + ret = CertCompareCertificateName(0, &blob1, &blob2); + ok(!ret, "Expected failure\n"); + ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2); + ok(!ret, "Expected failure\n"); +} + +static void testIsRDNAttrsInCertificateName(void) +{ + static char oid_1_2_3[] = "1.2.3"; + static char oid_common_name[] = szOID_COMMON_NAME; + static char oid_organization[] = szOID_ORGANIZATION_NAME; + static char juan[] = "Juan Lang"; + static char juan_with_leading_space[] = " Juan Lang"; + static char juan_with_intermediate_space[] = "Juan Lang"; + static char juan_with_trailing_space[] = "Juan Lang "; + static char juan_lower_case[] = "juan lang"; + static WCHAR juanW[] = { 'J','u','a','n',' ','L','a','n','g',0 }; + static char the_wine_project[] = "The Wine Project"; + BOOL ret; + CERT_NAME_BLOB name; + CERT_RDN_ATTR attr[2]; + CERT_RDN rdn = { 0, NULL }; + + name.cbData = sizeof(cn); + name.pbData = cn; + if (0) + { + /* Crash */ + ret = CertIsRDNAttrsInCertificateName(0, 0, NULL, NULL); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, + NULL); + } + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(0, 0, &name, NULL); + ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND, + "expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError()); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(ret, "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError()); + attr[0].pszObjId = oid_1_2_3; + rdn.rgRDNAttr = attr; + rdn.cRDNAttr = 1; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + attr[0].pszObjId = oid_common_name; + attr[0].dwValueType = CERT_RDN_PRINTABLE_STRING; + attr[0].Value.cbData = strlen(juan); + attr[0].Value.pbData = (BYTE *)juan; + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(ret, "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError()); + /* Again, spaces are not removed for name comparison. */ + attr[0].Value.cbData = strlen(juan_with_leading_space); + attr[0].Value.pbData = (BYTE *)juan_with_leading_space; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + attr[0].Value.cbData = strlen(juan_with_intermediate_space); + attr[0].Value.pbData = (BYTE *)juan_with_intermediate_space; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + attr[0].Value.cbData = strlen(juan_with_trailing_space); + attr[0].Value.pbData = (BYTE *)juan_with_trailing_space; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + /* The lower case name isn't matched unless a case insensitive match is + * specified. + */ + attr[0].Value.cbData = strlen(juan_lower_case); + attr[0].Value.pbData = (BYTE *)juan_lower_case; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, + CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG, &name, &rdn); + ok(ret || + broken(!ret && GetLastError() == CRYPT_E_NO_MATCH), /* Older crypt32 */ + "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError()); + /* The values don't match unless they have the same RDN type */ + attr[0].dwValueType = CERT_RDN_UNICODE_STRING; + attr[0].Value.cbData = lstrlenW(juanW) * sizeof(WCHAR); + attr[0].Value.pbData = (BYTE *)juanW; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, + CERT_UNICODE_IS_RDN_ATTRS_FLAG, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + attr[0].dwValueType = CERT_RDN_IA5_STRING; + attr[0].Value.cbData = strlen(juan); + attr[0].Value.pbData = (BYTE *)juan; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + /* All attributes must be present */ + attr[0].dwValueType = CERT_RDN_PRINTABLE_STRING; + attr[0].Value.cbData = strlen(juan); + attr[0].Value.pbData = (BYTE *)juan; + attr[1].pszObjId = oid_organization; + attr[1].dwValueType = CERT_RDN_PRINTABLE_STRING; + attr[1].Value.cbData = strlen(the_wine_project); + attr[1].Value.pbData = (BYTE *)the_wine_project; + rdn.cRDNAttr = 2; + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + /* Order also matters */ + name.pbData = cnThenO; + name.cbData = sizeof(cnThenO); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(ret, "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError()); + name.pbData = oThenCN; + name.cbData = sizeof(oThenCN); + SetLastError(0xdeadbeef); + ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); } static BYTE int1[] = { 0x88, 0xff, 0xff, 0xff }; @@ -2880,12 +3064,99 @@ CertFreeCertificateContext(context1); } +static const BYTE rootWithKeySignAndCRLSign[] = { +0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10, +0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca, +0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31, +0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31, +0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30, +0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35, +0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05, +0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, +0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, +0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82, +0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34, +0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7, +0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91, +0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5, +0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd, +0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c, +0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35, +0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01, +0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01, +0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01, +0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d, +0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0, +0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b, +0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d, +0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c, +0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c, +0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda, +0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7, +0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e, +0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4, +0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f, +0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a, +0x2e,0x84,0xee }; +static const BYTE eeCert[] = { +0x30,0x82,0x01,0xb9,0x30,0x82,0x01,0x22,0xa0,0x03,0x02,0x01,0x02,0x02,0x01, +0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05, +0x00,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43, +0x65,0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30, +0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30, +0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55, +0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06, +0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d, +0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5, +0x33,0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6, +0xdc,0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7, +0x48,0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b, +0x47,0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b, +0x05,0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc, +0x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85, +0x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2, +0xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72, +0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x23,0x30,0x21,0x30,0x1f,0x06,0x03,0x55, +0x1d,0x23,0x04,0x18,0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2, +0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81, +0x81,0x00,0x8a,0x49,0xa9,0x86,0x5e,0xc9,0x33,0x7e,0xfd,0xab,0x64,0x1f,0x6d, +0x00,0xd7,0x9b,0xec,0xd1,0x5b,0x38,0xcc,0xd6,0xf3,0xf2,0xb4,0x75,0x70,0x00, +0x82,0x9d,0x37,0x58,0xe1,0xcd,0x2c,0x61,0xb3,0x28,0xe7,0x8a,0x00,0xbe,0x6e, +0xca,0xe8,0x55,0xd5,0xad,0x3a,0xea,0xaf,0x13,0x20,0x1c,0x44,0xfc,0xb4,0xf9, +0x29,0x2b,0xdc,0x8a,0x2d,0x1b,0x27,0x9e,0xb9,0x3b,0x4a,0x71,0x9d,0x47,0x7d, +0xf7,0x92,0x6b,0x21,0x7f,0xfa,0x88,0x79,0x94,0x33,0xf6,0xdd,0x92,0x04,0x92, +0xd6,0x5e,0x0a,0x74,0xf2,0x85,0xa6,0xd5,0x3c,0x28,0xc0,0x89,0x5d,0xda,0xf3, +0xa6,0x01,0xc2,0xe9,0xa3,0xc1,0xb7,0x21,0x08,0xba,0x18,0x07,0x45,0xeb,0x77, +0x7d,0xcd,0xc6,0xe7,0x2a,0x7b,0x46,0xd2,0x3d,0xb5 }; +static const BYTE rootSignedCRL[] = { +0x30,0x82,0x01,0x1f,0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30, +0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d, +0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, +0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14, +0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30, +0x30,0x30,0x30,0x30,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x0a,0x06,0x03,0x55,0x1d, +0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18, +0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58, +0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xa3,0xcf, +0x17,0x5d,0x7a,0x08,0xab,0x11,0x1a,0xbd,0x5c,0xde,0x9a,0x22,0x92,0x38,0xe6, +0x96,0xcc,0xb1,0xc5,0x42,0x86,0xa6,0xae,0xad,0xa3,0x1a,0x2b,0xa0,0xb0,0x65, +0xaa,0x9c,0xd7,0x2d,0x44,0x8c,0xae,0x61,0xc7,0x30,0x17,0x89,0x84,0x3b,0x4a, +0x8f,0x17,0x08,0x06,0x37,0x1c,0xf7,0x2d,0x4e,0x47,0x07,0x61,0x50,0xd9,0x06, +0xd1,0x46,0xed,0x0a,0xbb,0xc3,0x9b,0x36,0x0b,0xa7,0x27,0x2f,0x2b,0x55,0xce, +0x2a,0xa5,0x60,0xc6,0x53,0x28,0xe8,0xee,0xad,0x0e,0x2b,0xe8,0xd7,0x5f,0xc9, +0xa5,0xed,0xf9,0x77,0xb0,0x3c,0x81,0xcf,0xcc,0x49,0xb2,0x1a,0xc3,0xfd,0x34, +0xd5,0xbc,0xb0,0xd5,0xa5,0x9c,0x1b,0x72,0xc3,0x0f,0xa3,0xe3,0x3c,0xf0,0xc3, +0x91,0xe8,0x93,0x4f,0xd4,0x2f }; + static void testVerifyRevocation(void) { BOOL ret; CERT_REVOCATION_STATUS status = { 0 }; - PCCERT_CONTEXT cert = CertCreateCertificateContext(X509_ASN_ENCODING, - bigCert, sizeof(bigCert)); + PCCERT_CONTEXT certs[2]; + CERT_REVOCATION_PARA revPara = { sizeof(revPara), 0 }; /* Crash ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL); @@ -2901,16 +3172,103 @@ ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError()); ret = CertVerifyRevocation(2, 0, 0, NULL, 0, NULL, &status); ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError()); - SetLastError(0xdeadbeef); - ret = CertVerifyRevocation(0, 0, 1, (void **)&cert, 0, NULL, &status); + certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, + sizeof(bigCert)); + SetLastError(0xdeadbeef); + ret = CertVerifyRevocation(0, 0, 1, (void **)certs, 0, NULL, &status); ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL, "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError()); SetLastError(0xdeadbeef); - ret = CertVerifyRevocation(0, 2, 1, (void **)&cert, 0, NULL, &status); + ret = CertVerifyRevocation(0, 2, 1, (void **)certs, 0, NULL, &status); ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL, "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError()); - CertFreeCertificateContext(cert); + CertFreeCertificateContext(certs[0]); + + certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, + rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign)); + certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING, + eeCert, sizeof(eeCert)); + /* The root cert itself can't be checked for revocation */ + SetLastError(0xdeadbeef); + ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, + 1, (void **)certs, 0, NULL, &status); + ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, + "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError()); + ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, + "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError); + ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex); + /* Neither can the end cert */ + SetLastError(0xdeadbeef); + ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, + 1, (void **)&certs[1], 0, NULL, &status); + ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* Win9x */ || + GetLastError() == CRYPT_E_REVOCATION_OFFLINE), + "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n", + GetLastError()); + ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK /* Win9x */ || + status.dwError == CRYPT_E_REVOCATION_OFFLINE, + "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n", + status.dwError); + ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex); + /* Both certs together can't, either (they're not CRLs) */ + SetLastError(0xdeadbeef); + ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, + 2, (void **)certs, 0, NULL, &status); + ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK || + GetLastError() == CRYPT_E_REVOCATION_OFFLINE /* WinME */), + "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n", + GetLastError()); + ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK || + status.dwError == CRYPT_E_REVOCATION_OFFLINE /* WinME */, + "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n", + status.dwError); + ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex); + ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex); + /* Now add a CRL to the hCrlStore */ + revPara.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + CertAddEncodedCRLToStore(revPara.hCrlStore, X509_ASN_ENCODING, + rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL); + SetLastError(0xdeadbeef); + ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, + 2, (void **)certs, 0, &revPara, &status); + ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK || + GetLastError() == CRYPT_E_REVOCATION_OFFLINE /* WinME */), + "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n", + GetLastError()); + ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK || + status.dwError == CRYPT_E_REVOCATION_OFFLINE /* WinME */, + "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n", + status.dwError); + ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex); + /* Specifying CERT_VERIFY_REV_CHAIN_FLAG doesn't change things either */ + SetLastError(0xdeadbeef); + ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, + 2, (void **)certs, CERT_VERIFY_REV_CHAIN_FLAG, &revPara, &status); + ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, + "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError()); + ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, + "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError); + ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex); + /* Again, specifying the issuer cert: no change */ + revPara.pIssuerCert = certs[0]; + SetLastError(0xdeadbeef); + ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, + 1, (void **)&certs[1], 0, &revPara, &status); + /* Win2k thinks the cert is revoked, and it is, except the CRL is out of + * date, hence the revocation status should be unknown. + */ + ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK || + broken(GetLastError() == CRYPT_E_REVOKED /* Win2k */)), + "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError()); + ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK || + broken(status.dwError == CRYPT_E_REVOKED /* Win2k */), + "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError); + ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex); + CertCloseStore(revPara.hCrlStore, 0); + CertFreeCertificateContext(certs[1]); + CertFreeCertificateContext(certs[0]); } static BYTE privKey[] = { @@ -3283,4 +3641,5 @@ testVerifyRevocation(); testAcquireCertPrivateKey(); testGetPublicKeyLength(); + testIsRDNAttrsInCertificateName(); } Modified: trunk/rostests/winetests/crypt32/chain.c URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/crypt32/chain.c… ============================================================================== --- trunk/rostests/winetests/crypt32/chain.c [iso-8859-1] (original) +++ trunk/rostests/winetests/crypt32/chain.c [iso-8859-1] Sun Dec 6 10:36:50 2009 @@ -2927,7 +2927,8 @@ static const CERT_TRUST_STATUS elementStatus19[] = { { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT, - CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER }, + CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER | + CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, }; static const SimpleChainStatusCheck simpleStatus19[] = { { sizeof(elementStatus19) / sizeof(elementStatus19[0]), elementStatus19 }, @@ -2951,7 +2952,8 @@ static const CERT_TRUST_STATUS elementStatus21[] = { { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT, - CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER }, + CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER | + CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, }; static const SimpleChainStatusCheck simpleStatus21[] = { { sizeof(elementStatus21) / sizeof(elementStatus21[0]), elementStatus21 }, @@ -3257,7 +3259,7 @@ CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, CERT_TRUST_HAS_PREFERRED_ISSUER | CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, - { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, + { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, 1, simpleStatus19 }, 0 }, /* Older versions of crypt32 do not set @@ -3278,7 +3280,7 @@ CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, CERT_TRUST_HAS_PREFERRED_ISSUER | CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, - { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, + { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, 1, simpleStatus21 }, 0 }, { { sizeof(chain22) / sizeof(chain22[0]), chain22 }, @@ -3405,8 +3407,9 @@ { sizeof(chain27) / sizeof(chain27[0]), chain27 }, { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE | CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, - CERT_TRUST_HAS_PREFERRED_ISSUER }, - { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, + CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS | CERT_TRUST_HAS_PREFERRED_ISSUER }, + { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, + CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, 1, simpleStatus27Broken }, 0 }; @@ -3421,7 +3424,12 @@ PCCERT_CONTEXT cert; CERT_CHAIN_PARA para = { 0 }; PCCERT_CHAIN_CONTEXT chain; + FILETIME fileTime; DWORD i; + HCERTSTORE store; + static char one_two_three[] = "1.2.3"; + static char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH; + LPSTR oids[2]; /* Basic parameter checks */ if (0) @@ -3481,6 +3489,68 @@ CertFreeCertificateContext(cert); + /* Test usage match with Google's cert */ + store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING, + verisignCA, sizeof(verisignCA), CERT_STORE_ADD_ALWAYS, NULL); + CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING, + thawte_sgc_ca, sizeof(thawte_sgc_ca), CERT_STORE_ADD_ALWAYS, NULL); + cert = CertCreateCertificateContext(X509_ASN_ENCODING, + google, sizeof(google)); + SystemTimeToFileTime(&oct2009, &fileTime); + memset(&para, 0, sizeof(para)); + para.cbSize = sizeof(para); + oids[0] = one_two_three; + para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND; + para.RequestedUsage.Usage.rgpszUsageIdentifier = oids; + para.RequestedUsage.Usage.cUsageIdentifier = 1; + ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para, + 0, NULL, &chain); + ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError()); + if (ret) + { + ok(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_VALID_FOR_USAGE, + "expected CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n"); + CertFreeCertificateChain(chain); + } + oids[0] = oid_server_auth; + ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para, + 0, NULL, &chain); + ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError()); + if (ret) + { + ok(!(chain->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_NOT_VALID_FOR_USAGE), + "didn't expect CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n"); + CertFreeCertificateChain(chain); + } + oids[1] = one_two_three; + para.RequestedUsage.Usage.cUsageIdentifier = 2; + para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND; + ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para, + 0, NULL, &chain); + ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError()); + if (ret) + { + ok(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_VALID_FOR_USAGE, + "expected CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n"); + CertFreeCertificateChain(chain); + } + para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; + ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para, + 0, NULL, &chain); + ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError()); + if (ret) + { + ok(!(chain->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_NOT_VALID_FOR_USAGE), + "didn't expect CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n"); + CertFreeCertificateChain(chain); + } + CertCloseStore(store, 0); + CertFreeCertificateContext(cert); + for (i = 0; i < sizeof(chainCheck) / sizeof(chainCheck[0]); i++) { chain = getChain(&chainCheck[i].certs, 0, TRUE, &oct2007, @@ -3510,8 +3580,10 @@ { ok(chain->TrustStatus.dwErrorStatus == chainCheckEmbeddedNull.status.status.dwErrorStatus || - broken(chain->TrustStatus.dwErrorStatus == - chainCheckEmbeddedNullBroken.status.status.dwErrorStatus), + broken((chain->TrustStatus.dwErrorStatus & + ~chainCheckEmbeddedNullBroken.status.statusToIgnore.dwErrorStatus) == + (chainCheckEmbeddedNullBroken.status.status.dwErrorStatus & + ~chainCheckEmbeddedNullBroken.status.statusToIgnore.dwErrorStatus)), "unexpected chain error status %08x\n", chain->TrustStatus.dwErrorStatus); if (chainCheckEmbeddedNull.status.status.dwErrorStatus == Modified: trunk/rostests/winetests/crypt32/crl.c URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/crypt32/crl.c?r… ============================================================================== --- trunk/rostests/winetests/crypt32/crl.c [iso-8859-1] (original) +++ trunk/rostests/winetests/crypt32/crl.c [iso-8859-1] Sun Dec 6 10:36:50 2009 @@ -223,271 +223,21 @@ CertCloseStore(store, 0); } -static void testFindCRL(void) -{ - HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, - CERT_STORE_CREATE_NEW_FLAG, NULL); - PCCRL_CONTEXT context; - PCCERT_CONTEXT cert; - BOOL ret; - - if (!store) return; - if (!pCertFindCRLInStore) - { - win_skip("CertFindCRLInStore() is not available\n"); - return; - } - - ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL, - sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL); - ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); - - /* Crashes - context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL); - */ - - /* Find any context */ - context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL); - ok(context != NULL, "Expected a context\n"); - if (context) - CertFreeCRLContext(context); - /* Bogus flags are ignored */ - context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL); - ok(context != NULL, "Expected a context\n"); - if (context) - CertFreeCRLContext(context); - /* CRL encoding type is ignored too */ - context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL); - ok(context != NULL, "Expected a context\n"); - if (context) - CertFreeCRLContext(context); - - /* This appears to match any cert */ - context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL); - ok(context != NULL, "Expected a context\n"); - if (context) - CertFreeCRLContext(context); - - /* Try