ReactOS 0.4.16-dev-1948-gd260c1d
cert.c
Go to the documentation of this file.
1/*
2 * crypt32 cert functions tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21#include <stdio.h>
22#include <stdarg.h>
23
24#include <ntstatus.h>
25#define WIN32_NO_STATUS
26#include <windef.h>
27#include <winbase.h>
28#include <winreg.h>
29#include <winerror.h>
30#include <wincrypt.h>
31#include <bcrypt.h>
32
33#include "wine/test.h"
34
35static BYTE subjectName[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
36 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
37 0x6e, 0x67, 0x00 };
38static BYTE serialNum[] = { 1 };
39static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
40 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
41 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
42 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
43 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
44 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
45 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
46 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
47 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
48 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
49static BYTE bigCertHash[] = { 0x6e, 0x30, 0x90, 0x71, 0x5f, 0xd9, 0x23,
50 0x56, 0xeb, 0xae, 0x25, 0x40, 0xe6, 0x22, 0xda, 0x19, 0x26, 0x02, 0xa6, 0x08 };
51
52static const BYTE bigCertWithDifferentSubject[] = { 0x30, 0x7a, 0x02, 0x01, 0x02,
53 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
54 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67,
55 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31,
56 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
57 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15,
58 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c,
59 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06,
60 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
61 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
62 0x01, 0x01 };
63static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
64 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
65 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
66 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
67 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
68 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
69 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
70 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
71 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
72 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
73 0x02, 0x01, 0x01 };
74
75static BYTE subjectName2[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
76 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61,
77 0x6e, 0x67, 0x00 };
78static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
79 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
80 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
81 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
82 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
83 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
84 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
85 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
86 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
87 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
88static const BYTE bigCert2WithDifferentSerial[] = { 0x30, 0x7a, 0x02, 0x01,
89 0x02, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
90 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
91 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
92 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
93 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
94 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41,
95 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
96 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
97 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
98 0x02, 0x01, 0x01 };
99static BYTE bigCert2Hash[] = { 0x4a, 0x7f, 0x32, 0x1f, 0xcf, 0x3b, 0xc0,
100 0x87, 0x48, 0x2b, 0xa1, 0x86, 0x54, 0x18, 0xe4, 0x3a, 0x0e, 0x53, 0x7e, 0x2b };
101
102static const BYTE certWithUsage[] = { 0x30, 0x81, 0x93, 0x02, 0x01, 0x01, 0x30,
103 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
104 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00,
105 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
106 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
107 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31,
108 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61,
109 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00,
110 0x03, 0x01, 0x00, 0xa3, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x1d,
111 0x25, 0x01, 0x01, 0xff, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01,
112 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
113 0x03, 0x02, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
114
115static void testAddCert(void)
116{
117 HCERTSTORE store;
118 HCERTSTORE collection;
119 PCCERT_CONTEXT context;
120 PCCERT_CONTEXT copyContext;
121 BOOL ret;
122
123 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
124 CERT_STORE_CREATE_NEW_FLAG, NULL);
125 ok(store != NULL, "CertOpenStore failed: %ld\n", GetLastError());
126 if (!store)
127 return;
128
129 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
130 sizeof(bigCert), 0, NULL);
131 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
132 GetLastError() == E_INVALIDARG),
133 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08lx\n",
134 GetLastError());
135 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
136 bigCert, sizeof(bigCert), 0, NULL);
137 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
138 GetLastError() == E_INVALIDARG),
139 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08lx\n",
140 GetLastError());
141
142 /* Weird--can add a cert to the NULL store (does this have special
143 * meaning?)
144 */
145 context = NULL;
146 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
147 sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
148 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
149 CertFreeCertificateContext(context);
150
151 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
152 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
153 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
154 GetLastError());
155 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
156 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
157 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
158 GetLastError());
159 /* This has the same name as bigCert, so finding isn't done by name */
160 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
161 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, &context);
162 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
163 GetLastError());
164 ok(context != NULL, "Expected a context\n");
165 if (context)
166 {
167 CRYPT_DATA_BLOB hash = { sizeof(bigCert2Hash), bigCert2Hash };
168
169 /* Duplicate (AddRef) the context so we can still use it after
170 * deleting it from the store.
171 */
172 CertDuplicateCertificateContext(context);
173 CertDeleteCertificateFromStore(context);
174 /* Set the same hash as bigCert2, and try to readd it */
175 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID,
176 0, &hash);
177 ok(ret, "CertSetCertificateContextProperty failed: %08lx\n",
178 GetLastError());
179 ret = CertAddCertificateContextToStore(store, context,
180 CERT_STORE_ADD_NEW, NULL);
181 /* The failure is a bit odd (CRYPT_E_ASN1_BADTAG), so just check
182 * that it fails.
183 */
184 ok(!ret, "Expected failure\n");
185 CertFreeCertificateContext(context);
186 }
187 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
188 sizeof(bigCert2));
189 ok(context != NULL, "Expected a context\n");
190 if (context)
191 {
192 /* Try to readd bigCert2 to the store */
193 ret = CertAddCertificateContextToStore(store, context,
194 CERT_STORE_ADD_NEW, NULL);
195 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
196 "Expected CRYPT_E_EXISTS, got %08lx\n", GetLastError());
197 CertFreeCertificateContext(context);
198 }
199
200 /* Adding a cert with the same issuer name and serial number (but
201 * different subject) as an existing cert succeeds.
202 */
203 context = NULL;
204 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
205 bigCert2WithDifferentSerial, sizeof(bigCert2WithDifferentSerial),
206 CERT_STORE_ADD_NEW, &context);
207 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
208 GetLastError());
209 if (context)
210 CertDeleteCertificateFromStore(context);
211
212 /* Adding a cert with the same subject name and serial number (but
213 * different issuer) as an existing cert succeeds.
214 */
215 context = NULL;
216 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
217 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject),
218 CERT_STORE_ADD_NEW, &context);
219 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
220 GetLastError());
221 if (context)
222 CertDeleteCertificateFromStore(context);
223
224 /* Adding a cert with the same issuer name and serial number (but
225 * different otherwise) as an existing cert succeeds.
226 */
227 context = NULL;
228 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
229 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer),
230 CERT_STORE_ADD_NEW, &context);
231 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
232 GetLastError());
233 if (context)
234 CertDeleteCertificateFromStore(context);
235
236 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
237 CERT_STORE_CREATE_NEW_FLAG, NULL);
238 ok(collection != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
239 if (collection)
240 {
241 /* Add store to the collection, but disable updates */
242 CertAddStoreToCollection(collection, store, 0, 0);
243
244 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
245 sizeof(bigCert2));
246 ok(context != NULL, "Expected a context\n");
247 if (context)
248 {
249 /* Try to readd bigCert2 to the collection */
250 ret = CertAddCertificateContextToStore(collection, context,
251 CERT_STORE_ADD_NEW, NULL);
252 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
253 "Expected CRYPT_E_EXISTS, got %08lx\n", GetLastError());
254 /* Replacing an existing certificate context is allowed, even
255 * though updates to the collection aren't..
256 */
257 ret = CertAddCertificateContextToStore(collection, context,
258 CERT_STORE_ADD_REPLACE_EXISTING, NULL);
259 ok(ret, "CertAddCertificateContextToStore failed: %08lx\n",
260 GetLastError());
261 /* use the existing certificate and ask for a copy of the context*/
262 copyContext = NULL;
263 ret = CertAddCertificateContextToStore(collection, context,
264 CERT_STORE_ADD_USE_EXISTING, &copyContext);
265 ok(ret, "CertAddCertificateContextToStore failed: %08lx\n",
266 GetLastError());
267 ok(copyContext != NULL, "Expected on output a non NULL copyContext\n");
268 if (copyContext)
269 CertFreeCertificateContext(copyContext);
270 /* but adding a new certificate isn't allowed. */
271 ret = CertAddCertificateContextToStore(collection, context,
272 CERT_STORE_ADD_ALWAYS, NULL);
273 ok(!ret && GetLastError() == E_ACCESSDENIED,
274 "Expected E_ACCESSDENIED, got %08lx\n", GetLastError());
275 CertFreeCertificateContext(context);
276 }
277
278 CertCloseStore(collection, 0);
279 }
280
281 CertCloseStore(store, 0);
282}
283
284static void checkHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
285 PCCERT_CONTEXT context, DWORD propID)
286{
287 BYTE hash[20] = { 0 }, hashProperty[20];
288 BOOL ret;
289 DWORD size;
290 DWORD dwSizeWithNull;
291
292 memset(hash, 0, sizeof(hash));
293 memset(hashProperty, 0, sizeof(hashProperty));
294 size = sizeof(hash);
295 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
296 ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
297 ret = CertGetCertificateContextProperty(context, propID, NULL,
298 &dwSizeWithNull);
299 ok(ret, "algID %08x, propID %ld: CertGetCertificateContextProperty failed: %08lx\n",
300 algID, propID, GetLastError());
301 ret = CertGetCertificateContextProperty(context, propID, hashProperty,
302 &size);
303 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
304 GetLastError());
305 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %ld\n",
306 propID);
307 ok(size == dwSizeWithNull, "Unexpected length of hash for property: received %ld instead of %ld\n",
308 dwSizeWithNull,size);
309}
310
311static const CHAR cspNameA[] = "WineCryptTemp";
312static const BYTE v1CertWithPubKey[] = {
3130x30,0x81,0x95,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
3140x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
3150x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
3160x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
3170x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
3180x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
3190x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
3200x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
3210x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
3220x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
3230x01,0x01 };
324static const BYTE v1CertWithSubjectKeyId[] = {
3250x30,0x7b,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
3260x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
3270x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
3280x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
3290x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
3300x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
3310x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x17,0x30,0x15,0x30,
3320x13,0x06,0x03,0x55,0x1d,0x0e,0x04,0x0c,0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,
3330x4c,0x61,0x6e,0x67,0x00 };
334static const BYTE subjectKeyId[] = {
3350x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
336static const BYTE selfSignedCert[] = {
337 0x30, 0x82, 0x01, 0x1f, 0x30, 0x81, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
338 0x10, 0xeb, 0x0d, 0x57, 0x2a, 0x9c, 0x09, 0xba, 0xa4, 0x4a, 0xb7, 0x25, 0x49,
339 0xd9, 0x3e, 0xb5, 0x73, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d,
340 0x05, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
341 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30,
342 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x32, 0x39, 0x30, 0x35, 0x30, 0x30,
343 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x32, 0x39, 0x31, 0x31,
344 0x30, 0x30, 0x34, 0x36, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
345 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e,
346 0x67, 0x00, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
347 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
348 0x00, 0xe2, 0x54, 0x3a, 0xa7, 0x83, 0xb1, 0x27, 0x14, 0x3e, 0x59, 0xbb, 0xb4,
349 0x53, 0xe6, 0x1f, 0xe7, 0x5d, 0xf1, 0x21, 0x68, 0xad, 0x85, 0x53, 0xdb, 0x6b,
350 0x1e, 0xeb, 0x65, 0x97, 0x03, 0x86, 0x60, 0xde, 0xf3, 0x6c, 0x38, 0x75, 0xe0,
351 0x4c, 0x61, 0xbb, 0xbc, 0x62, 0x17, 0xa9, 0xcd, 0x79, 0x3f, 0x21, 0x4e, 0x96,
352 0xcb, 0x0e, 0xdc, 0x61, 0x94, 0x30, 0x18, 0x10, 0x6b, 0xd0, 0x1c, 0x10, 0x79,
353 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
354 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x25, 0x90, 0x53, 0x34, 0xd9, 0x56, 0x41,
355 0x5e, 0xdb, 0x7e, 0x01, 0x36, 0xec, 0x27, 0x61, 0x5e, 0xb7, 0x4d, 0x90, 0x66,
356 0xa2, 0xe1, 0x9d, 0x58, 0x76, 0xd4, 0x9c, 0xba, 0x2c, 0x84, 0xc6, 0x83, 0x7a,
357 0x22, 0x0d, 0x03, 0x69, 0x32, 0x1a, 0x6d, 0xcb, 0x0c, 0x15, 0xb3, 0x6b, 0xc7,
358 0x0a, 0x8c, 0xb4, 0x5c, 0x34, 0x78, 0xe0, 0x3c, 0x9c, 0xe9, 0xf3, 0x30, 0x9f,
359 0xa8, 0x76, 0x57, 0x92, 0x36 };
360static const BYTE selfSignedSignatureHash[] = { 0x07,0x5a,0x3e,0xfd,0x0d,0xf6,
361 0x88,0xeb,0x00,0x64,0xbd,0xc9,0xd6,0xea,0x0a,0x7c,0xcc,0x24,0xdb,0x5d };
362
363static void testCertProperties(void)
364{
365 PCCERT_CONTEXT context = CertCreateCertificateContext(X509_ASN_ENCODING,
366 bigCert, sizeof(bigCert));
367 DWORD propID, numProps, access, size;
368 BOOL ret;
369 BYTE hash[20] = { 0 }, hashProperty[20];
370 CRYPT_DATA_BLOB blob;
371 CERT_KEY_CONTEXT keyContext;
372 unsigned int value;
373
374 ok(context != NULL, "CertCreateCertificateContext failed: %08lx\n", GetLastError());
375
376 /* This crashes
377 propID = CertEnumCertificateContextProperties(NULL, 0);
378 */
379
380 propID = 0;
381 numProps = 0;
382 do {
383 propID = CertEnumCertificateContextProperties(context, propID);
384 if (propID)
385 numProps++;
386 } while (propID != 0);
387 ok(numProps == 0, "Expected 0 properties, got %ld\n", numProps);
388
389 /* Tests with a NULL cert context. Prop ID 0 fails.. */
390 ret = CertSetCertificateContextProperty(NULL, 0, 0, NULL);
391 ok(!ret && GetLastError() == E_INVALIDARG,
392 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
393 /* while this just crashes.
394 ret = CertSetCertificateContextProperty(NULL,
395 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
396 */
397
398 ret = CertSetCertificateContextProperty(context, 0, 0, NULL);
399 ok(!ret && GetLastError() == E_INVALIDARG,
400 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
401 /* Can't set the cert property directly, this crashes.
402 ret = CertSetCertificateContextProperty(context,
403 CERT_CERT_PROP_ID, 0, bigCert2);
404 */
405
406 /* These all crash.
407 ret = CertGetCertificateContextProperty(context,
408 CERT_ACCESS_STATE_PROP_ID, 0, NULL);
409 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
410 NULL, NULL);
411 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
412 hashProperty, NULL);
413 */
414 /* A missing prop */
415 size = 0;
416 ret = CertGetCertificateContextProperty(context,
417 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
418 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
419 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
420 /* And, an implicit property */
421 size = sizeof(access);
422 ret = CertGetCertificateContextProperty(context,
423 CERT_ACCESS_STATE_PROP_ID, &access, &size);
424 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
425 GetLastError());
426 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
427 "Didn't expect a persisted cert\n");
428 /* Trying to set this "read only" property crashes.
429 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
430 ret = CertSetCertificateContextProperty(context,
431 CERT_ACCESS_STATE_PROP_ID, 0, &access);
432 */
433
434 /* Can I set the hash to an invalid hash? */
435 blob.pbData = hash;
436 blob.cbData = sizeof(hash);
437 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
438 &blob);
439 ok(ret, "CertSetCertificateContextProperty failed: %08lx\n",
440 GetLastError());
441 size = sizeof(hashProperty);
442 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
443 hashProperty, &size);
444 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
445 GetLastError());
446 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
447 /* Delete the (bogus) hash, and get the real one */
448 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
449 NULL);
450 ok(ret, "CertSetCertificateContextProperty failed: %08lx\n",
451 GetLastError());
452 checkHash(bigCert, sizeof(bigCert), CALG_SHA1, context,
453 CERT_HASH_PROP_ID);
454
455 /* Now that the hash property is set, we should get one property when
456 * enumerating.
457 */
458 propID = 0;
459 numProps = 0;
460 do {
461 propID = CertEnumCertificateContextProperties(context, propID);
462 if (propID)
463 numProps++;
464 } while (propID != 0);
465 ok(numProps == 1, "Expected 1 properties, got %ld\n", numProps);
466
467 /* Check a few other implicit properties */
468 checkHash(bigCert, sizeof(bigCert), CALG_MD5, context,
469 CERT_MD5_HASH_PROP_ID);
470
471 /* Getting the signature hash fails with this bogus certificate */
472 size = 0;
473 ret = CertGetCertificateContextProperty(context,
474 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
475 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
476 "Expected CRYPT_E_ASN1_BADTAG, got %08lx\n", GetLastError());
477
478 /* Test key contexts and handles and such */
479 size = 0;
480 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
481 NULL, &size);
482 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
483 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
484 size = sizeof(CERT_KEY_CONTEXT);
485 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
486 NULL, &size);
487 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
488 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
489 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
490 &keyContext, &size);
491 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
492 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
493 /* Key context with an invalid size */
494 keyContext.cbSize = 0;
495 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
496 0, &keyContext);
497 ok(!ret && GetLastError() == E_INVALIDARG,
498 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
499 size = sizeof(keyContext);
500 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
501 &keyContext, &size);
502 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
503 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
504 keyContext.cbSize = sizeof(keyContext);
505 keyContext.hCryptProv = 0;
506 keyContext.dwKeySpec = AT_SIGNATURE;
507 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
508 0, &keyContext);
509 ok(ret, "CertSetCertificateContextProperty failed: %08lx\n", GetLastError());
510 /* Now that that's set, the key prov handle property is also gettable.
511 */
512 size = sizeof(keyContext.hCryptProv);
513 ret = CertGetCertificateContextProperty(context,
514 CERT_KEY_PROV_HANDLE_PROP_ID, &keyContext.hCryptProv, &size);
515 ok(ret, "Expected to get the CERT_KEY_PROV_HANDLE_PROP_ID, got %08lx\n",
516 GetLastError());
517 /* Remove the key prov handle property.. */
518 ret = CertSetCertificateContextProperty(context,
519 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
520 ok(ret, "CertSetCertificateContextProperty failed: %08lx\n",
521 GetLastError());
522 /* and the key context's CSP is set to NULL. */
523 size = sizeof(keyContext);
524 ret = CertGetCertificateContextProperty(context,
525 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
526 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
527 GetLastError());
528 ok(keyContext.hCryptProv == 0, "Expected no hCryptProv\n");
529
530 /* According to MSDN the subject key id can be stored as a property,
531 * as a subject key extension, or as the SHA1 hash of the public key,
532 * but this cert has none of them:
533 */
534 ret = CertGetCertificateContextProperty(context,
535 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
536 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
537 "Expected ERROR_INVALID_DATA, got %08lx\n", GetLastError());
538 CertFreeCertificateContext(context);
539 /* This cert does have a public key, but its subject key identifier still
540 * isn't available: */
541 context = CertCreateCertificateContext(X509_ASN_ENCODING,
542 v1CertWithPubKey, sizeof(v1CertWithPubKey));
543 ret = CertGetCertificateContextProperty(context,
544 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
545 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
546 "Expected ERROR_INVALID_DATA, got %08lx\n", GetLastError());
547 CertFreeCertificateContext(context);
548 /* This cert with a subject key extension can have its key identifier
549 * property retrieved:
550 */
551 context = CertCreateCertificateContext(X509_ASN_ENCODING,
552 v1CertWithSubjectKeyId, sizeof(v1CertWithSubjectKeyId));
553 ret = CertGetCertificateContextProperty(context,
554 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
555 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n", GetLastError());
556 if (ret)
557 {
558 LPBYTE buf = malloc(size);
559
560 if (buf)
561 {
562 ret = CertGetCertificateContextProperty(context,
563 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
564 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
565 GetLastError());
566 ok(!memcmp(buf, subjectKeyId, size), "Unexpected subject key id\n");
567 free(buf);
568 }
569 }
570
571 ret = CertGetCertificateContextProperty(context, CERT_LAST_USER_PROP_ID, NULL, &size);
572 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND, "got ret %d, error %#lx.\n", ret, GetLastError());
573
574 blob.cbData = sizeof(value);
575 blob.pbData = (BYTE *)&value;
576 value = 1;
577 ret = CertSetCertificateContextProperty(context, CERT_LAST_USER_PROP_ID, 0, &blob);
578 ok(ret, "got error %#lx.\n", GetLastError());
579 value = 0xdeadbeef;
580 size = 0xdeadbeef;
581 ret = CertGetCertificateContextProperty(context, CERT_LAST_USER_PROP_ID, NULL, &size);
582 ok(ret, "got error %#lx.\n", GetLastError());
583 ok(size == sizeof(value), "got size %lu.\n", size);
584 ret = CertGetCertificateContextProperty(context, CERT_LAST_USER_PROP_ID, &value, &size);
585 ok(ret, "got error %#lx.\n", GetLastError());
586 ok(size == sizeof(value), "got size %lu.\n", size);
587 ok(value == 1, "got value %u.\n", value);
588
589 CertFreeCertificateContext(context);
590
591 context = CertCreateCertificateContext(X509_ASN_ENCODING,
592 selfSignedCert, sizeof(selfSignedCert));
593 /* Getting the signature hash of a valid (self-signed) cert succeeds */
594 size = 0;
595 ret = CertGetCertificateContextProperty(context,
596 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
597 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n", GetLastError());
598 ok(size == sizeof(selfSignedSignatureHash), "unexpected size %ld\n", size);
599 ret = CertGetCertificateContextProperty(context,
600 CERT_SIGNATURE_HASH_PROP_ID, hashProperty, &size);
601 if (ret)
602 ok(!memcmp(hashProperty, selfSignedSignatureHash, size),
603 "unexpected value\n");
604 CertFreeCertificateContext(context);
605}
606
607static void testCreateCert(void)
608{
609 PCCERT_CONTEXT cert, enumCert;
610 DWORD count, size;
611 BOOL ret;
612
613 SetLastError(0xdeadbeef);
614 cert = CertCreateCertificateContext(0, NULL, 0);
615 ok(!cert && GetLastError() == E_INVALIDARG,
616 "expected E_INVALIDARG, got %08lx\n", GetLastError());
617 SetLastError(0xdeadbeef);
618 cert = CertCreateCertificateContext(0, selfSignedCert,
619 sizeof(selfSignedCert));
620 ok(!cert && GetLastError() == E_INVALIDARG,
621 "expected E_INVALIDARG, got %08lx\n", GetLastError());
622 SetLastError(0xdeadbeef);
623 cert = CertCreateCertificateContext(X509_ASN_ENCODING, NULL, 0);
624 ok(!cert && GetLastError() == CRYPT_E_ASN1_EOD,
625 "expected CRYPT_E_ASN1_EOD, got %08lx\n", GetLastError());
626
627 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
628 selfSignedCert, sizeof(selfSignedCert));
629 ok(cert != NULL, "creating cert failed: %08lx\n", GetLastError());
630 /* Even in-memory certs are expected to have a store associated with them */
631 ok(cert->hCertStore != NULL, "expected created cert to have a store\n");
632 /* The cert doesn't have the archived property set (which would imply it
633 * doesn't show up in enumerations.)
634 */
635 size = 0;
636 ret = CertGetCertificateContextProperty(cert, CERT_ARCHIVED_PROP_ID,
637 NULL, &size);
638 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
639 "expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
640 /* Strangely, enumerating the certs in the store finds none. */
641 enumCert = NULL;
642 count = 0;
643 while ((enumCert = CertEnumCertificatesInStore(cert->hCertStore, enumCert)))
644 count++;
645 ok(!count, "expected 0, got %ld\n", count);
646 CertFreeCertificateContext(cert);
647}
648
649static void testDupCert(void)
650{
651 PCCERT_CONTEXT context, dupContext, storeContext, storeContext2, context2;
652 HCERTSTORE store, store2;
653 BOOL ret;
654
655 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
656 CERT_STORE_CREATE_NEW_FLAG, NULL);
657 ok(store != NULL, "CertOpenStore failed: %ld\n", GetLastError());
658 if (!store)
659 return;
660
661 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
662 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
663 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
664 ok(context != NULL, "Expected a valid cert context\n");
665 if (context)
666 {
667 ok(context->cbCertEncoded == sizeof(bigCert),
668 "Wrong cert size %ld\n", context->cbCertEncoded);
669 ok(!memcmp(context->pbCertEncoded, bigCert, sizeof(bigCert)),
670 "Unexpected encoded cert in context\n");
671 ok(context->hCertStore == store, "Unexpected store\n");
672
673 dupContext = CertDuplicateCertificateContext(context);
674 ok(dupContext != NULL, "Expected valid duplicate\n");
675 /* Not only is it a duplicate, it's identical: the address is the
676 * same.
