ReactOS  0.4.14-dev-50-g13bb5e2
cryptnet.c
Go to the documentation of this file.
1 /*
2  * Unit test suite for cryptnet.dll
3  *
4  * Copyright 2007 Juan Lang
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19  */
20 #include <stdarg.h>
21 #include <stdio.h>
22 
23 #include <windef.h>
24 #include <winbase.h>
25 #include <winerror.h>
26 #include <wincrypt.h>
27 #include "wine/test.h"
28 
29 static const BYTE bigCert[] = {
30 0x30,0x78,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x14,0x31,0x12,0x30,0x10,
31 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
32 0x67,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,
33 0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
34 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
35 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,
36 0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
37 0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
38 0x01,0x01};
39 static const BYTE certWithIssuingDistPoint[] = {
40 0x30,0x81,0x99,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,
41 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x14,0x31,0x12,
42 0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,
43 0x61,0x6e,0x67,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
44 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
45 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,
46 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
47 0x67,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x27,0x30,0x25,0x30,
48 0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,0x17,0xa0,0x15,
49 0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,
50 0x68,0x71,0x2e,0x6f,0x72,0x67, };
51 static const BYTE certWithCRLDistPoint[] = {
52 0x30,0x81,0x9b,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,
53 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x14,0x31,0x12,
54 0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,
55 0x61,0x6e,0x67,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
56 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
57 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,
58 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
59 0x67,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x29,0x30,0x27,0x30,
60 0x25,0x06,0x03,0x55,0x1d,0x1f,0x01,0x01,0xff,0x04,0x1b,0x30,0x19,0x30,0x17,
61 0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,
62 0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67, };
63 static const BYTE certWithAIAWithCAIssuers[] = {
64 0x30,0x82,0x01,0x3c,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,0x30,0x0b,0x06,
65 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30,0x14,0x31,0x12,0x30,
66 0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
67 0x6e,0x67,0x30,0x1e,0x17,0x0d,0x30,0x39,0x31,0x30,0x32,0x38,0x30,0x30,0x30,
68 0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x31,0x32,0x37,0x30,0x30,0x30,
69 0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,
70 0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x81,0xa5,0x30,
71 0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x03,0x81,0x95,
72 0x00,0x06,0x02,0x00,0x00,0x00,0x24,0x00,0x00,0x52,0x53,0x41,0x31,0x00,0x04,
73 0x00,0x00,0x01,0x00,0x01,0x00,0x2f,0xb2,0x8c,0xff,0x6c,0xf1,0xb1,0x61,0x9c,
74 0x3a,0x8f,0x5e,0x35,0x2f,0x1f,0xd5,0xcf,0x2a,0xf6,0x9e,0x37,0xe8,0x89,0xa2,
75 0xb1,0x1c,0xc0,0x1c,0xb6,0x72,0x45,0x97,0xe5,0x88,0x3d,0xfe,0xa6,0x27,0xea,
76 0xd6,0x07,0x0f,0xcd,0xba,0x49,0x06,0x16,0xdb,0xad,0x06,0x76,0x39,0x4c,0x15,
77 0xdf,0xe2,0x07,0xc5,0x99,0x1b,0x98,0x4b,0xc3,0x8e,0x89,0x12,0x95,0x9e,0x3b,
78 0xb9,0x59,0xfe,0x91,0x33,0xc1,0x1f,0xce,0x8f,0xab,0x93,0x25,0x01,0x3e,0xde,
79 0xf1,0x58,0x3b,0xe7,0x7a,0x03,0x14,0x07,0x09,0x0a,0x21,0x2d,0x12,0x11,0x08,
80 0x78,0x07,0x9e,0x34,0xc3,0xc5,0xde,0xb2,0xd8,0xd7,0x86,0x0d,0x0d,0xcd,0x81,
81 0xa4,0x2d,0x7c,0x82,0x50,0xca,0x2a,0xc2,0x99,0xe5,0xf3,0xca,0x7e,0xad,0xa3,
82 0x31,0x30,0x2f,0x30,0x2d,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
83 0x04,0x21,0x30,0x1f,0x30,0x1d,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,
84 0x02,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,
85 0x71,0x2e,0x6f,0x72,0x67 };
86 
88  const CRYPT_URL_ARRAY *got)
89 {
90  ok(expected->cUrl == got->cUrl, "Expected %d URLs, got %d\n",
91  expected->cUrl, got->cUrl);
92  if (expected->cUrl == got->cUrl)
93  {
94  DWORD i;
95 
96  for (i = 0; i < got->cUrl; i++)
97  ok(!lstrcmpiW(expected->rgwszUrl[i], got->rgwszUrl[i]),