to match an issuer that isn't in the store */ - cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2, - sizeof(bigCert2)); - ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", - GetLastError()); - context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL); - ok(context == NULL, "Expected no matching context\n"); - CertFreeCertificateContext(cert); - - /* Match an issuer that is in the store */ - cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, - sizeof(bigCert)); - ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", - GetLastError()); - context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL); - ok(context != NULL, "Expected a context\n"); - if (context) - CertFreeCRLContext(context); - CertFreeCertificateContext(cert); - - CertCloseStore(store, 0); -} - -static void testGetCRLFromStore(void) -{ - HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, - CERT_STORE_CREATE_NEW_FLAG, NULL); - PCCRL_CONTEXT context; - PCCERT_CONTEXT cert; - DWORD flags; - BOOL ret; - - if (!store) return; - - /* Crash - context = CertGetCRLFromStore(NULL, NULL, NULL, NULL); - context = CertGetCRLFromStore(store, NULL, NULL, NULL); - */ - - /* Bogus flags */ - flags = 0xffffffff; - context = CertGetCRLFromStore(store, NULL, NULL, &flags); - ok(!context && GetLastError() == E_INVALIDARG, - "Expected E_INVALIDARG, got %08x\n", GetLastError()); - - /* Test an empty store */ - flags = 0; - context = CertGetCRLFromStore(store, NULL, NULL, &flags); - ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND, - "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); - - ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL, - sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL); - ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); - - /* NULL matches any CRL */ - flags = 0; - context = CertGetCRLFromStore(store, NULL, NULL, &flags); - ok(context != NULL, "Expected a context\n"); - CertFreeCRLContext(context); - - /* This cert's issuer isn't in */ - cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2, - sizeof(bigCert2)); - ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", - GetLastError()); - context = CertGetCRLFromStore(store, cert, NULL, &flags); - ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND, - "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); - CertFreeCertificateContext(cert); - - /* But this one is */ - cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, - sizeof(bigCert)); - ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", - GetLastError()); - context = CertGetCRLFromStore(store, cert, NULL, &flags); - ok(context != NULL, "Expected a context\n"); - CertFreeCRLContext(context); - CertFreeCertificateContext(cert); - - CertCloseStore(store, 0); -} - -static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID, - PCCRL_CONTEXT context, DWORD propID) -{ - BYTE hash[20] = { 0 }, hashProperty[20]; - BOOL ret; - DWORD size; - - memset(hash, 0, sizeof(hash)); - memset(hashProperty, 0, sizeof(hashProperty)); - size = sizeof(hash); - ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size); - ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError()); - ret = CertGetCRLContextProperty(context, propID, hashProperty, &size); - ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError()); - ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n", - propID); -} - -static void testCRLProperties(void) -{ - PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING, - CRL, sizeof(CRL)); - - ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError()); - if (context) - { - DWORD propID, numProps, access, size; - BOOL ret; - BYTE hash[20] = { 0 }, hashProperty[20]; - CRYPT_DATA_BLOB blob; - - /* This crashes - propID = CertEnumCRLContextProperties(NULL, 0); - */ - - propID = 0; - numProps = 0; - do { - propID = CertEnumCRLContextProperties(context, propID); - if (propID) - numProps++; - } while (propID != 0); - ok(numProps == 0, "Expected 0 properties, got %d\n", numProps); - - /* Tests with a NULL cert context. Prop ID 0 fails.. */ - ret = CertSetCRLContextProperty(NULL, 0, 0, NULL); - ok(!ret && GetLastError() == E_INVALIDARG, - "Expected E_INVALIDARG, got %08x\n", GetLastError()); - /* while this just crashes. - ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0, - NULL); - */ - - ret = CertSetCRLContextProperty(context, 0, 0, NULL); - ok(!ret && GetLastError() == E_INVALIDARG, - "Expected E_INVALIDARG, got %08x\n", GetLastError()); - /* Can't set the cert property directly, this crashes. - ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL); - */ - - /* These all crash. - ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0, - NULL); - ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL); - ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, - hashProperty, NULL); - */ - /* A missing prop */ - size = 0; - ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID, - NULL, &size); - ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND, - "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); - /* And, an implicit property */ - ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, - NULL, &size); - ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError()); - ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, - &access, &size); - ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError()); - ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG), - "Didn't expect a persisted crl\n"); - /* Trying to set this "read only" property crashes. - access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG; - ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0, - &access); - */ - - /* Can I set the hash to an invalid hash? */ - blob.pbData = hash; - blob.cbData = sizeof(hash); - ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob); - ok(ret, "CertSetCRLContextProperty failed: %08x\n", - GetLastError()); - size = sizeof(hashProperty); - ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, - hashProperty, &size); - ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n"); - /* Delete the (bogus) hash, and get the real one */ - ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL); - ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError()); - checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID); - - /* Now that the hash property is set, we should get one property when - * enumerating. - */ - propID = 0; - numProps = 0; - do { - propID = CertEnumCRLContextProperties(context, propID); - if (propID) - numProps++; - } while (propID != 0); - ok(numProps == 1, "Expected 1 properties, got %d\n", numProps); - - /* Check a few other implicit properties */ - checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context, - CERT_MD5_HASH_PROP_ID); - - CertFreeCRLContext(context); - } -} - static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a }; -static const BYTE v2CRLWithIssuingDistPoint[] = { 0x30,0x5c,0x02,0x01,0x01, - 0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03, - 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31, - 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30, - 0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30, - 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06, - 0x03,0x55,0x1d,0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 }; +static const BYTE v2CRLWithIssuingDistPoint[] = { +0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11, +0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e, +0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30, +0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36, +0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27, +0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30, +0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77, +0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 }; static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01, 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06, @@ -523,11 +273,683 @@ 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07, 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c, 0xcd }; +static const BYTE verisignCommercialSoftPubCA[] = { +0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92, +0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06, +0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17, +0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67, +0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b, +0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65, +0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50, +0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d, +0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30, +0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11, +0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65, +0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69, +0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03, +0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f, +0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72, +0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30, +0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05, +0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65, +0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45, +0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c, +0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e, +0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81, +0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47, +0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51, +0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca, +0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00, +0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00, +0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3, +0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19, +0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99, +0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b, +0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81, +0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1, +0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0, +0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71, +0x64,0x31,0x3c,0x3c +}; +static const BYTE rootWithKeySignAndCRLSign[] = { +0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10, +0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca, +0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31, +0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31, +0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30, +0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35, +0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05, +0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, +0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, +0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82, +0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34, +0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7, +0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91, +0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5, +0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd, +0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c, +0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35, +0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01, +0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01, +0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01, +0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d, +0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0, +0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b, +0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d, +0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c, +0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c, +0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda, +0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7, +0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e, +0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4, +0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f, +0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a, +0x2e,0x84,0xee }; +static const BYTE eeCert[] = { +0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, +0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65, +0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30, +0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30, +0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04, +0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00, +0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33, +0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc, +0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48, +0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47, +0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05, +0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a, +0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85, +0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3, +0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3, +0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2, +0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3, +0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a, +0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41, +0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5, +0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8, +0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7, +0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92, +0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3, +0xef,0x9f }; +static const BYTE rootSignedCRL[] = { +0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30, +0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d, +0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, +0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14, +0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30, +0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d, +0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16, +0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98, +0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, +0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d, +0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45, +0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68, +0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b, +0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3, +0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c, +0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66, +0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a, +0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b, +0x3d,0x74,0xd6,0x3b }; + +static void testFindCRL(void) +{ + HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + PCCRL_CONTEXT context; + PCCERT_CONTEXT cert, endCert, rootCert; + CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL }; + DWORD count, revoked_count; + BOOL ret; + + if (!store) return; + if (!pCertFindCRLInStore) + { + win_skip("CertFindCRLInStore() is not available\n"); + return; + } + + ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL, + sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL); + ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); + + /* Crashes + context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL); + */ + + /* Find any context */ + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL); + ok(context != NULL, "Expected a context\n"); + if (context) + CertFreeCRLContext(context); + /* Bogus flags are ignored */ + context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL); + ok(context != NULL, "Expected a context\n"); + if (context) + CertFreeCRLContext(context); + /* CRL encoding type is ignored too */ + context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL); + ok(context != NULL, "Expected a context\n"); + if (context) + CertFreeCRLContext(context); + + /* This appears to match any cert */ + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL); + ok(context != NULL, "Expected a context\n"); + if (context) + CertFreeCRLContext(context); + + /* Try to match an issuer that isn't in the store */ + cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2, + sizeof(bigCert2)); + ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", + GetLastError()); + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL); + ok(context == NULL, "Expected no matching context\n"); + CertFreeCertificateContext(cert); + + /* Match an issuer that is in the store */ + cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, + sizeof(bigCert)); + ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", + GetLastError()); + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL); + ok(context != NULL, "Expected a context\n"); + if (context) + CertFreeCRLContext(context); + + /* Try various find flags */ + context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, + CRL_FIND_ISSUED_BY, cert, NULL); + ok(!context || broken(context != NULL /* Win9x */), "unexpected context\n"); + /* The CRL doesn't have an AKI extension, so it matches any cert */ + context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG, + CRL_FIND_ISSUED_BY, cert, NULL); + ok(context != NULL, "Expected a context\n"); + if (context) + CertFreeCRLContext(context); + + if (0) + { + /* Crash or return NULL/STATUS_ACCESS_VIOLATION */ + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL, + NULL); + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, + &issuedForPara, NULL); + } + /* Test whether the cert matches the CRL in the store */ + issuedForPara.pSubjectCert = cert; + issuedForPara.pIssuerCert = cert; + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, + &issuedForPara, NULL); + ok(context != NULL || broken(!context /* Win9x, NT4 */), + "Expected a context\n"); + if (context) + { + ok(context->cbCrlEncoded == sizeof(signedCRL), + "unexpected CRL size %d\n", context->cbCrlEncoded); + ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded), + "unexpected CRL data\n"); + CertFreeCRLContext(context); + } + + ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, + v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry), + CERT_STORE_ADD_ALWAYS, NULL); + ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); + ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, + v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint), + CERT_STORE_ADD_ALWAYS, NULL); + ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); + ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, + verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL); + ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); + issuedForPara.pSubjectCert = cert; + issuedForPara.pIssuerCert = cert; + context = NULL; + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, + &issuedForPara, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all + * match cert's issuer, but verisignCRL does not, so the expected count + * is 0. + */ + ok(count == 3 || broken(count == 0 /* NT4, Win9x */), + "expected 3 matching CRLs, got %d\n", count); + /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain + * entries, so the count of CRL entries that match cert is 2. + */ + ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */), + "expected 2 matching CRL entries, got %d\n", revoked_count); + + CertFreeCertificateContext(cert); + + /* Try again with a cert that doesn't match any CRLs in the store */ + cert = CertCreateCertificateContext(X509_ASN_ENCODING, + bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer)); + ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", + GetLastError()); + issuedForPara.pSubjectCert = cert; + issuedForPara.pIssuerCert = cert; + context = NULL; + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, + &issuedForPara, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + CertFreeCertificateContext(cert); + + /* Test again with a real certificate and CRL. The certificate wasn't + * revoked, but its issuer does have a CRL. + */ + cert = CertCreateCertificateContext(X509_ASN_ENCODING, + verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA)); + ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", + GetLastError()); + issuedForPara.pIssuerCert = cert; + issuedForPara.pSubjectCert = cert; + context = NULL; + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, + &issuedForPara, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 1 || broken(count == 0 /* Win9x, NT4 */), + "expected 1 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + CertFreeCertificateContext(cert); + + CertCloseStore(store, 0); + + /* This test uses a synthesized chain (rootWithKeySignAndCRLSign -> + * eeCert) whose end certificate is in the CRL. + */ + store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + /* Add a CRL for the end certificate */ + CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, + rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL); + /* Add another CRL unrelated to the tested chain */ + CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, + verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL); + endCert = CertCreateCertificateContext(X509_ASN_ENCODING, + eeCert, sizeof(eeCert)); + rootCert = CertCreateCertificateContext(X509_ASN_ENCODING, + rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign)); + issuedForPara.pSubjectCert = endCert; + issuedForPara.pIssuerCert = rootCert; + context = NULL; + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, + &issuedForPara, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 1 || broken(count == 0 /* Win9x, NT4 */), + "expected 1 matching CRLs, got %d\n", count); + ok(revoked_count == 1 || broken(revoked_count == 0 /* Win9x, NT4 */), + "expected 1 matching CRL entries, got %d\n", revoked_count); + + /* Test CRL_FIND_ISSUED_BY flags */ + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, + endCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, + rootCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 1, "expected 1 matching CRLs, got %d\n", count); + ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG, + CRL_FIND_ISSUED_BY, endCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG, + CRL_FIND_ISSUED_BY, rootCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 0 || broken(count == 1 /* Win9x */), + "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, + CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert, + context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, + CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert, + context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 1, "expected 1 matching CRLs, got %d\n", count); + ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n", + revoked_count); + CertFreeCertificateContext(rootCert); + CertFreeCertificateContext(endCert); + + CertCloseStore(store, 0); +} + +static void testGetCRLFromStore(void) +{ + HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + PCCRL_CONTEXT context; + PCCERT_CONTEXT