677 */
678 ok(dupContext == context, "Expected identical context addresses\n");
679 CertFreeCertificateContext(dupContext);
680 CertFreeCertificateContext(context);
681 }
682 CertCloseStore(store, 0);
683
684 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
685 ok(context != NULL, "CertCreateCertificateContext failed\n");
686
687 dupContext = CertDuplicateCertificateContext(context);
688 ok(dupContext == context, "context != dupContext\n");
689
690 ret = CertFreeCertificateContext(dupContext);
691 ok(ret, "CertFreeCertificateContext failed\n");
692
693 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
694 ok(store != NULL, "CertOpenStore failed: %ld\n", GetLastError());
695
696 ret = CertAddCertificateContextToStore(store, context, CERT_STORE_ADD_NEW, &storeContext);
697 ok(ret, "CertAddCertificateContextToStore failed\n");
698 ok(storeContext != NULL && storeContext != context, "unexpected storeContext\n");
699 ok(storeContext->hCertStore == store, "unexpected hCertStore\n");
700
701 ok(storeContext->pbCertEncoded != context->pbCertEncoded, "unexpected pbCertEncoded\n");
702 ok(storeContext->cbCertEncoded == context->cbCertEncoded, "unexpected cbCertEncoded\n");
703 ok(storeContext->pCertInfo != context->pCertInfo, "unexpected pCertInfo\n");
704
705 store2 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
706 ok(store2 != NULL, "CertOpenStore failed: %ld\n", GetLastError());
707
708 ret = CertAddCertificateContextToStore(store2, storeContext, CERT_STORE_ADD_NEW, &storeContext2);
709 ok(ret, "CertAddCertificateContextToStore failed\n");
710 ok(storeContext2 != NULL && storeContext2 != storeContext, "unexpected storeContext\n");
711 ok(storeContext2->hCertStore == store2, "unexpected hCertStore\n");
712
713 ok(storeContext2->pbCertEncoded != storeContext->pbCertEncoded, "unexpected pbCertEncoded\n");
714 ok(storeContext2->cbCertEncoded == storeContext->cbCertEncoded, "unexpected cbCertEncoded\n");
715 ok(storeContext2->pCertInfo != storeContext->pCertInfo, "unexpected pCertInfo\n");
716
717 CertFreeCertificateContext(storeContext2);
718 CertFreeCertificateContext(storeContext);
719
720 context2 = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage, sizeof(certWithUsage));
721 ok(context2 != NULL, "CertCreateCertificateContext failed\n");
722
723 ok(context2->hCertStore == context->hCertStore, "Unexpected hCertStore\n");
724
725 CertFreeCertificateContext(context2);
726 ret = CertFreeCertificateContext(context);
727 ok(ret, "CertFreeCertificateContext failed\n");
728
729 CertCloseStore(store, 0);
730 CertCloseStore(store2, 0);
731
732 SetLastError(0xdeadbeef);
733 context = CertDuplicateCertificateContext(NULL);
734 ok(context == NULL, "Expected context to be NULL\n");
735
736 ret = CertFreeCertificateContext(NULL);
737 ok(ret, "CertFreeCertificateContext failed\n");
738}
739
740static void testLinkCert(void)
741{
742 const CERT_CONTEXT *context, *link;
743 HCERTSTORE store;
744 BOOL ret;
745
746 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
747 ok(context != NULL, "CertCreateCertificateContext failed\n");
748
749 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
750 ok(store != NULL, "CertOpenStore failed: %ld\n", GetLastError());
751
752 ret = CertAddCertificateLinkToStore(store, context, CERT_STORE_ADD_NEW, &link);
753 ok(ret, "CertAddCertificateContextToStore failed\n");
754 ok(link != NULL && link != context, "unexpected storeContext\n");
755 ok(link->hCertStore == store, "unexpected hCertStore\n");
756
757 ok(link->pbCertEncoded == context->pbCertEncoded, "unexpected pbCertEncoded\n");
758 ok(link->cbCertEncoded == context->cbCertEncoded, "unexpected cbCertEncoded\n");
759 ok(link->pCertInfo == context->pCertInfo, "unexpected pCertInfo\n");
760
761 CertFreeCertificateContext(link);
762 CertFreeCertificateContext(context);
763 CertCloseStore(store, 0);
764}
765
766static BYTE subjectName3[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
767 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x52, 0x6f, 0x62, 0x20, 0x20, 0x4c, 0x61,
768 0x6e, 0x67, 0x00 };
769static const BYTE iTunesCert0[] = {
7700x30,0x82,0x03,0xc4,0x30,0x82,0x03,0x2d,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
7710x47,0xbf,0x19,0x95,0xdf,0x8d,0x52,0x46,0x43,0xf7,0xdb,0x6d,0x48,0x0d,0x31,
7720xa4,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
7730x00,0x30,0x81,0x8b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
7740x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,
7750x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x14,0x30,0x12,0x06,
7760x03,0x55,0x04,0x07,0x13,0x0b,0x44,0x75,0x72,0x62,0x61,0x6e,0x76,0x69,0x6c,
7770x6c,0x65,0x31,0x0f,0x30,0x0d,0x06,0x03,0x55,0x04,0x0a,0x13,0x06,0x54,0x68,
7780x61,0x77,0x74,0x65,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0b,0x13,0x14,
7790x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
7800x61,0x74,0x69,0x6f,0x6e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x03,0x13,
7810x16,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
7820x6d,0x70,0x69,0x6e,0x67,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x33,0x31,
7830x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x33,0x31,
7840x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x53,0x31,0x0b,0x30,
7850x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,
7860x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
7870x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,
7880x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,0x6d,0x65,0x20,
7890x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,0x76,0x69,0x63,
7900x65,0x73,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,
7910x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,
7920x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0xca,0xb2,0xa4,0xcc,0xcd,0x20,
7930xaf,0x0a,0x7d,0x89,0xac,0x87,0x75,0xf0,0xb4,0x4e,0xf1,0xdf,0xc1,0x0f,0xbf,
7940x67,0x61,0xbd,0xa3,0x64,0x1c,0xda,0xbb,0xf9,0xca,0x33,0xab,0x84,0x30,0x89,
7950x58,0x7e,0x8c,0xdb,0x6b,0xdd,0x36,0x9e,0x0f,0xbf,0xd1,0xec,0x78,0xf2,0x77,
7960xa6,0x7e,0x6f,0x3c,0xbf,0x93,0xaf,0x0d,0xba,0x68,0xf4,0x6c,0x94,0xca,0xbd,
7970x52,0x2d,0xab,0x48,0x3d,0xf5,0xb6,0xd5,0x5d,0x5f,0x1b,0x02,0x9f,0xfa,0x2f,
7980x6b,0x1e,0xa4,0xf7,0xa3,0x9a,0xa6,0x1a,0xc8,0x02,0xe1,0x7f,0x4c,0x52,0xe3,
7990x0e,0x60,0xec,0x40,0x1c,0x7e,0xb9,0x0d,0xde,0x3f,0xc7,0xb4,0xdf,0x87,0xbd,
8000x5f,0x7a,0x6a,0x31,0x2e,0x03,0x99,0x81,0x13,0xa8,0x47,0x20,0xce,0x31,0x73,
8010x0d,0x57,0x2d,0xcd,0x78,0x34,0x33,0x95,0x12,0x99,0x12,0xb9,0xde,0x68,0x2f,
8020xaa,0xe6,0xe3,0xc2,0x8a,0x8c,0x2a,0xc3,0x8b,0x21,0x87,0x66,0xbd,0x83,0x58,
8030x57,0x6f,0x75,0xbf,0x3c,0xaa,0x26,0x87,0x5d,0xca,0x10,0x15,0x3c,0x9f,0x84,
8040xea,0x54,0xc1,0x0a,0x6e,0xc4,0xfe,0xc5,0x4a,0xdd,0xb9,0x07,0x11,0x97,0x22,
8050x7c,0xdb,0x3e,0x27,0xd1,0x1e,0x78,0xec,0x9f,0x31,0xc9,0xf1,0xe6,0x22,0x19,
8060xdb,0xc4,0xb3,0x47,0x43,0x9a,0x1a,0x5f,0xa0,0x1e,0x90,0xe4,0x5e,0xf5,0xee,
8070x7c,0xf1,0x7d,0xab,0x62,0x01,0x8f,0xf5,0x4d,0x0b,0xde,0xd0,0x22,0x56,0xa8,
8080x95,0xcd,0xae,0x88,0x76,0xae,0xee,0xba,0x0d,0xf3,0xe4,0x4d,0xd9,0xa0,0xfb,
8090x68,0xa0,0xae,0x14,0x3b,0xb3,0x87,0xc1,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,
8100x81,0xdb,0x30,0x81,0xd8,0x30,0x34,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
8110x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
8120x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,
8130x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,
8140x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,
8150xff,0x02,0x01,0x00,0x30,0x41,0x06,0x03,0x55,0x1d,0x1f,0x04,0x3a,0x30,0x38,
8160x30,0x36,0xa0,0x34,0xa0,0x32,0x86,0x30,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
8170x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,
8180x6d,0x2f,0x54,0x68,0x61,0x77,0x74,0x65,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
8190x6d,0x70,0x69,0x6e,0x67,0x43,0x41,0x2e,0x63,0x72,0x6c,0x30,0x13,0x06,0x03,
8200x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
8210x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,
8220x02,0x01,0x06,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,0x04,0x1d,0x30,0x1b,0xa4,
8230x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x13,0x0c,0x54,
8240x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,0x33,0x30,0x0d,0x06,0x09,
8250x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,
8260x4a,0x6b,0xf9,0xea,0x58,0xc2,0x44,0x1c,0x31,0x89,0x79,0x99,0x2b,0x96,0xbf,
8270x82,0xac,0x01,0xd6,0x1c,0x4c,0xcd,0xb0,0x8a,0x58,0x6e,0xdf,0x08,0x29,0xa3,
8280x5e,0xc8,0xca,0x93,0x13,0xe7,0x04,0x52,0x0d,0xef,0x47,0x27,0x2f,0x00,0x38,
8290xb0,0xe4,0xc9,0x93,0x4e,0x9a,0xd4,0x22,0x62,0x15,0xf7,0x3f,0x37,0x21,0x4f,
8300x70,0x31,0x80,0xf1,0x8b,0x38,0x87,0xb3,0xe8,0xe8,0x97,0x00,0xfe,0xcf,0x55,
8310x96,0x4e,0x24,0xd2,0xa9,0x27,0x4e,0x7a,0xae,0xb7,0x61,0x41,0xf3,0x2a,0xce,
8320xe7,0xc9,0xd9,0x5e,0xdd,0xbb,0x2b,0x85,0x3e,0xb5,0x9d,0xb5,0xd9,0xe1,0x57,
8330xff,0xbe,0xb4,0xc5,0x7e,0xf5,0xcf,0x0c,0x9e,0xf0,0x97,0xfe,0x2b,0xd3,0x3b,
8340x52,0x1b,0x1b,0x38,0x27,0xf7,0x3f,0x4a };
835static const BYTE iTunesCert1[] = {
8360x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
8370x0d,0xe9,0x2b,0xf0,0xd4,0xd8,0x29,0x88,0x18,0x32,0x05,0x09,0x5e,0x9a,0x76,
8380x88,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
8390x00,0x30,0x53,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
8400x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
8410x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,
8420x06,0x03,0x55,0x04,0x03,0x13,0x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
8430x20,0x54,0x69,0x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,
8440x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
8450x30,0x33,0x31,0x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
8460x30,0x38,0x31,0x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x57,
8470x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
8480x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,
8490x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2f,0x30,0x2d,0x06,0x03,0x55,
8500x04,0x03,0x13,0x26,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,
8510x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,
8520x76,0x69,0x63,0x65,0x73,0x20,0x53,0x69,0x67,0x6e,0x65,0x72,0x30,0x82,0x01,
8530x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
8540x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,
8550xb2,0x50,0x28,0x48,0xdd,0xd3,0x68,0x7a,0x84,0x18,0x44,0x66,0x75,0x5d,0x7e,
8560xc4,0xb8,0x9f,0x63,0x26,0xff,0x3d,0x43,0x9c,0x7c,0x11,0x38,0x10,0x25,0x55,
8570x73,0xd9,0x75,0x27,0x69,0xfd,0x4e,0xb9,0x20,0x5c,0xd3,0x0a,0xf9,0xa0,0x1b,
8580x2a,0xed,0x55,0x56,0x21,0x61,0xd8,0x1e,0xdb,0xe4,0xbc,0x33,0x6b,0xc7,0xef,
8590xdd,0xa3,0x37,0x65,0x8e,0x1b,0x93,0x0c,0xb6,0x53,0x1e,0x5c,0x7c,0x66,0x35,
8600x5f,0x05,0x8a,0x45,0xfe,0x76,0x4e,0xdf,0x53,0x80,0xa2,0x81,0x20,0x9d,0xae,
8610x88,0x5c,0xa2,0x08,0xf7,0xe5,0x30,0xf9,0xee,0x22,0x37,0x4c,0x42,0x0a,0xce,
8620xdf,0xc6,0x1f,0xc4,0xd6,0x55,0xe9,0x81,0x3f,0xb5,0x52,0xa3,0x2c,0xaa,0x01,
8630x7a,0xf2,0xa2,0xaa,0x8d,0x35,0xfe,0x9f,0xe6,0x5d,0x6a,0x05,0x9f,0x3d,0x6b,
8640xe3,0xbf,0x96,0xc0,0xfe,0xcc,0x60,0xf9,0x40,0xe7,0x07,0xa0,0x44,0xeb,0x81,
8650x51,0x6e,0xa5,0x2a,0xf2,0xb6,0x8a,0x10,0x28,0xed,0x8f,0xdc,0x06,0xa0,0x86,
8660x50,0x9a,0x7b,0x4a,0x08,0x0d,0x30,0x1d,0xca,0x10,0x9e,0x6b,0xf7,0xe9,0x58,
8670xae,0x04,0xa9,0x40,0x99,0xb2,0x28,0xe8,0x8f,0x16,0xac,0x3c,0xe3,0x53,0x6f,
8680x4b,0xd3,0x35,0x9d,0xb5,0x6f,0x64,0x1d,0xb3,0x96,0x2c,0xbb,0x3d,0xe7,0x79,
8690xeb,0x6d,0x7a,0xf9,0x16,0xe6,0x26,0xad,0xaf,0xef,0x99,0x53,0xb7,0x40,0x2c,
8700x95,0xb8,0x79,0xaa,0xfe,0xd4,0x52,0xab,0x29,0x74,0x7e,0x42,0xec,0x39,0x1e,
8710xa2,0x6a,0x16,0xe6,0x59,0xbb,0x24,0x68,0xd8,0x00,0x80,0x43,0x10,0x87,0x80,
8720x6b,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xca,0x30,0x81,0xc7,0x30,0x34,0x06,
8730x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,
8740x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,
8750x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
8760x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
8770xff,0x04,0x02,0x30,0x00,0x30,0x33,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2c,0x30,
8780x2a,0x30,0x28,0xa0,0x26,0xa0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3a,0x2f,
8790x2f,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,
8800x6f,0x6d,0x2f,0x74,0x73,0x73,0x2d,0x63,0x61,0x2e,0x63,0x72,0x6c,0x30,0x16,
8810x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,
8820x06,0x01,0x05,0x05,0x07,0x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
8830x01,0xff,0x04,0x04,0x03,0x02,0x06,0xc0,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,
8840x04,0x1d,0x30,0x1b,0xa4,0x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,
8850x04,0x03,0x13,0x0c,0x54,0x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,
8860x34,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
8870x00,0x03,0x82,0x01,0x01,0x00,0x87,0x78,0x70,0xda,0x4e,0x52,0x01,0x20,0x5b,
8880xe0,0x79,0xc9,0x82,0x30,0xc4,0xfd,0xb9,0x19,0x96,0xbd,0x91,0x00,0xc3,0xbd,
8890xcd,0xcd,0xc6,0xf4,0x0e,0xd8,0xff,0xf9,0x4d,0xc0,0x33,0x62,0x30,0x11,0xc5,
8900xf5,0x74,0x1b,0xd4,0x92,0xde,0x5f,0x9c,0x20,0x13,0xb1,0x7c,0x45,0xbe,0x50,
8910xcd,0x83,0xe7,0x80,0x17,0x83,0xa7,0x27,0x93,0x67,0x13,0x46,0xfb,0xca,0xb8,
8920x98,0x41,0x03,0xcc,0x9b,0x51,0x5b,0x05,0x8b,0x7f,0xa8,0x6f,0xf3,0x1b,0x50,
8930x1b,0x24,0x2e,0xf2,0x69,0x8d,0x6c,0x22,0xf7,0xbb,0xca,0x16,0x95,0xed,0x0c,
8940x74,0xc0,0x68,0x77,0xd9,0xeb,0x99,0x62,0x87,0xc1,0x73,0x90,0xf8,0x89,0x74,
8950x7a,0x23,0xab,0xa3,0x98,0x7b,0x97,0xb1,0xf7,0x8f,0x29,0x71,0x4d,0x2e,0x75,
8960x1b,0x48,0x41,0xda,0xf0,0xb5,0x0d,0x20,0x54,0xd6,0x77,0xa0,0x97,0x82,0x63,
8970x69,0xfd,0x09,0xcf,0x8a,0xf0,0x75,0xbb,0x09,0x9b,0xd9,0xf9,0x11,0x55,0x26,
8980x9a,0x61,0x32,0xbe,0x7a,0x02,0xb0,0x7b,0x86,0xbe,0xa2,0xc3,0x8b,0x22,0x2c,
8990x78,0xd1,0x35,0x76,0xbc,0x92,0x73,0x5c,0xf9,0xb9,0xe6,0x4c,0x15,0x0a,0x23,
9000xcc,0xe4,0xd2,0xd4,0x34,0x2e,0x49,0x40,0x15,0x3c,0x0f,0x60,0x7a,0x24,0xc6,
9010xa5,0x66,0xef,0x96,0xcf,0x70,0xeb,0x3e,0xe7,0xf4,0x0d,0x7e,0xdc,0xd1,0x7c,
9020xa3,0x76,0x71,0x69,0xc1,0x9c,0x4f,0x47,0x30,0x35,0x21,0xb1,0xa2,0xaf,0x1a,
9030x62,0x3c,0x2b,0xd9,0x8e,0xaa,0x2a,0x07,0x7b,0xd8,0x18,0xb3,0x5c,0x7b,0xe2,
9040x9d,0xa5,0x6f,0xfe,0x3c,0x89,0xad };
905static const BYTE iTunesCert2[] = {
9060x30,0x82,0x04,0xbf,0x30,0x82,0x04,0x28,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
9070x41,0x91,0xa1,0x5a,0x39,0x78,0xdf,0xcf,0x49,0x65,0x66,0x38,0x1d,0x4c,0x75,
9080xc2,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
9090x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
9100x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
9110x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,
9120x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,
9130x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,
9140x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,
9150x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x30,0x34,0x30,
9160x37,0x31,0x36,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x34,0x30,
9170x37,0x31,0x35,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,
9180x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,
9190x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
9200x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,
9210x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,
9220x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,
9230x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,
9240x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,
9250x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,
9260x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,
9270x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,
9280x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,0x69,
9290x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,0x20,0x43,0x41,0x30,0x82,
9300x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,
9310x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,
9320x00,0xbe,0xbc,0xee,0xbc,0x7e,0xef,0x83,0xeb,0xe0,0x37,0x4f,0xfb,0x03,0x10,
9330x38,0xbe,0x08,0xd2,0x8c,0x7d,0x9d,0xfa,0x92,0x7f,0x19,0x0c,0xc2,0x6b,0xee,
9340x42,0x52,0x8c,0xde,0xd3,0x1c,0x48,0x13,0x25,0xea,0xc1,0x63,0x7a,0xf9,0x51,
9350x65,0xee,0xd3,0xaa,0x3b,0xf5,0xf0,0x94,0x9c,0x2b,0xfb,0xf2,0x66,0xd4,0x24,
9360xda,0xf7,0xf5,0x9f,0x6e,0x19,0x39,0x36,0xbc,0xd0,0xa3,0x76,0x08,0x1e,0x22,
9370x27,0x24,0x6c,0x38,0x91,0x27,0xe2,0x84,0x49,0xae,0x1b,0x8a,0xa1,0xfd,0x25,
9380x82,0x2c,0x10,0x30,0xe8,0x71,0xab,0x28,0xe8,0x77,0x4a,0x51,0xf1,0xec,0xcd,
9390xf8,0xf0,0x54,0xd4,0x6f,0xc0,0xe3,0x6d,0x0a,0x8f,0xd9,0xd8,0x64,0x8d,0x63,
9400xb2,0x2d,0x4e,0x27,0xf6,0x85,0x0e,0xfe,0x6d,0xe3,0x29,0x99,0xe2,0x85,0x47,
9410x7c,0x2d,0x86,0x7f,0xe8,0x57,0x8f,0xad,0x67,0xc2,0x33,0x32,0x91,0x13,0x20,
9420xfc,0xa9,0x23,0x14,0x9a,0x6d,0xc2,0x84,0x4b,0x76,0x68,0x04,0xd5,0x71,0x2c,
9430x5d,0x21,0xfa,0x88,0x0d,0x26,0xfd,0x1f,0x2d,0x91,0x2b,0xe7,0x01,0x55,0x4d,
9440xf2,0x6d,0x35,0x28,0x82,0xdf,0xd9,0x6b,0x5c,0xb6,0xd6,0xd9,0xaa,0x81,0xfd,
9450x5f,0xcd,0x83,0xba,0x63,0x9d,0xd0,0x22,0xfc,0xa9,0x3b,0x42,0x69,0xb2,0x8e,
9460x3a,0xb5,0xbc,0xb4,0x9e,0x0f,0x5e,0xc4,0xea,0x2c,0x82,0x8b,0x28,0xfd,0x53,
9470x08,0x96,0xdd,0xb5,0x01,0x20,0xd1,0xf9,0xa5,0x18,0xe7,0xc0,0xee,0x51,0x70,
9480x37,0xe1,0xb6,0x05,0x48,0x52,0x48,0x6f,0x38,0xea,0xc3,0xe8,0x6c,0x7b,0x44,
9490x84,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0xa0,0x30,0x82,0x01,0x9c,
9500x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,
9510x01,0xff,0x02,0x01,0x00,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,
9520x3b,0x30,0x39,0x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,
9530x03,0x30,0x2a,0x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,
9540x16,0x1c,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,
9550x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,
9560x30,0x31,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2a,0x30,0x28,0x30,0x26,0xa0,0x24,
9570xa0,0x22,0x86,0x20,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x63,0x72,0x6c,0x2e,
9580x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x70,0x63,
9590x61,0x33,0x2e,0x63,0x72,0x6c,0x30,0x1d,0x06,0x03,0x55,0x1d,0x25,0x04,0x16,
9600x30,0x14,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2b,
9610x06,0x01,0x05,0x05,0x07,0x03,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
9620x01,0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60,0x86,0x48,
9630x01,0x86,0xf8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x01,0x30,0x29,0x06,
9640x03,0x55,0x1d,0x11,0x04,0x22,0x30,0x20,0xa4,0x1e,0x30,0x1c,0x31,0x1a,0x30,
9650x18,0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6c,0x61,0x73,0x73,0x33,0x43,
9660x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x34,0x33,0x30,0x1d,0x06,0x03,0x55,
9670x1d,0x0e,0x04,0x16,0x04,0x14,0x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,
9680x36,0x7c,0x68,0xcf,0x5b,0x78,0xa8,0xdf,0xb9,0xc5,0x37,0x30,0x81,0x80,0x06,
9690x03,0x55,0x1d,0x23,0x04,0x79,0x30,0x77,0xa1,0x63,0xa4,0x61,0x30,0x5f,0x31,
9700x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
9710x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
9720x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,
9730x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,
9740x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,
9750x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,
9760x72,0x69,0x74,0x79,0x82,0x10,0x70,0xba,0xe4,0x1d,0x10,0xd9,0x29,0x34,0xb6,
9770x38,0xca,0x7b,0x03,0xcc,0xba,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
9780xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xae,0x3a,0x17,0xb8,
9790x4a,0x7b,0x55,0xfa,0x64,0x55,0xec,0x40,0xa4,0xed,0x49,0x41,0x90,0x99,0x9c,
9800x89,0xbc,0xaf,0x2e,0x1d,0xca,0x78,0x23,0xf9,0x1c,0x19,0x0f,0x7f,0xeb,0x68,
9810xbc,0x32,0xd9,0x88,0x38,0xde,0xdc,0x3f,0xd3,0x89,0xb4,0x3f,0xb1,0x82,0x96,
9820xf1,0xa4,0x5a,0xba,0xed,0x2e,0x26,0xd3,0xde,0x7c,0x01,0x6e,0x00,0x0a,0x00,
9830xa4,0x06,0x92,0x11,0x48,0x09,0x40,0xf9,0x1c,0x18,0x79,0x67,0x23,0x24,0xe0,
9840xbb,0xd5,0xe1,0x50,0xae,0x1b,0xf5,0x0e,0xdd,0xe0,0x2e,0x81,0xcd,0x80,0xa3,
9850x6c,0x52,0x4f,0x91,0x75,0x55,0x8a,0xba,0x22,0xf2,0xd2,0xea,0x41,0x75,0x88,
9860x2f,0x63,0x55,0x7d,0x1e,0x54,0x5a,0x95,0x59,0xca,0xd9,0x34,0x81,0xc0,0x5f,
9870x5e,0xf6,0x7a,0xb5 };
988static const BYTE iTunesCert3[] = {
9890x30,0x82,0x04,0xf1,0x30,0x82,0x03,0xd9,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
9900x0f,0x1a,0xa0,0xe0,0x9b,0x9b,0x61,0xa6,0xb6,0xfe,0x40,0xd2,0xdf,0x6a,0xf6,
9910x8d,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
9920x00,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
9930x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,
9940x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,
9950x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
9960x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,
9970x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,
9980x73,0x20,0x6f,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,
9990x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
10000x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,
10010x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,
10020x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,
10030x6f,0x64,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,
10040x34,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x31,0x37,0x30,
10050x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x38,0x30,0x31,0x32,0x32,0x32,
10060x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,
10070x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
10080x08,0x13,0x0a,0x43,0x61,0x6c,0x69,0x66,0x6f,0x72,0x6e,0x69,0x61,0x31,0x12,
10090x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,
10100x69,0x6e,0x6f,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0a,0x14,0x14,0x41,
10110x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,0x74,0x65,0x72,0x2c,0x20,
10120x49,0x6e,0x63,0x2e,0x31,0x3e,0x30,0x3c,0x06,0x03,0x55,0x04,0x0b,0x13,0x35,
10130x44,0x69,0x67,0x69,0x74,0x61,0x6c,0x20,0x49,0x44,0x20,0x43,0x6c,0x61,0x73,
10140x73,0x20,0x33,0x20,0x2d,0x20,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,
10150x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x56,0x61,0x6c,0x69,0x64,
10160x61,0x74,0x69,0x6f,0x6e,0x20,0x76,0x32,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,
10170x04,0x03,0x14,0x14,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,
10180x74,0x65,0x72,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x30,0x81,0x9f,0x30,0x0d,0x06,
10190x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
10200x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd3,0xab,0x3b,0x7f,0xec,0x48,0x84,
10210xce,0xa8,0x1a,0x12,0xf3,0x3c,0x87,0xcb,0x24,0x58,0x96,0x02,0x87,0x66,0x49,
10220xeb,0x89,0xee,0x79,0x44,0x70,0x8d,0xe7,0xd4,0x1f,0x30,0x92,0xc0,0x9c,0x35,
10230x78,0xc0,0xaf,0x1c,0xb6,0x28,0xd3,0xe0,0xe0,0x9d,0xd3,0x49,0x76,0x73,0x57,
10240x19,0x4d,0x8d,0x70,0x85,0x64,0x4d,0x1d,0xc6,0x02,0x3e,0xe5,0x2c,0x66,0x07,
10250xd2,0x27,0x4b,0xd6,0xc8,0x3c,0x93,0xb6,0x15,0x0c,0xde,0x5b,0xd7,0x93,0xdd,
10260xbe,0x85,0x62,0x34,0x17,0x8a,0x05,0x60,0xf0,0x8a,0x1c,0x5a,0x40,0x21,0x8d,
10270x51,0x6c,0xb0,0x62,0xd8,0xb5,0xd4,0xf9,0xb1,0xd0,0x58,0x7a,0x7a,0x82,0x55,
10280xb3,0xf9,0x53,0x71,0xde,0xd2,0xc9,0x37,0x8c,0xf6,0x5a,0x1f,0x2d,0xcd,0x7c,
10290x67,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0x7f,0x30,0x82,0x01,0x7b,0x30,
10300x09,0x06,0x03,0x55,0x1d,0x13,0x04,0x02,0x30,0x00,0x30,0x0e,0x06,0x03,0x55,
10310x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x40,0x06,0x03,
10320x55,0x1d,0x1f,0x04,0x39,0x30,0x37,0x30,0x35,0xa0,0x33,0xa0,0x31,0x86,0x2f,
10330x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,
10340x34,0x2d,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,
10350x63,0x6f,0x6d,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2e,0x63,
10360x72,0x6c,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,0x3b,0x30,0x39,
10370x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x30,0x2a,
10380x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1c,0x68,
10390x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,
10400x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x30,0x13,0x06,
10410x03,0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
10420x07,0x03,0x03,0x30,0x75,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
10430x04,0x69,0x30,0x67,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,
10440x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,
10450x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x3f,0x06,
10460x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x33,0x68,0x74,0x74,0x70,
10470x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,
10480x61,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,
10490x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,0x61,0x2e,0x63,
10500x65,0x72,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,
10510x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,0x36,0x7c,0x68,0xcf,0x5b,0x78,
10520xa8,0xdf,0xb9,0xc5,0x37,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,
10530x42,0x01,0x01,0x04,0x04,0x03,0x02,0x04,0x10,0x30,0x16,0x06,0x0a,0x2b,0x06,
10540x01,0x04,0x01,0x82,0x37,0x02,0x01,0x1b,0x04,0x08,0x30,0x06,0x01,0x01,0x00,
10550x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
10560x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x6a,0xa6,0x06,0xd0,0x33,0x18,0x64,
10570xe2,0x69,0x82,0xee,0x6e,0x36,0x9e,0x9d,0x9a,0x0e,0x18,0xa8,0xac,0x9d,0x10,
10580xed,0x01,0x3c,0xb9,0x61,0x04,0x62,0xf3,0x85,0x8f,0xcc,0x4f,0x2c,0x66,0x35,
10590x54,0x25,0x45,0x8d,0x95,0x1c,0xd2,0x33,0xbe,0x2e,0xdd,0x7f,0x74,0xaf,0x03,
10600x7b,0x86,0x63,0xb0,0xc9,0xe6,0xbd,0xc7,0x8e,0xde,0x03,0x18,0x98,0x82,0xc3,
10610xbb,0xf8,0x15,0x99,0x1a,0xa9,0xdd,0xb9,0x5d,0xb9,0xbd,0x53,0x95,0x25,0x76,
10620xfb,0x5c,0x53,0x90,0xea,0x01,0x0a,0xa0,0xb1,0xbf,0x09,0x1b,0x97,0x8f,0x40,
10630xfa,0x85,0x12,0x74,0x01,0xdb,0xf6,0xdb,0x09,0xd6,0x5f,0x4f,0xd7,0x17,0xb4,
10640xbf,0x9e,0x2f,0x86,0x52,0x5d,0x70,0x24,0x52,0x32,0x1e,0xa5,0x1d,0x39,0x8b,
10650x66,0xf6,0xba,0x9b,0x69,0x8e,0x12,0x60,0xdb,0xb6,0xcf,0xe6,0x0d,0xd6,0x1c,
10660x8f,0xd4,0x5b,0x4b,0x00,0xde,0x21,0x93,0xfb,0x6e,0xc7,0x3d,0xb4,0x66,0x0d,
10670x29,0x0c,0x4e,0xe9,0x3f,0x94,0xd6,0xd6,0xdc,0xec,0xf8,0x53,0x3b,0x62,0xd5,
10680x97,0x50,0x53,0x84,0x17,0xfe,0xe2,0xed,0x4c,0x23,0x0a,0x49,0xce,0x5b,0xe9,
10690x70,0x31,0xc1,0x04,0x02,0x02,0x6c,0xb8,0x52,0xcd,0xc7,0x4e,0x70,0xb4,0x13,
10700xd7,0xe0,0x92,0xba,0x44,0x1a,0x10,0x4c,0x6e,0x45,0xc6,0x86,0x04,0xc6,0x64,
10710xd3,0x9c,0x6e,0xc1,0x9c,0xac,0x74,0x3d,0x77,0x06,0x5e,0x28,0x28,0x5c,0xf5,
10720xe0,0x9c,0x19,0xd8,0xba,0x74,0x81,0x2d,0x67,0x77,0x93,0x8d,0xbf,0xd2,0x52,
10730x00,0xe6,0xa5,0x38,0x4e,0x2e,0x73,0x66,0x7a };
1074static BYTE iTunesIssuer[] = {
10750x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
10760x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,
10770x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
10780x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,
10790x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
10800x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,
10810x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,
10820x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,0x73,
10830x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,
10840x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,
10850x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,
10860x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,
10870x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,
10880x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,
10890x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,
10900x20,0x43,0x41 };
1091static BYTE iTunesSerialNum[] = {
10920x8d,0xf6,0x6a,0xdf,0xd2,0x40,0xfe,0xb6,0xa6,0x61,0x9b,0x9b,
10930xe0,0xa0,0x1a,0x0f };
1094
1095static void testFindCert(void)
1096{
1097 HCERTSTORE store;
1098 PCCERT_CONTEXT context = NULL, subject;
1099 BOOL ret;
1100 CERT_INFO certInfo = { 0 };
1101 CRYPT_HASH_BLOB blob;
1102 BYTE otherSerialNumber[] = { 2 };
1103 DWORD count;
1104
1105 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1106 CERT_STORE_CREATE_NEW_FLAG, NULL);
1107 ok(store != NULL, "CertOpenStore failed: %ld\n", GetLastError());
1108 if (!store)
1109 return;
1110
1111 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1112 bigCert, sizeof(bigCert), CERT_STORE_ADD_NEW, NULL);
1113 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1114
1115 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1116 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
1117 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1118 GetLastError());
1119 /* This has the same name as bigCert */
1120 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1121 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
1122 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1123 GetLastError());
1124
1125 /* Crashes
1126 context = CertFindCertificateInStore(NULL, 0, 0, 0, NULL, NULL);
1127 */
1128
1129 /* Check first cert's there, by issuer */
1130 certInfo.Subject.pbData = subjectName;
1131 certInfo.Subject.cbData = sizeof(subjectName);
1132 certInfo.SerialNumber.pbData = serialNum;
1133 certInfo.SerialNumber.cbData = sizeof(serialNum);
1134 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1135 CERT_FIND_ISSUER_NAME, &certInfo.Subject, NULL);
1136 ok(context != NULL, "CertFindCertificateInStore failed: %08lx\n",
1137 GetLastError());
1138 if (context)
1139 {
1140 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1141 CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
1142 ok(context != NULL, "Expected more than one cert\n");
1143 if (context)
1144 {
1145 context = CertFindCertificateInStore(store, X509_ASN_ENCODING,
1146 0, CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
1147 ok(context == NULL, "Expected precisely two certs\n");
1148 }
1149 }
1150
1151 /* Check second cert's there as well, by subject name */
1152 certInfo.Subject.pbData = subjectName2;
1153 certInfo.Subject.cbData = sizeof(subjectName2);
1154 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1155 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, NULL);
1156 ok(context != NULL, "CertFindCertificateInStore failed: %08lx\n",
1157 GetLastError());
1158 if (context)
1159 {
1160 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1161 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, context);
1162 ok(context == NULL, "Expected one cert only\n");
1163 }
1164
1165 /* Strange but true: searching for the subject cert requires you to set
1166 * the issuer, not the subject
1167 */
1168 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1169 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1170 ok(context == NULL, "Expected no certificate\n");
1171 certInfo.Subject.pbData = NULL;
1172 certInfo.Subject.cbData = 0;
1173 certInfo.Issuer.pbData = subjectName2;
1174 certInfo.Issuer.cbData = sizeof(subjectName2);
1175 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1176 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1177 ok(context != NULL, "CertFindCertificateInStore failed: %08lx\n",
1178 GetLastError());
1179 if (context)
1180 {
1181 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1182 CERT_FIND_SUBJECT_CERT, &certInfo, context);
1183 ok(context == NULL, "Expected one cert only\n");
1184 }
1185 /* A non-matching serial number will not match. */
1186 certInfo.SerialNumber.pbData = otherSerialNumber;
1187 certInfo.SerialNumber.cbData = sizeof(otherSerialNumber);
1188 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1189 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1190 ok(context == NULL, "Expected no match\n");
1191 /* No serial number will not match */
1192 certInfo.SerialNumber.cbData = 0;
1193 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1194 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1195 ok(context == NULL, "Expected no match\n");
1196 /* A serial number still won't match if the name doesn't */
1197 certInfo.SerialNumber.pbData = serialNum;
1198 certInfo.SerialNumber.cbData = sizeof(serialNum);
1199 certInfo.Issuer.pbData = subjectName3;
1200 certInfo.Issuer.cbData = sizeof(subjectName3);
1201 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1202 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1203 ok(context == NULL, "Expected no match\n");
1204
1205 /* The nice thing about hashes, they're unique */
1206 blob.pbData = bigCertHash;
1207 blob.cbData = sizeof(bigCertHash);
1208 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1209 CERT_FIND_SHA1_HASH, &blob, NULL);
1210 ok(context != NULL, "CertFindCertificateInStore failed: %08lx\n",
1211 GetLastError());
1212 if (context)
1213 {
1214 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1215 CERT_FIND_SHA1_HASH, &certInfo.Subject, context);
1216 ok(context == NULL, "Expected one cert only\n");
1217 }
1218
1219 /* Searching for NULL string matches any context. */
1220 count = 0;
1221 context = NULL;
1222 do {
1223 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1224 CERT_FIND_ISSUER_STR, NULL, context);
1225 if (context)
1226 count++;
1227 } while (context);
1228 ok(count == 3, "expected 3 contexts\n");
1229 count = 0;
1230 context = NULL;
1231 do {
1232 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1233 CERT_FIND_ISSUER_STR, L"juan", context);
1234 if (context)
1235 count++;
1236 } while (context);
1237 ok(count == 2, "expected 2 contexts\n");
1238 count = 0;
1239 context = NULL;
1240 do {
1241 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1242 CERT_FIND_ISSUER_STR, L"LANG", context);
1243 if (context)
1244 count++;
1245 } while (context);
1246 ok(count == 3, "expected 3 contexts\n");
1247 SetLastError(0xdeadbeef);
1248 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1249 CERT_FIND_ISSUER_STR, L"malcolm", NULL);
1250 ok(!context, "expected no certs\n");
1251 ok(GetLastError() == CRYPT_E_NOT_FOUND,
1252 "expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
1253
1254 CertCloseStore(store, 0);
1255
1256 /* Another subject cert search, using iTunes's certs */
1257 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1258 CERT_STORE_CREATE_NEW_FLAG, NULL);
1259 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1260 iTunesCert0, sizeof(iTunesCert0), CERT_STORE_ADD_NEW, NULL);
1261 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1262 GetLastError());
1263 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1264 iTunesCert1, sizeof(iTunesCert1), CERT_STORE_ADD_NEW, NULL);
1265 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1266 GetLastError());
1267 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1268 iTunesCert2, sizeof(iTunesCert2), CERT_STORE_ADD_NEW, NULL);
1269 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1270 GetLastError());
1271 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1272 iTunesCert3, sizeof(iTunesCert3), CERT_STORE_ADD_NEW, &subject);
1273 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1274 GetLastError());
1275
1276 /* The certInfo's issuer does not match any subject, but the serial
1277 * number does match a cert whose issuer matches certInfo's issuer.
1278 * This yields a match.
1279 */
1280 certInfo.SerialNumber.cbData = sizeof(iTunesSerialNum);
1281 certInfo.SerialNumber.pbData = iTunesSerialNum;
1282 certInfo.Issuer.cbData = sizeof(iTunesIssuer);
1283 certInfo.Issuer.pbData = iTunesIssuer;
1284 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1285 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1286 ok(context != NULL, "Expected a match\n");
1287 if (context)
1288 {
1289 ret = CertCompareCertificateName(context->dwCertEncodingType,
1290 &certInfo.Issuer, &context->pCertInfo->Subject);
1291 ok(!ret, "Expected subject name not to match\n");
1292 ret = CertCompareCertificateName(context->dwCertEncodingType,
1293 &certInfo.Issuer, &context->pCertInfo->Issuer);
1294 ok(ret, "Expected issuer name to match\n");
1295 ret = CertCompareIntegerBlob(&certInfo.SerialNumber,
1296 &context->pCertInfo->SerialNumber);
1297 ok(ret, "Expected serial number to match\n");
1298 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1299 CERT_FIND_SUBJECT_CERT, &certInfo, context);
1300 ok(context == NULL, "Expected one cert only\n");
1301 }
1302
1303 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1304 CERT_FIND_ISSUER_OF, subject, NULL);
1305 ok(context != NULL, "Expected an issuer\n");
1306 if (context)
1307 {
1308 PCCERT_CONTEXT none = CertFindCertificateInStore(store,
1309 X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_OF, context, NULL);
1310
1311 ok(!none, "Expected no parent of issuer\n");
1312 CertFreeCertificateContext(context);
1313 }
1314 CertFreeCertificateContext(subject);
1315 CertCloseStore(store, 0);
1316}
1317
1318static void testGetSubjectCert(void)
1319{
1320 HCERTSTORE store;
1321 PCCERT_CONTEXT context1, context2;
1322 CERT_INFO info = { 0 };
1323 BOOL ret;
1324
1325 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1326 CERT_STORE_CREATE_NEW_FLAG, NULL);
1327 ok(store != NULL, "CertOpenStore failed: %ld\n", GetLastError());
1328 if (!store)
1329 return;
1330
1331 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1332 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1333 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1334
1335 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1336 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, &context1);
1337 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1338 GetLastError());
1339 ok(context1 != NULL, "Expected a context\n");
1340 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1341 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
1342 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1343 GetLastError());
1344
1345 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1346 NULL);
1347 ok(!context2 && GetLastError() == E_INVALIDARG,
1348 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1349 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1350 &info);
1351 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1352 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
1353 info.SerialNumber.cbData = sizeof(serialNum);
1354 info.SerialNumber.pbData = serialNum;
1355 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1356 &info);
1357 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1358 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
1359 info.Issuer.cbData = sizeof(subjectName2);
1360 info.Issuer.pbData = subjectName2;
1361 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1362 &info);
1363 ok(context2 != NULL,
1364 "CertGetSubjectCertificateFromStore failed: %08lx\n", GetLastError());
1365 /* Not only should this find a context, but it should be the same
1366 * (same address) as context1.