98  "%d: unexpected URL\n", i);
99  }
100 }
101 
102 static WCHAR url[] =
103  { 'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',0 };
104 
105 static void test_getObjectUrl(void)
106 {
107  BOOL ret;
108  DWORD urlArraySize = 0, infoSize = 0;
110 
111  SetLastError(0xdeadbeef);
114  "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
115  /* Crash
116  ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, NULL, 0, NULL, NULL,
117  NULL, NULL, NULL);
118  ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, NULL, 0, NULL, NULL,
119  NULL, &infoSize, NULL);
120  ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, NULL, 0, NULL,
121  &urlArraySize, NULL, &infoSize, NULL);
122  */
123  /* A cert with no CRL dist point extension fails.. */
125  sizeof(bigCert));
126  SetLastError(0xdeadbeef);
128  NULL, NULL, NULL, NULL);
130  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
132 
135  if (cert)
136  {
137  /* This cert has no AIA extension, so expect this to fail */
138  SetLastError(0xdeadbeef);
140  NULL, NULL, NULL, NULL, NULL);
142  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
143  SetLastError(0xdeadbeef);
147  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
148  SetLastError(0xdeadbeef);
152  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
153  /* It does have an issuing dist point extension, but that's not what
154  * this is looking for (it wants a CRL dist points extension)
155  */
156  SetLastError(0xdeadbeef);
158  (void *)cert, 0, NULL, NULL, NULL, NULL, NULL);
160  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
161  SetLastError(0xdeadbeef);
164  NULL);
166  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
167  SetLastError(0xdeadbeef);
170  NULL);
172  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
174  }
177  if (cert)
178  {
179  PCRYPT_URL_ARRAY urlArray;
180 
181  /* This cert has no AIA extension, so expect this to fail */
182  SetLastError(0xdeadbeef);
184  NULL, NULL, NULL, NULL, NULL);
186  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
187  SetLastError(0xdeadbeef);
191  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
192  SetLastError(0xdeadbeef);
196  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
197  /* It does have a CRL dist points extension */
198  SetLastError(0xdeadbeef);
200  (void *)cert, 0, NULL, NULL, NULL, NULL, NULL);
201  ok(!ret && GetLastError() == E_INVALIDARG,
202  "Expected E_INVALIDARG, got %08x\n", GetLastError());
203  SetLastError(0xdeadbeef);
205  (void *)cert, 0, NULL, NULL, NULL, &infoSize, NULL);
206  ok(!ret && GetLastError() == E_INVALIDARG,
207  "Expected E_INVALIDARG, got %08x\n", GetLastError());
208  /* Can get it without specifying the location: */
210  (void *)cert, 0, NULL, &urlArraySize, NULL, NULL, NULL);
211  ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
212  urlArray = HeapAlloc(GetProcessHeap(), 0, urlArraySize);
213  if (urlArray)
214  {
216  (void *)cert, 0, urlArray, &urlArraySize, NULL, NULL, NULL);
217  ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
218  if (ret)
219  {
220  LPWSTR pUrl = url;
221  CRYPT_URL_ARRAY expectedUrl = { 1, &pUrl };
222 
223  compareUrlArray(&expectedUrl, urlArray);
224  }
225  HeapFree(GetProcessHeap(), 0, urlArray);
226  }
227  /* or by specifying it's an extension: */
229  (void *)cert, CRYPT_GET_URL_FROM_EXTENSION, NULL, &urlArraySize, NULL,
230  NULL, NULL);
231  ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
232  urlArray = HeapAlloc(GetProcessHeap(), 0, urlArraySize);
233  if (urlArray)
234  {
236  (void *)cert, CRYPT_GET_URL_FROM_EXTENSION, urlArray,
237  &urlArraySize, NULL, NULL, NULL);
238  ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
239  if (ret)
240  {
241  LPWSTR pUrl = url;
242  CRYPT_URL_ARRAY expectedUrl = { 1, &pUrl };
243 
244  compareUrlArray(&expectedUrl, urlArray);
245  }
246  HeapFree(GetProcessHeap(), 0, urlArray);
247  }
248  /* but it isn't contained in a property: */
249  SetLastError(0xdeadbeef);
251  (void *)cert, CRYPT_GET_URL_FROM_PROPERTY, NULL, &urlArraySize, NULL,
252  NULL, NULL);
254  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
256  }
259  if (cert)
260  {
261  PCRYPT_URL_ARRAY urlArray;
262 
263  /* This has an AIA extension with the CA Issuers set, so expect it
264  * to succeed:
265  */
267  (void *)cert, 0, NULL, &urlArraySize, NULL, NULL, NULL);
268  ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
269  if (ret)
270  {
271  urlArray = HeapAlloc(GetProcessHeap(), 0, urlArraySize);