cert; + DWORD flags; + BOOL ret; + + if (!store) return; + + /* Crash + context = CertGetCRLFromStore(NULL, NULL, NULL, NULL); + context = CertGetCRLFromStore(store, NULL, NULL, NULL); + */ + + /* Bogus flags */ + flags = 0xffffffff; + context = CertGetCRLFromStore(store, NULL, NULL, &flags); + ok(!context && GetLastError() == E_INVALIDARG, + "Expected E_INVALIDARG, got %08x\n", GetLastError()); + + /* Test an empty store */ + flags = 0; + context = CertGetCRLFromStore(store, NULL, NULL, &flags); + ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND, + "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); + + ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL, + sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL); + ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); + + /* NULL matches any CRL */ + flags = 0; + context = CertGetCRLFromStore(store, NULL, NULL, &flags); + ok(context != NULL, "Expected a context\n"); + CertFreeCRLContext(context); + + /* This cert's issuer isn't in */ + cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2, + sizeof(bigCert2)); + ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", + GetLastError()); + context = CertGetCRLFromStore(store, cert, NULL, &flags); + ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND, + "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); + CertFreeCertificateContext(cert); + + /* But this one is */ + cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, + sizeof(bigCert)); + ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n", + GetLastError()); + context = CertGetCRLFromStore(store, cert, NULL, &flags); + ok(context != NULL, "Expected a context\n"); + CertFreeCRLContext(context); + CertFreeCertificateContext(cert); + + CertCloseStore(store, 0); +} + +static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID, + PCCRL_CONTEXT context, DWORD propID) +{ + BYTE hash[20] = { 0 }, hashProperty[20]; + BOOL ret; + DWORD size; + + memset(hash, 0, sizeof(hash)); + memset(hashProperty, 0, sizeof(hashProperty)); + size = sizeof(hash); + ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size); + ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError()); + ret = CertGetCRLContextProperty(context, propID, hashProperty, &size); + ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError()); + ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n", + propID); +} + +static void testCRLProperties(void) +{ + PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING, + CRL, sizeof(CRL)); + + ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError()); + if (context) + { + DWORD propID, numProps, access, size; + BOOL ret; + BYTE hash[20] = { 0 }, hashProperty[20]; + CRYPT_DATA_BLOB blob; + + /* This crashes + propID = CertEnumCRLContextProperties(NULL, 0); + */ + + propID = 0; + numProps = 0; + do { + propID = CertEnumCRLContextProperties(context, propID); + if (propID) + numProps++; + } while (propID != 0); + ok(numProps == 0, "Expected 0 properties, got %d\n", numProps); + + /* Tests with a NULL cert context. Prop ID 0 fails.. */ + ret = CertSetCRLContextProperty(NULL, 0, 0, NULL); + ok(!ret && GetLastError() == E_INVALIDARG, + "Expected E_INVALIDARG, got %08x\n", GetLastError()); + /* while this just crashes. + ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0, + NULL); + */ + + ret = CertSetCRLContextProperty(context, 0, 0, NULL); + ok(!ret && GetLastError() == E_INVALIDARG, + "Expected E_INVALIDARG, got %08x\n", GetLastError()); + /* Can't set the cert property directly, this crashes. + ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL); + */ + + /* These all crash. + ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0, + NULL); + ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL); + ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, + hashProperty, NULL); + */ + /* A missing prop */ + size = 0; + ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID, + NULL, &size); + ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND, + "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); + /* And, an implicit property */ + ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, + NULL, &size); + ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError()); + ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, + &access, &size); + ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError()); + ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG), + "Didn't expect a persisted crl\n"); + /* Trying to set this "read only" property crashes. + access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG; + ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0, + &access); + */ + + /* Can I set the hash to an invalid hash? */ + blob.pbData = hash; + blob.cbData = sizeof(hash); + ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob); + ok(ret, "CertSetCRLContextProperty failed: %08x\n", + GetLastError()); + size = sizeof(hashProperty); + ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, + hashProperty, &size); + ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n"); + /* Delete the (bogus) hash, and get the real one */ + ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL); + ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError()); + checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID); + + /* Now that the hash property is set, we should get one property when + * enumerating. + */ + propID = 0; + numProps = 0; + do { + propID = CertEnumCRLContextProperties(context, propID); + if (propID) + numProps++; + } while (propID != 0); + ok(numProps == 1, "Expected 1 properties, got %d\n", numProps); + + /* Check a few other implicit properties */ + checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context, + CERT_MD5_HASH_PROP_ID); + + CertFreeCRLContext(context); + } +} + +static const BYTE bigCertWithCRLDistPoints[] = { +0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30, +0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61, +0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31, +0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31, +0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11, +0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e, +0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, +0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06, +0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86, +0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e, +0x6f,0x72,0x67 }; static void testIsValidCRLForCert(void) { BOOL ret; - PCCERT_CONTEXT cert1, cert2; + PCCERT_CONTEXT cert1, cert2, cert3; PCCRL_CONTEXT crl; HCERTSTORE store; @@ -568,52 +990,69 @@ CertFreeCRLContext(crl); - /* Yet with a CRL_ISSUING_DIST_POINT in the CRL, I still can't get this - * to say the CRL is not valid for either cert. + /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the + * cert doesn't have the same extension in it. */ crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint)); + ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError()); + + ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL); + ok(!ret && GetLastError() == CRYPT_E_NO_MATCH, + "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError()); + + /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing + * a CRL_DIST_POINTS_INFO extension. + */ + cert3 = CertCreateCertificateContext(X509_ASN_ENCODING, + bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints)); + ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n", + GetLastError()); + ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL); + ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); + + CertFreeCRLContext(crl); + + /* And