1367 */
1368 ok(context1 == context2, "Expected identical context addresses\n");
1369 CertFreeCertificateContext(context2);
1370
1371 CertFreeCertificateContext(context1);
1372 CertCloseStore(store, 0);
1373}
1374
1375/* This expires in 1970 or so */
1376static const BYTE expiredCert[] = { 0x30, 0x82, 0x01, 0x33, 0x30, 0x81, 0xe2,
1377 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xc4, 0xd7, 0x7f, 0x0e, 0x6f, 0xa6,
1378 0x8c, 0xaa, 0x47, 0x47, 0x40, 0xe7, 0xb7, 0x0b, 0x4a, 0x7f, 0x30, 0x09, 0x06,
1379 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1380 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1381 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1382 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x36, 0x39, 0x30, 0x31, 0x30, 0x31, 0x30,
1383 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30,
1384 0x31, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1385 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1386 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1387 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
1388 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
1389 0x00, 0xa1, 0xaf, 0x4a, 0xea, 0xa7, 0x83, 0x57, 0xc0, 0x37, 0x33, 0x7e, 0x29,
1390 0x5e, 0x0d, 0xfc, 0x44, 0x74, 0x3a, 0x1d, 0xc3, 0x1b, 0x1d, 0x96, 0xed, 0x4e,
1391 0xf4, 0x1b, 0x98, 0xec, 0x69, 0x1b, 0x04, 0xea, 0x25, 0xcf, 0xb3, 0x2a, 0xf5,
1392 0xd9, 0x22, 0xd9, 0x8d, 0x08, 0x39, 0x81, 0xc6, 0xe0, 0x4f, 0x12, 0x37, 0x2a,
1393 0x3f, 0x80, 0xa6, 0x6c, 0x67, 0x43, 0x3a, 0xdd, 0x95, 0x0c, 0xbb, 0x2f, 0x6b,
1394 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
1395 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x8f, 0xa2, 0x5b, 0xd6, 0xdf, 0x34, 0xd0,
1396 0xa2, 0xa7, 0x47, 0xf1, 0x13, 0x79, 0xd3, 0xf3, 0x39, 0xbd, 0x4e, 0x2b, 0xa3,
1397 0xf4, 0x63, 0x37, 0xac, 0x5a, 0x0c, 0x5e, 0x4d, 0x0d, 0x54, 0x87, 0x4f, 0x31,
1398 0xfb, 0xa0, 0xce, 0x8f, 0x9a, 0x2f, 0x4d, 0x48, 0xc6, 0x84, 0x8d, 0xf5, 0x70,
1399 0x74, 0x17, 0xa5, 0xf3, 0x66, 0x47, 0x06, 0xd6, 0x64, 0x45, 0xbc, 0x52, 0xef,
1400 0x49, 0xe5, 0xf9, 0x65, 0xf3 };
1401
1402/* This expires in 2036 or so */
1403static const BYTE childOfExpired[] = { 0x30, 0x81, 0xcc, 0x30, 0x78, 0xa0,
1404 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
1405 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d,
1406 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63,
1407 0x40, 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e,
1408 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x35, 0x30, 0x35,
1409 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x36, 0x30, 0x35,
1410 0x30, 0x35, 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x30, 0x15, 0x31, 0x13,
1411 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e,
1412 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03,
1413 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1414 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x20, 0x3b, 0xdb, 0x4d, 0x67, 0x50,
1415 0xec, 0x73, 0x9d, 0xf9, 0x85, 0x5d, 0x18, 0xe9, 0xb4, 0x98, 0xe3, 0x31, 0xb7,
1416 0x03, 0x0b, 0xc0, 0x39, 0x93, 0x56, 0x81, 0x0a, 0xfc, 0x78, 0xa8, 0x29, 0x42,
1417 0x5f, 0x69, 0xfb, 0xbc, 0x5b, 0xf2, 0xa6, 0x2a, 0xbe, 0x91, 0x2c, 0xfc, 0x89,
1418 0x69, 0x15, 0x18, 0x58, 0xe5, 0x02, 0x75, 0xf7, 0x2a, 0xb6, 0xa9, 0xfb, 0x47,
1419 0x6a, 0x6e, 0x0a, 0x9b, 0xe9, 0xdc };
1420/* chain10_0 -+
1421 * +-> chain7_1
1422 * chain10_1 -+
1423 * A chain with two issuers, only one of whose dates is valid.
1424 */
1425static const BYTE chain10_0[] = {
14260x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
14270x4a,0x30,0x3a,0x42,0xa2,0x5a,0xb3,0x93,0x4d,0x94,0x06,0xad,0x6d,0x1c,0x34,
14280xe6,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
14290x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
14300x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
14310x30,0x5a,0x17,0x0d,0x30,0x36,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
14320x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
14330x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
14340x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
14350x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
14360x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
14370x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
14380x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
14390xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
14400x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
14410x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
14420xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
14430x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
14440x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
14450x81,0x00,0x85,0x6e,0x35,0x2f,0x2c,0x51,0x4f,0xd6,0x2a,0xe4,0x9e,0xd0,0x4b,
14460xe6,0x90,0xfd,0xf7,0x20,0xad,0x76,0x3f,0x93,0xea,0x7f,0x0d,0x1f,0xb3,0x8e,
14470xfd,0xe0,0xe1,0xd6,0xd7,0x9c,0x7d,0x46,0x6b,0x15,0x5c,0xe6,0xc9,0x62,0x3b,
14480x70,0x4a,0x4b,0xb2,0x82,0xe3,0x55,0x0c,0xc4,0x90,0x44,0x06,0x6c,0x86,0x1c,
14490x6d,0x47,0x12,0xda,0x33,0x95,0x5d,0x98,0x43,0xcb,0x7c,0xfa,0x2b,0xee,0xc4,
14500x2d,0xc8,0x95,0x33,0x89,0x08,0x3f,0x9f,0x87,0xea,0x20,0x04,0xaf,0x58,0x4b,
14510x9d,0xc0,0x7c,0x0a,0x1b,0x05,0x31,0x3b,0xbb,0x13,0x58,0x2e,0x3f,0x61,0x6b,
14520x10,0xb4,0xeb,0xb9,0x1a,0x30,0xfd,0xea,0xca,0x29,0x99,0x5f,0x42,0x2b,0x00,
14530xb0,0x08,0xc3,0xf0,0xb6,0xd6,0x6b,0xf9,0x35,0x95 };
1454static const BYTE chain10_1[] = {
14550x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
14560xbf,0x99,0x4f,0x14,0x03,0x77,0x44,0xb8,0x49,0x02,0x70,0xa1,0xb8,0x9c,0xa7,
14570x24,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
14580x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
14590x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
14600x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
14610x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
14620x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
14630x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
14640x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
14650x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
14660x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
14670x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
14680xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
14690x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
14700x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
14710xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
14720x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
14730x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
14740x81,0x00,0xa8,0xec,0x8c,0x34,0xe7,0x2c,0xdf,0x75,0x87,0xc4,0xf7,0xda,0x71,
14750x72,0x29,0xb2,0x48,0xa8,0x2a,0xec,0x7b,0x7d,0x19,0xb9,0x5f,0x1d,0xd9,0x91,
14760x2b,0xc4,0x28,0x7e,0xd6,0xb5,0x91,0x69,0xa5,0x8a,0x1a,0x1f,0x97,0x98,0x46,
14770x9d,0xdf,0x12,0xf6,0x45,0x62,0xad,0x60,0xb6,0xba,0xb0,0xfd,0xf5,0x9f,0xc6,
14780x98,0x05,0x4f,0x4d,0x48,0xdc,0xee,0x69,0xbe,0xb8,0xc4,0xc4,0xd7,0x1b,0xb1,
14790x1f,0x64,0xd6,0x45,0xa7,0xdb,0xb3,0x87,0x63,0x0f,0x54,0xe1,0x3a,0x6b,0x57,
14800x36,0xd7,0x68,0x65,0xcf,0xda,0x57,0x8d,0xcd,0x84,0x75,0x47,0x26,0x2c,0xef,
14810x1e,0x8f,0xc7,0x3b,0xee,0x5d,0x03,0xa6,0xdf,0x3a,0x20,0xb2,0xcc,0xc9,0x09,
14820x2c,0xfe,0x2b,0x79,0xb0,0xca,0x2c,0x9a,0x81,0x6b };
1483static const BYTE chain7_1[] = {
14840x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
14850x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
14860x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
14870x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,
14880x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,
14890x35,0x39,0x35,0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
14900x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
14910x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
14920x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
14930x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
14940xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
14950x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
14960xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
14970x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
14980x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
14990xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
15000x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
15010x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
15020x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9f,0x69,0xfd,0x26,0xd5,0x4b,
15030xe0,0xab,0x12,0x21,0xb9,0xfc,0xf7,0xe0,0x0c,0x09,0x94,0xad,0x27,0xd7,0x9d,
15040xa3,0xcc,0x46,0x2a,0x25,0x9a,0x24,0xa7,0x31,0x58,0x78,0xf5,0xfc,0x30,0xe1,
15050x6d,0xfd,0x59,0xab,0xbe,0x69,0xa0,0xea,0xe3,0x7d,0x7a,0x7b,0xe5,0x85,0xeb,
15060x86,0x6a,0x84,0x3c,0x96,0x01,0x1a,0x70,0xa7,0xb8,0xcb,0xf2,0x11,0xe7,0x52,
15070x9c,0x58,0x2d,0xac,0x63,0xce,0x72,0x4b,0xad,0x62,0xa8,0x1d,0x75,0x96,0xe2,
15080x27,0xf5,0x6f,0xba,0x91,0xf8,0xf1,0xb0,0xbf,0x90,0x24,0x6d,0xba,0x5d,0xd7,
15090x39,0x63,0x3b,0x7c,0x04,0x5d,0x89,0x9d,0x1c,0xf2,0xf7,0xcc,0xdf,0x6e,0x8a,
15100x43,0xa9,0xdd,0x86,0x05,0xa2,0xf3,0x22,0x2d,0x1e,0x70,0xa1,0x59,0xd7,0xa5,
15110x94,0x7d };
1512
1513static void testGetIssuerCert(void)
1514{
1515 BOOL ret;
1516 PCCERT_CONTEXT parent, child, cert1, cert2, cert3;
1517 DWORD flags = 0xffffffff, size;
1518 CERT_NAME_BLOB certsubject;
1519 BYTE *certencoded;
1520 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1521 CERT_STORE_CREATE_NEW_FLAG, NULL);
1522
1523 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
1524
1525 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1526 expiredCert, sizeof(expiredCert), CERT_STORE_ADD_ALWAYS, NULL);
1527 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1528 GetLastError());
1529
1530 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1531 childOfExpired, sizeof(childOfExpired), CERT_STORE_ADD_ALWAYS, &child);
1532 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n",
1533 GetLastError());
1534
1535 /* These crash:
1536 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, NULL);
1537 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, NULL);
1538 */
1539 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, &flags);
1540 ok(!parent && GetLastError() == E_INVALIDARG,
1541 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1542 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, &flags);
1543 ok(!parent && GetLastError() == E_INVALIDARG,
1544 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1545 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1546 ok(!parent && GetLastError() == E_INVALIDARG,
1547 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1548 /* Confusing: the caller cannot set either of the
1549 * CERT_STORE_NO_*_FLAGs, as these are not checks,
1550 * they're results:
1551 */
1552 flags = CERT_STORE_NO_CRL_FLAG | CERT_STORE_NO_ISSUER_FLAG;
1553 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1554 ok(!parent && GetLastError() == E_INVALIDARG,
1555 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1556 /* Perform no checks */
1557 flags = 0;
1558 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1559 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08lx\n",
1560 GetLastError());
1561 if (parent)
1562 CertFreeCertificateContext(parent);
1563 /* Check revocation and signature only */
1564 flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
1565 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1566 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08lx\n",
1567 GetLastError());
1568 /* Confusing: CERT_STORE_REVOCATION_FLAG succeeds when there is no CRL by
1569 * setting CERT_STORE_NO_CRL_FLAG.
1570 */
1571 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
1572 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08lx\n",
1573 flags);
1574 if (parent)
1575 CertFreeCertificateContext(parent);
1576 /* Checking time validity is not productive, because while most Windows
1577 * versions return 0 (time valid) because the child is not expired,
1578 * Windows 2003 SP1 returns that it is expired. Thus the range of
1579 * possibilities is covered, and a test verifies nothing.
1580 */
1581
1582 CertFreeCertificateContext(child);
1583 CertCloseStore(store, 0);
1584
1585 flags = 0;
1586 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1587 CERT_STORE_CREATE_NEW_FLAG, NULL);
1588 /* With only the child certificate, no issuer will be found */
1589 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1590 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1591 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1592 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1593 ok(parent == NULL, "Expected no issuer\n");
1594 ok(GetLastError() == CRYPT_E_NOT_FOUND, "Expected CRYPT_E_NOT_FOUND, got %08lX\n", GetLastError());
1595 /* Adding an issuer allows one (and only one) issuer to be found */
1596 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1597 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert1);
1598 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1599 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1600 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1601 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1602 ok(parent == NULL, "Expected only one issuer\n");
1603 ok(GetLastError() == CRYPT_E_NOT_FOUND, "Expected CRYPT_E_NOT_FOUND, got %08lX\n", GetLastError());
1604 /* Adding a second issuer allows two issuers to be found - and the second
1605 * issuer is found before the first, implying certs are added to the head
1606 * of a list.
1607 */
1608 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1609 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert2);
1610 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1611 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1612 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1613 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1614 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1615 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1616 ok(parent == NULL, "Expected no more than two issuers\n");
1617 ok(GetLastError() == CRYPT_E_NOT_FOUND, "Expected CRYPT_E_NOT_FOUND, got %08lX\n", GetLastError());
1618 CertFreeCertificateContext(child);
1619 CertFreeCertificateContext(cert1);
1620 CertFreeCertificateContext(cert2);
1621 CertCloseStore(store, 0);
1622
1623 /* Repeat the test, reversing the order in which issuers are added,
1624 * to show it's order-dependent.
1625 */
1626 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1627 CERT_STORE_CREATE_NEW_FLAG, NULL);
1628 /* With only the child certificate, no issuer will be found */
1629 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1630 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1631 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1632 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1633 ok(parent == NULL, "Expected no issuer\n");
1634 ok(GetLastError() == CRYPT_E_NOT_FOUND, "Expected CRYPT_E_NOT_FOUND, got %08lX\n", GetLastError());
1635 /* Adding an issuer allows one (and only one) issuer to be found */
1636 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1637 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert1);
1638 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1639 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1640 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1641 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1642 ok(parent == NULL, "Expected only one issuer\n");
1643 ok(GetLastError() == CRYPT_E_NOT_FOUND, "Expected CRYPT_E_NOT_FOUND, got %08lX\n", GetLastError());
1644 /* Adding a second issuer allows two issuers to be found - and the second
1645 * issuer is found before the first, implying certs are added to the head
1646 * of a list.
1647 */
1648 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1649 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert2);
1650 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1651 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1652 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1653 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1654 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1655 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1656 ok(parent == NULL, "Expected no more than two issuers\n");
1657 ok(GetLastError() == CRYPT_E_NOT_FOUND, "Expected CRYPT_E_NOT_FOUND, got %08lX\n", GetLastError());
1658
1659 /* Self-sign a certificate, add to the store and test getting the issuer */
1660 size = 0;
1661 ok(CertStrToNameW(X509_ASN_ENCODING, L"CN=dummy, T=Test", CERT_X500_NAME_STR, NULL, NULL, &size, NULL),
1662 "CertStrToName should have worked\n");
1663 certencoded = malloc(size);
1664 ok(CertStrToNameW(X509_ASN_ENCODING, L"CN=dummy, T=Test", CERT_X500_NAME_STR, NULL, certencoded, &size, NULL),
1665 "CertStrToName should have worked\n");
1666 certsubject.pbData = certencoded;
1667 certsubject.cbData = size;
1668 cert3 = CertCreateSelfSignCertificate(0, &certsubject, 0, NULL, NULL, NULL, NULL, NULL);
1669 ok(cert3 != NULL, "CertCreateSelfSignCertificate should have worked\n");
1670 ret = CertAddCertificateContextToStore(store, cert3, CERT_STORE_ADD_REPLACE_EXISTING, 0);
1671 ok(ret, "CertAddEncodedCertificateToStore failed: %08lx\n", GetLastError());
1672 CertFreeCertificateContext(cert3);
1673 cert3 = CertEnumCertificatesInStore(store, NULL);
1674 ok(cert3 != NULL, "CertEnumCertificatesInStore should have worked\n");
1675 SetLastError(0xdeadbeef);
1676 flags = 0;
1677 parent = CertGetIssuerCertificateFromStore(store, cert3, NULL, &flags);
1678 ok(!parent, "Expected NULL\n");
1679 ok(GetLastError() == CRYPT_E_SELF_SIGNED,
1680 "Expected CRYPT_E_SELF_SIGNED, got %08lX\n", GetLastError());
1681 CertFreeCertificateContext(child);
1682 CertFreeCertificateContext(cert1);
1683 CertFreeCertificateContext(cert2);
1684 CertFreeCertificateContext(cert3);
1685 CertCloseStore(store, 0);
1686 free(certencoded);
1687
1688 /* Test root storage self-signed certificate */
1689 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"ROOT");
1690 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
1691 flags = 0;
1692 cert1 = CertEnumCertificatesInStore(store, NULL);
1693 ok(cert1 != NULL, "CertEnumCertificatesInStore should have worked\n");
1694 SetLastError(0xdeadbeef);
1695 parent = CertGetIssuerCertificateFromStore(store, cert1, NULL, &flags);
1696 ok(!parent, "Expected NULL\n");
1697 ok(GetLastError() == CRYPT_E_SELF_SIGNED,
1698 "Expected CRYPT_E_SELF_SIGNED, got %08lX\n", GetLastError());
1699 CertFreeCertificateContext(cert1);
1700 CertCloseStore(store, 0);
1701}
1702
1703static void testCryptHashCert(void)
1704{
1705 static const BYTE emptyHash[] = { 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b,
1706 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07,
1707 0x09 };
1708 static const BYTE knownHash[] = { 0xae, 0x9d, 0xbf, 0x6d, 0xf5, 0x46, 0xee,
1709 0x8b, 0xc5, 0x7a, 0x13, 0xba, 0xc2, 0xb1, 0x04, 0xf2, 0xbf, 0x52, 0xa8,
1710 0xa2 };
1711 static const BYTE toHash[] = "abcdefghijklmnopqrstuvwxyz0123456789.,;!?:";
1712 BOOL ret;
1713 BYTE hash[20];
1714 DWORD hashLen = sizeof(hash);
1715
1716 /* NULL buffer and nonzero length crashes
1717 ret = CryptHashCertificate(0, 0, 0, NULL, size, hash, &hashLen);
1718 empty hash length also crashes
1719 ret = CryptHashCertificate(0, 0, 0, buf, size, hash, NULL);
1720 */
1721 /* Test empty hash */
1722 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), NULL,
1723 &hashLen);
1724 ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
1725 ok(hashLen == sizeof(hash), "Got unexpected size of hash %ld\n", hashLen);
1726 /* Test with empty buffer */
1727 ret = CryptHashCertificate(0, 0, 0, NULL, 0, hash, &hashLen);
1728 ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
1729 ok(!memcmp(hash, emptyHash, sizeof(emptyHash)),
1730 "Unexpected hash of nothing\n");
1731 /* Test a known value */
1732 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), hash,
1733 &hashLen);
1734 ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
1735 ok(!memcmp(hash, knownHash, sizeof(knownHash)), "Unexpected hash\n");
1736}
1737
1738static void testCryptHashCert2(void)
1739{
1740#ifndef __REACTOS__ // FIXME: ReactOS has no implementation for CryptHashCertificate2 (Vista+)
1741 static const BYTE emptyHash[] = { 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b,
1742 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07,
1743 0x09 };
1744 static const BYTE knownHash[] = { 0xae, 0x9d, 0xbf, 0x6d, 0xf5, 0x46, 0xee,
1745 0x8b, 0xc5, 0x7a, 0x13, 0xba, 0xc2, 0xb1, 0x04, 0xf2, 0xbf, 0x52, 0xa8,
1746 0xa2 };
1747 static const BYTE toHash[] = "abcdefghijklmnopqrstuvwxyz0123456789.,;!?:";
1748 BOOL ret;
1749 BYTE hash[20];
1750 DWORD hashLen;
1751
1752 /* Test empty hash */
1753 hashLen = sizeof(hash);
1754 ret = CryptHashCertificate2(L"SHA1", 0, NULL, NULL, 0, hash, &hashLen);
1755 ok(ret, "CryptHashCertificate2 failed: %08lx\n", GetLastError());
1756 ok(hashLen == sizeof(hash), "Got unexpected size of hash %ld\n", hashLen);
1757 ok(!memcmp(hash, emptyHash, sizeof(emptyHash)), "Unexpected hash of nothing\n");
1758
1759 /* Test known hash */
1760 hashLen = sizeof(hash);
1761 ret = CryptHashCertificate2(L"SHA1", 0, NULL, toHash, sizeof(toHash), hash, &hashLen);
1762 ok(ret, "CryptHashCertificate2 failed: %08lx\n", GetLastError());
1763 ok(hashLen == sizeof(hash), "Got unexpected size of hash %ld\n", hashLen);
1764 ok(!memcmp(hash, knownHash, sizeof(knownHash)), "Unexpected hash\n");
1765
1766 /* Test null hash size pointer just sets hash size */
1767 hashLen = 0;
1768 ret = CryptHashCertificate2(L"SHA1", 0, NULL, toHash, sizeof(toHash), NULL, &hashLen);
1769 ok(ret, "CryptHashCertificate2 failed: %08lx\n", GetLastError());
1770 ok(hashLen == sizeof(hash), "Hash size not set correctly (%ld)\n", hashLen);
1771
1772 /* Null algorithm ID crashes Windows implementations */
1773 if (0) {
1774 /* Test null algorithm ID */
1775 hashLen = sizeof(hash);
1776 ret = CryptHashCertificate2(NULL, 0, NULL, toHash, sizeof(toHash), hash, &hashLen);
1777 }
1778
1779 /* Test invalid algorithm */
1780 hashLen = sizeof(hash);
1781 SetLastError(0xdeadbeef);
1782 ret = CryptHashCertificate2(L"_SHOULDNOTEXIST_", 0, NULL, toHash, sizeof(toHash), hash, &hashLen);
1783 ok(!ret && GetLastError() == STATUS_NOT_FOUND,
1784 "Expected STATUS_NOT_FOUND (0x%08lx), got 0x%08lx\n", STATUS_NOT_FOUND, GetLastError());
1785
1786 /* Test hash buffer too small */
1787 hashLen = sizeof(hash) / 2;
1788 SetLastError(0xdeadbeef);
1789 ret = CryptHashCertificate2(L"SHA1", 0, NULL, toHash, sizeof(toHash), hash, &hashLen);
1790 ok(!ret && GetLastError() == ERROR_MORE_DATA,
1791 "Expected ERROR_MORE_DATA (%d), got %ld\n", ERROR_MORE_DATA, GetLastError());
1792
1793 /* Null hash length crashes Windows implementations */
1794 if (0) {
1795 /* Test hashLen null with hash */
1796 ret = CryptHashCertificate2(L"SHA1", 0, NULL, toHash, sizeof(toHash), hash, NULL);
1797
1798 /* Test hashLen null with no hash */
1799 ret = CryptHashCertificate2(L"SHA1", 0, NULL, toHash, sizeof(toHash), NULL, NULL);
1800 }
1801#endif
1802}
1803
1804static void verifySig(HCRYPTPROV csp, const BYTE *toSign, size_t toSignLen,
1805 const BYTE *sig, unsigned int sigLen)
1806{
1807 HCRYPTHASH hash;
1808 BOOL ret = CryptCreateHash(csp, CALG_SHA1, 0, 0, &hash);
1809
1810 ok(ret, "CryptCreateHash failed: %08lx\n", GetLastError());
1811 if (ret)
1812 {
1813 BYTE mySig[64];
1814 DWORD mySigSize = sizeof(mySig);
1815
1816 ret = CryptHashData(hash, toSign, toSignLen, 0);
1817 ok(ret, "CryptHashData failed: %08lx\n", GetLastError());
1818 ret = CryptSignHashA(hash, AT_SIGNATURE, NULL, 0, mySig, &mySigSize);
1819 ok(ret, "CryptSignHash failed: %08lx\n", GetLastError());
1820 if (ret)
1821 {
1822 ok(mySigSize == sigLen, "Expected sig length %d, got %ld\n",
1823 sigLen, mySigSize);
1824 ok(!memcmp(mySig, sig, sigLen), "Unexpected signature\n");
1825 }
1826 CryptDestroyHash(hash);
1827 }
1828}
1829
1830/* Tests signing the certificate described by toBeSigned with the CSP passed in,
1831 * using the algorithm with OID sigOID. The CSP is assumed to be empty, and a
1832 * keyset named AT_SIGNATURE will be added to it. The signature will be stored
1833 * in sig. sigLen should be at least 64 bytes.
1834 */
1835static void testSignCert(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1836 LPCSTR sigOID, BYTE *sig, DWORD *sigLen)
1837{
1838 BOOL ret;
1839 DWORD size = 0;
1840 CRYPT_ALGORITHM_IDENTIFIER algoID = { NULL, { 0, NULL } };
1841 HCRYPTKEY key;
1842
1843 /* These all crash
1844 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, NULL);
1845 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, &size);
1846 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1847 NULL, NULL, NULL, &size);
1848 */
1849 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1850 &algoID, NULL, NULL, &size);
1851 ok(!ret && GetLastError() == NTE_BAD_ALGID,
1852 "Expected NTE_BAD_ALGID, got %08lx\n", GetLastError());
1853 algoID.pszObjId = (LPSTR)sigOID;
1854 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1855 &algoID, NULL, NULL, &size);
1856 ok(!ret &&
1857 (GetLastError() == ERROR_INVALID_PARAMETER || GetLastError() == NTE_BAD_ALGID),
1858 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08lx\n",
1859 GetLastError());
1860 ret = CryptSignCertificate(0, AT_SIGNATURE, 0, toBeSigned->pbData,
1861 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1862 ok(!ret &&
1863 (GetLastError() == ERROR_INVALID_PARAMETER || GetLastError() == NTE_BAD_ALGID),
1864 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08lx\n",
1865 GetLastError());
1866
1867 /* No keys exist in the new CSP yet.. */
1868 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1869 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1870 ok(!ret && (GetLastError() == NTE_BAD_KEYSET || GetLastError() ==
1871 NTE_NO_KEY), "Expected NTE_BAD_KEYSET or NTE_NO_KEY, got %08lx\n",
1872 GetLastError());
1873 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
1874 ok(ret, "CryptGenKey failed: %08lx\n", GetLastError());
1875 if (ret)
1876 {
1877 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1878 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1879 ok(ret, "CryptSignCertificate failed: %08lx\n", GetLastError());
1880 ok(size <= *sigLen, "Expected size <= %ld, got %ld\n", *sigLen, size);
1881 if (ret)
1882 {
1883 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1884 toBeSigned->cbData, &algoID, NULL, sig, &size);
1885 ok(ret, "CryptSignCertificate failed: %08lx\n", GetLastError());
1886 if (ret)
1887 {
1888 *sigLen = size;
1889 verifySig(csp, toBeSigned->pbData, toBeSigned->cbData, sig,
1890 size);
1891 }
1892 }
1893 CryptDestroyKey(key);
1894 }
1895}
1896
1897static void testVerifyCertSig(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1898 LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
1899{
1900 CERT_SIGNED_CONTENT_INFO info;
1901 LPBYTE cert = NULL;
1902 DWORD size = 0;
1903 BOOL ret;
1904
1905 ret = CryptVerifyCertificateSignature(0, 0, NULL, 0, NULL);
1906 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1907 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
1908 ret = CryptVerifyCertificateSignature(csp, 0, NULL, 0, NULL);
1909 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1910 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
1911 ret = CryptVerifyCertificateSignature(csp, X509_ASN_ENCODING, NULL, 0,
1912 NULL);
1913 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
1914 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GetLastError());
1915 info.ToBeSigned.cbData = toBeSigned->cbData;
1916 info.ToBeSigned.pbData = toBeSigned->pbData;
1917 info.SignatureAlgorithm.pszObjId = (LPSTR)sigOID;
1918 info.SignatureAlgorithm.Parameters.cbData = 0;
1919 info.Signature.cbData = sigLen;
1920 info.Signature.pbData = (BYTE *)sig;
1921 info.Signature.cUnusedBits = 0;
1922 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT, &info,
1923 CRYPT_ENCODE_ALLOC_FLAG, NULL, &cert, &size);
1924 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1925 if (cert)
1926 {
1927 PCERT_PUBLIC_KEY_INFO pubKeyInfo = NULL;
1928 DWORD pubKeySize;
1929
1930 if (0)
1931 {
1932 /* Crashes prior to Vista */
1933 ret = CryptVerifyCertificateSignature(csp, X509_ASN_ENCODING,
1934 cert, size, NULL);
1935 }
1936 CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
1937 (LPSTR)sigOID, 0, NULL, NULL, &pubKeySize);
1938 pubKeyInfo = malloc(pubKeySize);
1939 if (pubKeyInfo)
1940 {
1941 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
1942 X509_ASN_ENCODING, (LPSTR)sigOID, 0, NULL, pubKeyInfo,
1943 &pubKeySize);
1944 ok(ret, "CryptExportKey failed: %08lx\n", GetLastError());
1945 if (ret)
1946 {
1947 ret = CryptVerifyCertificateSignature(csp, X509_ASN_ENCODING,
1948 cert, size, pubKeyInfo);
1949 ok(ret, "CryptVerifyCertificateSignature failed: %08lx\n",
1950 GetLastError());
1951 }
1952 free(pubKeyInfo);
1953 }
1954 LocalFree(cert);
1955 }
1956}
1957
1958static void testVerifyCertSigEx(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1959 LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
1960{
1961 CERT_SIGNED_CONTENT_INFO info;
1962 LPBYTE cert = NULL;
1963 DWORD size = 0;
1964 BOOL ret;
1965
1966 ret = CryptVerifyCertificateSignatureEx(0, 0, 0, NULL, 0, NULL, 0, NULL);
1967 ok(!ret && GetLastError() == E_INVALIDARG,
1968 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1969 ret = CryptVerifyCertificateSignatureEx(csp, 0, 0, NULL, 0, NULL, 0, NULL);
1970 ok(!ret && GetLastError() == E_INVALIDARG,
1971 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1972 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING, 0, NULL, 0,
1973 NULL, 0, NULL);
1974 ok(!ret && GetLastError() == E_INVALIDARG,
1975 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
1976 /* This crashes
1977 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1978 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, NULL, 0, NULL, 0, NULL);
1979 */
1980 info.ToBeSigned.cbData = toBeSigned->cbData;
1981 info.ToBeSigned.pbData = toBeSigned->pbData;
1982 info.SignatureAlgorithm.pszObjId = (LPSTR)sigOID;
1983 info.SignatureAlgorithm.Parameters.cbData = 0;
1984 info.Signature.cbData = sigLen;
1985 info.Signature.pbData = (BYTE *)sig;
1986 info.Signature.cUnusedBits = 0;
1987 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT, &info,
1988 CRYPT_ENCODE_ALLOC_FLAG, NULL, &cert, &size);
1989 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1990 if (cert)
1991 {
1992 CRYPT_DATA_BLOB certBlob = { 0, NULL };
1993 PCERT_PUBLIC_KEY_INFO pubKeyInfo = NULL;
1994
1995 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1996 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1997 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
1998 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GetLastError());
1999 certBlob.cbData = 1;
2000 certBlob.pbData = (void *)0xdeadbeef;
2001 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
2002 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
2003 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2004 "Expected STATUS_ACCESS_VIOLATION, CRYPT_E_ASN1_EOD, OR CRYPT_E_ASN1_BADTAG, got %08lx\n",
2005 GetLastError());
2006
2007 certBlob.cbData = size;
2008 certBlob.pbData = cert;
2009 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
2010 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
2011 ok(!ret && GetLastError() == E_INVALIDARG,
2012 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
2013 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
2014 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
2015 CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL, NULL, 0, NULL);
2016 ok(!ret && GetLastError() == E_INVALIDARG,
2017 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
2018 /* This crashes
2019 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
2020 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
2021 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, NULL, 0, NULL);
2022 */
2023 CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
2024 (LPSTR)sigOID, 0, NULL, NULL, &size);
2025 pubKeyInfo = malloc(size);
2026 if (pubKeyInfo)
2027 {
2028 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
2029 X509_ASN_ENCODING, (LPSTR)sigOID, 0, NULL, pubKeyInfo, &size);
2030 ok(ret, "CryptExportKey failed: %08lx\n", GetLastError());
2031 if (ret)
2032 {
2033 ret = CryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
2034 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
2035 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pubKeyInfo, 0, NULL);
2036 ok(ret, "CryptVerifyCertificateSignatureEx failed: %08lx\n",
2037 GetLastError());
2038 }
2039 free(pubKeyInfo);
2040 }
2041 LocalFree(cert);
2042 }
2043}
2044
2045static BYTE emptyCert[] = { 0x30, 0x00 };
2046
2047
2048/* Generated with:
2049 * openssl ecparam -name prime256v1 -genkey -out private-key.pem
2050 * openssl req -new -x509 -key private-key.pem -out certificate.der -outform der -days 900000 -subj "/C=US/ST=T/L=T/O=T/CN=T"
2051 */
2052static const BYTE self_signed_ecc_prime256v1[] = {
20530x30,0x82,0x01,0xd1,0x30,0x82,0x01,0x77,0xa0,0x03,0x02,0x01,0x02,0x02,0x14,0x32,
20540xc2,0xbe,0x7b,0xa2,0x85,0x78,0x89,0x82,0xf8,0x10,0x66,0xd4,0x1d,0xd4,0x97,0x61,
20550x83,0x02,0xc8,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02,0x30,
20560x3d,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0a,
20570x30,0x08,0x06,0x03,0x55,0x04,0x08,0x0c,0x01,0x54,0x31,0x0a,0x30,0x08,0x06,0x03,
20580x55,0x04,0x07,0x0c,0x01,0x54,0x31,0x0a,0x30,0x08,0x06,0x03,0x55,0x04,0x0a,0x0c,
20590x01,0x54,0x31,0x0a,0x30,0x08,0x06,0x03,0x55,0x04,0x03,0x0c,0x01,0x54,0x30,0x20,
20600x17,0x0d,0x32,0x33,0x30,0x36,0x32,0x39,0x30,0x32,0x32,0x34,0x30,0x33,0x5a,0x18,
20610x0f,0x34,0x34,0x38,0x37,0x30,0x38,0x31,0x30,0x30,0x32,0x32,0x34,0x30,0x33,0x5a,
20620x30,0x3d,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,
20630x0a,0x30,0x08,0x06,0x03,0x55,0x04,0x08,0x0c,0x01,0x54,0x31,0x0a,0x30,0x08,0x06,
20640x03,0x55,0x04,0x07,0x0c,0x01,0x54,0x31,0x0a,0x30,0x08,0x06,0x03,0x55,0x04,0x0a,
20650x0c,0x01,0x54,0x31,0x0a,0x30,0x08,0x06,0x03,0x55,0x04,0x03,0x0c,0x01,0x54,0x30,
20660x59,0x30,0x13,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,0x01,0x06,0x08,0x2a,0x86,
20670x48,0xce,0x3d,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0xfe,0xdb,0x26,0x60,0xf6,0x89,
20680x3d,0xa4,0x50,0x1f,0x06,0x91,0x4e,0x07,0x86,0x70,0x2b,0xc0,0x7c,0x5e,0xb3,0xca,
20690xdc,0x1a,0x8b,0x82,0xdd,0x41,0x8a,0x62,0x0f,0xba,0xd1,0xd7,0x80,0xc8,0x20,0x77,
20700xba,0xe7,0xe1,0x36,0xf8,0x76,0x9a,0x54,0x6a,0x1b,0x67,0x45,0x3b,0xd7,0x85,0x84,
20710xbe,0x11,0xe6,0x6c,0x70,0xd8,0x18,0x68,0xd8,0xa7,0xa3,0x53,0x30,0x51,0x30,0x1d,
20720x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x94,0x15,0x14,0xad,0x7e,0xaf,0x63,
20730xa4,0x12,0x29,0xaa,0xe4,0x26,0x54,0x7b,0x4e,0x2c,0xb9,0xdb,0xc8,0x30,0x1f,0x06,
20740x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x94,0x15,0x14,0xad,0x7e,0xaf,
20750x63,0xa4,0x12,0x29,0xaa,0xe4,0x26,0x54,0x7b,0x4e,0x2c,0xb9,0xdb,0xc8,0x30,0x0f,
20760x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,
20770x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02,0x03,0x48,0x00,0x30,0x45,
20780x02,0x21,0x00,0x83,0xae,0xa2,0x23,0x95,0x1a,0x65,0x09,0x48,0x40,0x10,0xeb,0x94,
20790x90,0x02,0xde,0xe3,0x0f,0x4b,0xd1,0x23,0x73,0xc6,0xd5,0x49,0xa8,0x9c,0x06,0x9c,
20800xd3,0xfb,0xc1,0x02,0x20,0x0c,0xf3,0x92,0xec,0xc8,0xb5,0x7e,0x9c,0x14,0x5d,0xb0,
20810x26,0xfd,0x2a,0x3c,0x4e,0x08,0x55,0x09,0x35,0x40,0x7c,0xf8,0xf9,0x1b,0x22,0x55,
20820x08,0x9b,0x3f,0x37,0x29, };
2083
2084static void testCertSigs(void)
2085{
2086 HCRYPTPROV csp;
2087 CRYPT_DATA_BLOB toBeSigned = { sizeof(emptyCert), emptyCert };
2088 BOOL ret;
2089 BYTE sig[64];
2090 DWORD sigSize = sizeof(sig);
2091 PCCERT_CONTEXT cert;
2092
2093 /* Just in case a previous run failed, delete this thing */
2094 CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2095 CRYPT_DELETEKEYSET);
2096 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2097 CRYPT_NEWKEYSET);
2098 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2099
2100 testSignCert(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, &sigSize);
2101 testVerifyCertSig(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, sigSize);
2102 testVerifyCertSigEx(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, sigSize);
2103
2104 CryptReleaseContext(csp, 0);
2105 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2106 CRYPT_DELETEKEYSET);
2107 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2108
2109 cert = CertCreateCertificateContext(X509_ASN_ENCODING, self_signed_ecc_prime256v1, sizeof(self_signed_ecc_prime256v1));
2110 ok(!!cert, "failed, error %#lx.\n", GetLastError());
2111 ret = CryptVerifyCertificateSignature(0, X509_ASN_ENCODING, self_signed_ecc_prime256v1,
2112 sizeof(self_signed_ecc_prime256v1), &cert->pCertInfo->SubjectPublicKeyInfo);
2113 ok(ret, "failed, error %#lx.\n", GetLastError());
2114 CertFreeCertificateContext(cert);
2115}
2116
2117static const BYTE md5SignedEmptyCert[] = {
21180x30,0x56,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
21190x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
21200x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
21210x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
21220x0d,0x02,0x05,0x05,0x00,0x03,0x11,0x00,0xfb,0x0f,0x66,0x82,0x66,0xd9,0xe5,0xf8,
21230xd8,0xa2,0x55,0x2b,0xe1,0xa5,0xd9,0x04 };
2124static const BYTE md5SignedEmptyCertNoNull[] = {
21250x30,0x54,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
21260x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
21270x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
21280x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
21290x0d,0x02,0x05,0x03,0x11,0x00,0x04,0xd9,0xa5,0xe1,0x2b,0x55,0xa2,0xd8,0xf8,0xe5,
21300xd9,0x66,0x82,0x66,0x0f,0xfb };
2131
2132static void testSignAndEncodeCert(void)
2133{
2134 static char oid_rsa_md5rsa[] = szOID_RSA_MD5RSA;
2135 static char oid_rsa_md5[] = szOID_RSA_MD5;
2136 BOOL ret;
2137 DWORD size;
2138 CRYPT_ALGORITHM_IDENTIFIER algID = { 0 };
2139 CERT_INFO info = { 0 };
2140
2141 /* Crash
2142 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
2143 NULL);
2144 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
2145 &size);
2146 */
2147 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, &algID, NULL, NULL,
2148 &size);
2149 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2150 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
2151 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING, NULL, NULL,
2152 &algID, NULL, NULL, &size);
2153 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2154 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
2155 ret = CryptSignAndEncodeCertificate(0, 0, 0, X509_CERT_TO_BE_SIGNED, NULL,
2156 &algID, NULL, NULL, &size);
2157 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2158 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
2159 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2160 X509_CERT_TO_BE_SIGNED, NULL, &algID, NULL, NULL, &size);
2161 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2162 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
2163
2164 /* Crashes
2165 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2166 X509_CERT_TO_BE_SIGNED, &info, NULL, NULL, NULL, &size);
2167 */
2168 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2169 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
2170 ok(!ret && GetLastError() == NTE_BAD_ALGID,
2171 "Expected NTE_BAD_ALGID, got %08lx\n", GetLastError());
2172 algID.pszObjId = oid_rsa_md5rsa;
2173 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2174 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
2175 ok(!ret && (GetLastError() == ERROR_INVALID_PARAMETER || GetLastError() == NTE_BAD_ALGID),
2176 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08lx\n",
2177 GetLastError());
2178 algID.pszObjId = oid_rsa_md5;
2179 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2180 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
2181 /* oid_rsa_md5 not present in some win2k */
2182 if (ret)
2183 {
2184 LPBYTE buf = malloc(size);
2185
2186 if (buf)
2187 {
2188 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2189 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, buf, &size);
2190 ok(ret, "CryptSignAndEncodeCertificate failed: %08lx\n",
2191 GetLastError());
2192 /* Tricky: because the NULL parameters may either be omitted or
2193 * included as an asn.1-encoded NULL (0x05,0x00), two different
2194 * values are allowed.