272  if (urlArray)
273  {
275  (void *)cert, CRYPT_GET_URL_FROM_EXTENSION, urlArray,
276  &urlArraySize, NULL, NULL, NULL);
277  ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
278  if (ret)
279  {
280  LPWSTR pUrl = url;
281  CRYPT_URL_ARRAY expectedUrl = { 1, &pUrl };
282 
283  compareUrlArray(&expectedUrl, urlArray);
284  }
285  HeapFree(GetProcessHeap(), 0, urlArray);
286  }
287  }
288  /* It doesn't have a CRL dist points extension, so this should fail */
289  SetLastError(0xdeadbeef);
291  (void *)cert, 0, NULL, &urlArraySize, NULL, NULL, NULL);
293  "expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
295  }
296 }
297 
299 {
300  static char curr[MAX_PATH] = { 0 };
301  char temp[MAX_PATH];
302  DWORD dwNumberOfBytesWritten;
303  HANDLE hf;
304 
305  if (!*curr)
307  GetTempFileNameA(curr, "net", 0, temp);
308  lstrcpyA(path, temp);
312  &dwNumberOfBytesWritten, NULL);
313  CloseHandle(hf);
314 }
315 
316 static void test_retrieveObjectByUrl(void)
317 {
318  BOOL ret;
319  char tmpfile[MAX_PATH * 2], url[MAX_PATH + 8];
320  CRYPT_BLOB_ARRAY *pBlobArray;
323  HCERTSTORE store;
325  FILETIME ft = { 0 };
326 
327  SetLastError(0xdeadbeef);
331  "got 0x%x/%u (expected ERROR_INVALID_PARAMETER or E_INVALIDARG)\n",
333 
335  snprintf(url, sizeof(url), "file://%s", tmpfile);
336 
337  pBlobArray = (CRYPT_BLOB_ARRAY *)0xdeadbeef;
338  ret = CryptRetrieveObjectByUrlA(url, NULL, 0, 0, (void **)&pBlobArray,
339  NULL, NULL, NULL, NULL);
340  if (!ret)
341  {
342  /* File URL support was apparently removed in Vista/Windows 2008 */
343  win_skip("File URLs not supported\n");
344  return;
345  }
346  ok(ret, "CryptRetrieveObjectByUrlA failed: %d\n", GetLastError());
347  ok(pBlobArray && pBlobArray != (CRYPT_BLOB_ARRAY *)0xdeadbeef,
348  "Expected a valid pointer\n");
349  if (pBlobArray && pBlobArray != (CRYPT_BLOB_ARRAY *)0xdeadbeef)
350  {
351  ok(pBlobArray->cBlob == 1, "Expected 1 blob, got %d\n",
352  pBlobArray->cBlob);
353  ok(pBlobArray->rgBlob[0].cbData == sizeof(certWithCRLDistPoint),
354  "Unexpected size %d\n", pBlobArray->rgBlob[0].cbData);
355  CryptMemFree(pBlobArray);
356  }
357  cert = (PCCERT_CONTEXT)0xdeadbeef;
359  (void **)&cert, NULL, NULL, NULL, NULL);
360  ok(ret, "CryptRetrieveObjectByUrlA failed: %d\n", GetLastError());
361  ok(cert && cert != (PCCERT_CONTEXT)0xdeadbeef, "Expected a cert\n");
362  if (cert && cert != (PCCERT_CONTEXT)0xdeadbeef)
364  crl = (PCCRL_CONTEXT)0xdeadbeef;
365  SetLastError(0xdeadbeef);
367  NULL, NULL, NULL, NULL);
368  /* w2k3,XP, newer w2k: CRYPT_E_NO_MATCH, older w2k: CRYPT_E_ASN1_BADTAG
369  * or OSS_DATA_ERROR.
370  */
371  ok(!ret && (GetLastError() == CRYPT_E_NO_MATCH ||
374  "got 0x%x/%u (expected CRYPT_E_NO_MATCH)\n", GetLastError(), GetLastError());
375 
376  /* only newer versions of cryptnet do the cleanup */
377  if(!ret && GetLastError() != CRYPT_E_ASN1_BADTAG &&
379  ok(crl == NULL, "Expected CRL to be NULL\n");
380  }
381 
382  if (crl && crl != (PCCRL_CONTEXT)0xdeadbeef)
384  store = (HCERTSTORE)0xdeadbeef;
386  &store, NULL, NULL, NULL, NULL);
387  ok(ret, "CryptRetrieveObjectByUrlA failed: %d\n", GetLastError());
388  if (store && store != (HCERTSTORE)0xdeadbeef)
389  {
390  DWORD certs = 0;
391 
392  cert = NULL;
393  do {
395  if (cert)
396  certs++;
397  } while (cert);
398  ok(certs == 1, "Expected 1 cert, got %d\n", certs);
399  CertCloseStore(store, 0);
400  }
401  /* Are file URLs cached? */
402  cert = (PCCERT_CONTEXT)0xdeadbeef;
404  CRYPT_CACHE_ONLY_RETRIEVAL, 0, (void **)&cert, NULL, NULL, NULL, NULL);
405  ok(ret, "CryptRetrieveObjectByUrlA failed: %08x\n", GetLastError());
406  if (cert && cert != (PCCERT_CONTEXT)0xdeadbeef)
408 
409  cert = (PCCERT_CONTEXT)0xdeadbeef;
411  (void **)&cert, NULL, NULL, NULL, &aux);
412  /* w2k: failure with E_INVALIDARG */
414  "got %u with 0x%x/%u (expected '!=0' or '0' with E_INVALIDARG)\n",
416  if (cert && cert != (PCCERT_CONTEXT)0xdeadbeef)
418 
419  cert = (PCCERT_CONTEXT)0xdeadbeef;
420  aux.cbSize = sizeof(aux);
422  (void **)&cert, NULL, NULL, NULL, &aux);
423  /* w2k: failure with E_INVALIDARG */
425  "got %u with 0x%x/%u (expected '!=0' or '0' with E_INVALIDARG)\n",
427  if (!ret) {
428  /* no more tests useful */
430  skip("no usable CertificateContext\n");
431  return;
432  }
434 
435  aux.pLastSyncTime = &ft;
437  (void **)&cert, NULL, NULL, NULL, &aux);
438  ok(ret, "CryptRetrieveObjectByUrlA failed: %08x\n", GetLastError());