again, with a real CRL, the CRL is valid for all three certs. */ + crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL, + sizeof(verisignCRL)); ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError()); ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL); ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL); ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); + ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL); + ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); CertFreeCRLContext(crl); - /* And again, with a real CRL, the CRL is valid for both certs. */ - crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL, - sizeof(verisignCRL)); - ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError()); + /* One last test: a CRL in a different store than the cert is also valid + * for the cert. + */ + store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError()); + + ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL, + sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl); + ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL); ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL); ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); + ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL); + ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); CertFreeCRLContext(crl); - /* One last test: a CRL in a different store than the cert is also valid - * for the cert, so CertIsValidCRLForCertificate must always return TRUE? - */ - store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0, - CERT_STORE_CREATE_NEW_FLAG, NULL); - ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError()); - - ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL, - sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl); - ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError()); - - ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL); - ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); - ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL); - ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError()); - - CertFreeCRLContext(crl); - CertCloseStore(store, 0); + CertFreeCertificateContext(cert3); CertFreeCertificateContext(cert2); CertFreeCertificateContext(cert1); } @@ -710,8 +1149,8 @@ CertFreeCRLContext(crl); /* Check against CRL with different issuer and entry for the cert */ - crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry, - sizeof(v1CRLWithIssuerAndEntry)); + crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer, + sizeof(crlWithDifferentIssuer)); ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError()); ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1, (PCRL_INFO *)&crl->pCrlInfo); Modified: trunk/rostests/winetests/crypt32/encode.c URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/crypt32/encode.… ============================================================================== --- trunk/rostests/winetests/crypt32/encode.c [iso-8859-1] (original) +++ trunk/rostests/winetests/crypt32/encode.c [iso-8859-1] Sun Dec 6 10:36:50 2009 @@ -1387,8 +1387,9 @@ embeddedNullNameValue.encoded, embeddedNullNameValue.encodedSize, CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL, &buf, &bufSize); - ok(ret, "Value type %d: CryptDecodeObjectEx failed: %08x\n", - embeddedNullNameValue.value.dwValueType, GetLastError()); + /* Some Windows versions disallow name values with embedded NULLs, so + * either success or failure is acceptable. + */ if (ret) { CERT_NAME_VALUE rdnEncodedValue = { CERT_RDN_ENCODED_BLOB, @@ -3851,23 +3852,14 @@ 0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30, 0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d, 0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 }; -static const BYTE v2CRLWithIssuingDistPoint[] = { 0x30,0x5c,0x02,0x01,0x01, - 0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03, - 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31, - 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30, - 0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30, - 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06, - 0x03,0x55,0x1d,0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 }; static void test_encodeCRLToBeSigned(DWORD dwEncoding) { BOOL ret; BYTE *buf = NULL; - static CHAR oid_issuing_dist_point[] = szOID_ISSUING_DIST_POINT; DWORD size = 0; CRL_INFO info = { 0 }; CRL_ENTRY entry = { { 0 }, { 0 }, 0, 0 }; - CERT_EXTENSION ext; /* Test with a V1 CRL */ ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info, @@ -3976,21 +3968,6 @@ { ok(size == sizeof(v2CRLWithExt), "Wrong size %d\n", size); ok(!memcmp(buf, v2CRLWithExt, size), "Got unexpected value\n"); - LocalFree(buf); - } - /* a v2 CRL with an issuing dist point extension */ - ext.pszObjId = oid_issuing_dist_point; - ext.fCritical = TRUE; - ext.Value.cbData = sizeof(urlIDP); - ext.Value.pbData = (LPBYTE)urlIDP; - entry.rgExtension = &ext; - ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info, - CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size); - ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError()); - if (buf) - { - ok(size == sizeof(v2CRLWithIssuingDistPoint), "Wrong size %d\n", size); - ok(!memcmp(buf, v2CRLWithIssuingDistPoint, size), "Unexpected value\n"); LocalFree(buf); } } @@ -4686,19 +4663,6 @@ info->cExtension); LocalFree(buf); } - /* And again, with an issuing dist point */ - ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, - v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint), - CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size); - ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError()); - if (buf) - { - CRL_INFO *info = (CRL_INFO *)buf; - - ok(info->cExtension == 1, "Expected 1 extensions, got %d\n", - info->cExtension); - LocalFree(buf); - } } static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING, Modified: trunk/rostests/winetests/crypt32/protectdata.c URL: http://svn.reactos.org/svn/reactos/trunk/rostests/winetests/crypt32/protect… ============================================================================== --- trunk/rostests/winetests/crypt32/protectdata.c [iso-8859-1] (original) +++ trunk/rostests/winetests/crypt32/protectdata.c [iso-8859-1] Sun Dec 6 10:36:50 2009 @@ -213,7 +213,7 @@ plain.cbData=0; } -static void test_simpleroundtrip(const char *plaintext, int wine_fails) +static void test_simpleroundtrip(const char *plaintext) { DATA_BLOB input; DATA_BLOB encrypted; @@ -234,17 +234,9 @@ } res = pCryptUnprotectData(&encrypted, NULL, NULL, NULL, NULL, 0, &output); - if (wine_fails) { - todo_wine - ok(res != 0, "can't unprotect; last error %u\n", GetLastError()); - } else { - ok(res != 0, "can't unprotect; last error %u\n", GetLastError()); - } - - if (res) { - ok(output.cbData == strlen(plaintext), "output wrong length %d for input '%s', wanted %d\n", output.cbData, plaintext, strlen(plaintext)); - ok(!memcmp(plaintext, (char *)output.pbData, output.cbData), "output wrong contents for input '%s'\n", plaintext); - } + ok(res != 0, "can't unprotect; last error %u\n", GetLastError()); + ok(output.cbData == strlen(plaintext), "output wrong length %d for input '%s', wanted %d\n", output.cbData, plaintext, strlen(plaintext)); + ok(!memcmp(plaintext, (char *)output.pbData, output.cbData), "output wrong contents for input '%s'\n", plaintext); } START_TEST(protectdata) @@ -262,8 +254,8 @@ protected=FALSE; test_cryptprotectdata(); test_cryptunprotectdata(); - test_simpleroundtrip("", 1); - test_simpleroundtrip("hello", 0); + test_simpleroundtrip(""); + test_simpleroundtrip("hello"); /* deinit globals here */ if (cipher.pbData) LocalFree(cipher.pbData);