2195 */
2196 ok(size == sizeof(md5SignedEmptyCert) ||
2197 size == sizeof(md5SignedEmptyCertNoNull), "Unexpected size %ld\n",
2198 size);
2199 if (size == sizeof(md5SignedEmptyCert))
2200 ok(!memcmp(buf, md5SignedEmptyCert, size),
2201 "Unexpected value\n");
2202 else if (size == sizeof(md5SignedEmptyCertNoNull))
2203 ok(!memcmp(buf, md5SignedEmptyCertNoNull, size),
2204 "Unexpected value\n");
2205 free(buf);
2206 }
2207 }
2208}
2209
2210static void testCreateSelfSignCert(void)
2211{
2212 PCCERT_CONTEXT context;
2213 CERT_NAME_BLOB name = { sizeof(subjectName), subjectName };
2214 HCRYPTPROV csp;
2215 BOOL ret;
2216 HCRYPTKEY key;
2217 CRYPT_KEY_PROV_INFO info, *ret_info;
2218 DWORD size;
2219
2220 /* This crashes:
2221 context = CertCreateSelfSignCertificate(0, NULL, 0, NULL, NULL, NULL, NULL, NULL); */
2222
2223 /* Test CSP created by implementation without CSP or CSP parameters provided. */
2224 context = CertCreateSelfSignCertificate(0, &name, 0, NULL, NULL, NULL, NULL, NULL);
2225 ok(!!context, "failed, error %#lx.\n", GetLastError());
2226 size = 0;
2227 ret = CertGetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
2228 ok(ret, "failed, error %#lx.\n", GetLastError());
2229 ret_info = malloc(size);
2230 ok(!!ret_info, "memory allocation failed.\n");
2231 ret = CertGetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID, ret_info, &size);
2232 ok(ret, "failed, error %#lx.\n", GetLastError());
2233 CertFreeCertificateContext(context);
2234 ok(ret_info->dwKeySpec == AT_SIGNATURE, "got %#lx.\n", ret_info->dwKeySpec);
2235 ok(!ret_info->dwFlags, "got %#lx.\n", ret_info->dwFlags);
2236 ok(ret_info->pwszContainerName && *ret_info->pwszContainerName, "got %s.\n",
2237 debugstr_w(ret_info->pwszContainerName));
2238 ret = CryptAcquireContextW(&csp, ret_info->pwszContainerName, ret_info->pwszProvName, ret_info->dwProvType, 0);
2239 ok(ret, "failed, error %#lx.\n", GetLastError());
2240 ret = CryptGetUserKey(csp, AT_SIGNATURE, &key);
2241 ok(ret, "failed, error %#lx.\n", GetLastError());
2242 ret = CryptDestroyKey(key);
2243 ok(ret, "failed, error %#lx.\n", GetLastError());
2244 ret = CryptGetUserKey(csp, AT_KEYEXCHANGE, &key);
2245 ok(!ret && GetLastError() == NTE_NO_KEY, "got ret %d, error %#lx.\n", ret, GetLastError());
2246 CryptReleaseContext(csp, 0);
2247 csp = 0xdeadbeef;
2248 ret = CryptAcquireContextW(&csp, ret_info->pwszContainerName, ret_info->pwszProvName,
2249 ret_info->dwProvType, CRYPT_DELETEKEYSET);
2250 ok(ret, "failed, error %#lx.\n", GetLastError());
2251 ok(!csp, "got %p.\n", (void *)csp);
2252 ret = CryptAcquireContextW(&csp, ret_info->pwszContainerName, ret_info->pwszProvName, ret_info->dwProvType, 0);
2253 ok(!ret && GetLastError() == NTE_BAD_KEYSET, "got ret %d, error %#lx.\n", ret, GetLastError());
2254 free(ret_info);
2255
2256 /* Acquire a CSP */
2257 CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2258 CRYPT_DELETEKEYSET);
2259 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2260 CRYPT_NEWKEYSET);
2261 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2262
2263 context = CertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
2264 NULL, NULL);
2265 ok(!context && GetLastError() == NTE_NO_KEY,
2266 "Expected NTE_NO_KEY, got %08lx\n", GetLastError());
2267 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
2268 ok(ret, "CryptGenKey failed: %08lx\n", GetLastError());
2269 if (ret)
2270 {
2271 context = CertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
2272 NULL, NULL);
2273 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08lx\n",
2274 GetLastError());
2275 if (context)
2276 {
2277 DWORD size = 0;
2278
2279 /* The context must have a key provider info property */
2280 ret = CertGetCertificateContextProperty(context,
2281 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
2282 ok(ret && size, "Expected non-zero key provider info\n");
2283 if (size)
2284 {
2285 PCRYPT_KEY_PROV_INFO pInfo = malloc(size);
2286
2287 if (pInfo)
2288 {
2289 ret = CertGetCertificateContextProperty(context,
2290 CERT_KEY_PROV_INFO_PROP_ID, pInfo, &size);
2291 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
2292 GetLastError());
2293 if (ret)
2294 {
2295 /* Sanity-check the key provider */
2296 ok(!lstrcmpW(pInfo->pwszContainerName, L"WineCryptTemp"),
2297 "Unexpected key container\n");
2298 ok(!lstrcmpW(pInfo->pwszProvName, MS_DEF_PROV_W),
2299 "Unexpected provider\n");
2300 ok(pInfo->dwKeySpec == AT_SIGNATURE,
2301 "Expected AT_SIGNATURE, got %ld\n", pInfo->dwKeySpec);
2302 }
2303 free(pInfo);
2304 }
2305 }
2306
2307 CertFreeCertificateContext(context);
2308 }
2309
2310 CryptDestroyKey(key);
2311 }
2312
2313 CryptReleaseContext(csp, 0);
2314 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2315 CRYPT_DELETEKEYSET);
2316 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2317
2318 /* Do the same test with a CSP, AT_KEYEXCHANGE and key info */
2319 CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2320 CRYPT_DELETEKEYSET);
2321 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2322 CRYPT_NEWKEYSET);
2323 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2324 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
2325 ok(ret, "CryptGenKey failed: %08lx\n", GetLastError());
2326
2327 memset(&info,0,sizeof(info));
2328 info.dwProvType = PROV_RSA_FULL;
2329 info.dwKeySpec = AT_KEYEXCHANGE;
2330 info.pwszProvName = (LPWSTR) MS_DEF_PROV_W;
2331 info.pwszContainerName = (WCHAR *)L"WineCryptTemp";
2332 /* This should fail because the CSP doesn't have the specified key. */
2333 SetLastError(0xdeadbeef);
2334 context = CertCreateSelfSignCertificate(csp, &name, 0, &info, NULL, NULL,
2335 NULL, NULL);
2336 ok(context == NULL, "expected failure\n");
2337 if (context != NULL)
2338 CertFreeCertificateContext(context);
2339 else
2340 ok(GetLastError() == NTE_NO_KEY, "expected NTE_NO_KEY, got %08lx\n",
2341 GetLastError());
2342 /* Again, with a CSP, AT_SIGNATURE and key info */
2343 info.dwKeySpec = AT_SIGNATURE;
2344 SetLastError(0xdeadbeef);
2345 context = CertCreateSelfSignCertificate(csp, &name, 0, &info, NULL, NULL,
2346 NULL, NULL);
2347 ok(context != NULL,
2348 "CertCreateSelfSignCertificate failed: %08lx\n", GetLastError());
2349 if (context)
2350 {
2351 DWORD size = 0;
2352
2353 /* The context must have a key provider info property */
2354 ret = CertGetCertificateContextProperty(context,
2355 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
2356 ok(ret && size, "Expected non-zero key provider info\n");
2357 if (size)
2358 {
2359 PCRYPT_KEY_PROV_INFO pInfo = malloc(size);
2360
2361 if (pInfo)
2362 {
2363 ret = CertGetCertificateContextProperty(context,
2364 CERT_KEY_PROV_INFO_PROP_ID, pInfo, &size);
2365 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
2366 GetLastError());
2367 if (ret)
2368 {
2369 /* Sanity-check the key provider */
2370 ok(!lstrcmpW(pInfo->pwszContainerName, L"WineCryptTemp"),
2371 "Unexpected key container\n");
2372 ok(!lstrcmpW(pInfo->pwszProvName, MS_DEF_PROV_W),
2373 "Unexpected provider\n");
2374 ok(pInfo->dwKeySpec == AT_SIGNATURE,
2375 "Expected AT_SIGNATURE, got %ld\n", pInfo->dwKeySpec);
2376 }
2377 free(pInfo);
2378 }
2379 }
2380
2381 CertFreeCertificateContext(context);
2382 }
2383 CryptDestroyKey(key);
2384
2385 CryptReleaseContext(csp, 0);
2386 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2387 CRYPT_DELETEKEYSET);
2388 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2389
2390 /* Do the same test with no CSP, AT_KEYEXCHANGE and key info */
2391 info.dwKeySpec = AT_KEYEXCHANGE;
2392 context = CertCreateSelfSignCertificate(0, &name, 0, &info, NULL, NULL,
2393 NULL, NULL);
2394 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08lx\n",
2395 GetLastError());
2396 if (context)
2397 {
2398 DWORD size = 0;
2399
2400 /* The context must have a key provider info property */
2401 ret = CertGetCertificateContextProperty(context,
2402 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
2403 ok(ret && size, "Expected non-zero key provider info\n");
2404 if (size)
2405 {
2406 PCRYPT_KEY_PROV_INFO pInfo = malloc(size);
2407
2408 if (pInfo)
2409 {
2410 ret = CertGetCertificateContextProperty(context,
2411 CERT_KEY_PROV_INFO_PROP_ID, pInfo, &size);
2412 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
2413 GetLastError());
2414 if (ret)
2415 {
2416 /* Sanity-check the key provider */
2417 ok(!lstrcmpW(pInfo->pwszContainerName, L"WineCryptTemp"),
2418 "Unexpected key container\n");
2419 ok(!lstrcmpW(pInfo->pwszProvName, MS_DEF_PROV_W),
2420 "Unexpected provider\n");
2421 ok(pInfo->dwKeySpec == AT_KEYEXCHANGE,
2422 "Expected AT_KEYEXCHANGE, got %ld\n", pInfo->dwKeySpec);
2423 }
2424 free(pInfo);
2425 }
2426 }
2427
2428 CertFreeCertificateContext(context);
2429 }
2430
2431 CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2432 CRYPT_DELETEKEYSET);
2433
2434 /* Acquire a CSP and generate an AT_KEYEXCHANGE key in it. */
2435 CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2436 CRYPT_DELETEKEYSET);
2437 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2438 CRYPT_NEWKEYSET);
2439 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2440
2441 context = CertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
2442 NULL, NULL);
2443 ok(!context && GetLastError() == NTE_NO_KEY,
2444 "Expected NTE_NO_KEY, got %08lx\n", GetLastError());
2445 ret = CryptGenKey(csp, AT_KEYEXCHANGE, 0, &key);
2446 ok(ret, "CryptGenKey failed: %08lx\n", GetLastError());
2447 CryptDestroyKey(key);
2448
2449 memset(&info,0,sizeof(info));
2450 info.dwProvType = PROV_RSA_FULL;
2451 info.dwKeySpec = AT_SIGNATURE;
2452 info.pwszProvName = (LPWSTR) MS_DEF_PROV_W;
2453 info.pwszContainerName = (WCHAR *)L"WineCryptTemp";
2454 /* This should fail because the CSP doesn't have the specified key. */
2455 SetLastError(0xdeadbeef);
2456 context = CertCreateSelfSignCertificate(csp, &name, 0, &info, NULL, NULL,
2457 NULL, NULL);
2458 ok(context == NULL, "expected failure\n");
2459 if (context != NULL)
2460 CertFreeCertificateContext(context);
2461 else
2462 ok(GetLastError() == NTE_NO_KEY, "expected NTE_NO_KEY, got %08lx\n",
2463 GetLastError());
2464 /* Again, with a CSP, AT_KEYEXCHANGE and key info. This succeeds because the
2465 * CSP has an AT_KEYEXCHANGE key in it.
2466 */
2467 info.dwKeySpec = AT_KEYEXCHANGE;
2468 SetLastError(0xdeadbeef);
2469 context = CertCreateSelfSignCertificate(csp, &name, 0, &info, NULL, NULL,
2470 NULL, NULL);
2471 ok(context != NULL,
2472 "CertCreateSelfSignCertificate failed: %08lx\n", GetLastError());
2473 if (context)
2474 {
2475 DWORD size = 0;
2476
2477 /* The context must have a key provider info property */
2478 ret = CertGetCertificateContextProperty(context,
2479 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
2480 ok(ret && size, "Expected non-zero key provider info\n");
2481 if (size)
2482 {
2483 PCRYPT_KEY_PROV_INFO pInfo = malloc(size);
2484
2485 if (pInfo)
2486 {
2487 ret = CertGetCertificateContextProperty(context,
2488 CERT_KEY_PROV_INFO_PROP_ID, pInfo, &size);
2489 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n",
2490 GetLastError());
2491 if (ret)
2492 {
2493 /* Sanity-check the key provider */
2494 ok(!lstrcmpW(pInfo->pwszContainerName, L"WineCryptTemp"),
2495 "Unexpected key container\n");
2496 ok(!lstrcmpW(pInfo->pwszProvName, MS_DEF_PROV_W),
2497 "Unexpected provider\n");
2498 ok(pInfo->dwKeySpec == AT_KEYEXCHANGE,
2499 "Expected AT_KEYEXCHANGE, got %ld\n", pInfo->dwKeySpec);
2500 }
2501 free(pInfo);
2502 }
2503 }
2504
2505 CertFreeCertificateContext(context);
2506 }
2507
2508 CryptReleaseContext(csp, 0);
2509 ret = CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2510 CRYPT_DELETEKEYSET);
2511 ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
2512
2513}
2514
2515static void testIntendedKeyUsage(void)
2516{
2517 BOOL ret;
2518 CERT_INFO info = { 0 };
2519 static char oid_key_usage[] = szOID_KEY_USAGE;
2520 /* A couple "key usages". Really they're just encoded bits which aren't
2521 * necessarily restricted to the defined key usage values.
2522 */
2523 static BYTE usage1[] = { 0x03,0x03,0x00,0xff,0xff };
2524 static BYTE usage2[] = { 0x03,0x03,0x01,0xff,0xfe };
2525 static const BYTE expected_usage1[] = { 0xff,0xff,0x00,0x00 };
2526 static const BYTE expected_usage2[] = { 0xff,0xfe,0x00,0x00 };
2527 CERT_EXTENSION ext = { oid_key_usage, TRUE, { sizeof(usage1), usage1 } };
2528 BYTE usage_bytes[4];
2529
2530 if (0)
2531 {
2532 /* Crash */
2533 CertGetIntendedKeyUsage(0, NULL, NULL, 0);
2534 }
2535 ret = CertGetIntendedKeyUsage(0, &info, NULL, 0);
2536 ok(!ret, "expected failure\n");
2537 ret = CertGetIntendedKeyUsage(0, &info, usage_bytes, sizeof(usage_bytes));
2538 ok(!ret, "expected failure\n");
2539 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, NULL, 0);
2540 ok(!ret, "expected failure\n");
2541 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
2542 sizeof(usage_bytes));
2543 ok(!ret, "expected failure\n");
2544 info.cExtension = 1;
2545 info.rgExtension = &ext;
2546 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, NULL, 0);
2547 ok(!ret, "expected failure\n");
2548 /* The unused bytes are filled with 0. */
2549 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
2550 sizeof(usage_bytes));
2551 ok(ret, "CertGetIntendedKeyUsage failed: %08lx\n", GetLastError());
2552 ok(!memcmp(usage_bytes, expected_usage1, sizeof(expected_usage1)),
2553 "unexpected value\n");
2554 /* The usage bytes are copied in big-endian order. */
2555 ext.Value.cbData = sizeof(usage2);
2556 ext.Value.pbData = usage2;
2557 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
2558 sizeof(usage_bytes));
2559 ok(ret, "CertGetIntendedKeyUsage failed: %08lx\n", GetLastError());
2560 ok(!memcmp(usage_bytes, expected_usage2, sizeof(expected_usage2)),
2561 "unexpected value\n");
2562}
2563
2564static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
2565 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
2566
2567static void testKeyUsage(void)
2568{
2569 BOOL ret;
2570 PCCERT_CONTEXT context;
2571 DWORD size;
2572
2573 /* Test base cases */
2574 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, NULL);
2575 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2576 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2577 size = 1;
2578 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
2579 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2580 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2581 size = 0;
2582 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
2583 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2584 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2585 /* These crash
2586 ret = CertSetEnhancedKeyUsage(NULL, NULL);
2587 usage.cUsageIdentifier = 0;
2588 ret = CertSetEnhancedKeyUsage(NULL, &usage);
2589 */
2590 /* Test with a cert with no enhanced key usage extension */
2591 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2592 sizeof(bigCert));
2593 ok(context != NULL, "CertCreateCertificateContext failed: %08lx\n",
2594 GetLastError());
2595 if (context)
2596 {
2597 static const char oid[] = "1.2.3.4";
2598 BYTE buf[sizeof(CERT_ENHKEY_USAGE) + 2 * (sizeof(LPSTR) + sizeof(oid))];
2599 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2600
2601 ret = CertGetEnhancedKeyUsage(context, 0, NULL, NULL);
2602 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2603 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2604 size = 1;
2605 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &size);
2606 if (ret)
2607 {
2608 /* Windows 2000, ME, or later: even though it succeeded, we expect
2609 * CRYPT_E_NOT_FOUND, which indicates there is no enhanced key
2610 * usage set for this cert (which implies it's valid for all uses.)
2611 */
2612 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2613 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
2614 ok(size == sizeof(CERT_ENHKEY_USAGE), "Wrong size %ld\n", size);
2615 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2616 ok(ret, "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2617 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %ld\n",
2618 pUsage->cUsageIdentifier);
2619 }
2620 else
2621 {
2622 /* Windows NT, 95, or 98: it fails, and the last error is
2623 * CRYPT_E_NOT_FOUND.
2624 */
2625 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2626 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
2627 }
2628 /* I can add a usage identifier when no key usage has been set */
2629 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2630 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08lx\n",
2631 GetLastError());
2632 size = sizeof(buf);
2633 ret = CertGetEnhancedKeyUsage(context,
2634 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2635 ok(ret && GetLastError() == 0,
2636 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2637 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %ld\n",
2638 pUsage->cUsageIdentifier);
2639 if (pUsage->cUsageIdentifier)
2640 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2641 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2642 /* Now set an empty key usage */
2643 pUsage->cUsageIdentifier = 0;
2644 ret = CertSetEnhancedKeyUsage(context, pUsage);
2645 ok(ret, "CertSetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2646 /* Shouldn't find it in the cert */
2647 size = sizeof(buf);
2648 ret = CertGetEnhancedKeyUsage(context,
2649 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2650 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2651 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
2652 /* Should find it as an extended property */
2653 ret = CertGetEnhancedKeyUsage(context,
2654 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2655 ok(ret && GetLastError() == 0,
2656 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2657 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %ld\n",
2658 pUsage->cUsageIdentifier);
2659 /* Should find it as either */
2660 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2661 ok(ret && GetLastError() == 0,
2662 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2663 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %ld\n",
2664 pUsage->cUsageIdentifier);
2665 /* Add a usage identifier */
2666 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2667 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08lx\n",
2668 GetLastError());
2669 size = sizeof(buf);
2670 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2671 ok(ret && GetLastError() == 0,
2672 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2673 ok(pUsage->cUsageIdentifier == 1, "Expected 1 identifier, got %ld\n",
2674 pUsage->cUsageIdentifier);
2675 if (pUsage->cUsageIdentifier)
2676 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2677 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2678 /* Re-adding the same usage identifier succeeds, though it only adds
2679 * a duplicate usage identifier on versions prior to Vista
2680 */
2681 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2682 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08lx\n",
2683 GetLastError());
2684 size = sizeof(buf);
2685 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2686 ok(ret && GetLastError() == 0,
2687 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2688 ok(pUsage->cUsageIdentifier == 1 || pUsage->cUsageIdentifier == 2,
2689 "Expected 1 or 2 identifiers, got %ld\n", pUsage->cUsageIdentifier);
2690 if (pUsage->cUsageIdentifier)
2691 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2692 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2693 if (pUsage->cUsageIdentifier >= 2)
2694 ok(!strcmp(pUsage->rgpszUsageIdentifier[1], oid),
2695 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[1]);
2696 /* Now set a NULL extended property--this deletes the property. */
2697 ret = CertSetEnhancedKeyUsage(context, NULL);
2698 ok(ret, "CertSetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2699 SetLastError(0xbaadcafe);
2700 size = sizeof(buf);
2701 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2702 ok(ret, "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2703 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2704 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
2705
2706 CertFreeCertificateContext(context);
2707 }
2708 /* Now test with a cert with an enhanced key usage extension */
2709 context = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2710 sizeof(certWithUsage));
2711 ok(context != NULL, "CertCreateCertificateContext failed: %08lx\n",
2712 GetLastError());
2713 if (context)
2714 {
2715 LPBYTE buf = NULL;
2716 DWORD bufSize = 0, i;
2717
2718 /* The size may depend on what flags are used to query it, so I
2719 * realloc the buffer for each test.
2720 */
2721 ret = CertGetEnhancedKeyUsage(context,
2722 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2723 ok(ret, "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2724 buf = malloc(bufSize);
2725 if (buf)
2726 {
2727 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2728
2729 /* Should find it in the cert */
2730 size = bufSize;
2731 ret = CertGetEnhancedKeyUsage(context,
2732 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2733 ok(ret && GetLastError() == 0,
2734 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2735 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %ld\n",
2736 pUsage->cUsageIdentifier);
2737 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2738 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2739 "Expected %s, got %s\n", keyUsages[i],
2740 pUsage->rgpszUsageIdentifier[i]);
2741 free(buf);
2742 }
2743 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2744 ok(ret, "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2745 buf = malloc(bufSize);
2746 if (buf)
2747 {
2748 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2749
2750 /* Should find it as either */
2751 size = bufSize;
2752 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2753 /* In Windows, GetLastError returns CRYPT_E_NOT_FOUND not found
2754 * here, even though the return is successful and the usage id
2755 * count is positive. I don't enforce that here.
2756 */
2757 ok(ret,
2758 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2759 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %ld\n",
2760 pUsage->cUsageIdentifier);
2761 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2762 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2763 "Expected %s, got %s\n", keyUsages[i],
2764 pUsage->rgpszUsageIdentifier[i]);
2765 free(buf);
2766 }
2767 /* Shouldn't find it as an extended property */
2768 ret = CertGetEnhancedKeyUsage(context,
2769 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size);
2770 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2771 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
2772 /* Adding a usage identifier overrides the cert's usage!? */
2773 ret = CertAddEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2774 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08lx\n",
2775 GetLastError());
2776 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2777 ok(ret, "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2778 buf = malloc(bufSize);
2779 if (buf)
2780 {
2781 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2782
2783 /* Should find it as either */
2784 size = bufSize;
2785 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2786 ok(ret,
2787 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2788 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %ld\n",
2789 pUsage->cUsageIdentifier);
2790 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], szOID_RSA_RSA),
2791 "Expected %s, got %s\n", szOID_RSA_RSA,
2792 pUsage->rgpszUsageIdentifier[0]);
2793 free(buf);
2794 }
2795 /* But querying the cert directly returns its usage */
2796 ret = CertGetEnhancedKeyUsage(context,
2797 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2798 ok(ret, "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2799 buf = malloc(bufSize);
2800 if (buf)
2801 {
2802 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2803
2804 size = bufSize;
2805 ret = CertGetEnhancedKeyUsage(context,
2806 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2807 ok(ret,
2808 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2809 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %ld\n",
2810 pUsage->cUsageIdentifier);
2811 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2812 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2813 "Expected %s, got %s\n", keyUsages[i],
2814 pUsage->rgpszUsageIdentifier[i]);
2815 free(buf);
2816 }
2817 /* And removing the only usage identifier in the extended property
2818 * results in the cert's key usage being found.