441  "Expected last sync time to be set\n");
443  /* Okay, after being deleted, are file URLs still cached? */
444  SetLastError(0xdeadbeef);
446  CRYPT_CACHE_ONLY_RETRIEVAL, 0, (void **)&cert, NULL, NULL, NULL, NULL);
449  "Expected ERROR_FILE_NOT_FOUND or ERROR_PATH_NOT_FOUND, got %d\n",
450  GetLastError());
451 }
452 
453 static const BYTE rootWithKeySignAndCRLSign[] = {
454 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
455 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
456 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
457 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
458 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
459 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
460 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
461 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
462 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
463 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
464 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
465 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
466 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
467 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
468 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
469 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
470 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
471 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
472 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
473 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
474 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
475 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
476 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
477 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
478 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
479 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
480 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
481 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
482 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
483 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
484 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
485 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
486 0x2e,0x84,0xee };
487 static const BYTE revokedCert[] = {
488 0x30,0x82,0x01,0xb9,0x30,0x82,0x01,0x22,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,
489 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
490 0x00,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,
491 0x65,0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,
492 0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,
493 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,
494 0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,
495 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
496 0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,
497 0x33,0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,
498 0xdc,0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,
499 0x48,0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,
500 0x47,0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,
501 0x05,0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,
502 0x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,
503 0x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,
504 0xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,
505 0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x23,0x30,0x21,0x30,0x1f,0x06,0x03,0x55,
506 0x1d,0x23,0x04,0x18,0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,
507 0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,
508 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,
509 0x81,0x00,0x8a,0x49,0xa9,0x86,0x5e,0xc9,0x33,0x7e,0xfd,0xab,0x64,0x1f,0x6d,
510 0x00,0xd7,0x9b,0xec,0xd1,0x5b,0x38,0xcc,0xd6,0xf3,0xf2,0xb4,0x75,0x70,0x00,
511 0x82,0x9d,0x37,0x58,0xe1,0xcd,0x2c,0x61,0xb3,0x28,0xe7,0x8a,0x00,0xbe,0x6e,
512 0xca,0xe8,0x55,0xd5,0xad,0x3a,0xea,0xaf,0x13,0x20,0x1c,0x44,0xfc,0xb4,0xf9,
513 0x29,0x2b,0xdc,0x8a,0x2d,0x1b,0x27,0x9e,0xb9,0x3b,0x4a,0x71,0x9d,0x47,0x7d,
514 0xf7,0x92,0x6b,0x21,0x7f,0xfa,0x88,0x79,0x94,0x33,0xf6,0xdd,0x92,0x04,0x92,
515 0xd6,0x5e,0x0a,0x74,0xf2,0x85,0xa6,0xd5,0x3c,0x28,0xc0,0x89,0x5d,0xda,0xf3,
516 0xa6,0x01,0xc2,0xe9,0xa3,0xc1,0xb7,0x21,0x08,0xba,0x18,0x07,0x45,0xeb,0x77,
517 0x7d,0xcd,0xc6,0xe7,0x2a,0x7b,0x46,0xd2,0x3d,0xb5 };
518 static const BYTE unRevokedCert[] = {
519 0x30,0x82,0x01,0xa2,0x30,0x82,0x01,0x0d,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,