2819 */
2820 ret = CertRemoveEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2821 ok(ret, "CertRemoveEnhancedKeyUsage failed: %08lx\n", GetLastError());
2822 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2823 ok(ret, "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2824 buf = malloc(bufSize);
2825 if (buf)
2826 {
2827 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2828
2829 /* Should find it as either */
2830 size = bufSize;
2831 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2832 ok(ret,
2833 "CertGetEnhancedKeyUsage failed: %08lx\n", GetLastError());
2834 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %ld\n",
2835 pUsage->cUsageIdentifier);
2836 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2837 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2838 "Expected %s, got %s\n", keyUsages[i],
2839 pUsage->rgpszUsageIdentifier[i]);
2840 free(buf);
2841 }
2842
2843 CertFreeCertificateContext(context);
2844 }
2845}
2846
2847static const BYTE cert2WithUsage[] = {
28480x30,0x81,0x89,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
28490x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
28500x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
28510x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
28520x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
28530x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
28540x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x25,0x30,0x23,
28550x30,0x21,0x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x17,0x30,0x15,0x06,
28560x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x2a,0x86,0x48,0x86,
28570xf7,0x0d,0x01,0x01,0x01 };
2858
2859static void testGetValidUsages(void)
2860{
2861 static const LPCSTR expectedOIDs[] = {
2862 "1.3.6.1.5.5.7.3.3",
2863 "1.3.6.1.5.5.7.3.2",
2864 "1.2.840.113549.1.1.1",
2865 };
2866 static const LPCSTR expectedOIDs2[] = {
2867 "1.3.6.1.5.5.7.3.2",
2868 "1.2.840.113549.1.1.1",
2869 };
2870 BOOL ret;
2871 int numOIDs;
2872 DWORD size;
2873 LPSTR *oids = NULL;
2874 PCCERT_CONTEXT contexts[3];
2875
2876 /* Crash
2877 ret = CertGetValidUsages(0, NULL, NULL, NULL, NULL);
2878 ret = CertGetValidUsages(0, NULL, NULL, NULL, &size);
2879 */
2880 contexts[0] = NULL;
2881 size = numOIDs = 0xdeadbeef;
2882 SetLastError(0xdeadbeef);
2883 ret = CertGetValidUsages(1, &contexts[0], &numOIDs, NULL, &size);
2884 ok(ret, "CertGetValidUsages failed: %ld\n", GetLastError());
2885 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2886 ok(size == 0, "Expected size 0, got %ld\n", size);
2887 contexts[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2888 sizeof(bigCert));
2889 contexts[1] = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2890 sizeof(certWithUsage));
2891 contexts[2] = CertCreateCertificateContext(X509_ASN_ENCODING,
2892 cert2WithUsage, sizeof(cert2WithUsage));
2893 size = numOIDs = 0xdeadbeef;
2894 ret = CertGetValidUsages(0, NULL, &numOIDs, NULL, &size);
2895 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2896 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2897 ok(size == 0, "Expected size 0, got %ld\n", size);
2898 size = numOIDs = 0xdeadbeef;
2899 ret = CertGetValidUsages(1, contexts, &numOIDs, NULL, &size);
2900 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2901 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2902 ok(size == 0, "Expected size 0, got %ld\n", size);
2903 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, NULL, &size);
2904 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2905 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2906 ok(size, "Expected non-zero size\n");
2907 oids = malloc(size);
2908 if (oids)
2909 {
2910 int i;
2911 DWORD smallSize = 1;
2912
2913 SetLastError(0xdeadbeef);
2914 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, oids, &smallSize);
2915 ok(!ret && GetLastError() == ERROR_MORE_DATA,
2916 "Expected ERROR_MORE_DATA, got %ld\n", GetLastError());
2917 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2918 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2919 for (i = 0; i < numOIDs; i++)
2920 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2921 oids[i]);
2922 free(oids);
2923 }
2924 numOIDs = 0xdeadbeef;
2925 /* Oddly enough, this crashes when the number of contexts is not 1:
2926 ret = CertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2927 * but setting size to 0 allows it to succeed:
2928 */
2929 size = 0;
2930 ret = CertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2931 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2932 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2933 ok(size, "Expected non-zero size\n");
2934 oids = malloc(size);
2935 if (oids)
2936 {
2937 int i;
2938
2939 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2940 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2941 for (i = 0; i < numOIDs; i++)
2942 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2943 oids[i]);
2944 free(oids);
2945 }
2946 numOIDs = 0xdeadbeef;
2947 size = 0;
2948 ret = CertGetValidUsages(1, &contexts[2], &numOIDs, NULL, &size);
2949 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2950 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2951 ok(size, "Expected non-zero size\n");
2952 oids = malloc(size);
2953 if (oids)
2954 {
2955 int i;
2956
2957 ret = CertGetValidUsages(1, &contexts[2], &numOIDs, oids, &size);
2958 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2959 for (i = 0; i < numOIDs; i++)
2960 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2961 oids[i]);
2962 free(oids);
2963 }
2964 numOIDs = 0xdeadbeef;
2965 size = 0;
2966 ret = CertGetValidUsages(3, contexts, &numOIDs, NULL, &size);
2967 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2968 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2969 ok(size, "Expected non-zero size\n");
2970 oids = malloc(size);
2971 if (oids)
2972 {
2973 int i;
2974
2975 ret = CertGetValidUsages(3, contexts, &numOIDs, oids, &size);
2976 ok(ret, "CertGetValidUsages failed: %08lx\n", GetLastError());
2977 for (i = 0; i < numOIDs; i++)
2978 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2979 oids[i]);
2980 free(oids);
2981 }
2982 CertFreeCertificateContext(contexts[0]);
2983 CertFreeCertificateContext(contexts[1]);
2984 CertFreeCertificateContext(contexts[2]);
2985}
2986
2987static BYTE cn[] = {
29880x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,
29890x61,0x6e,0x20,0x4c,0x61,0x6e,0x67 };
2990static BYTE cnWithLeadingSpace[] = {
29910x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x20,0x4a,
29920x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67 };
2993static BYTE cnWithTrailingSpace[] = {
29940x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
29950x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x20 };
2996static BYTE cnWithIntermediateSpace[] = {
29970x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
29980x61,0x6e,0x20,0x20,0x4c,0x61,0x6e,0x67 };
2999static BYTE cnThenO[] = {
30000x30,0x2d,0x31,0x2b,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,
30010x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x17,0x06,0x03,0x55,0x04,0x0a,0x13,
30020x10,0x54,0x68,0x65,0x20,0x57,0x69,0x6e,0x65,0x20,0x50,0x72,0x6f,0x6a,0x65,
30030x63,0x74 };
3004static BYTE oThenCN[] = {
30050x30,0x2d,0x31,0x2b,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x4a,0x75,
30060x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,
30070x10,0x54,0x68,0x65,0x20,0x57,0x69,0x6e,0x65,0x20,0x50,0x72,0x6f,0x6a,0x65,
30080x63,0x74 };
3009
3010static void testCompareCertName(void)
3011{
3012 static BYTE bogus[] = { 1, 2, 3, 4 };
3013 static BYTE bogusPrime[] = { 0, 1, 2, 3, 4 };
3014 static BYTE emptyPrime[] = { 0x30, 0x00, 0x01 };
3015 BOOL ret;
3016 CERT_NAME_BLOB blob1, blob2;
3017
3018 /* crashes
3019 ret = CertCompareCertificateName(0, NULL, NULL);
3020 */
3021 /* An empty name checks against itself.. */
3022 blob1.pbData = emptyCert;
3023 blob1.cbData = sizeof(emptyCert);
3024 ret = CertCompareCertificateName(0, &blob1, &blob1);
3025 ok(ret, "CertCompareCertificateName failed: %08lx\n", GetLastError());
3026 /* It doesn't have to be a valid encoded name.. */
3027 blob1.pbData = bogus;
3028 blob1.cbData = sizeof(bogus);
3029 ret = CertCompareCertificateName(0, &blob1, &blob1);
3030 ok(ret, "CertCompareCertificateName failed: %08lx\n", GetLastError());
3031 /* Leading zeroes matter.. */
3032 blob2.pbData = bogusPrime;
3033 blob2.cbData = sizeof(bogusPrime);
3034 ret = CertCompareCertificateName(0, &blob1, &blob2);
3035 ok(!ret, "Expected failure\n");
3036 /* As do trailing extra bytes. */
3037 blob2.pbData = emptyPrime;
3038 blob2.cbData = sizeof(emptyPrime);
3039 ret = CertCompareCertificateName(0, &blob1, &blob2);
3040 ok(!ret, "Expected failure\n");
3041 /* Tests to show that CertCompareCertificateName doesn't decode the name
3042 * to remove spaces, or to do an order-independent comparison.
3043 */
3044 /* Compare CN="Juan Lang" with CN=" Juan Lang" */
3045 blob1.pbData = cn;
3046 blob1.cbData = sizeof(cn);
3047 blob2.pbData = cnWithLeadingSpace;
3048 blob2.cbData = sizeof(cnWithLeadingSpace);
3049 ret = CertCompareCertificateName(0, &blob1, &blob2);
3050 ok(!ret, "Expected failure\n");
3051 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
3052 ok(!ret, "Expected failure\n");
3053 /* Compare CN="Juan Lang" with CN="Juan Lang " */
3054 blob2.pbData = cnWithTrailingSpace;
3055 blob2.cbData = sizeof(cnWithTrailingSpace);
3056 ret = CertCompareCertificateName(0, &blob1, &blob2);
3057 ok(!ret, "Expected failure\n");
3058 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
3059 ok(!ret, "Expected failure\n");
3060 /* Compare CN="Juan Lang" with CN="Juan Lang" */
3061 blob2.pbData = cnWithIntermediateSpace;
3062 blob2.cbData = sizeof(cnWithIntermediateSpace);
3063 ret = CertCompareCertificateName(0, &blob1, &blob2);
3064 ok(!ret, "Expected failure\n");
3065 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
3066 ok(!ret, "Expected failure\n");
3067 /* Compare 'CN="Juan Lang", O="The Wine Project"' with
3068 * 'O="The Wine Project", CN="Juan Lang"'
3069 */
3070 blob1.pbData = cnThenO;
3071 blob1.cbData = sizeof(cnThenO);
3072 blob2.pbData = oThenCN;
3073 blob2.cbData = sizeof(oThenCN);
3074 ret = CertCompareCertificateName(0, &blob1, &blob2);
3075 ok(!ret, "Expected failure\n");
3076 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
3077 ok(!ret, "Expected failure\n");
3078}
3079
3080static void testIsRDNAttrsInCertificateName(void)
3081{
3082 static char oid_1_2_3[] = "1.2.3";
3083 static char oid_common_name[] = szOID_COMMON_NAME;
3084 static char oid_organization[] = szOID_ORGANIZATION_NAME;
3085 static char juan[] = "Juan Lang";
3086 static char juan_with_leading_space[] = " Juan Lang";
3087 static char juan_with_intermediate_space[] = "Juan Lang";
3088 static char juan_with_trailing_space[] = "Juan Lang ";
3089 static char juan_lower_case[] = "juan lang";
3090 static WCHAR juanW[] = L"Juan Lang";
3091 static char the_wine_project[] = "The Wine Project";
3092 BOOL ret;
3093 CERT_NAME_BLOB name;
3094 CERT_RDN_ATTR attr[2];
3095 CERT_RDN rdn = { 0, NULL };
3096
3097 name.cbData = sizeof(cn);
3098 name.pbData = cn;
3099 if (0)
3100 {
3101 /* Crash */
3102 CertIsRDNAttrsInCertificateName(0, 0, NULL, NULL);
3103 CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, NULL);
3104 }
3105 SetLastError(0xdeadbeef);
3106 ret = CertIsRDNAttrsInCertificateName(0, 0, &name, NULL);
3107 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
3108 "expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
3109 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3110 ok(ret, "CertIsRDNAttrsInCertificateName failed: %08lx\n", GetLastError());
3111 attr[0].pszObjId = oid_1_2_3;
3112 rdn.rgRDNAttr = attr;
3113 rdn.cRDNAttr = 1;
3114 SetLastError(0xdeadbeef);
3115 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3116 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3117 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3118 attr[0].pszObjId = oid_common_name;
3119 attr[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
3120 attr[0].Value.cbData = strlen(juan);
3121 attr[0].Value.pbData = (BYTE *)juan;
3122 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3123 ok(ret, "CertIsRDNAttrsInCertificateName failed: %08lx\n", GetLastError());
3124 /* Again, spaces are not removed for name comparison. */
3125 attr[0].Value.cbData = strlen(juan_with_leading_space);
3126 attr[0].Value.pbData = (BYTE *)juan_with_leading_space;
3127 SetLastError(0xdeadbeef);
3128 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3129 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3130 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3131 attr[0].Value.cbData = strlen(juan_with_intermediate_space);
3132 attr[0].Value.pbData = (BYTE *)juan_with_intermediate_space;
3133 SetLastError(0xdeadbeef);
3134 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3135 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3136 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3137 attr[0].Value.cbData = strlen(juan_with_trailing_space);
3138 attr[0].Value.pbData = (BYTE *)juan_with_trailing_space;
3139 SetLastError(0xdeadbeef);
3140 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3141 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3142 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3143 /* The lower case name isn't matched unless a case insensitive match is
3144 * specified.
3145 */
3146 attr[0].Value.cbData = strlen(juan_lower_case);
3147 attr[0].Value.pbData = (BYTE *)juan_lower_case;
3148 SetLastError(0xdeadbeef);
3149 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3150 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3151 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3152 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING,
3153 CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG, &name, &rdn);
3154 ok(ret ||
3155 broken(!ret && GetLastError() == CRYPT_E_NO_MATCH), /* Older crypt32 */
3156 "CertIsRDNAttrsInCertificateName failed: %08lx\n", GetLastError());
3157 /* The values don't match unless they have the same RDN type */
3158 attr[0].dwValueType = CERT_RDN_UNICODE_STRING;
3159 attr[0].Value.cbData = lstrlenW(juanW) * sizeof(WCHAR);
3160 attr[0].Value.pbData = (BYTE *)juanW;
3161 SetLastError(0xdeadbeef);
3162 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3163 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3164 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3165 SetLastError(0xdeadbeef);
3166 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING,
3167 CERT_UNICODE_IS_RDN_ATTRS_FLAG, &name, &rdn);
3168 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3169 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3170 attr[0].dwValueType = CERT_RDN_IA5_STRING;
3171 attr[0].Value.cbData = strlen(juan);
3172 attr[0].Value.pbData = (BYTE *)juan;
3173 SetLastError(0xdeadbeef);
3174 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3175 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3176 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3177 /* All attributes must be present */
3178 attr[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
3179 attr[0].Value.cbData = strlen(juan);
3180 attr[0].Value.pbData = (BYTE *)juan;
3181 attr[1].pszObjId = oid_organization;
3182 attr[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
3183 attr[1].Value.cbData = strlen(the_wine_project);
3184 attr[1].Value.pbData = (BYTE *)the_wine_project;
3185 rdn.cRDNAttr = 2;
3186 SetLastError(0xdeadbeef);
3187 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3188 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3189 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3190 /* Order also matters */
3191 name.pbData = cnThenO;
3192 name.cbData = sizeof(cnThenO);
3193 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3194 ok(ret, "CertIsRDNAttrsInCertificateName failed: %08lx\n", GetLastError());
3195 name.pbData = oThenCN;
3196 name.cbData = sizeof(oThenCN);
3197 SetLastError(0xdeadbeef);
3198 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
3199 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
3200 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
3201}
3202
3203static BYTE int1[] = { 0x88, 0xff, 0xff, 0xff };
3204static BYTE int2[] = { 0x88, 0xff };
3205static BYTE int3[] = { 0x23, 0xff };
3206static BYTE int4[] = { 0x7f, 0x00 };
3207static BYTE int5[] = { 0x7f };
3208static BYTE int6[] = { 0x80, 0x00, 0x00, 0x00 };
3209static BYTE int7[] = { 0x80, 0x00 };
3210
3211static struct IntBlobTest
3212{
3213 CRYPT_INTEGER_BLOB blob1;
3214 CRYPT_INTEGER_BLOB blob2;
3215 BOOL areEqual;
3216} intBlobs[] = {
3217 { { sizeof(int1), int1 }, { sizeof(int2), int2 }, TRUE },
3218 { { sizeof(int3), int3 }, { sizeof(int3), int3 }, TRUE },
3219 { { sizeof(int4), int4 }, { sizeof(int5), int5 }, TRUE },
3220 { { sizeof(int6), int6 }, { sizeof(int7), int7 }, TRUE },
3221 { { sizeof(int1), int1 }, { sizeof(int7), int7 }, FALSE },
3222};
3223
3224static void testCompareIntegerBlob(void)
3225{
3226 DWORD i;
3227 BOOL ret;
3228
3229 for (i = 0; i < ARRAY_SIZE(intBlobs); i++)
3230 {
3231 ret = CertCompareIntegerBlob(&intBlobs[i].blob1, &intBlobs[i].blob2);
3232 ok(ret == intBlobs[i].areEqual,
3233 "%ld: expected blobs %s compare\n", i, intBlobs[i].areEqual ?
3234 "to" : "not to");
3235 }
3236}
3237
3238static void testComparePublicKeyInfo(void)
3239{
3240 BOOL ret;
3241 CERT_PUBLIC_KEY_INFO info1 = { { 0 } }, info2 = { { 0 } };
3242 static CHAR oid_rsa_rsa[] = szOID_RSA_RSA;
3243 static CHAR oid_rsa_sha1rsa[] = szOID_RSA_SHA1RSA;
3244 static CHAR oid_x957_dsa[] = szOID_X957_DSA;
3245 static BYTE bits1[] = { 1, 0 };
3246 static BYTE bits2[] = { 0 };
3247 static BYTE bits3[] = { 1 };
3248 static BYTE bits4[] = { 0x30,8, 2,1,0x81, 2,3,1,0,1 }; /* ASN_SEQUENCE */
3249 static BYTE bits5[] = { 0x30,9, 2,2,0,0x81, 2,3,1,0,1 }; /* ASN_SEQUENCE */
3250 static BYTE bits6[] = { 0x30,9, 2,2,0,0x82, 2,3,1,0,1 }; /* ASN_SEQUENCE */
3251 static BYTE bits7[] = { 0x04,8, 2,1,0x81, 2,3,1,0,1 }; /* ASN_OCTETSTRING */
3252 static BYTE bits8[] = { 0x04,9, 2,2,0,0x81, 2,3,1,0,1 }; /* ASN_OCTETSTRING */
3253 static BYTE bits9[] = { 0x04,9, 2,2,0,0x82, 2,3,1,0,1 }; /* ASN_OCTETSTRING */
3254
3255 /* crashes
3256 ret = CertComparePublicKeyInfo(0, NULL, NULL);
3257 */
3258 /* Empty public keys compare */
3259 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3260 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3261 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3262 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3263
3264 /* Different OIDs appear to compare */
3265 info1.Algorithm.pszObjId = oid_rsa_rsa;
3266 info2.Algorithm.pszObjId = oid_rsa_sha1rsa;
3267 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3268 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3269 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3270 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3271
3272 info2.Algorithm.pszObjId = oid_x957_dsa;
3273 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3274 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3275 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3276 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3277
3278 info1.PublicKey.cbData = sizeof(bits1);
3279 info1.PublicKey.pbData = bits1;
3280 info1.PublicKey.cUnusedBits = 0;
3281 info2.PublicKey.cbData = sizeof(bits1);
3282 info2.PublicKey.pbData = bits1;
3283 info2.PublicKey.cUnusedBits = 0;
3284 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3285 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3286 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3287 ok(ret, "CertComparePublicKeyInfo failed: %08lx\n", GetLastError());
3288
3289 info2.Algorithm.pszObjId = oid_rsa_rsa;
3290 info1.PublicKey.cbData = sizeof(bits4);
3291 info1.PublicKey.pbData = bits4;
3292 info1.PublicKey.cUnusedBits = 0;
3293 info2.PublicKey.cbData = sizeof(bits5);
3294 info2.PublicKey.pbData = bits5;
3295 info2.PublicKey.cUnusedBits = 0;
3296 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3297 ok(!ret, "CertComparePublicKeyInfo: as raw binary: keys should be unequal\n");
3298 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3299 ok(ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
3300
3301 info1.PublicKey.cUnusedBits = 1;
3302 info2.PublicKey.cUnusedBits = 5;
3303 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3304 ok(ret, "CertComparePublicKeyInfo: ASN.1 encoding should ignore cUnusedBits\n");
3305 info1.PublicKey.cUnusedBits = 0;
3306 info2.PublicKey.cUnusedBits = 0;
3307 info1.PublicKey.cbData--; /* kill one byte, make ASN.1 encoded data invalid */
3308 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3309 ok(!ret, "CertComparePublicKeyInfo: comparing bad ASN.1 encoded key should fail\n");
3310 /* Even though they compare in their used bits, these do not compare */
3311 info1.PublicKey.cbData = sizeof(bits2);
3312 info1.PublicKey.pbData = bits2;
3313 info1.PublicKey.cUnusedBits = 0;
3314 info2.PublicKey.cbData = sizeof(bits3);
3315 info2.PublicKey.pbData = bits3;
3316 info2.PublicKey.cUnusedBits = 1;
3317 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3318 /* Simple (non-comparing) case */
3319 ok(!ret, "Expected keys not to compare\n");
3320 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3321 ok(!ret, "Expected keys not to compare\n");
3322
3323 info2.PublicKey.cbData = sizeof(bits1);
3324 info2.PublicKey.pbData = bits1;
3325 info2.PublicKey.cUnusedBits = 0;
3326 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3327 ok(!ret, "Expected keys not to compare\n");
3328 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3329 ok(!ret, "Expected keys not to compare\n");
3330
3331 info1.PublicKey.cbData = sizeof(bits7);
3332 info1.PublicKey.pbData = bits7;
3333 info1.PublicKey.cUnusedBits = 0;
3334 info2.PublicKey.cbData = sizeof(bits8);
3335 info2.PublicKey.pbData = bits8;
3336 info2.PublicKey.cUnusedBits = 0;
3337 ret = CertComparePublicKeyInfo(0, &info1, &info2);
3338 ok(!ret, "CertComparePublicKeyInfo: as raw binary: keys should be unequal\n");
3339 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3340 ok(!ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be unequal\n");
3341
3342 ret = CertComparePublicKeyInfo(0, &info1, &info1);
3343 ok(ret, "CertComparePublicKeyInfo: as raw binary: keys should be equal\n");
3344 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info1);
3345 ok(ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
3346 info1.PublicKey.cbData--; /* kill one byte, make ASN.1 encoded data invalid */
3347 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info1);
3348 ok(ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
3349
3350 /* ASN.1 encoded non-comparing case */
3351 info1.PublicKey.cbData = sizeof(bits5);
3352 info1.PublicKey.pbData = bits5;
3353 info1.PublicKey.cUnusedBits = 0;
3354 info2.PublicKey.cbData = sizeof(bits6);
3355 info2.PublicKey.pbData = bits6;
3356 info2.PublicKey.cUnusedBits = 0;
3357 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3358 ok(!ret, "CertComparePublicKeyInfo: different keys should be unequal\n");
3359
3360 /* ASN.1 encoded non-comparing case */
3361 info1.PublicKey.cbData = sizeof(bits8);
3362 info1.PublicKey.pbData = bits8;
3363 info1.PublicKey.cUnusedBits = 0;
3364 info2.PublicKey.cbData = sizeof(bits9);
3365 info2.PublicKey.pbData = bits9;
3366 info2.PublicKey.cUnusedBits = 0;
3367 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3368 ok(!ret, "CertComparePublicKeyInfo: different keys should be unequal\n");
3369}
3370
3371static void testHashPublicKeyInfo(void)
3372{
3373 BOOL ret;
3374 CERT_PUBLIC_KEY_INFO info = { { 0 } };
3375 DWORD len;
3376
3377 /* Crash
3378 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, NULL);
3379 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, &info, NULL, NULL);
3380 */
3381 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, &len);
3382 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
3383 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
3384
3385 if (0) /* crash */
3386 {
3387 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, NULL, NULL, &len);
3388 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
3389 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
3390 }
3391 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, NULL, &len);
3392 ok(ret, "CryptHashPublicKeyInfo failed: %08lx\n", GetLastError());
3393 if (ret)
3394 {
3395 ok(len == 16, "Expected hash size 16, got %ld\n", len);
3396 if (len == 16)
3397 {
3398 static const BYTE emptyHash[] = { 0xb8,0x51,0x3a,0x31,0x0e,0x9f,0x40,
3399 0x36,0x9c,0x92,0x45,0x1b,0x9d,0xc8,0xf9,0xf6 };
3400 BYTE buf[16];
3401
3402 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, buf,
3403 &len);
3404 ok(ret, "CryptHashPublicKeyInfo failed: %08lx\n", GetLastError());
3405 ok(!memcmp(buf, emptyHash, len), "Unexpected hash\n");
3406 }
3407 }
3408}
3409
3410static const BYTE md5SignedEmptyCertHash[] = { 0xfb,0x0f,0x66,0x82,0x66,0xd9,
3411 0xe5,0xf8,0xd8,0xa2,0x55,0x2b,0xe1,0xa5,0xd9,0x04 };
3412
3413static void testHashToBeSigned(void)
3414{
3415 BOOL ret;
3416 DWORD size;
3417 BYTE hash[16];
3418
3419 /* Crash */
3420 if (0)
3421 {
3422 CryptHashToBeSigned(0, 0, NULL, 0, NULL, NULL);
3423 }
3424 SetLastError(0xdeadbeef);
3425 ret = CryptHashToBeSigned(0, 0, NULL, 0, NULL, &size);
3426 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
3427 "expected ERROR_FILE_NOT_FOUND, got %ld\n", GetLastError());
3428 SetLastError(0xdeadbeef);
3429 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, NULL, 0, NULL, &size);
3430 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
3431 "expected CRYPT_E_ASN1_EOD, got %08lx\n", GetLastError());
3432 /* Can't sign anything: has to be asn.1 encoded, at least */
3433 SetLastError(0xdeadbeef);
3434 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, int1, sizeof(int1),
3435 NULL, &size);
3436 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
3437 "expected CRYPT_E_ASN1_BADTAG, got %08lx\n", GetLastError());
3438 /* Can't be empty, either */
3439 SetLastError(0xdeadbeef);
3440 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, emptyCert,
3441 sizeof(emptyCert), NULL, &size);
3442 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
3443 "expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
3444 /* Signing a cert works */
3445 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, md5SignedEmptyCert,
3446 sizeof(md5SignedEmptyCert), NULL, &size);
3447 ok(ret, "CryptHashToBeSigned failed: %08lx\n", GetLastError());
3448 if (ret)
3449 {
3450 ok(size == sizeof(md5SignedEmptyCertHash), "unexpected size %ld\n", size);
3451 }
3452
3453 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, md5SignedEmptyCert,
3454 sizeof(md5SignedEmptyCert), hash, &size);
3455 ok(ret, "CryptHashToBeSigned failed: %08lx\n", GetLastError());
3456 ok(!memcmp(hash, md5SignedEmptyCertHash, size), "unexpected value\n");
3457}
3458
3459static void testCompareCert(void)
3460{
3461 CERT_INFO info1 = { 0 }, info2 = { 0 };
3462 BOOL ret;
3463
3464 /* Crashes */
3465 if (0)
3466 CertCompareCertificate(X509_ASN_ENCODING, NULL, NULL);
3467
3468 /* Certs with the same issuer and serial number are equal, even if they
3469 * differ in other respects (like subject).