520 0x02,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30,
521 0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,
522 0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,0x30,
523 0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,0x30,
524 0x30,0x30,0x30,0x5a,0x30,0x24,0x31,0x22,0x30,0x0e,0x06,0x03,0x55,0x04,0x03,
525 0x13,0x07,0x66,0x6f,0x6f,0x2e,0x63,0x6f,0x6d,0x30,0x10,0x06,0x03,0x55,0x04,
526 0x03,0x13,0x09,0x2a,0x2e,0x66,0x6f,0x6f,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9d,
527 0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x03,0x81,
528 0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,
529 0xe5,0x33,0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,
530 0xc6,0xdc,0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,
531 0xa7,0x48,0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,
532 0x8b,0x47,0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,
533 0x6b,0x05,0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,
534 0xfc,0x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,
535 0x85,0x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,
536 0xb2,0xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,
537 0x72,0xa3,0x02,0x03,0x01,0x00,0x01,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,
538 0xf7,0x0d,0x01,0x01,0x05,0x03,0x81,0x81,0x00,0x9f,0x11,0x8a,0x0a,0x6e,0xb0,
539 0x73,0xcc,0x48,0xf1,0x92,0xca,0xaf,0x9a,0x3d,0xb9,0xcf,0xbe,0x84,0xd0,0xa8,
540 0x34,0x25,0x27,0x9d,0x28,0x68,0xc5,0x35,0x2b,0x84,0xff,0xdb,0xd0,0x1f,0x0d,
541 0xd7,0xd6,0x8c,0x1b,0x33,0x52,0x7d,0x19,0xd0,0xc2,0xf3,0x63,0xd6,0x55,0x45,
542 0xf9,0x46,0xa0,0xb7,0xb3,0x94,0xbb,0x25,0x9b,0x29,0x76,0x7c,0x11,0xc7,0x7b,
543 0xcc,0xcb,0x99,0x3c,0xae,0xe7,0x16,0xb5,0xa7,0x6a,0x1f,0x75,0x4a,0x58,0x65,
544 0xb1,0x5b,0x91,0x29,0x20,0x81,0x51,0x64,0x05,0x24,0xa5,0x77,0xb7,0x8e,0xc8,
545 0x32,0x0f,0x0d,0x4f,0xf9,0x78,0x0f,0xc4,0xef,0xd6,0x25,0x5a,0xa4,0x9b,0x07,
546 0x17,0xea,0x56,0xe2,0x7b,0x61,0x1c,0x2d,0x40,0x38,0x9a,0x24,0x64,0x4b,0x6d,
547 0x08,0x96 };
548 static const BYTE rootSignedCRLWithBadAKI[] = {
549 0x30,0x82,0x01,0x1f,0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
550 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
551 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
552 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
553 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
554 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
555 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x0a,0x06,0x03,0x55,0x1d,
556 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,
557 0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,
558 0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,
559 0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xa3,0xcf,
560 0x17,0x5d,0x7a,0x08,0xab,0x11,0x1a,0xbd,0x5c,0xde,0x9a,0x22,0x92,0x38,0xe6,
561 0x96,0xcc,0xb1,0xc5,0x42,0x86,0xa6,0xae,0xad,0xa3,0x1a,0x2b,0xa0,0xb0,0x65,
562 0xaa,0x9c,0xd7,0x2d,0x44,0x8c,0xae,0x61,0xc7,0x30,0x17,0x89,0x84,0x3b,0x4a,
563 0x8f,0x17,0x08,0x06,0x37,0x1c,0xf7,0x2d,0x4e,0x47,0x07,0x61,0x50,0xd9,0x06,
564 0xd1,0x46,0xed,0x0a,0xbb,0xc3,0x9b,0x36,0x0b,0xa7,0x27,0x2f,0x2b,0x55,0xce,
565 0x2a,0xa5,0x60,0xc6,0x53,0x28,0xe8,0xee,0xad,0x0e,0x2b,0xe8,0xd7,0x5f,0xc9,
566 0xa5,0xed,0xf9,0x77,0xb0,0x3c,0x81,0xcf,0xcc,0x49,0xb2,0x1a,0xc3,0xfd,0x34,
567 0xd5,0xbc,0xb0,0xd5,0xa5,0x9c,0x1b,0x72,0xc3,0x0f,0xa3,0xe3,0x3c,0xf0,0xc3,
568 0x91,0xe8,0x93,0x4f,0xd4,0x2f };
569 static const BYTE rootSignedCRL[] = {
570 0x30,0x81,0xe6,0x30,0x53,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
571 0x01,0x01,0x05,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,
572 0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,
573 0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,
574 0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,0x30,0x12,0x02,0x01,0x01,0x17,0x0d,
575 0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x0b,
576 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x03,0x81,0x81,0x00,
577 0x94,0x84,0x0a,0xad,0x63,0xe3,0x05,0xc1,0xd8,0x94,0x44,0xeb,0x30,0x03,0xa1,
578 0xb4,0x7b,0x09,0x2f,0xf6,0xef,0x0f,0xe5,0x58,0x70,0x67,0xac,0x32,0x91,0xc0,
579 0x9d,0xf1,0x2b,0xf4,0xb3,0xcf,0xdd,0x1d,0x74,0x7b,0x6f,0x59,0x36,0x73,0xca,
580 0xcd,0x9c,0xb6,0xd9,0x35,0x39,0x45,0x8d,0xfd,0xf9,0x65,0xf3,0x42,0x2c,0x2c,
581 0xa6,0xfc,0xd2,0x23,0x6c,0x73,0x28,0x21,0x47,0x22,0x88,0x36,0x7d,0xd8,0xf0,
582 0xd0,0xca,0x11,0x20,0x50,0x6b,0x1e,0xb1,0x16,0x16,0xde,0xa6,0xc1,0x8d,0x18,