3470 */
3471 info1.SerialNumber.pbData = serialNum;
3472 info1.SerialNumber.cbData = sizeof(serialNum);
3473 info1.Issuer.pbData = subjectName;
3474 info1.Issuer.cbData = sizeof(subjectName);
3475 info1.Subject.pbData = subjectName2;
3476 info1.Subject.cbData = sizeof(subjectName2);
3477 info2.SerialNumber.pbData = serialNum;
3478 info2.SerialNumber.cbData = sizeof(serialNum);
3479 info2.Issuer.pbData = subjectName;
3480 info2.Issuer.cbData = sizeof(subjectName);
3481 info2.Subject.pbData = subjectName;
3482 info2.Subject.cbData = sizeof(subjectName);
3483 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
3484 ok(ret, "Expected certs to be equal\n");
3485
3486 info2.Issuer.pbData = subjectName2;
3487 info2.Issuer.cbData = sizeof(subjectName2);
3488 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
3489 ok(!ret, "Expected certs not to be equal\n");
3490}
3491
3492static void testVerifySubjectCert(void)
3493{
3494 BOOL ret;
3495 DWORD flags;
3496 PCCERT_CONTEXT context1, context2;
3497
3498 /* Crashes
3499 ret = CertVerifySubjectCertificateContext(NULL, NULL, NULL);
3500 */
3501 flags = 0;
3502 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
3503 ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
3504 GetLastError());
3505 flags = CERT_STORE_NO_CRL_FLAG;
3506 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
3507 ok(!ret && GetLastError() == E_INVALIDARG,
3508 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
3509
3510 flags = 0;
3511 context1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
3512 sizeof(bigCert));
3513 ret = CertVerifySubjectCertificateContext(NULL, context1, &flags);
3514 ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
3515 GetLastError());
3516 ret = CertVerifySubjectCertificateContext(context1, NULL, &flags);
3517 ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
3518 GetLastError());
3519 ret = CertVerifySubjectCertificateContext(context1, context1, &flags);
3520 ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
3521 GetLastError());
3522
3523 context2 = CertCreateCertificateContext(X509_ASN_ENCODING,
3524 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject));
3525 SetLastError(0xdeadbeef);
3526 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
3527 ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
3528 GetLastError());
3529 flags = CERT_STORE_REVOCATION_FLAG;
3530 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
3531 ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
3532 GetLastError());
3533 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
3534 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08lx\n",
3535 flags);
3536 flags = CERT_STORE_SIGNATURE_FLAG;
3537 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
3538 ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
3539 GetLastError());
3540 ok(flags == CERT_STORE_SIGNATURE_FLAG,
3541 "Expected CERT_STORE_SIGNATURE_FLAG, got %08lx\n", flags);
3542 CertFreeCertificateContext(context2);
3543
3544 CertFreeCertificateContext(context1);
3545}
3546
3547static const BYTE rootWithKeySignAndCRLSign[] = {
35480x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
35490x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
35500xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
35510x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
35520x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
35530x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
35540x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
35550x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
35560x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
35570x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
35580x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
35590x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
35600x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
35610xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
35620x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
35630x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
35640xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
35650x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
35660x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
35670xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
35680x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
35690x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
35700x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
35710x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
35720x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
35730x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
35740x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
35750x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
35760x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
35770x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
35780x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
35790x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
35800x2e,0x84,0xee };
3581static const BYTE eeCert[] = {
35820x30,0x82,0x01,0xb9,0x30,0x82,0x01,0x22,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,
35830x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
35840x00,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,
35850x65,0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,
35860x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,
35870x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,
35880x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,
35890x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
35900x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,
35910x33,0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,
35920xdc,0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,
35930x48,0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,
35940x47,0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,
35950x05,0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,
35960x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,
35970x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,
35980xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,
35990xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x23,0x30,0x21,0x30,0x1f,0x06,0x03,0x55,
36000x1d,0x23,0x04,0x18,0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,
36010x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,
36020x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,
36030x81,0x00,0x8a,0x49,0xa9,0x86,0x5e,0xc9,0x33,0x7e,0xfd,0xab,0x64,0x1f,0x6d,
36040x00,0xd7,0x9b,0xec,0xd1,0x5b,0x38,0xcc,0xd6,0xf3,0xf2,0xb4,0x75,0x70,0x00,
36050x82,0x9d,0x37,0x58,0xe1,0xcd,0x2c,0x61,0xb3,0x28,0xe7,0x8a,0x00,0xbe,0x6e,
36060xca,0xe8,0x55,0xd5,0xad,0x3a,0xea,0xaf,0x13,0x20,0x1c,0x44,0xfc,0xb4,0xf9,
36070x29,0x2b,0xdc,0x8a,0x2d,0x1b,0x27,0x9e,0xb9,0x3b,0x4a,0x71,0x9d,0x47,0x7d,
36080xf7,0x92,0x6b,0x21,0x7f,0xfa,0x88,0x79,0x94,0x33,0xf6,0xdd,0x92,0x04,0x92,
36090xd6,0x5e,0x0a,0x74,0xf2,0x85,0xa6,0xd5,0x3c,0x28,0xc0,0x89,0x5d,0xda,0xf3,
36100xa6,0x01,0xc2,0xe9,0xa3,0xc1,0xb7,0x21,0x08,0xba,0x18,0x07,0x45,0xeb,0x77,
36110x7d,0xcd,0xc6,0xe7,0x2a,0x7b,0x46,0xd2,0x3d,0xb5 };
3612static const BYTE rootSignedCRL[] = {
36130x30,0x82,0x01,0x1f,0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
36140x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
36150x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
36160x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
36170x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
36180x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
36190x30,0x30,0x30,0x30,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x0a,0x06,0x03,0x55,0x1d,
36200x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,
36210x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,
36220xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,
36230x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xa3,0xcf,
36240x17,0x5d,0x7a,0x08,0xab,0x11,0x1a,0xbd,0x5c,0xde,0x9a,0x22,0x92,0x38,0xe6,
36250x96,0xcc,0xb1,0xc5,0x42,0x86,0xa6,0xae,0xad,0xa3,0x1a,0x2b,0xa0,0xb0,0x65,
36260xaa,0x9c,0xd7,0x2d,0x44,0x8c,0xae,0x61,0xc7,0x30,0x17,0x89,0x84,0x3b,0x4a,
36270x8f,0x17,0x08,0x06,0x37,0x1c,0xf7,0x2d,0x4e,0x47,0x07,0x61,0x50,0xd9,0x06,
36280xd1,0x46,0xed,0x0a,0xbb,0xc3,0x9b,0x36,0x0b,0xa7,0x27,0x2f,0x2b,0x55,0xce,
36290x2a,0xa5,0x60,0xc6,0x53,0x28,0xe8,0xee,0xad,0x0e,0x2b,0xe8,0xd7,0x5f,0xc9,
36300xa5,0xed,0xf9,0x77,0xb0,0x3c,0x81,0xcf,0xcc,0x49,0xb2,0x1a,0xc3,0xfd,0x34,
36310xd5,0xbc,0xb0,0xd5,0xa5,0x9c,0x1b,0x72,0xc3,0x0f,0xa3,0xe3,0x3c,0xf0,0xc3,
36320x91,0xe8,0x93,0x4f,0xd4,0x2f };
3633
3634static const BYTE ocsp_cert[] = {
3635 0x30, 0x82, 0x06, 0xcd, 0x30, 0x82, 0x05, 0xb5, 0xa0, 0x03, 0x02, 0x01,
3636 0x02, 0x02, 0x10, 0x08, 0x49, 0x8f, 0x6d, 0xd9, 0xef, 0xfb, 0x40, 0x55,
3637 0x1e, 0xac, 0x54, 0x54, 0x87, 0xc1, 0xb1, 0x30, 0x0d, 0x06, 0x09, 0x2a,
3638 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x4f,
3639 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
3640 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
3641 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63,
3642 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x44,
3643 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x54, 0x4c, 0x53, 0x20,
3644 0x52, 0x53, 0x41, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x32,
3645 0x30, 0x32, 0x30, 0x20, 0x43, 0x41, 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x32,
3646 0x31, 0x30, 0x34, 0x32, 0x38, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
3647 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x32, 0x39, 0x32, 0x33, 0x35, 0x39,
3648 0x35, 0x39, 0x5a, 0x30, 0x6b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
3649 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
3650 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
3651 0x74, 0x6f, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07,
3652 0x13, 0x08, 0x42, 0x65, 0x6c, 0x6c, 0x65, 0x76, 0x75, 0x65, 0x31, 0x14,
3653 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x56, 0x61, 0x6c,
3654 0x76, 0x65, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x2e, 0x31, 0x1e, 0x30, 0x1c,
3655 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x15, 0x2a, 0x2e, 0x63, 0x6d, 0x2e,
3656 0x73, 0x74, 0x65, 0x61, 0x6d, 0x70, 0x6f, 0x77, 0x65, 0x72, 0x65, 0x64,
3657 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09,
3658 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
3659 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
3660 0x00, 0xcd, 0x98, 0x0c, 0x13, 0xb2, 0xb9, 0xf2, 0xa5, 0xc6, 0x52, 0xad,
3661 0xf9, 0x4d, 0xcf, 0x1e, 0x2b, 0x74, 0x05, 0xd1, 0x2e, 0x95, 0xc3, 0x9d,
3662 0x9b, 0x03, 0x2a, 0xc6, 0x65, 0x1e, 0xda, 0x5d, 0x57, 0x3c, 0x61, 0xa1,
3663 0x3d, 0xa3, 0xe7, 0x0c, 0xdd, 0xb1, 0x6b, 0x30, 0x97, 0x99, 0xc7, 0x77,
3664 0xab, 0xc2, 0xb0, 0x0a, 0x5b, 0x1c, 0x86, 0x55, 0x42, 0x25, 0xa8, 0x4e,
3665 0xe2, 0x61, 0xfe, 0x88, 0x10, 0x25, 0xf5, 0x8e, 0x9c, 0x0f, 0xc7, 0xa5,
3666 0xef, 0x9d, 0xd5, 0xf0, 0x2a, 0xf2, 0x31, 0x59, 0x59, 0xfc, 0xe0, 0x1f,
3667 0x8f, 0xb4, 0xa1, 0x06, 0x32, 0x04, 0x37, 0x3d, 0x9d, 0xad, 0xc1, 0xe0,
3668 0x00, 0x3d, 0x8d, 0x60, 0x4c, 0x9e, 0x6a, 0x1f, 0xd2, 0xf6, 0xf8, 0x86,
3669 0x0b, 0x11, 0x7b, 0xfd, 0x75, 0xae, 0x20, 0x9b, 0xca, 0x52, 0x5f, 0x4e,
3670 0xad, 0x2e, 0xa2, 0xce, 0xed, 0x35, 0x08, 0x23, 0xa8, 0x6e, 0x61, 0x7e,
3671 0x18, 0x1a, 0x6a, 0xd9, 0xe0, 0x3b, 0x52, 0x64, 0xe9, 0x2c, 0x81, 0x8f,
3672 0xbc, 0x4b, 0x48, 0xd1, 0x7a, 0x3e, 0x02, 0x9c, 0xad, 0x87, 0x73, 0xae,
3673 0xaa, 0xea, 0x32, 0xfb, 0x07, 0x4e, 0xcb, 0xe9, 0xac, 0xac, 0x50, 0x0f,
3674 0x49, 0xb7, 0x23, 0x3b, 0x1f, 0xb2, 0x24, 0x46, 0x78, 0x32, 0x11, 0x9e,
3675 0xa2, 0xeb, 0xd8, 0x8b, 0x7e, 0x56, 0x92, 0xaa, 0x29, 0xbd, 0x55, 0xc8,
3676 0x3e, 0x69, 0xe2, 0x56, 0xf4, 0x24, 0x58, 0x7b, 0xf8, 0xb0, 0xbb, 0x72,
3677 0xb7, 0x38, 0x34, 0xe3, 0x0f, 0x30, 0xf4, 0xfd, 0x44, 0xf1, 0x53, 0x0f,
3678 0xc5, 0x31, 0xd6, 0xad, 0x45, 0xbf, 0x57, 0x2c, 0x4c, 0xe5, 0x1a, 0xc0,
3679 0x08, 0x25, 0x88, 0x2f, 0xca, 0x07, 0x2e, 0x35, 0x31, 0xa7, 0x40, 0x3a,
3680 0x71, 0x1d, 0xba, 0x09, 0xf8, 0x76, 0x6c, 0x69, 0xb2, 0x89, 0xd7, 0xbe,
3681 0xca, 0x9d, 0xf5, 0xd4, 0x7d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82,
3682 0x03, 0x87, 0x30, 0x82, 0x03, 0x83, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
3683 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb7, 0x6b, 0xa2, 0xea, 0xa8,
3684 0xaa, 0x84, 0x8c, 0x79, 0xea, 0xb4, 0xda, 0x0f, 0x98, 0xb2, 0xc5, 0x95,
3685 0x76, 0xb9, 0xf4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
3686 0x04, 0x14, 0x22, 0x68, 0x57, 0xb9, 0xc0, 0x1f, 0xce, 0xa6, 0xbf, 0xb6,
3687 0x55, 0xcb, 0x2a, 0x1b, 0xe6, 0xe0, 0x76, 0x94, 0x07, 0x06, 0x30, 0x35,
3688 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x2e, 0x30, 0x2c, 0x82, 0x15, 0x2a,
3689 0x2e, 0x63, 0x6d, 0x2e, 0x73, 0x74, 0x65, 0x61, 0x6d, 0x70, 0x6f, 0x77,
3690 0x65, 0x72, 0x65, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x13, 0x63, 0x6d,
3691 0x2e, 0x73, 0x74, 0x65, 0x61, 0x6d, 0x70, 0x6f, 0x77, 0x65, 0x72, 0x65,
3692 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
3693 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06,
3694 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06,
3695 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
3696 0x05, 0x07, 0x03, 0x02, 0x30, 0x81, 0x8b, 0x06, 0x03, 0x55, 0x1d, 0x1f,
3697 0x04, 0x81, 0x83, 0x30, 0x81, 0x80, 0x30, 0x3e, 0xa0, 0x3c, 0xa0, 0x3a,
3698 0x86, 0x38, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c,
3699 0x33, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63,
3700 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x54,
3701 0x4c, 0x53, 0x52, 0x53, 0x41, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x32,
3702 0x30, 0x32, 0x30, 0x43, 0x41, 0x31, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3e,
3703 0xa0, 0x3c, 0xa0, 0x3a, 0x86, 0x38, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
3704 0x2f, 0x63, 0x72, 0x6c, 0x34, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65,
3705 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43,
3706 0x65, 0x72, 0x74, 0x54, 0x4c, 0x53, 0x52, 0x53, 0x41, 0x53, 0x48, 0x41,
3707 0x32, 0x35, 0x36, 0x32, 0x30, 0x32, 0x30, 0x43, 0x41, 0x31, 0x2e, 0x63,
3708 0x72, 0x6c, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x37, 0x30,
3709 0x35, 0x30, 0x33, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x02, 0x30,
3710 0x29, 0x30, 0x27, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02,
3711 0x01, 0x16, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77,
3712 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63,
3713 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x7d, 0x06, 0x08, 0x2b, 0x06,
3714 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x71, 0x30, 0x6f, 0x30, 0x24,
3715 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18,
3716 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e,
3717 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d,
3718 0x30, 0x47, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02,
3719 0x86, 0x3b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x61, 0x63,
3720 0x65, 0x72, 0x74, 0x73, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72,
3721 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65,
3722 0x72, 0x74, 0x54, 0x4c, 0x53, 0x52, 0x53, 0x41, 0x53, 0x48, 0x41, 0x32,
3723 0x35, 0x36, 0x32, 0x30, 0x32, 0x30, 0x43, 0x41, 0x31, 0x2e, 0x63, 0x72,
3724 0x74, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
3725 0x02, 0x30, 0x00, 0x30, 0x82, 0x01, 0x7e, 0x06, 0x0a, 0x2b, 0x06, 0x01,
3726 0x04, 0x01, 0xd6, 0x79, 0x02, 0x04, 0x02, 0x04, 0x82, 0x01, 0x6e, 0x04,
3727 0x82, 0x01, 0x6a, 0x01, 0x68, 0x00, 0x76, 0x00, 0x29, 0x79, 0xbe, 0xf0,
3728 0x9e, 0x39, 0x39, 0x21, 0xf0, 0x56, 0x73, 0x9f, 0x63, 0xa5, 0x77, 0xe5,
3729 0xbe, 0x57, 0x7d, 0x9c, 0x60, 0x0a, 0xf8, 0xf9, 0x4d, 0x5d, 0x26, 0x5c,
3730 0x25, 0x5d, 0xc7, 0x84, 0x00, 0x00, 0x01, 0x79, 0x19, 0x43, 0x10, 0x65,
3731 0x00, 0x00, 0x04, 0x03, 0x00, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00, 0x93,
3732 0x5f, 0x66, 0xe4, 0xfe, 0x76, 0x25, 0xe6, 0x07, 0x74, 0xa1, 0x8b, 0x7f,
3733 0x37, 0xad, 0xb1, 0x40, 0x8f, 0x20, 0x66, 0x71, 0x57, 0x14, 0x2c, 0x2e,
3734 0x28, 0xe0, 0xb2, 0x95, 0xd5, 0x19, 0xd0, 0x02, 0x20, 0x32, 0xd1, 0xa8,
3735 0x59, 0xfd, 0x69, 0x24, 0x8a, 0x27, 0x7e, 0x56, 0x06, 0xce, 0x6d, 0xeb,
3736 0xa1, 0xc6, 0x2a, 0xce, 0x4b, 0x37, 0xb1, 0x25, 0xca, 0x6d, 0xd3, 0x43,
3737 0xf3, 0xdb, 0xb8, 0xa5, 0x5e, 0x00, 0x76, 0x00, 0x22, 0x45, 0x45, 0x07,
3738 0x59, 0x55, 0x24, 0x56, 0x96, 0x3f, 0xa1, 0x2f, 0xf1, 0xf7, 0x6d, 0x86,
3739 0xe0, 0x23, 0x26, 0x63, 0xad, 0xc0, 0x4b, 0x7f, 0x5d, 0xc6, 0x83, 0x5c,
3740 0x6e, 0xe2, 0x0f, 0x02, 0x00, 0x00, 0x01, 0x79, 0x19, 0x43, 0x10, 0xa4,
3741 0x00, 0x00, 0x04, 0x03, 0x00, 0x47, 0x30, 0x45, 0x02, 0x20, 0x3a, 0x73,
3742 0x53, 0xfb, 0xbb, 0x42, 0xdf, 0x2e, 0xa2, 0xc0, 0xc5, 0x29, 0x57, 0xda,
3743 0xb9, 0x0b, 0x76, 0x58, 0xb6, 0xeb, 0xd3, 0x4d, 0x10, 0x95, 0x1b, 0x58,
3744 0x3e, 0x58, 0x86, 0xea, 0xec, 0xe5, 0x02, 0x21, 0x00, 0xeb, 0xb2, 0xfe,
3745 0x83, 0x74, 0xdf, 0xb5, 0xfd, 0x8f, 0x74, 0x82, 0xd3, 0x8f, 0x6b, 0xce,
3746 0x63, 0x8b, 0x93, 0x94, 0x08, 0x7b, 0x1c, 0x6b, 0x48, 0xae, 0x59, 0xa1,
3747 0x7e, 0xec, 0x59, 0xdf, 0x56, 0x00, 0x76, 0x00, 0x51, 0xa3, 0xb0, 0xf5,
3748 0xfd, 0x01, 0x79, 0x9c, 0x56, 0x6d, 0xb8, 0x37, 0x78, 0x8f, 0x0c, 0xa4,
3749 0x7a, 0xcc, 0x1b, 0x27, 0xcb, 0xf7, 0x9e, 0x88, 0x42, 0x9a, 0x0d, 0xfe,
3750 0xd4, 0x8b, 0x05, 0xe5, 0x00, 0x00, 0x01, 0x79, 0x19, 0x43, 0x10, 0xea,
3751 0x00, 0x00, 0x04, 0x03, 0x00, 0x47, 0x30, 0x45, 0x02, 0x20, 0x68, 0x89,
3752 0x8b, 0xab, 0x98, 0xd3, 0x4f, 0x41, 0x4f, 0x7d, 0x1c, 0x52, 0xbe, 0x1b,
3753 0xf1, 0xbe, 0xb3, 0x68, 0x49, 0x5a, 0x91, 0x93, 0xdc, 0xac, 0xba, 0x6e,
3754 0x58, 0x8d, 0xcd, 0x3c, 0x5a, 0x26, 0x02, 0x21, 0x00, 0x85, 0x09, 0xf7,
3755 0x21, 0x4a, 0x66, 0x45, 0x77, 0xfe, 0xd5, 0x77, 0x25, 0xd5, 0xc5, 0x1a,
3756 0xb3, 0x33, 0xd8, 0x86, 0x52, 0xcc, 0xe1, 0x26, 0x21, 0x03, 0xcf, 0x1b,
3757 0x34, 0x24, 0xab, 0xc0, 0x1f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
3758 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
3759 0x00, 0xbd, 0x22, 0x40, 0xf1, 0x6d, 0xe7, 0x68, 0x89, 0x82, 0x53, 0xcd,
3760 0x64, 0xed, 0x21, 0x17, 0x90, 0x3a, 0xd0, 0xa3, 0x21, 0x42, 0x40, 0x60,
3761 0xf2, 0x2c, 0xf7, 0x40, 0xef, 0xc3, 0xf0, 0x22, 0x24, 0xc2, 0x51, 0x17,
3762 0x9d, 0x4b, 0x10, 0x9f, 0x86, 0x1a, 0x05, 0x4c, 0x6a, 0xe0, 0x13, 0xbb,
3763 0x29, 0xad, 0xf7, 0x18, 0x5f, 0x76, 0x01, 0x10, 0x8b, 0x1c, 0x29, 0x79,
3764 0x23, 0x94, 0x58, 0x1a, 0xa6, 0xf8, 0xac, 0x9b, 0x2e, 0xe0, 0x70, 0x1d,
3765 0x06, 0x1a, 0xe9, 0x5d, 0x24, 0x9f, 0x03, 0xff, 0x40, 0xe5, 0xc1, 0xb0,
3766 0xb9, 0xa7, 0x7e, 0x19, 0x3d, 0x0c, 0x99, 0x89, 0x81, 0xe4, 0x53, 0x9b,
3767 0xbd, 0x66, 0x1b, 0xba, 0x2e, 0xcd, 0xff, 0x24, 0x16, 0xd2, 0x89, 0xc9,
3768 0x75, 0xdd, 0xc9, 0x78, 0x25, 0x1e, 0x11, 0x43, 0x25, 0x06, 0x15, 0xe5,
3769 0xe3, 0x6b, 0xf9, 0x33, 0xee, 0x06, 0x16, 0x92, 0x8e, 0xe1, 0x8a, 0x93,
3770 0x41, 0x15, 0x8b, 0xf1, 0x06, 0xf7, 0x52, 0x07, 0x25, 0xb8, 0x6a, 0xae,
3771 0x46, 0x70, 0xa6, 0x81, 0x74, 0x70, 0x3c, 0x50, 0x42, 0x85, 0x65, 0x41,
3772 0xdb, 0x25, 0xb3, 0x4f, 0xce, 0x25, 0xb5, 0x2b, 0x62, 0xb7, 0x2b, 0xbf,
3773 0x66, 0xc4, 0xb4, 0x8a, 0x10, 0xb0, 0x50, 0x8e, 0x84, 0xf8, 0xe5, 0x28,
3774 0x86, 0xda, 0x7d, 0xe6, 0x65, 0xbf, 0xb1, 0xd5, 0x7d, 0x09, 0x28, 0x61,
3775 0xa3, 0x14, 0x89, 0x23, 0x35, 0x6e, 0x9c, 0x70, 0x06, 0x8b, 0xcb, 0x84,
3776 0xe8, 0x70, 0x8d, 0xb9, 0xfb, 0x74, 0xcf, 0x77, 0x63, 0x00, 0x5d, 0x8c,
3777 0xbb, 0x62, 0x4a, 0x2b, 0xc2, 0x8b, 0x2c, 0xd9, 0x9a, 0xa8, 0x83, 0x6f,
3778 0x06, 0x2a, 0x2a, 0x30, 0x4c, 0x39, 0xb4, 0xf8, 0x7d, 0x8c, 0x5e, 0xa7,
3779 0xcb, 0xce, 0x64, 0xe0, 0x27, 0xfa, 0x24, 0x42, 0xdd, 0xd1, 0x1d, 0xf8,
3780 0xa9, 0xd7, 0xc4, 0x0c, 0x92
3781};
3782
3783static const BYTE ocsp_cert_issuer[] = {
3784 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01,
3785 0x02, 0x02, 0x10, 0x06, 0xd8, 0xd9, 0x04, 0xd5, 0x58, 0x43, 0x46, 0xf6,
3786 0x8a, 0x2f, 0xa7, 0x54, 0x22, 0x7e, 0xc4, 0x30, 0x0d, 0x06, 0x09, 0x2a,
3787 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x61,
3788 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
3789 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
3790 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63,
3791 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77,
3792 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e,
3793 0x63, 0x6f, 0x6d, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03,
3794 0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47,
3795 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43,
3796 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x34, 0x31, 0x34, 0x30,
3797 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x30, 0x34,
3798 0x31, 0x33, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x4f, 0x31,
3799 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
3800 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44,
3801 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31,
3802 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x44, 0x69,
3803 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x52,
3804 0x53, 0x41, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x32, 0x30,
3805 0x32, 0x30, 0x20, 0x43, 0x41, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
3806 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
3807 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
3808 0x01, 0x01, 0x00, 0xc1, 0x4b, 0xb3, 0x65, 0x47, 0x70, 0xbc, 0xdd, 0x4f,
3809 0x58, 0xdb, 0xec, 0x9c, 0xed, 0xc3, 0x66, 0xe5, 0x1f, 0x31, 0x13, 0x54,
3810 0xad, 0x4a, 0x66, 0x46, 0x1f, 0x2c, 0x0a, 0xec, 0x64, 0x07, 0xe5, 0x2e,
3811 0xdc, 0xdc, 0xb9, 0x0a, 0x20, 0xed, 0xdf, 0xe3, 0xc4, 0xd0, 0x9e, 0x9a,
3812 0xa9, 0x7a, 0x1d, 0x82, 0x88, 0xe5, 0x11, 0x56, 0xdb, 0x1e, 0x9f, 0x58,
3813 0xc2, 0x51, 0xe7, 0x2c, 0x34, 0x0d, 0x2e, 0xd2, 0x92, 0xe1, 0x56, 0xcb,
3814 0xf1, 0x79, 0x5f, 0xb3, 0xbb, 0x87, 0xca, 0x25, 0x03, 0x7b, 0x9a, 0x52,
3815 0x41, 0x66, 0x10, 0x60, 0x4f, 0x57, 0x13, 0x49, 0xf0, 0xe8, 0x37, 0x67,
3816 0x83, 0xdf, 0xe7, 0xd3, 0x4b, 0x67, 0x4c, 0x22, 0x51, 0xa6, 0xdf, 0x0e,
3817 0x99, 0x10, 0xed, 0x57, 0x51, 0x74, 0x26, 0xe2, 0x7d, 0xc7, 0xca, 0x62,
3818 0x2e, 0x13, 0x1b, 0x7f, 0x23, 0x88, 0x25, 0x53, 0x6f, 0xc1, 0x34, 0x58,
3819 0x00, 0x8b, 0x84, 0xff, 0xf8, 0xbe, 0xa7, 0x58, 0x49, 0x22, 0x7b, 0x96,
3820 0xad, 0xa2, 0x88, 0x9b, 0x15, 0xbc, 0xa0, 0x7c, 0xdf, 0xe9, 0x51, 0xa8,
3821 0xd5, 0xb0, 0xed, 0x37, 0xe2, 0x36, 0xb4, 0x82, 0x4b, 0x62, 0xb5, 0x49,
3822 0x9a, 0xec, 0xc7, 0x67, 0xd6, 0xe3, 0x3e, 0xf5, 0xe3, 0xd6, 0x12, 0x5e,
3823 0x44, 0xf1, 0xbf, 0x71, 0x42, 0x7d, 0x58, 0x84, 0x03, 0x80, 0xb1, 0x81,
3824 0x01, 0xfa, 0xf9, 0xca, 0x32, 0xbb, 0xb4, 0x8e, 0x27, 0x87, 0x27, 0xc5,
3825 0x2b, 0x74, 0xd4, 0xa8, 0xd6, 0x97, 0xde, 0xc3, 0x64, 0xf9, 0xca, 0xce,
3826 0x53, 0xa2, 0x56, 0xbc, 0x78, 0x17, 0x8e, 0x49, 0x03, 0x29, 0xae, 0xfb,
3827 0x49, 0x4f, 0xa4, 0x15, 0xb9, 0xce, 0xf2, 0x5c, 0x19, 0x57, 0x6d, 0x6b,
3828 0x79, 0xa7, 0x2b, 0xa2, 0x27, 0x20, 0x13, 0xb5, 0xd0, 0x3d, 0x40, 0xd3,
3829 0x21, 0x30, 0x07, 0x93, 0xea, 0x99, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01,
3830 0xa3, 0x82, 0x01, 0x82, 0x30, 0x82, 0x01, 0x7e, 0x30, 0x12, 0x06, 0x03,
3831 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01,
3832 0xff, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
3833 0x16, 0x04, 0x14, 0xb7, 0x6b, 0xa2, 0xea, 0xa8, 0xaa, 0x84, 0x8c, 0x79,
3834 0xea, 0xb4, 0xda, 0x0f, 0x98, 0xb2, 0xc5, 0x95, 0x76, 0xb9, 0xf4, 0x30,
3835 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
3836 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3, 0xe2,
3837 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x30, 0x0e, 0x06, 0x03,
3838 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86,
3839 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
3840 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b,
3841 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x76, 0x06, 0x08, 0x2b,
3842 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x6a, 0x30, 0x68, 0x30,
3843 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86,
3844 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70,
3845 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f,
3846 0x6d, 0x30, 0x40, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
3847 0x02, 0x86, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x61,
3848 0x63, 0x65, 0x72, 0x74, 0x73, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65,
3849 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43,
3850 0x65, 0x72, 0x74, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x52, 0x6f, 0x6f,
3851 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x42, 0x06, 0x03, 0x55,
3852 0x1d, 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33,
3853 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c,
3854 0x33, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63,
3855 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x47,
3856 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e,
3857 0x63, 0x72, 0x6c, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36,
3858 0x30, 0x34, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd,
3859 0x6c, 0x02, 0x01, 0x30, 0x07, 0x06, 0x05, 0x67, 0x81, 0x0c, 0x01, 0x01,
3860 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x01, 0x30, 0x08,
3861 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x02, 0x30, 0x08, 0x06, 0x06,
3862 0x67, 0x81, 0x0c, 0x01, 0x02, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
3863 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
3864 0x01, 0x00, 0x80, 0x32, 0xce, 0x5e, 0x0b, 0xdd, 0x6e, 0x5a, 0x0d, 0x0a,
3865 0xaf, 0xe1, 0xd6, 0x84, 0xcb, 0xc0, 0x8e, 0xfa, 0x85, 0x70, 0xed, 0xda,
3866 0x5d, 0xb3, 0x0c, 0xf7, 0x2b, 0x75, 0x40, 0xfe, 0x85, 0x0a, 0xfa, 0xf3,
3867 0x31, 0x78, 0xb7, 0x70, 0x4b, 0x1a, 0x89, 0x58, 0xba, 0x80, 0xbd, 0xf3,
3868 0x6b, 0x1d, 0xe9, 0x7e, 0xcf, 0x0b, 0xba, 0x58, 0x9c, 0x59, 0xd4, 0x90,
3869 0xd3, 0xfd, 0x6c, 0xfd, 0xd0, 0x98, 0x6d, 0xb7, 0x71, 0x82, 0x5b, 0xcf,
3870 0x6d, 0x0b, 0x5a, 0x09, 0xd0, 0x7b, 0xde, 0xc4, 0x43, 0xd8, 0x2a, 0xa4,
3871 0xde, 0x9e, 0x41, 0x26, 0x5f, 0xbb, 0x8f, 0x99, 0xcb, 0xdd, 0xae, 0xe1,
3872 0xa8, 0x6f, 0x9f, 0x87, 0xfe, 0x74, 0xb7, 0x1f, 0x1b, 0x20, 0xab, 0xb1,
3873 0x4f, 0xc6, 0xf5, 0x67, 0x5d, 0x5d, 0x9b, 0x3c, 0xe9, 0xff, 0x69, 0xf7,
3874 0x61, 0x6c, 0xd6, 0xd9, 0xf3, 0xfd, 0x36, 0xc6, 0xab, 0x03, 0x88, 0x76,
3875 0xd2, 0x4b, 0x2e, 0x75, 0x86, 0xe3, 0xfc, 0xd8, 0x55, 0x7d, 0x26, 0xc2,
3876 0x11, 0x77, 0xdf, 0x3e, 0x02, 0xb6, 0x7c, 0xf3, 0xab, 0x7b, 0x7a, 0x86,
3877 0x36, 0x6f, 0xb8, 0xf7, 0xd8, 0x93, 0x71, 0xcf, 0x86, 0xdf, 0x73, 0x30,
3878 0xfa, 0x7b, 0xab, 0xed, 0x2a, 0x59, 0xc8, 0x42, 0x84, 0x3b, 0x11, 0x17,
3879 0x1a, 0x52, 0xf3, 0xc9, 0x0e, 0x14, 0x7d, 0xa2, 0x5b, 0x72, 0x67, 0xba,
3880 0x71, 0xed, 0x57, 0x47, 0x66, 0xc5, 0xb8, 0x02, 0x4a, 0x65, 0x34, 0x5e,
3881 0x8b, 0xd0, 0x2a, 0x3c, 0x20, 0x9c, 0x51, 0x99, 0x4c, 0xe7, 0x52, 0x9e,
3882 0xf7, 0x6b, 0x11, 0x2b, 0x0d, 0x92, 0x7e, 0x1d, 0xe8, 0x8a, 0xeb, 0x36,
3883 0x16, 0x43, 0x87, 0xea, 0x2a, 0x63, 0xbf, 0x75, 0x3f, 0xeb, 0xde, 0xc4,
3884 0x03, 0xbb, 0x0a, 0x3c, 0xf7, 0x30, 0xef, 0xeb, 0xaf, 0x4c, 0xfc, 0x8b,
3885 0x36, 0x10, 0x73, 0x3e, 0xf3, 0xa4
3886};
3887
3888static void testVerifyRevocation(void)
3889{
3890 BOOL ret;
3891 CERT_REVOCATION_STATUS status = { 0 };
3892 PCCERT_CONTEXT certs[2];
3893 CERT_REVOCATION_PARA revPara = { sizeof(revPara), 0 };
3894
3895 /* Crash
3896 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL);
3897 */
3898 SetLastError(0xdeadbeef);
3899 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
3900 ok(!ret && GetLastError() == E_INVALIDARG,
3901 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
3902 status.cbSize = sizeof(status);
3903 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
3904 ok(ret, "CertVerifyRevocation failed: %08lx\n", GetLastError());
3905 ret = CertVerifyRevocation(0, 2, 0, NULL, 0, NULL, &status);
3906 ok(ret, "CertVerifyRevocation failed: %08lx\n", GetLastError());
3907 ret = CertVerifyRevocation(2, 0, 0, NULL, 0, NULL, &status);
3908 ok(ret, "CertVerifyRevocation failed: %08lx\n", GetLastError());
3909 certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
3910 sizeof(bigCert));
3911 SetLastError(0xdeadbeef);
3912 ret = CertVerifyRevocation(0, 0, 1, (void **)certs, 0, NULL, &status);
3913 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
3914 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08lx\n", GetLastError());
3915 SetLastError(0xdeadbeef);
3916 ret = CertVerifyRevocation(0, 2, 1, (void **)certs, 0, NULL, &status);
3917 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
3918 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08lx\n", GetLastError());
3919
3920 CertFreeCertificateContext(certs[0]);
3921
3922 certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING,
3923 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
3924 certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING,
3925 eeCert, sizeof(eeCert));
3926 /* The root cert itself can't be checked for revocation */
3927 SetLastError(0xdeadbeef);
3928 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3929 1, (void **)certs, 0, NULL, &status);
3930 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
3931 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08lx\n", GetLastError());
3932 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3933 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08lx\n", status.dwError);
3934 ok(status.dwIndex == 0, "expected index 0, got %ld\n", status.dwIndex);
3935 /* Neither can the end cert */
3936 SetLastError(0xdeadbeef);
3937 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3938 1, (void **)&certs[1], 0, NULL, &status);
3939 ok(!ret && (GetLastError() == CRYPT_E_REVOCATION_OFFLINE || GetLastError() == CRYPT_E_NO_REVOCATION_CHECK),
3940 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08lx\n",
3941 GetLastError());
3942 ok(status.dwError == CRYPT_E_REVOCATION_OFFLINE || status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3943 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08lx\n",
3944 status.dwError);
3945 ok(status.dwIndex == 0, "expected index 0, got %ld\n", status.dwIndex);
3946 /* Both certs together can't, either (they're not CRLs) */
3947 SetLastError(0xdeadbeef);
3948 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3949 2, (void **)certs, 0, NULL, &status);
3950 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
3951 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08lx\n",
3952 GetLastError());
3953 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3954 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08lx\n",
3955 status.dwError);
3956 ok(status.dwIndex == 0, "expected index 0, got %ld\n", status.dwIndex);
3957 /* Now add a CRL to the hCrlStore */
3958 revPara.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
3959 CERT_STORE_CREATE_NEW_FLAG, NULL);
3960 CertAddEncodedCRLToStore(revPara.hCrlStore, X509_ASN_ENCODING,
3961 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
3962 SetLastError(0xdeadbeef);
3963 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3964 2, (void **)certs, 0, &revPara, &status);
3965 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
3966 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08lx\n",
3967 GetLastError());
3968 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3969 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08lx\n",
3970 status.dwError);
3971 ok(status.dwIndex == 0, "expected index 0, got %ld\n", status.dwIndex);
3972 /* Specifying CERT_VERIFY_REV_CHAIN_FLAG doesn't change things either */
3973 SetLastError(0xdeadbeef);
3974 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3975 2, (void **)certs, CERT_VERIFY_REV_CHAIN_FLAG, &revPara, &status);
3976 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
3977 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08lx\n", GetLastError());
3978 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3979 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08lx\n", status.dwError);
3980 ok(status.dwIndex == 0, "expected index 0, got %ld\n", status.dwIndex);
3981 /* Again, specifying the issuer cert: no change */
3982 revPara.pIssuerCert = certs[0];
3983 SetLastError(0xdeadbeef);
3984 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3985 1, (void **)&certs[1], 0, &revPara, &status);
3986 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
3987 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08lx\n", GetLastError());
3988 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3989 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08lx\n", status.dwError);
3990 ok(status.dwIndex == 0, "expected index 0, got %ld\n", status.dwIndex);
3991 CertCloseStore(revPara.hCrlStore, 0);
3992 CertFreeCertificateContext(certs[1]);
3993 CertFreeCertificateContext(certs[0]);
3994
3995 /* OCSP */
3996 certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, ocsp_cert, sizeof(ocsp_cert));
3997 memset(&revPara, 0, sizeof(revPara));
3998 revPara.cbSize = sizeof(revPara);
3999 memset(&status, 0x55, sizeof(status));
4000 status.cbSize = sizeof(status);
4001 SetLastError(0xdeadbeef);
4002 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certs[0],
4003 0, &revPara, &status);
4004 ok(!ret, "success\n");
4005 ok(GetLastError() == CRYPT_E_REVOCATION_OFFLINE, "got %08lx\n", GetLastError());
4006
4007 revPara.pIssuerCert = CertCreateCertificateContext(X509_ASN_ENCODING, ocsp_cert_issuer,
4008 sizeof(ocsp_cert_issuer));
4009 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certs[0],
4010 0, &revPara, &status);
4011 ok(ret, "got %08lx\n", GetLastError());
4012 ok(!status.dwError, "got %08lx\n", status.dwError);
4013 ok(!status.dwIndex, "got %ld\n", status.dwIndex);
4014 CertFreeCertificateContext(revPara.pIssuerCert);
4015 CertFreeCertificateContext(certs[0]);
4016}
4017
4018static BYTE privKey[] = {
4019 0x07, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00,
4020 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x79, 0x10, 0x1c, 0xd0, 0x6b, 0x10,
4021 0x18, 0x30, 0x94, 0x61, 0xdc, 0x0e, 0xcb, 0x96, 0x4e, 0x21, 0x3f, 0x79, 0xcd,
4022 0xa9, 0x17, 0x62, 0xbc, 0xbb, 0x61, 0x4c, 0xe0, 0x75, 0x38, 0x6c, 0xf3, 0xde,
4023 0x60, 0x86, 0x03, 0x97, 0x65, 0xeb, 0x1e, 0x6b, 0xdb, 0x53, 0x85, 0xad, 0x68,
4024 0x21, 0xf1, 0x5d, 0xe7, 0x1f, 0xe6, 0x53, 0xb4, 0xbb, 0x59, 0x3e, 0x14, 0x27,
4025 0xb1, 0x83, 0xa7, 0x3a, 0x54, 0xe2, 0x8f, 0x65, 0x8e, 0x6a, 0x4a, 0xcf, 0x3b,
4026 0x1f, 0x65, 0xff, 0xfe, 0xf1, 0x31, 0x3a, 0x37, 0x7a, 0x8b, 0xcb, 0xc6, 0xd4,
4027 0x98, 0x50, 0x36, 0x67, 0xe4, 0xa1, 0xe8, 0x7e, 0x8a, 0xc5, 0x23, 0xf2, 0x77,
4028 0xf5, 0x37, 0x61, 0x49, 0x72, 0x59, 0xe8, 0x3d, 0xf7, 0x60, 0xb2, 0x77, 0xca,
4029 0x78, 0x54, 0x6d, 0x65, 0x9e, 0x03, 0x97, 0x1b, 0x61, 0xbd, 0x0c, 0xd8, 0x06,
4030 0x63, 0xe2, 0xc5, 0x48, 0xef, 0xb3, 0xe2, 0x6e, 0x98, 0x7d, 0xbd, 0x4e, 0x72,
4031 0x91, 0xdb, 0x31, 0x57, 0xe3, 0x65, 0x3a, 0x49, 0xca, 0xec, 0xd2, 0x02, 0x4e,
4032 0x22, 0x7e, 0x72, 0x8e, 0xf9, 0x79, 0x84, 0x82, 0xdf, 0x7b, 0x92, 0x2d, 0xaf,
4033 0xc9, 0xe4, 0x33, 0xef, 0x89, 0x5c, 0x66, 0x99, 0xd8, 0x80, 0x81, 0x47, 0x2b,
4034 0xb1, 0x66, 0x02, 0x84, 0x59, 0x7b, 0xc3, 0xbe, 0x98, 0x45, 0x4a, 0x3d, 0xdd,
4035 0xea, 0x2b, 0xdf, 0x4e, 0xb4, 0x24, 0x6b, 0xec, 0xe7, 0xd9, 0x0c, 0x45, 0xb8,
4036 0xbe, 0xca, 0x69, 0x37, 0x92, 0x4c, 0x38, 0x6b, 0x96, 0x6d, 0xcd, 0x86, 0x67,
4037 0x5c, 0xea, 0x54, 0x94, 0xa4, 0xca, 0xa4, 0x02, 0xa5, 0x21, 0x4d, 0xae, 0x40,
4038 0x8f, 0x9d, 0x51, 0x83, 0xf2, 0x3f, 0x33, 0xc1, 0x72, 0xb4, 0x1d, 0x94, 0x6e,
4039 0x7d, 0xe4, 0x27, 0x3f, 0xea, 0xff, 0xe5, 0x9b, 0xa7, 0x5e, 0x55, 0x8e, 0x0d,
4040 0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
4041 0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
4042 0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
4043
4044static const BYTE exportedPublicKeyBlob[] = {
40450x06,0x02,0x00,0x00,0x00,0xa4,0x00,0x00,0x52,0x53,0x41,0x31,0x00,0x02,0x00,0x00,
40460x01,0x00,0x01,0x00,0x79,0x10,0x1c,0xd0,0x6b,0x10,0x18,0x30,0x94,0x61,0xdc,0x0e,
40470xcb,0x96,0x4e,0x21,0x3f,0x79,0xcd,0xa9,0x17,0x62,0xbc,0xbb,0x61,0x4c,0xe0,0x75,
40480x38,0x6c,0xf3,0xde,0x60,0x86,0x03,0x97,0x65,0xeb,0x1e,0x6b,0xdb,0x53,0x85,0xad,
40490x68,0x21,0xf1,0x5d,0xe7,0x1f,0xe6,0x53,0xb4,0xbb,0x59,0x3e,0x14,0x27,0xb1,0x83,
40500xa7,0x3a,0x54,0xe2 };
4051
4052static const BYTE asnEncodedPublicKey[] = {
40530x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,0x83,0xb1,0x27,0x14,0x3e,0x59,0xbb,
40540xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,0x68,0xad,0x85,0x53,0xdb,0x6b,0x1e,0xeb,
40550x65,0x97,0x03,0x86,0x60,0xde,0xf3,0x6c,0x38,0x75,0xe0,0x4c,0x61,0xbb,0xbc,0x62,
40560x17,0xa9,0xcd,0x79,0x3f,0x21,0x4e,0x96,0xcb,0x0e,0xdc,0x61,0x94,0x30,0x18,0x10,
40570x6b,0xd0,0x1c,0x10,0x79,0x02,0x03,0x01,0x00,0x01 };
4058
4059static void testAcquireCertPrivateKey(void)
4060{
4061 BOOL ret;
4062 PCCERT_CONTEXT cert;
4063 HCRYPTPROV csp;
4064 DWORD size, keySpec;
4065 BOOL callerFree;
4066 CRYPT_KEY_PROV_INFO keyProvInfo;
4067 HCRYPTKEY key;
4068 WCHAR ms_def_prov_w[MAX_PATH];
4069
4070 lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
4071
4072 keyProvInfo.pwszContainerName = (WCHAR *)L"WineCryptTemp";
4073 keyProvInfo.pwszProvName = ms_def_prov_w;
4074 keyProvInfo.dwProvType = PROV_RSA_FULL;
4075 keyProvInfo.dwFlags = 0;
4076 keyProvInfo.cProvParam = 0;
4077 keyProvInfo.rgProvParam = NULL;
4078 keyProvInfo.dwKeySpec = AT_SIGNATURE;
4079
4080 CryptAcquireContextA(NULL, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
4081 CRYPT_DELETEKEYSET);
4082
4083 cert = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
4084 sizeof(selfSignedCert));
4085
4086 /* Crash
4087 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL, NULL);
4088 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL,
4089 &callerFree);
4090 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, &keySpec,
4091 NULL);
4092 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, NULL, NULL);
4093 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, &keySpec,
4094 &callerFree);
4095 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, NULL, NULL, NULL);
4096 */
4097
4098 /* Missing private key */
4099 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, NULL, NULL);
4100 ok(!ret && (GetLastError() == CRYPT_E_NO_KEY_PROPERTY || GetLastError() == NTE_BAD_PROV_TYPE /* win10 */),
4101 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08lx\n", GetLastError());
4102 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
4103 &callerFree);
4104 ok(!ret && (GetLastError() == CRYPT_E_NO_KEY_PROPERTY || GetLastError() == NTE_BAD_PROV_TYPE /* win10 */),
4105 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08lx\n", GetLastError());
4106 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
4107 &keyProvInfo);
4108 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
4109 &callerFree);
4110 ok(!ret && (GetLastError() == CRYPT_E_NO_KEY_PROPERTY ||
4111 GetLastError() == NTE_BAD_KEYSET /* win8 */ ||
4112 GetLastError() == NTE_BAD_PROV_TYPE /* win10 */),
4113 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08lx\n", GetLastError());
4114
4115 CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
4116 CRYPT_NEWKEYSET);
4117 ret = CryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
4118 ok(ret, "CryptImportKey failed: %08lx\n", GetLastError());
4119 if (ret)
4120 {
4121 HCRYPTPROV certCSP;
4122 DWORD size;
4123 CERT_KEY_CONTEXT keyContext;
4124
4125 /* Don't cache provider */
4126 SetLastError(0xdeadbeef);
4127 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
4128 &keySpec, &callerFree);
4129 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08lx\n", GetLastError());
4130 ok(GetLastError() == ERROR_SUCCESS, "got %08lx\n", GetLastError());
4131 ok(callerFree, "Expected callerFree to be TRUE\n");
4132 CryptReleaseContext(certCSP, 0);
4133
4134 SetLastError(0xdeadbeef);
4135 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
4136 NULL, NULL);
4137 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08lx\n", GetLastError());
4138 ok(GetLastError() == ERROR_SUCCESS, "got %08lx\n", GetLastError());
4139 CryptReleaseContext(certCSP, 0);
4140
4141 /* Use the key prov info's caching (there shouldn't be any) */
4142 SetLastError(0xdeadbeef);
4143 ret = CryptAcquireCertificatePrivateKey(cert,
4144 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
4145 &callerFree);
4146 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08lx\n", GetLastError());
4147 ok(GetLastError() == ERROR_SUCCESS, "got %08lx\n", GetLastError());
4148 ok(callerFree, "Expected callerFree to be TRUE\n");
4149 CryptReleaseContext(certCSP, 0);
4150
4151 /* Cache it (and check that it's cached) */
4152 SetLastError(0xdeadbeef);
4153 ret = CryptAcquireCertificatePrivateKey(cert,
4154 CRYPT_ACQUIRE_CACHE_FLAG, NULL, &certCSP, &keySpec, &callerFree);
4155 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08lx\n", GetLastError());
4156 ok(GetLastError() == ERROR_SUCCESS, "got %08lx\n", GetLastError());
4157 ok(!callerFree, "Expected callerFree to be FALSE\n");
4158 size = sizeof(keyContext);
4159 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
4160 &keyContext, &size);
4161 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n", GetLastError());
4162
4163 /* Remove the cached provider */
4164 CryptReleaseContext(keyContext.hCryptProv, 0);
4165 CertSetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID, 0,
4166 NULL);
4167 /* Allow caching via the key prov info */
4168 keyProvInfo.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
4169 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
4170 &keyProvInfo);
4171 /* Now use the key prov info's caching */
4172 SetLastError(0xdeadbeef);
4173 ret = CryptAcquireCertificatePrivateKey(cert,
4174 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
4175 &callerFree);
4176 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08lx\n", GetLastError());
4177 ok(GetLastError() == ERROR_SUCCESS, "got %08lx\n", GetLastError());
4178 ok(!callerFree, "Expected callerFree to be FALSE\n");
4179 size = sizeof(keyContext);
4180 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
4181 &keyContext, &size);
4182 ok(ret, "CertGetCertificateContextProperty failed: %08lx\n", GetLastError());
4183 CryptReleaseContext(certCSP, 0);
4184
4185 CryptDestroyKey(key);
4186 }
4187
4188 /* Some sanity-checking on public key exporting */
4189 ret = CryptImportPublicKeyInfo(csp, X509_ASN_ENCODING,
4190 &cert->pCertInfo->SubjectPublicKeyInfo, &key);
4191 ok(ret, "CryptImportPublicKeyInfo failed: %08lx\n", GetLastError());
4192 if (ret)
4193 {
4194 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, NULL, &size);
4195 ok(ret, "CryptExportKey failed: %08lx\n", GetLastError());
4196 if (ret)
4197 {
4198 LPBYTE buf = malloc(size), encodedKey;
4199
4200 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, buf, &size);
4201 ok(ret, "CryptExportKey failed: %08lx\n", GetLastError());
4202 ok(size == sizeof(exportedPublicKeyBlob), "Unexpected size %ld\n",
4203 size);
4204 ok(!memcmp(buf, exportedPublicKeyBlob, size), "Unexpected value\n");
4205 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB,
4206 buf, CRYPT_ENCODE_ALLOC_FLAG, NULL, &encodedKey, &size);
4207 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
4208 if (ret)
4209 {
4210 ok(size == sizeof(asnEncodedPublicKey), "Unexpected size %ld\n",
4211 size);
4212 ok(!memcmp(encodedKey, asnEncodedPublicKey, size),
4213 "Unexpected value\n");
4214 LocalFree(encodedKey);
4215 }
4216 free(buf);
4217 }
4218 CryptDestroyKey(key);
4219 }
4220 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
4221 NULL, 0, NULL, NULL, &size);
4222 ok(ret, "CryptExportPublicKeyInfoEx failed: %08lx\n", GetLastError());
4223 if (ret)
4224 {
4225 PCERT_PUBLIC_KEY_INFO info = malloc(size);
4226
4227 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
4228 NULL, 0, NULL, info, &size);
4229 ok(ret, "CryptExportPublicKeyInfoEx failed: %08lx\n", GetLastError());
4230 if (ret)
4231 {
4232 ok(info->PublicKey.cbData == sizeof(asnEncodedPublicKey),
4233 "Unexpected size %ld\n", info->PublicKey.cbData);
4234 ok(!memcmp(info->PublicKey.pbData, asnEncodedPublicKey,
4235 info->PublicKey.cbData), "Unexpected value\n");
4236 }
4237 free(info);
4238 }
4239
4240 CryptReleaseContext(csp, 0);
4241 CryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
4242 CRYPT_DELETEKEYSET);
4243
4244 CertFreeCertificateContext(cert);
4245}
4246
4247static void testGetPublicKeyLength(void)
4248{
4249 static char oid_rsa_rsa[] = szOID_RSA_RSA;
4250 static char oid_rsa_dh[] = szOID_RSA_DH;
4251 static char bogusOID[] = "1.2.3";
4252 DWORD ret;
4253 CERT_PUBLIC_KEY_INFO info = { { 0 } };
4254 BYTE bogusKey[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
4255 BYTE key[] = { 0x30,0x0f,0x02,0x08,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
4256 0x02,0x03,0x01,0x00,0x01 };
4257
4258 /* Crashes
4259 ret = CertGetPublicKeyLength(0, NULL);
4260 */
4261 /* With an empty public key info */
4262 SetLastError(0xdeadbeef);
4263 ret = CertGetPublicKeyLength(0, &info);
4264 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
4265 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %ld, %08lx\n",
4266 ret, GetLastError());
4267 SetLastError(0xdeadbeef);
4268 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
4269 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_EOD,
4270 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %ld, %08lx\n",
4271 ret, GetLastError());
4272 /* With a nearly-empty public key info */
4273 info.Algorithm.pszObjId = oid_rsa_rsa;
4274 SetLastError(0xdeadbeef);
4275 ret = CertGetPublicKeyLength(0, &info);
4276 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
4277 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %ld, %08lx\n",
4278 ret, GetLastError());
4279 SetLastError(0xdeadbeef);
4280 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
4281 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_EOD,
4282 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %ld, %08lx\n",
4283 ret, GetLastError());
4284 /* With a bogus key */
4285 info.PublicKey.cbData = sizeof(bogusKey);
4286 info.PublicKey.pbData = bogusKey;
4287 SetLastError(0xdeadbeef);
4288 ret = CertGetPublicKeyLength(0, &info);
4289 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
4290 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %ld, %08lx\n",
4291 ret, GetLastError());
4292 SetLastError(0xdeadbeef);
4293 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
4294 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_BADTAG,
4295 "Expected length 0 and CRYPT_E_ASN1_BADTAGTAG, got length %ld, %08lx\n",
4296 ret, GetLastError());
4297 /* With a believable RSA key but a bogus OID */
4298 info.Algorithm.pszObjId = bogusOID;
4299 info.PublicKey.cbData = sizeof(key);
4300 info.PublicKey.pbData = key;
4301 SetLastError(0xdeadbeef);
4302 ret = CertGetPublicKeyLength(0, &info);
4303 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
4304 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %ld, %08lx\n",
4305 ret, GetLastError());
4306 SetLastError(0xdeadbeef);
4307 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
4308 ok(ret == 56 || broken(ret == 0 && GetLastError() == NTE_BAD_LEN) /* Win7 */,
4309 "Expected length 56, got %ld\n", ret);
4310 /* An RSA key with the DH OID */
4311 info.Algorithm.pszObjId = oid_rsa_dh;
4312 SetLastError(0xdeadbeef);
4313 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
4314 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_BADTAG,
4315 "Expected length 0 and CRYPT_E_ASN1_BADTAG, got length %ld, %08lx\n",
4316 ret, GetLastError());
4317 /* With the RSA OID */
4318 info.Algorithm.pszObjId = oid_rsa_rsa;
4319 SetLastError(0xdeadbeef);
4320 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
4321 ok(ret == 56 || broken(ret == 0 && GetLastError() == NTE_BAD_LEN) /* Win7 */,
4322 "Expected length 56, got %ld\n", ret);
4323 /* With the RSA OID and a message encoding */
4324 info.Algorithm.pszObjId = oid_rsa_rsa;
4325 SetLastError(0xdeadbeef);
4326 ret = CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &info);
4327 ok(ret == 56 || broken(ret == 0 && GetLastError() == NTE_BAD_LEN) /* Win7 */,
4328 "Expected length 56, got %ld\n", ret);
4329}
4330
4331static void testKeyProvInfo(void)
4332{
4333 static WCHAR containerW[] = L"Wine Test Container";
4334 static WCHAR providerW[] = L"Hello World CSP";
4335 static CRYPT_KEY_PROV_PARAM param[2] = { { 0x4444, (BYTE *)"param", 6, 0x5555 }, { 0x7777, (BYTE *)"param2", 7, 0x8888 } };
4336 HCERTSTORE store;
4337 const CERT_CONTEXT *cert;
4338 CERT_NAME_BLOB name;
4339 CRYPT_KEY_PROV_INFO *info, info2;
4340 BOOL ret;
4341 DWORD size;
4342
4343 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
4344 CERT_SYSTEM_STORE_CURRENT_USER, "My");
4345 ok(store != NULL, "CertOpenStore error %lu\n", GetLastError());
4346
4347 cert = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert, sizeof(selfSignedCert));
4348 ok(cert != NULL, "CertCreateCertificateContext error %#lx\n", GetLastError());
4349
4350 info2.pwszContainerName = containerW;
4351 info2.pwszProvName = providerW;
4352 info2.dwProvType = 0x12345678;
4353 info2.dwFlags = 0x87654321;
4354 info2.cProvParam = ARRAY_SIZE(param);
4355 info2.rgProvParam = param;
4356 info2.dwKeySpec = 0x11223344;
4357 ret = CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0, &info2);
4358 ok(ret, "CertSetCertificateContextProperty error %#lx\n", GetLastError());
4359
4360 ret = CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
4361 ok(ret, "CertGetCertificateContextProperty error %#lx\n", GetLastError());
4362 info = malloc(size);
4363 ret = CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, info, &size);
4364 ok(ret, "CertGetCertificateContextProperty error %#lx\n", GetLastError());
4365 ok(!lstrcmpW(info->pwszContainerName, containerW), "got %s\n", wine_dbgstr_w(info->pwszContainerName));
4366 ok(!lstrcmpW(info->pwszProvName, providerW), "got %s\n", wine_dbgstr_w(info->pwszProvName));
4367 ok(info->dwProvType == 0x12345678, "got %#lx\n", info->dwProvType);
4368 ok(info->dwFlags == 0x87654321, "got %#lx\n", info->dwFlags);
4369 ok(info->dwKeySpec == 0x11223344, "got %#lx\n", info->dwKeySpec);
4370 ok(info->cProvParam == 2, "got %#lx\n", info->cProvParam);
4371 ok(info->rgProvParam != NULL, "got %p\n", info->rgProvParam);
4372 ok(info->rgProvParam[0].dwParam == param[0].dwParam, "got %#lx\n", info->rgProvParam[0].dwParam);
4373 ok(info->rgProvParam[0].cbData == param[0].cbData, "got %#lx\n", info->rgProvParam[0].cbData);
4374 ok(!memcmp(info->rgProvParam[0].pbData, param[0].pbData, param[0].cbData), "param1 mismatch\n");
4375 ok(info->rgProvParam[0].dwFlags == param[0].dwFlags, "got %#lx\n", info->rgProvParam[1].dwFlags);
4376 ok(info->rgProvParam[1].dwParam == param[1].dwParam, "got %#lx\n", info->rgProvParam[1].dwParam);
4377 ok(info->rgProvParam[1].cbData == param[1].cbData, "got %#lx\n", info->rgProvParam[1].cbData);
4378 ok(!memcmp(info->rgProvParam[1].pbData, param[1].pbData, param[1].cbData), "param2 mismatch\n");
4379 ok(info->rgProvParam[1].dwFlags == param[1].dwFlags, "got %#lx\n", info->rgProvParam[1].dwFlags);
4380 free(info);
4381
4382 ret = CertAddCertificateContextToStore(store, cert, CERT_STORE_ADD_NEW, NULL);
4383 ok(ret, "CertAddCertificateContextToStore error %#lx\n", GetLastError());
4384
4385 CertFreeCertificateContext(cert);
4386 CertCloseStore(store, 0);
4387
4388 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
4389 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG, "My");
4390 ok(store != NULL, "CertOpenStore error %lu\n", GetLastError());
4391
4392 name.pbData = subjectName;
4393 name.cbData = sizeof(subjectName);
4394 cert = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &name, NULL);
4395 ok(cert != NULL, "certificate should exist in My store\n");
4396
4397 ret = CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
4398 ok(ret, "CertGetCertificateContextProperty error %#lx\n", GetLastError());
4399 info = malloc(size);
4400 ret = CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, info, &size);
4401 ok(ret, "CertGetCertificateContextProperty error %#lx\n", GetLastError());
4402 ok(!lstrcmpW(info->pwszContainerName, containerW), "got %s\n", wine_dbgstr_w(info->pwszContainerName));
4403 ok(!lstrcmpW(info->pwszProvName, providerW), "got %s\n", wine_dbgstr_w(info->pwszProvName));
4404 ok(info->dwProvType == 0x12345678, "got %#lx\n", info->dwProvType);
4405 ok(info->dwFlags == 0x87654321, "got %#lx\n", info->dwFlags);
4406 ok(info->dwKeySpec == 0x11223344, "got %#lx\n", info->dwKeySpec);
4407 ok(info->cProvParam == 2, "got %#lx\n", info->cProvParam);
4408 ok(info->rgProvParam != NULL, "got %p\n", info->rgProvParam);
4409 ok(info->rgProvParam[0].dwParam == param[0].dwParam, "got %#lx\n", info->rgProvParam[0].dwParam);
4410 ok(info->rgProvParam[0].cbData == param[0].cbData, "got %#lx\n", info->rgProvParam[0].cbData);
4411 ok(!memcmp(info->rgProvParam[0].pbData, param[0].pbData, param[0].cbData), "param1 mismatch\n");
4412 ok(info->rgProvParam[0].dwFlags == param[0].dwFlags, "got %#lx\n", info->rgProvParam[1].dwFlags);
4413 ok(info->rgProvParam[1].dwParam == param[1].dwParam, "got %#lx\n", info->rgProvParam[1].dwParam);
4414 ok(info->rgProvParam[1].cbData == param[1].cbData, "got %#lx\n", info->rgProvParam[1].cbData);
4415 ok(!memcmp(info->rgProvParam[1].pbData, param[1].pbData, param[1].cbData), "param2 mismatch\n");
4416 ok(info->rgProvParam[1].dwFlags == param[1].dwFlags, "got %#lx\n", info->rgProvParam[1].dwFlags);
4417 free(info);
4418
4419 ret = CertDeleteCertificateFromStore(cert);
4420 ok(ret, "CertDeleteCertificateFromStore error %#lx\n", GetLastError());
4421
4422 CertFreeCertificateContext(cert);
4423 CertCloseStore(store, 0);
4424}
4425
4426static void test_VerifySignature(void)
4427{
4428 PCCERT_CONTEXT cert;
4429 PCERT_SIGNED_CONTENT_INFO info;
4430 DWORD size;
4431 BOOL ret;
4432 HCRYPTPROV prov;
4433 HCRYPTKEY key;
4434 HCRYPTHASH hash;
4435#ifndef __REACTOS__
4436 BYTE hash_value[20], *sig_value;
4437 DWORD hash_len, i;
4438 BCRYPT_KEY_HANDLE bkey;
4439 BCRYPT_HASH_HANDLE bhash;
4440 BCRYPT_ALG_HANDLE alg;
4441 BCRYPT_PKCS1_PADDING_INFO pad;
4442 NTSTATUS status;
4443#endif
4444
4445 cert = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert, sizeof(selfSignedCert));
4446 ok(cert != NULL, "CertCreateCertificateContext error %#lx\n", GetLastError());
4447
4448 /* 1. Verify certificate signature with Crypto API */
4449 ret = CryptVerifyCertificateSignature(0, cert->dwCertEncodingType,
4450 cert->pbCertEncoded, cert->cbCertEncoded, &cert->pCertInfo->SubjectPublicKeyInfo);
4451 ok(ret, "CryptVerifyCertificateSignature error %#lx\n", GetLastError());
4452
4453 /* 2. Verify certificate signature with Crypto API manually */
4454 ret = CryptAcquireContextA(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
4455 ok(ret, "CryptAcquireContext error %#lx\n", GetLastError());
4456
4457 ret = CryptImportPublicKeyInfoEx(prov, cert->dwCertEncodingType, &cert->pCertInfo->SubjectPublicKeyInfo, 0, 0, NULL, &key);
4458 ok(ret, "CryptImportPublicKeyInfoEx error %#lx\n", GetLastError());
4459
4460 ret = CryptDecodeObjectEx(cert->dwCertEncodingType, X509_CERT,
4461 cert->pbCertEncoded, cert->cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
4462 ok(ret, "CryptDecodeObjectEx error %#lx\n", GetLastError());
4463
4464 ret = CryptCreateHash(prov, CALG_SHA1, 0, 0, &hash);
4465 ok(ret, "CryptCreateHash error %#lx\n", GetLastError());
4466
4467 ret = CryptHashData(hash, info->ToBeSigned.pbData, info->ToBeSigned.cbData, 0);
4468 ok(ret, "CryptHashData error %#lx\n", GetLastError());
4469
4470 ret = CryptVerifySignatureW(hash, info->Signature.pbData, info->Signature.cbData, key, NULL, 0);
4471 ok(ret, "CryptVerifySignature error %#lx\n", GetLastError());
4472
4473 CryptDestroyHash(hash);
4474 CryptDestroyKey(key);
4475 CryptReleaseContext(prov, 0);
4476
4477#ifndef __REACTOS__ // FIXME: ReactOS has no implementation for CryptImportPublicKeyInfoEx2
4478 /* 3. Verify certificate signature with CNG */
4479 ret = CryptImportPublicKeyInfoEx2(cert->dwCertEncodingType, &cert->pCertInfo->SubjectPublicKeyInfo, 0, NULL, &bkey);
4480 ok(ret, "CryptImportPublicKeyInfoEx error %#lx\n", GetLastError());
4481
4482 status = BCryptOpenAlgorithmProvider(&alg, BCRYPT_SHA1_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0);
4483 ok(!status, "got %#lx\n", status);
4484
4485 status = BCryptCreateHash(alg, &bhash, NULL, 0, NULL, 0, 0);
4486 ok(!status, "got %#lx\n", status);
4487
4488 status = BCryptHashData(bhash, info->ToBeSigned.pbData, info->ToBeSigned.cbData, 0);
4489 ok(!status, "got %#lx\n", status);
4490
4491 status = BCryptFinishHash(bhash, hash_value, sizeof(hash_value), 0);
4492 ok(!status, "got %#lx\n", status);
4493 ok(!memcmp(hash_value, selfSignedSignatureHash, sizeof(hash_value)), "got wrong hash value\n");
4494
4495 status = BCryptGetProperty(bhash, BCRYPT_HASH_LENGTH, (BYTE *)&hash_len, sizeof(hash_len), &size, 0);
4496 ok(!status, "got %#lx\n", status);
4497 ok(hash_len == sizeof(hash_value), "got %lu\n", hash_len);
4498
4499 sig_value = malloc(info->Signature.cbData);
4500 for (i = 0; i < info->Signature.cbData; i++)
4501 sig_value[i] = info->Signature.pbData[info->Signature.cbData - i - 1];
4502
4503 pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
4504 status = BCryptVerifySignature(bkey, &pad, hash_value, sizeof(hash_value), sig_value, info->Signature.cbData, BCRYPT_PAD_PKCS1);
4505 ok(!status, "got %#lx\n", status);
4506
4507 free(sig_value);
4508 BCryptDestroyHash(bhash);
4509 BCryptCloseAlgorithmProvider(alg, 0);
4510 BCryptDestroyKey(bkey);
4511 LocalFree(info);
4512 CertFreeCertificateContext(cert);
4513#endif
4514}
4515
4516START_TEST(cert)
4517{
4518 testAddCert();
4519 testCertProperties();
4520 testCreateCert();
4521 testDupCert();
4522 testFindCert();
4523 testGetSubjectCert();
4524 testGetIssuerCert();
4525 testLinkCert();
4526 testKeyProvInfo();
4527
4528 testCryptHashCert();
4529 testCryptHashCert2();
4530 testCertSigs();
4531 testSignAndEncodeCert();
4532 testCreateSelfSignCert();
4533 testIntendedKeyUsage();
4534 testKeyUsage();
4535 testGetValidUsages();
4536 testCompareCertName();
4537 testCompareIntegerBlob();
4538 testComparePublicKeyInfo();
4539 testHashPublicKeyInfo();
4540 testHashToBeSigned();
4541 testCompareCert();
4542 testVerifySubjectCert();
4543 testVerifyRevocation();
4544 testAcquireCertPrivateKey();
4545 testGetPublicKeyLength();
4546 testIsRDNAttrsInCertificateName();
4547 test_VerifySignature();
4548}
strcmp
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
memcmp
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
ok
#define ok(value,...)