583 0xf1,0x42,0x22,0x1d,0x95,0x11,0xd7,0xa9,0x8f,0x90,0xe5,0x2f,0x71,0x52,0x47,
584 0xe0,0x45,0xb1,0x5a,0x2c,0x72,0x8a,0x25,0xca,0xd6,0x96,0xa2,0x7b,0x83,0x4c,
585 0xa3,0x24,0x7e,0xdd,0x45,0xa1,0x38,0xf8 };
586 
587 static BOOL (WINAPI *pCertVerifyRevocation)(DWORD, DWORD, DWORD, void **, DWORD,
589 
590 /* Wednesday, Oct 1, 2007 */
591 static SYSTEMTIME oct2007 = { 2007, 10, 1, 1, 0, 0, 0, 0 };
592 /* Tuesday, May 1, 2007 */
593 static SYSTEMTIME may2007 = { 2007, 5, 2, 1, 0, 0, 0, 0 };
594 
595 static void test_verifyRevocation(void)
596 {
597  HMODULE hCryptNet = GetModuleHandleA("cryptnet.dll");
598  BOOL ret;
599  CERT_REVOCATION_STATUS status = { sizeof(status), 0 };
600  PCCERT_CONTEXT certs[2];
601  CERT_REVOCATION_PARA revPara = { sizeof(revPara), 0 };
602  FILETIME time;
603 
604  pCertVerifyRevocation = (void *)GetProcAddress(hCryptNet,
605  "CertDllVerifyRevocation");
606  if (!pCertVerifyRevocation)
607  {
608  win_skip("no CertDllVerifyRevocation\n");
609  return;
610  }
611  if (0)
612  {
613  /* Crash */
614  pCertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL);
615  }
616  SetLastError(0xdeadbeef);
617  ret = pCertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
618  ok(!ret && GetLastError() == E_INVALIDARG,
619  "expected E_INVALIDARG, got %08x\n", GetLastError());
620  SetLastError(0xdeadbeef);
621  ret = pCertVerifyRevocation(X509_ASN_ENCODING, 0, 0, NULL, 0, NULL,
622  &status);
623  ok(!ret && GetLastError() == E_INVALIDARG,
624  "expected E_INVALIDARG, got %08x\n", GetLastError());
625  SetLastError(0xdeadbeef);
626  ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 0, NULL, 0,
627  NULL, &status);
628  ok(!ret && GetLastError() == E_INVALIDARG,
629  "expected E_INVALIDARG, got %08x\n", GetLastError());
631  sizeof(bigCert));
632  SetLastError(0xdeadbeef);
633  ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
634  1, (void **)certs, 0, NULL, &status);
636  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
638  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
639  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
640  CertFreeCertificateContext(certs[0]);
644  revokedCert, sizeof(revokedCert));
645  /* The root cert itself can't be checked for revocation */
646  SetLastError(0xdeadbeef);
647  ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
648  1, (void **)certs, 0, NULL, &status);
650  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
652  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
653  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
654  /* Neither can the end cert */
655  SetLastError(0xdeadbeef);
656  ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
657  1, (void **)&certs[1], 0, NULL, &status);
659  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
661  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
662  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
663  /* Both certs together can't, either (they're not CRLs) */
664  SetLastError(0xdeadbeef);
665  ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
666  2, (void **)certs, 0, NULL, &status);
668  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
670  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
671  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
672  /* Now add a CRL to the hCrlStore */
678  SetLastError(0xdeadbeef);
679  ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
680  2, (void **)certs, 0, &revPara, &status);
682  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
684  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
685  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
686  /* Specifying CERT_VERIFY_REV_CHAIN_FLAG doesn't change things either */
687  SetLastError(0xdeadbeef);
688  ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
689  2, (void **)certs, CERT_VERIFY_REV_CHAIN_FLAG, &revPara, &status);
691  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
693  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
694  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
695  /* Again, specifying the issuer cert: no change */
696  revPara.pIssuerCert = certs[0];
697  SetLastError(0xdeadbeef);
699  1, (void **)&certs[1], 0, &revPara, &status);
700  /* Win2k thinks the cert is revoked, and it is, except the CRL contains a
701  * bad authority key ID extension and can't be matched with the issuer
702  * cert, hence the revocation status should be unknown.
703  */
705  {
706  win_skip("CERT_CONTEXT_REVOCATION_TYPE unsupported, skipping\n");
707  return;
708  }
710  broken(GetLastError() == CRYPT_E_REVOKED /* Win2k */)),
711  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
713  broken(status.dwError == CRYPT_E_REVOKED /* Win2k */),
714  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
715  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
716  /* Specifying the time to check: still no change */
718  revPara.pftTimeToUse = &time;
719  ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
720  1, (void **)&certs[1], 0, &revPara, &status);
721  ok(!ret, "Expected failure\n");
723  broken(GetLastError() == CRYPT_E_REVOKED), /* W2K SP3/SP4 */
724  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
726  broken(GetLastError() == CRYPT_E_REVOKED), /* W2K SP3/SP4 */
727  "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
728  ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
729  CertCloseStore(revPara.hCrlStore, 0);
730  /* Test again with a valid CRL. This time, the cert should be revoked when
731  * the time is after the validity period of the CRL, or considered
732  * "revocation offline" when the checked time precedes the validity
733  * period of the CRL.
734  */
739  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
740  revPara.pftTimeToUse = NULL;
741  SetLastError(0xdeadbeef);
743  1, (void **)&certs[1], 0, &revPara, &status);
744  ok(!ret && (GetLastError() == CRYPT_E_REVOKED ||
746  "expected CRYPT_E_REVOKED, got %08x\n", GetLastError());
747  revPara.pftTimeToUse = &time;
748  SetLastError(0xdeadbeef);
750  1, (void **)&certs[1], 0, &revPara, &status);
751  ok(!ret && (GetLastError() == CRYPT_E_REVOKED ||
753  "expected CRYPT_E_REVOKED, got %08x\n", GetLastError());
755  SetLastError(0xdeadbeef);
757  1, (void **)&certs[1], 0, &revPara, &status);
760  "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
761  CertFreeCertificateContext(certs[1]);
762  /* Test again with a valid CRL and an un-revoked cert. No matter the
763  * time checked, it's reported as revocation offline.
764  */
766  unRevokedCert, sizeof(unRevokedCert));
767  ok(certs[1] != NULL, "CertCreateCertificateContext failed: %08x\n",
768  GetLastError());
769  revPara.pftTimeToUse = NULL;
770  SetLastError(0xdeadbeef);
772  1, (void **)&certs[1], 0, &revPara, &status);
775  "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
776  revPara.pftTimeToUse = &time;
777  SetLastError(0xdeadbeef);
779  1, (void **)&certs[1], 0, &revPara, &status);
782  "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
784  SetLastError(0xdeadbeef);
786  1, (void **)&certs[1], 0, &revPara, &status);
789  "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
790  CertCloseStore(revPara.hCrlStore, 0);
791  CertFreeCertificateContext(certs[1]);
792  CertFreeCertificateContext(certs[0]);
793 }
794 
795 START_TEST(cryptnet)
796 {
800 }
#define CRYPT_E_ASN1_BADTAG
Definition: winerror.h:3095
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
static void PCERT_REVOCATION_STATUS
Definition: cryptnet.c:587
BOOL WINAPI WriteFile(IN HANDLE hFile, IN LPCVOID lpBuffer, IN DWORD nNumberOfBytesToWrite OPTIONAL, OUT LPDWORD lpNumberOfBytesWritten, IN LPOVERLAPPED lpOverlapped OPTIONAL)
Definition: rw.c:24
BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
#define CRYPT_E_REVOCATION_OFFLINE
Definition: winerror.h:3022
static DWORD
Definition: cryptnet.c:587
#define CloseHandle
Definition: compat.h:398
static const BYTE crl[]
Definition: message.c:864
#define CRYPT_CACHE_ONLY_RETRIEVAL
Definition: wincrypt.h:1634
static void test_verifyRevocation(void)
Definition: cryptnet.c:595
#define CRYPT_E_NOT_FOUND
Definition: winerror.h:3007
const CRL_CONTEXT * PCCRL_CONTEXT
Definition: wincrypt.h:625
START_TEST(cryptnet)
Definition: cryptnet.c:795
static const BYTE certWithCRLDistPoint[]
Definition: cryptnet.c:51
BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, DWORD cContext, PVOID rgpvContext[], DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
Definition: cert.c:1934
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
#define snprintf
Definition: wintirpc.h:48
static void compareUrlArray(const CRYPT_URL_ARRAY *expected, const CRYPT_URL_ARRAY *got)
Definition: cryptnet.c:87
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
static const BYTE certWithIssuingDistPoint[]
Definition: cryptnet.c:39
static const BYTE rootSignedCRL[]
Definition: cryptnet.c:569
__u16 time
Definition: mkdosfs.c:366
char * LPSTR
Definition: xmlstorage.h:182
BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded, DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
Definition: crl.c:129