Definition: atltest.h:57
broken
#define broken(x)
Definition: atltest.h:178
START_TEST
#define START_TEST(x)
Definition: atltest.h:75
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ARRAY_SIZE
#define ARRAY_SIZE(A)
Definition: main.h:20
BCryptDestroyKey
NTSTATUS WINAPI BCryptDestroyKey(BCRYPT_KEY_HANDLE)
BCryptVerifySignature
NTSTATUS WINAPI BCryptVerifySignature(BCRYPT_KEY_HANDLE, void *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG)
BCRYPT_PAD_PKCS1
#define BCRYPT_PAD_PKCS1
Definition: bcrypt.h:153
BCRYPT_HASH_LENGTH
#define BCRYPT_HASH_LENGTH
Definition: bcrypt.h:50
MS_PRIMITIVE_PROVIDER
#define MS_PRIMITIVE_PROVIDER
Definition: bcrypt.h:69
BCRYPT_SHA1_ALGORITHM
#define BCRYPT_SHA1_ALGORITHM
Definition: bcrypt.h:74
BCryptHashData
NTSTATUS WINAPI BCryptHashData(BCRYPT_HASH_HANDLE handle, UCHAR *input, ULONG size, ULONG flags)
Definition: bcrypt_main.c:1058
BCryptGetProperty
NTSTATUS WINAPI BCryptGetProperty(BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *buffer, ULONG count, ULONG *res, ULONG flags)
Definition: bcrypt_main.c:978
BCryptDestroyHash
NTSTATUS WINAPI BCryptDestroyHash(BCRYPT_HASH_HANDLE handle)
Definition: bcrypt_main.c:1047
BCryptOpenAlgorithmProvider
NTSTATUS WINAPI BCryptOpenAlgorithmProvider(BCRYPT_ALG_HANDLE *handle, LPCWSTR id, LPCWSTR implementation, DWORD flags)
Definition: bcrypt_main.c:336
BCryptCloseAlgorithmProvider
NTSTATUS WINAPI BCryptCloseAlgorithmProvider(BCRYPT_ALG_HANDLE handle, DWORD flags)
Definition: bcrypt_main.c:380
BCryptCreateHash
NTSTATUS WINAPI BCryptCreateHash(BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDLE *handle, UCHAR *object, ULONG objectlen, UCHAR *secret, ULONG secretlen, ULONG flags)
Definition: bcrypt_main.c:1005
BCryptFinishHash
NTSTATUS WINAPI BCryptFinishHash(BCRYPT_HASH_HANDLE handle, UCHAR *output, ULONG size, ULONG flags)
Definition: bcrypt_main.c:1077
CertAddStoreToCollection
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
Definition: collectionstore.c:489
CryptDecodeObjectEx
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
link
const WCHAR * link
Definition: db.cpp:998
ERROR_MORE_DATA
#define ERROR_MORE_DATA
Definition: dderror.h:13
E_INVALIDARG
#define E_INVALIDARG
Definition: ddrawi.h:101
free
#define free
Definition: debug_ros.c:5
malloc
#define malloc
Definition: debug_ros.c:4
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
CryptExportKey
BOOL WINAPI CryptExportKey(HCRYPTKEY hKey, HCRYPTKEY hExpKey, DWORD dwBlobType, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
Definition: crypt.c:1416
CryptCreateHash
BOOL WINAPI CryptCreateHash(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTKEY hKey, DWORD dwFlags, HCRYPTHASH *phHash)
Definition: crypt.c:740
CryptDestroyKey
BOOL WINAPI CryptDestroyKey(HCRYPTKEY hKey)
Definition: crypt.c:930
CryptDestroyHash
BOOL WINAPI CryptDestroyHash(HCRYPTHASH hHash)
Definition: crypt.c:890
CryptSignHashA
BOOL WINAPI CryptSignHashA(HCRYPTHASH hHash, DWORD dwKeySpec, LPCSTR sDescription, DWORD dwFlags, BYTE *pbSignature, DWORD *pdwSigLen)
Definition: crypt.c:1939
CryptReleaseContext
BOOL WINAPI CryptReleaseContext(HCRYPTPROV hProv, DWORD dwFlags)
Definition: crypt.c:648
CryptHashData
BOOL WINAPI CryptHashData(HCRYPTHASH hHash, const BYTE *pbData, DWORD dwDataLen, DWORD dwFlags)
Definition: crypt.c:1771
CryptAcquireContextA
BOOL WINAPI CryptAcquireContextA(HCRYPTPROV *phProv, LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType, DWORD dwFlags)
Definition: crypt.c:569
CryptGenKey
BOOL WINAPI CryptGenKey(HCRYPTPROV hProv, ALG_ID Algid, DWORD dwFlags, HCRYPTKEY *phKey)
Definition: crypt.c:1451
CryptVerifySignatureW
BOOL WINAPI CryptVerifySignatureW(HCRYPTHASH hHash, const BYTE *pbSignature, DWORD dwSigLen, HCRYPTKEY hPubKey, LPCWSTR sDescription, DWORD dwFlags)
Definition: crypt.c:2238
CryptGetUserKey
BOOL WINAPI CryptGetUserKey(HCRYPTPROV hProv, DWORD dwKeySpec, HCRYPTKEY *phUserKey)
Definition: crypt.c:1718
CryptAcquireContextW
BOOL WINAPI CryptAcquireContextW(HCRYPTPROV *phProv, LPCWSTR pszContainer, LPCWSTR pszProvider, DWORD dwProvType, DWORD dwFlags)
Definition: crypt.c:358
CryptImportKey
BOOL WINAPI CryptImportKey(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen, HCRYPTKEY hPubKey, DWORD dwFlags, HCRYPTKEY *phKey)
Definition: crypt.c:1850
CertGetPublicKeyLength
DWORD WINAPI CertGetPublicKeyLength(DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey)
Definition: cert.c:1305
CertAddCertificateContextToStore
BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
Definition: cert.c:286
CertFreeCertificateContext
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
CertCreateCertificateContext
PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded)
Definition: cert.c:316
CertCompareCertificateName
BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType, PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
Definition: cert.c:1180
CertFindCertificateInStore
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara, PCCERT_CONTEXT pPrevCertContext)
Definition: cert.c:1765
CertRemoveEnhancedKeyUsageIdentifier
BOOL WINAPI CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext, LPCSTR pszUsageIdentifier)
Definition: cert.c:3063
CertVerifyRevocation
BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, DWORD cContext, PVOID rgpvContext[], DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
Definition: cert.c:1934
CertGetSubjectCertificateFromStore
PCCERT_CONTEXT WINAPI CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, PCERT_INFO pCertId)
Definition: cert.c:1831
CertGetIntendedKeyUsage
BOOL WINAPI CertGetIntendedKeyUsage(DWORD dwCertEncodingType, PCERT_INFO pCertInfo, BYTE *pbKeyUsage, DWORD cbKeyUsage)
Definition: cert.c:2810
CertSetEnhancedKeyUsage
BOOL WINAPI CertSetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, PCERT_ENHKEY_USAGE pUsage)
Definition: cert.c:2952
CryptAcquireCertificatePrivateKey
BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT pCert, DWORD dwFlags, void *pvReserved, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProv, DWORD *pdwKeySpec, BOOL *pfCallerFreeProv)
Definition: cert.c:881
CertIsRDNAttrsInCertificateName
BOOL WINAPI CertIsRDNAttrsInCertificateName(DWORD dwCertEncodingType, DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN)
Definition: cert.c:2131
CertAddCertificateLinkToStore
BOOL WINAPI CertAddCertificateLinkToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
Definition: cert.c:296
CertAddEnhancedKeyUsageIdentifier
BOOL WINAPI CertAddEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext, LPCSTR pszUsageIdentifier)
Definition: cert.c:2978
CryptVerifyCertificateSignatureEx
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject, DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
Definition: cert.c:2717
CryptHashPublicKeyInfo
BOOL WINAPI CryptHashPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, BYTE *pbComputedHash, DWORD *pcbComputedHash)
Definition: cert.c:2216
CertCompareCertificate
BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType, PCERT_INFO pCertId1, PCERT_INFO pCertId2)
Definition: cert.c:1166
CryptSignAndEncodeCertificate
BOOL WINAPI CryptSignAndEncodeCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv, DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType, const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD *pcbEncoded)
Definition: cert.c:2364
CertGetIssuerCertificateFromStore
PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext, DWORD *pdwFlags)
Definition: cert.c:1887
CertAddEncodedCertificateToStore
BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
Definition: cert.c:58
CryptVerifyCertificateSignature
BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded, PCERT_PUBLIC_KEY_INFO pPublicKey)
Definition: cert.c:2427
CertCreateSelfSignCertificate
PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hProv, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME pEndTime, PCERT_EXTENSIONS pExtensions)
Definition: cert.c:3552
CryptSignCertificate
BOOL WINAPI CryptSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv, DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned, DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature)
Definition: cert.c:2305
CertVerifySubjectCertificateContext
BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject, PCCERT_CONTEXT pIssuer, DWORD *pdwFlags)
Definition: cert.c:1845
CertSetCertificateContextProperty
BOOL WINAPI CertSetCertificateContextProperty(PCCERT_CONTEXT pCertContext, DWORD dwPropId, DWORD dwFlags, const void *pvData)
Definition: cert.c:799
CryptHashToBeSigned
BOOL WINAPI CryptHashToBeSigned(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash)
Definition: cert.c:2260
CertGetCertificateContextProperty
BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
Definition: cert.c:551
CertComparePublicKeyInfo
BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2)
Definition: cert.c:1244
CertDuplicateCertificateContext
PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:360
CertEnumCertificateContextProperties
DWORD WINAPI CertEnumCertificateContextProperties(PCCERT_CONTEXT pCertContext, DWORD dwPropId)
Definition: cert.c:380
CryptHashCertificate
BOOL WINAPI CryptHashCertificate(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash)
Definition: cert.c:2187
CertGetValidUsages
BOOL WINAPI CertGetValidUsages(DWORD cCerts, PCCERT_CONTEXT *rghCerts, int *cNumOIDs, LPSTR *rghOIDs, DWORD *pcbOIDs)
Definition: cert.c:3159
CertCompareIntegerBlob
BOOL WINAPI CertCompareIntegerBlob(PCRYPT_INTEGER_BLOB pInt1, PCRYPT_INTEGER_BLOB pInt2)
Definition: cert.c:1221
CertGetEnhancedKeyUsage
BOOL WINAPI CertGetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, DWORD dwFlags, PCERT_ENHKEY_USAGE pUsage, DWORD *pcbUsage)
Definition: cert.c:2847
CertAddEncodedCRLToStore
BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded, DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
Definition: crl.c:129
CryptExportPublicKeyInfoEx
BOOL WINAPI CryptExportPublicKeyInfoEx(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv, DWORD dwKeySpec, DWORD dwCertEncodingType, LPSTR pszPublicKeyObjId, DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo)
Definition: encode.c:4934
CryptEncodeObjectEx
BOOL WINAPI CryptEncodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const void *pvStructInfo, DWORD dwFlags, PCRYPT_ENCODE_PARA pEncodePara, void *pvEncoded, DWORD *pcbEncoded)
Definition: encode.c:4696
CryptImportPublicKeyInfoEx
BOOL WINAPI CryptImportPublicKeyInfoEx(HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, ALG_ID aiKeyAlg, DWORD dwFlags, void *pvAuxInfo, HCRYPTKEY *phKey)
Definition: encode.c:5044
CryptImportPublicKeyInfo
BOOL WINAPI CryptImportPublicKeyInfo(HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, HCRYPTKEY *phKey)
Definition: encode.c:4970
CertOpenStore
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
CertEnumCertificatesInStore
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrev)
Definition: store.c:928
CertCloseStore
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
CertDeleteCertificateFromStore
BOOL WINAPI CertDeleteCertificateFromStore(PCCERT_CONTEXT pCertContext)
Definition: store.c:943
CertStrToNameW
BOOL WINAPI CertStrToNameW(DWORD dwCertEncodingType, LPCWSTR pszX500, DWORD dwStrType, void *pvReserved, BYTE *pbEncoded, DWORD *pcbEncoded, LPCWSTR *ppszError)
Definition: str.c:1024
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
SetLastError
#define SetLastError(x)
Definition: compat.h:752
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
lstrcpyW
#define lstrcpyW
Definition: compat.h:749
lstrlenW
#define lstrlenW
Definition: compat.h:750
ext
static const WCHAR *const ext[]
Definition: module.c:53
lstrcmpW
int WINAPI lstrcmpW(LPCWSTR str1, LPCWSTR str2)
Definition: locale.c:4246
lstrcmpA
int WINAPI lstrcmpA(LPCSTR str1, LPCSTR str2)
Definition: locale.c:4198
ret
return ret
Definition: mutex.c:146
L
#define L(x)
Definition: resources.c:13
parent
r parent
Definition: btrfs.c:3010
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: fpEnumPrinters.c:23
count
GLuint GLuint GLsizei count
Definition: gl.h:1545
data
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
size
GLsizeiptr size
Definition: glext.h:5919
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
flags
GLbitfield flags
Definition: glext.h:7161
access
GLuint GLint GLboolean GLint GLenum access
Definition: glext.h:7866
param
GLfloat param
Definition: glext.h:5796
len
GLenum GLsizei len
Definition: glext.h:6722
bufSize
GLuint GLsizei bufSize
Definition: glext.h:6040
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
debugstr_w
#define debugstr_w
Definition: kernel32.h:32
wine_dbgstr_w
#define wine_dbgstr_w
Definition: kernel32.h:34
ERROR_FILE_NOT_FOUND
#define ERROR_FILE_NOT_FOUND
Definition: disk.h:79
testComparePublicKeyInfo
static void testComparePublicKeyInfo(void)
Definition: cert.c:3238
testKeyProvInfo
static void testKeyProvInfo(void)
Definition: cert.c:4331
ocsp_cert_issuer
static const BYTE ocsp_cert_issuer[]
Definition: cert.c:3783
serialNum
static BYTE serialNum[]
Definition: cert.c:38
testCompareCertName
static void testCompareCertName(void)
Definition: cert.c:3010
testCryptHashCert
static void testCryptHashCert(void)
Definition: cert.c:1703
ocsp_cert
static const BYTE ocsp_cert[]
Definition: cert.c:3634
checkHash
static void checkHash(const BYTE *data, DWORD dataLen, ALG_ID algID, PCCERT_CONTEXT context, DWORD propID)
Definition: cert.c:284
cert2WithUsage
static const BYTE cert2WithUsage[]
Definition: cert.c:2847
testCreateCert
static void testCreateCert(void)
Definition: cert.c:607
iTunesSerialNum
static BYTE iTunesSerialNum[]
Definition: cert.c:1091
testVerifyRevocation
static void testVerifyRevocation(void)
Definition: cert.c:3888
cnWithIntermediateSpace
static BYTE cnWithIntermediateSpace[]
Definition: cert.c:2996
testGetPublicKeyLength
static void testGetPublicKeyLength(void)
Definition: cert.c:4247
subjectName
static BYTE subjectName[]
Definition: cert.c:35
testSignAndEncodeCert
static void testSignAndEncodeCert(void)
Definition: cert.c:2132
privKey
static BYTE privKey[]
Definition: cert.c:4018
int1
static BYTE int1[]
Definition: cert.c:3203
selfSignedSignatureHash
static const BYTE selfSignedSignatureHash[]
Definition: cert.c:360
subjectKeyId
static const BYTE subjectKeyId[]
Definition: cert.c:334
bigCert
static const BYTE bigCert[]
Definition: cert.c:39
chain10_1
static const BYTE chain10_1[]
Definition: cert.c:1454
testLinkCert
static void testLinkCert(void)
Definition: cert.c:740
testCertProperties
static void testCertProperties(void)
Definition: cert.c:363
testDupCert
static void testDupCert(void)
Definition: cert.c:649
bigCertHash
static BYTE bigCertHash[]
Definition: cert.c:49
exportedPublicKeyBlob
static const BYTE exportedPublicKeyBlob[]
Definition: cert.c:4044
intBlobs
static struct IntBlobTest intBlobs[]
testHashPublicKeyInfo
static void testHashPublicKeyInfo(void)
Definition: cert.c:3371
rootSignedCRL
static const BYTE rootSignedCRL[]
Definition: cert.c:3612
self_signed_ecc_prime256v1
static const BYTE self_signed_ecc_prime256v1[]
Definition: cert.c:2052
childOfExpired
static const BYTE childOfExpired[]
Definition: cert.c:1403
testAcquireCertPrivateKey
static void testAcquireCertPrivateKey(void)
Definition: cert.c:4059
subjectName3
static BYTE subjectName3[]
Definition: cert.c:766
testVerifyCertSigEx
static void testVerifyCertSigEx(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned, LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
Definition: cert.c:1958
chain10_0
static const BYTE chain10_0[]
Definition: cert.c:1425
testHashToBeSigned
static void testHashToBeSigned(void)
Definition: cert.c:3413
chain7_1
static const BYTE chain7_1[]
Definition: cert.c:1483
testIntendedKeyUsage
static void testIntendedKeyUsage(void)
Definition: cert.c:2515
testGetIssuerCert
static void testGetIssuerCert(void)
Definition: cert.c:1513
asnEncodedPublicKey
static const BYTE asnEncodedPublicKey[]
Definition: cert.c:4052
testCompareIntegerBlob
static void testCompareIntegerBlob(void)
Definition: cert.c:3224
testCryptHashCert2
static void testCryptHashCert2(void)
Definition: cert.c:1738
rootWithKeySignAndCRLSign
static const BYTE rootWithKeySignAndCRLSign[]
Definition: cert.c:3547
testCompareCert
static void testCompareCert(void)
Definition: cert.c:3459
keyUsages
static const LPCSTR keyUsages[]
Definition: cert.c:2564
testKeyUsage
static void testKeyUsage(void)
Definition: cert.c:2567
iTunesCert2
static const BYTE iTunesCert2[]
Definition: cert.c:905
verifySig
static void verifySig(HCRYPTPROV csp, const BYTE *toSign, size_t toSignLen, const BYTE *sig, unsigned int sigLen)
Definition: cert.c:1804
v1CertWithPubKey
static const BYTE v1CertWithPubKey[]
Definition: cert.c:312
bigCertWithDifferentSubject
static const BYTE bigCertWithDifferentSubject[]
Definition: cert.c:52
expiredCert
static const BYTE expiredCert[]
Definition: cert.c:1376
testIsRDNAttrsInCertificateName
static void testIsRDNAttrsInCertificateName(void)
Definition: cert.c:3080
int7
static BYTE int7[]
Definition: cert.c:3209
test_VerifySignature
static void test_VerifySignature(void)
Definition: cert.c:4426
testCreateSelfSignCert
static void testCreateSelfSignCert(void)
Definition: cert.c:2210
iTunesCert3
static const BYTE iTunesCert3[]
Definition: cert.c:988
md5SignedEmptyCertHash
static const BYTE md5SignedEmptyCertHash[]
Definition: cert.c:3410
testCertSigs
static void testCertSigs(void)
Definition: cert.c:2084
v1CertWithSubjectKeyId
static const BYTE v1CertWithSubjectKeyId[]
Definition: cert.c:324
bigCertWithDifferentIssuer
static const BYTE bigCertWithDifferentIssuer[]
Definition: cert.c:63
cn
static BYTE cn[]
Definition: cert.c:2987
bigCert2WithDifferentSerial
static const BYTE bigCert2WithDifferentSerial[]
Definition: cert.c:88
md5SignedEmptyCert
static const BYTE md5SignedEmptyCert[]
Definition: cert.c:2117
int3
static BYTE int3[]
Definition: cert.c:3205
testAddCert
static void testAddCert(void)
Definition: cert.c:115
testVerifyCertSig
static void testVerifyCertSig(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned, LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
Definition: cert.c:1897
emptyCert
static BYTE emptyCert[]
Definition: cert.c:2045
iTunesIssuer
static BYTE iTunesIssuer[]
Definition: cert.c:1074
testGetSubjectCert
static void testGetSubjectCert(void)
Definition: cert.c:1318
int6
static BYTE int6[]
Definition: cert.c:3208
cnThenO
static BYTE cnThenO[]
Definition: cert.c:2999
iTunesCert0
static const BYTE iTunesCert0[]
Definition: cert.c:769
iTunesCert1
static const BYTE iTunesCert1[]
Definition: cert.c:835
testGetValidUsages
static void testGetValidUsages(void)
Definition: cert.c:2859
subjectName2
static BYTE subjectName2[]
Definition: cert.c:75
testFindCert
static void testFindCert(void)
Definition: cert.c:1095
eeCert
static const BYTE eeCert[]
Definition: cert.c:3581
oThenCN
static BYTE oThenCN[]
Definition: cert.c:3004
bigCert2Hash
static BYTE bigCert2Hash[]
Definition: cert.c:99
int5
static BYTE int5[]
Definition: cert.c:3207
cspNameA
static const CHAR cspNameA[]
Definition: cert.c:311
md5SignedEmptyCertNoNull
static const BYTE md5SignedEmptyCertNoNull[]
Definition: cert.c:2124
testSignCert
static void testSignCert(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned, LPCSTR sigOID, BYTE *sig, DWORD *sigLen)
Definition: cert.c:1835
cnWithTrailingSpace
static BYTE cnWithTrailingSpace[]
Definition: cert.c:2993
cnWithLeadingSpace
static BYTE cnWithLeadingSpace[]
Definition: cert.c:2990
testVerifySubjectCert
static void testVerifySubjectCert(void)
Definition: cert.c:3492
bigCert2
static const BYTE bigCert2[]
Definition: cert.c:78
selfSignedCert
static const BYTE selfSignedCert[]
Definition: cert.c:336
certWithUsage
static const BYTE certWithUsage[]
Definition: cert.c:102
int4
static BYTE int4[]
Definition: cert.c:3206
int2
static BYTE int2[]
Definition: cert.c:3204
cert2
static const BYTE cert2[]
Definition: message.c:797
cert1
static const BYTE cert1[]
Definition: message.c:781
cert
static BYTE cert[]
Definition: msg.c:1374
oid_rsa_md5
static char oid_rsa_md5[]
Definition: msg.c:32
collection
static ICollection collection
Definition: typelib.c:184
child
static HWND child
Definition: cursoricon.c:298
memset
#define memset(x, y, z)
Definition: compat.h:39
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
IntBlobTest::areEqual
BOOL areEqual
Definition: cert.c:3215
IntBlobTest::blob1
CRYPT_INTEGER_BLOB blob1
Definition: cert.c:3213
IntBlobTest::blob2
CRYPT_INTEGER_BLOB blob2
Definition: cert.c:3214
_BCRYPT_PKCS1_PADDING_INFO
Definition: bcrypt.h:148
_BCRYPT_PKCS1_PADDING_INFO::pszAlgId
LPCWSTR pszAlgId
Definition: bcrypt.h:149
_CERT_CONTEXT
Definition: wincrypt.h:487
_CERT_CONTEXT::hCertStore
HCERTSTORE hCertStore
Definition: wincrypt.h:492
_CERT_CONTEXT::pCertInfo
PCERT_INFO pCertInfo
Definition: wincrypt.h:491
_CERT_CONTEXT::pbCertEncoded
BYTE * pbCertEncoded
Definition: wincrypt.h:489
_CERT_CONTEXT::cbCertEncoded
DWORD cbCertEncoded
Definition: wincrypt.h:490
_CERT_EXTENSION
Definition: wincrypt.h:238
_CERT_INFO
Definition: wincrypt.h:249
_CERT_INFO::Subject
CERT_NAME_BLOB Subject
Definition: wincrypt.h:256
_CERT_INFO::Issuer
CERT_NAME_BLOB Issuer
Definition: wincrypt.h:253
_CERT_INFO::SerialNumber
CRYPT_INTEGER_BLOB SerialNumber
Definition: wincrypt.h:251
_CERT_KEY_CONTEXT
Definition: wincrypt.h:227
_CERT_KEY_CONTEXT::hCryptProv
HCRYPTPROV hCryptProv
Definition: wincrypt.h:229
_CERT_KEY_CONTEXT::dwKeySpec
DWORD dwKeySpec
Definition: wincrypt.h:230
_CERT_KEY_CONTEXT::cbSize
DWORD cbSize
Definition: wincrypt.h:228
_CERT_PUBLIC_KEY_INFO
Definition: wincrypt.h:233
_CERT_PUBLIC_KEY_INFO::PublicKey
CRYPT_BIT_BLOB PublicKey
Definition: wincrypt.h:235
_CERT_PUBLIC_KEY_INFO::Algorithm
CRYPT_ALGORITHM_IDENTIFIER Algorithm
Definition: wincrypt.h:234
_CERT_RDN_ATTR
Definition: wincrypt.h:264
_CERT_RDN
Definition: wincrypt.h:270
_CERT_RDN::cRDNAttr
DWORD cRDNAttr
Definition: wincrypt.h:271
_CERT_RDN::rgRDNAttr
PCERT_RDN_ATTR rgRDNAttr
Definition: wincrypt.h:272
_CERT_REVOCATION_PARA
Definition: wincrypt.h:914
_CERT_REVOCATION_PARA::hCrlStore
HCERTSTORE hCrlStore
Definition: wincrypt.h:919
_CERT_REVOCATION_PARA::pIssuerCert
PCCERT_CONTEXT pIssuerCert
Definition: wincrypt.h:916
_CERT_REVOCATION_PARA::cbSize
DWORD cbSize
Definition: wincrypt.h:915
_CERT_REVOCATION_STATUS
Definition: wincrypt.h:966
_CERT_SIGNED_CONTENT_INFO
Definition: wincrypt.h:629
_CRYPTOAPI_BLOB
Definition: wincrypt.h:110
_CRYPTOAPI_BLOB::cbData
DWORD cbData
Definition: wincrypt.h:111
_CRYPTOAPI_BLOB::pbData
BYTE * pbData
Definition: wincrypt.h:112
_CRYPT_ALGORITHM_IDENTIFIER
Definition: wincrypt.h:134
_CRYPT_ALGORITHM_IDENTIFIER::pszObjId
LPSTR pszObjId
Definition: wincrypt.h:135
_CRYPT_BIT_BLOB::cUnusedBits
DWORD cUnusedBits
Definition: wincrypt.h:207
_CRYPT_BIT_BLOB::pbData
BYTE * pbData
Definition: wincrypt.h:206
_CRYPT_BIT_BLOB::cbData
DWORD cbData
Definition: wincrypt.h:205
_CRYPT_KEY_PROV_INFO
Definition: wincrypt.h:217
_CRYPT_KEY_PROV_INFO::pwszContainerName
LPWSTR pwszContainerName
Definition: wincrypt.h:218
_CRYPT_KEY_PROV_INFO::dwKeySpec
DWORD dwKeySpec
Definition: wincrypt.h:224
_CRYPT_KEY_PROV_INFO::dwProvType
DWORD dwProvType
Definition: wincrypt.h:220
_CRYPT_KEY_PROV_INFO::cProvParam
DWORD cProvParam
Definition: wincrypt.h:222
_CRYPT_KEY_PROV_INFO::dwFlags
DWORD dwFlags
Definition: wincrypt.h:221
_CRYPT_KEY_PROV_INFO::rgProvParam
PCRYPT_KEY_PROV_PARAM rgProvParam
Definition: wincrypt.h:223
_CRYPT_KEY_PROV_INFO::pwszProvName
LPWSTR pwszProvName
Definition: wincrypt.h:219
_CRYPT_KEY_PROV_PARAM
Definition: wincrypt.h:210
_CTL_USAGE
Definition: wincrypt.h:830
_CTL_USAGE::cUsageIdentifier
DWORD cUsageIdentifier
Definition: wincrypt.h:831
_CTL_USAGE::rgpszUsageIdentifier
LPSTR * rgpszUsageIdentifier
Definition: wincrypt.h:832
attr
Definition: cookie.c:202
blob
Definition: image.c:134
context
Definition: http.c:7252
hash
Definition: _hash_fun.h:40
key
Definition: copy.c:22
name
Definition: name.c:39
status
Definition: ps.c:97
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
value
Definition: pdh_main.c:96
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
szOID_RSA_DH
#define szOID_RSA_DH
Definition: wincrypt.h:3180
MS_DEF_PROV_A
#define MS_DEF_PROV_A
Definition: wincrypt.h:2115
CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL
Definition: wincrypt.h:3634
CERT_MD5_HASH_PROP_ID
#define CERT_MD5_HASH_PROP_ID
Definition: wincrypt.h:2836
CRYPT_NEWKEYSET
#define CRYPT_NEWKEYSET
Definition: wincrypt.h:2274
CERT_RDN_IA5_STRING
#define CERT_RDN_IA5_STRING
Definition: wincrypt.h:2931
PROV_RSA_FULL
#define PROV_RSA_FULL
Definition: wincrypt.h:2243
CRYPT_VERIFYCONTEXT
#define CRYPT_VERIFYCONTEXT
Definition: wincrypt.h:2273
CALG_SHA1
#define CALG_SHA1
Definition: wincrypt.h:2060
CERT_KEY_CONTEXT_PROP_ID
#define CERT_KEY_CONTEXT_PROP_ID
Definition: wincrypt.h:2837
CERT_KEY_IDENTIFIER_PROP_ID
#define CERT_KEY_IDENTIFIER_PROP_ID
Definition: wincrypt.h:2853
X509_CERT_TO_BE_SIGNED
#define X509_CERT_TO_BE_SIGNED
Definition: wincrypt.h:3518
CERT_STORE_PROV_COLLECTION
#define CERT_STORE_PROV_COLLECTION
Definition: wincrypt.h:2465
CERT_STORE_REVOCATION_FLAG
#define CERT_STORE_REVOCATION_FLAG
Definition: wincrypt.h:3618
CERT_RDN_PRINTABLE_STRING
#define CERT_RDN_PRINTABLE_STRING
Definition: wincrypt.h:2927
CERT_STORE_ADD_REPLACE_EXISTING
#define CERT_STORE_ADD_REPLACE_EXISTING
Definition: wincrypt.h:2653
szOID_RSA_MD5RSA
#define szOID_RSA_MD5RSA
Definition: wincrypt.h:3174
CERT_X500_NAME_STR
#define CERT_X500_NAME_STR
Definition: wincrypt.h:3644
HCRYPTPROV
ULONG_PTR HCRYPTPROV
Definition: wincrypt.h:55
CERT_ARCHIVED_PROP_ID
#define CERT_ARCHIVED_PROP_ID
Definition: wincrypt.h:2852
CERT_FIND_SUBJECT_CERT
#define CERT_FIND_SUBJECT_CERT
Definition: wincrypt.h:3048
CERT_STORE_OPEN_EXISTING_FLAG
#define CERT_STORE_OPEN_EXISTING_FLAG
Definition: wincrypt.h:2634
X509_CERT
#define X509_CERT
Definition: wincrypt.h:3517
CryptImportPublicKeyInfoEx2
WINCRYPT32API BOOL WINAPI CryptImportPublicKeyInfoEx2(DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, DWORD dwFlags, void *pvAuxInfo, BCRYPT_KEY_HANDLE *phKey)
CERT_KEY_PROV_INFO_PROP_ID
#define CERT_KEY_PROV_INFO_PROP_ID
Definition: wincrypt.h:2833
CALG_MD5
#define CALG_MD5
Definition: wincrypt.h:2058
CERT_SET_KEY_CONTEXT_PROP_ID
#define CERT_SET_KEY_CONTEXT_PROP_ID
Definition: wincrypt.h:3755
CERT_STORE_CREATE_NEW_FLAG
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2633
HCRYPTHASH
ULONG_PTR HCRYPTHASH
Definition: wincrypt.h:59
CERT_STORE_PROV_SYSTEM
#define CERT_STORE_PROV_SYSTEM
Definition: wincrypt.h:2464
szOID_PKIX_KP_CLIENT_AUTH
#define szOID_PKIX_KP_CLIENT_AUTH
Definition: wincrypt.h:3451
CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG
#define CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG
Definition: wincrypt.h:3063
CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG
#define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG
Definition: wincrypt.h:2954
CERT_ENHKEY_USAGE
struct _CTL_USAGE CERT_ENHKEY_USAGE
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY
Definition: wincrypt.h:3631
szOID_PKIX_KP_CODE_SIGNING
#define szOID_PKIX_KP_CODE_SIGNING
Definition: wincrypt.h:3452
CRYPT_DELETEKEYSET
#define CRYPT_DELETEKEYSET
Definition: wincrypt.h:2275
szOID_KEY_USAGE
#define szOID_KEY_USAGE
Definition: wincrypt.h:3341
CERT_STORE_PROV_SYSTEM_A
#define CERT_STORE_PROV_SYSTEM_A
Definition: wincrypt.h:2462
AT_KEYEXCHANGE
#define AT_KEYEXCHANGE
Definition: wincrypt.h:2239
X509_ASN_ENCODING
#define X509_ASN_ENCODING
Definition: wincrypt.h:2501
PUBLICKEYBLOB
#define PUBLICKEYBLOB
Definition: wincrypt.h:2444
CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG
#define CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG
Definition: wincrypt.h:3065
CRYPT_DECODE_ALLOC_FLAG
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3612
CERT_STORE_PROV_MEMORY
#define CERT_STORE_PROV_MEMORY
Definition: wincrypt.h:2455
MS_DEF_PROV_W
static const WCHAR MS_DEF_PROV_W[]
Definition: wincrypt.h:2119
CERT_STORE_NO_ISSUER_FLAG
#define CERT_STORE_NO_ISSUER_FLAG
Definition: wincrypt.h:3620
CERT_STORE_NO_CRL_FLAG
#define CERT_STORE_NO_CRL_FLAG
Definition: wincrypt.h:3619
CERT_ACCESS_STATE_PROP_ID
#define CERT_ACCESS_STATE_PROP_ID
Definition: wincrypt.h:2847
RSA_CSP_PUBLICKEYBLOB
#define RSA_CSP_PUBLICKEYBLOB
Definition: wincrypt.h:3536
szOID_RSA_MD5
#define szOID_RSA_MD5
Definition: wincrypt.h:3206
CERT_KEY_CONTEXT
struct _CERT_KEY_CONTEXT CERT_KEY_CONTEXT
CERT_STORE_SIGNATURE_FLAG
#define CERT_STORE_SIGNATURE_FLAG
Definition: wincrypt.h:3616
CERT_STORE_ADD_USE_EXISTING
#define CERT_STORE_ADD_USE_EXISTING
Definition: wincrypt.h:2652
CERT_ACCESS_STATE_WRITE_PERSIST_FLAG
#define CERT_ACCESS_STATE_WRITE_PERSIST_FLAG
Definition: wincrypt.h:2913
CERT_STORE_ADD_NEW
#define CERT_STORE_ADD_NEW
Definition: wincrypt.h:2651
szOID_X957_DSA
#define szOID_X957_DSA
Definition: wincrypt.h:3214
CERT_HASH_PROP_ID
#define CERT_HASH_PROP_ID
Definition: wincrypt.h:2835
PCERT_ENHKEY_USAGE
struct _CTL_USAGE * PCERT_ENHKEY_USAGE
CERT_CONTEXT_REVOCATION_TYPE
#define CERT_CONTEXT_REVOCATION_TYPE
Definition: wincrypt.h:930
CERT_STORE_ADD_ALWAYS
#define CERT_STORE_ADD_ALWAYS
Definition: wincrypt.h:2654
CERT_FIND_SUBJECT_NAME
#define CERT_FIND_SUBJECT_NAME
Definition: wincrypt.h:3025
CERT_FIND_SHA1_HASH
#define CERT_FIND_SHA1_HASH
Definition: wincrypt.h:3012
CRYPT_ENCODE_ALLOC_FLAG
#define CRYPT_ENCODE_ALLOC_FLAG
Definition: wincrypt.h:3599
szOID_RSA_SHA1RSA
#define szOID_RSA_SHA1RSA
Definition: wincrypt.h:3175
CERT_SIGNATURE_HASH_PROP_ID
#define CERT_SIGNATURE_HASH_PROP_ID
Definition: wincrypt.h:2848
CERT_UNICODE_IS_RDN_ATTRS_FLAG
#define CERT_UNICODE_IS_RDN_ATTRS_FLAG
Definition: wincrypt.h:2953
CERT_SYSTEM_STORE_CURRENT_USER
#define CERT_SYSTEM_STORE_CURRENT_USER
Definition: wincrypt.h:2528
szOID_RSA_RSA
#define szOID_RSA_RSA
Definition: wincrypt.h:3168
szOID_COMMON_NAME
#define szOID_COMMON_NAME
Definition: wincrypt.h:3290
CERT_FIND_ISSUER_STR
#define CERT_FIND_ISSUER_STR
Definition: wincrypt.h:3042
PKCS_7_ASN_ENCODING
#define PKCS_7_ASN_ENCODING
Definition: wincrypt.h:2503
AT_SIGNATURE
#define AT_SIGNATURE
Definition: wincrypt.h:2240
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB
Definition: wincrypt.h:3626
CERT_LAST_USER_PROP_ID
#define CERT_LAST_USER_PROP_ID
Definition: wincrypt.h:2896
CERT_FIND_ISSUER_NAME
#define CERT_FIND_ISSUER_NAME
Definition: wincrypt.h:3029
CERT_KEY_PROV_HANDLE_PROP_ID
#define CERT_KEY_PROV_HANDLE_PROP_ID
Definition: wincrypt.h:2832
CERT_VERIFY_REV_CHAIN_FLAG
#define CERT_VERIFY_REV_CHAIN_FLAG
Definition: wincrypt.h:931
CERT_RDN_UNICODE_STRING
#define CERT_RDN_UNICODE_STRING
Definition: wincrypt.h:2939
HCRYPTKEY
ULONG_PTR HCRYPTKEY
Definition: wincrypt.h:58
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG
#define CRYPT_ACQUIRE_USE_PROV_INFO_FLAG
Definition: wincrypt.h:3762
CERT_FIND_ISSUER_OF
#define CERT_FIND_ISSUER_OF
Definition: wincrypt.h:3050
CRYPT_ACQUIRE_CACHE_FLAG
#define CRYPT_ACQUIRE_CACHE_FLAG
Definition: wincrypt.h:3761
szOID_ORGANIZATION_NAME
#define szOID_ORGANIZATION_NAME
Definition: wincrypt.h:3297
CryptHashCertificate2
WINCRYPT32API BOOL WINAPI CryptHashCertificate2(LPCWSTR pwszCNGHashAlgid, DWORD dwFlags, void *pvReserved, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash)
ALG_ID
unsigned int ALG_ID
Definition: wincrypt.h:54
CRYPT_E_NO_MATCH
#define CRYPT_E_NO_MATCH
Definition: winerror.h:4426
CRYPT_E_NOT_FOUND
#define CRYPT_E_NOT_FOUND
Definition: winerror.h:4421
NTE_BAD_ALGID
#define NTE_BAD_ALGID
Definition: winerror.h:4255
CRYPT_E_NO_REVOCATION_DLL
#define CRYPT_E_NO_REVOCATION_DLL
Definition: winerror.h:4434
NTE_BAD_PROV_TYPE
#define NTE_BAD_PROV_TYPE
Definition: winerror.h:4267
NTE_NO_KEY
#define NTE_NO_KEY
Definition: winerror.h:4260
CRYPT_E_SELF_SIGNED
#define CRYPT_E_SELF_SIGNED
Definition: winerror.h:4424
E_ACCESSDENIED
#define E_ACCESSDENIED
Definition: winerror.h:4116
CRYPT_E_ASN1_CORRUPT
#define CRYPT_E_ASN1_CORRUPT
Definition: winerror.h:4502
NTE_BAD_LEN
#define NTE_BAD_LEN
Definition: winerror.h:4251
CRYPT_E_NO_REVOCATION_CHECK
#define CRYPT_E_NO_REVOCATION_CHECK
Definition: winerror.h:4435
CRYPT_E_NO_KEY_PROPERTY
#define CRYPT_E_NO_KEY_PROPERTY
Definition: winerror.h:4428
NTE_BAD_KEYSET
#define NTE_BAD_KEYSET
Definition: winerror.h:4269
CRYPT_E_REVOCATION_OFFLINE
#define CRYPT_E_REVOCATION_OFFLINE
Definition: winerror.h:4436
CRYPT_E_EXISTS
#define CRYPT_E_EXISTS
Definition: winerror.h:4422
CRYPT_E_ASN1_EOD
#define CRYPT_E_ASN1_EOD
Definition: winerror.h:4501
CRYPT_E_ASN1_BADTAG
#define CRYPT_E_ASN1_BADTAG
Definition: winerror.h:4510
ERROR_INVALID_DATA
#define ERROR_INVALID_DATA
Definition: winerror.h:238
LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
CHAR
char CHAR
Definition: xmlstorage.h:175
BYTE
unsigned char BYTE
Definition: xxhash.c:193