static const BYTE certWithAIAWithCAIssuers[]
Definition: cryptnet.c:63
int WINAPI lstrcmpiW(LPCWSTR lpString1, LPCWSTR lpString2)
Definition: lstring.c:194
LPFILETIME pftTimeToUse
Definition: wincrypt.h:808
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
#define URL_OID_CERTIFICATE_ISSUER
Definition: wincrypt.h:1524
DWORD dwHighDateTime
Definition: mapidefs.h:66
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
static const BYTE revokedCert[]
Definition: cryptnet.c:487
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2464
#define CERT_VERIFY_REV_CHAIN_FLAG
Definition: wincrypt.h:819
static const BYTE bigCert[]
Definition: cryptnet.c:29
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GENERIC_WRITE
Definition: nt_native.h:90
#define CERT_CONTEXT_REVOCATION_TYPE
Definition: wincrypt.h:818
#define E_INVALIDARG
Definition: ddrawi.h:101
#define CERT_STORE_PROV_MEMORY
Definition: wincrypt.h:2251
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
BOOL WINAPI DeleteFileA(IN LPCSTR lpFileName)
Definition: delete.c:24
static BYTE cert[]
Definition: msg.c:1437
static const BYTE unRevokedCert[]
Definition: cryptnet.c:518
#define ERROR_FILE_NOT_FOUND
Definition: disk.h:79
_Check_return_ _CRTIMP FILE *__cdecl tmpfile(void)
Definition: file.c:3912
static void make_tmp_file(LPSTR path)
Definition: cryptnet.c:298
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR * rgwszUrl
Definition: wincrypt.h:1514
static WCHAR url[]
Definition: cryptnet.c:102
const CERT_CONTEXT * PCCERT_CONTEXT
Definition: wincrypt.h:485
static void test_retrieveObjectByUrl(void)
Definition: cryptnet.c:316
static BOOL(WINAPI *pCertVerifyRevocation)(DWORD
#define MAX_PATH
Definition: compat.h:26
#define WINAPI
Definition: msvc.h:8
#define CRYPT_E_NO_REVOCATION_CHECK
Definition: winerror.h:3021
static SYSTEMTIME oct2007
Definition: cryptnet.c:591
unsigned long DWORD
Definition: ntddk_ex.h:95
#define URL_OID_CERTIFICATE_CRL_DIST_POINT
Definition: wincrypt.h:1525
#define SetLastError(x)
Definition: compat.h:409
LPSTR WINAPI lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:100
#define CRYPT_GET_URL_FROM_EXTENSION
Definition: wincrypt.h:3479
BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
int ret
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:126
PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded)
Definition: cert.c:316
#define OSS_DATA_ERROR
Definition: winerror.h:3042
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:821
unsigned char BYTE
Definition: mem.h:68
#define broken(x)
Definition: _sntprintf.h:21
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrev)
Definition: store.c:928
PCCERT_CONTEXT pIssuerCert
Definition: wincrypt.h:804
static void test_getObjectUrl(void)
Definition: cryptnet.c:105
#define CONTEXT_OID_CERTIFICATE
Definition: wincrypt.h:1627
static void PCERT_REVOCATION_PARA
Definition: cryptnet.c:587
#define CREATE_ALWAYS
Definition: disk.h:72
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:148
#define CRYPT_E_NO_MATCH
Definition: winerror.h:3012
#define CRYPT_GET_URL_FROM_PROPERTY
Definition: wincrypt.h:3478
static calc_node_t temp
Definition: rpn_ieee.c:38
static const BYTE rootWithKeySignAndCRLSign[]
Definition: cryptnet.c:453
#define ok(value,...)
Definition: atltest.h:57
DWORD WINAPI GetCurrentDirectoryA(IN DWORD nBufferLength, OUT LPSTR lpBuffer)
Definition: path.c:2145
Definition: services.c:325
HCERTSTORE hCrlStore
Definition: wincrypt.h:807
#define CRYPT_E_REVOKED
Definition: winerror.h:3019
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141
#define skip(...)
Definition: atltest.h:64
static const WCHAR aux[]
#define CONTEXT_OID_CAPI2_ANY
Definition: wincrypt.h:1631
static const BYTE rootSignedCRLWithBadAKI[]
Definition: cryptnet.c:548
#define GetProcAddress(x, y)
Definition: compat.h:410
void * HCERTSTORE
Definition: wincrypt.h:51
#define ERROR_PATH_NOT_FOUND
Definition: winerror.h:106
#define CreateFileA(a, b, c, d, e, f, g)
Definition: compat.h:399
WCHAR * LPWSTR
Definition: xmlstorage.h:184
static SERVICE_STATUS status
Definition: service.c:31
#define CONTEXT_OID_CRL
Definition: wincrypt.h:1628
#define win_skip
Definition: test.h:141
UINT WINAPI GetTempFileNameA(IN LPCSTR lpPathName, IN LPCSTR lpPrefixString, IN UINT uUnique, OUT LPSTR lpTempFileName)
Definition: filename.c:26
#define HeapFree(x, y, z)
Definition: compat.h:394
#define CERT_STORE_ADD_ALWAYS
Definition: wincrypt.h:2485
DWORD dwLowDateTime
Definition: mapidefs.h:65
BOOL expected
Definition: store.c:2063
static SYSTEMTIME may2007
Definition: cryptnet.c:593
BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT pCrlContext)
Definition: crl.c:386
Definition: ps.c:97