ReactOS 0.4.16-dev-1946-g52006dd
crl.c
Go to the documentation of this file.
1/*
2 * crypt32 CRL functions tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21#include <stdio.h>
22#include <stdarg.h>
23
24#include <windef.h>
25#include <winbase.h>
26#include <winreg.h>
27#include <winerror.h>
28#include <wincrypt.h>
29
30#include "wine/test.h"
31
32
33static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
54 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
63 0x02, 0x01, 0x01 };
64static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
68 0x5a };
69static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
79
80static void testCreateCRL(void)
81{
82 PCCRL_CONTEXT context;
83 DWORD GLE;
84
85 context = CertCreateCRLContext(0, NULL, 0);
86 ok(!context && GetLastError() == E_INVALIDARG,
87 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
88 context = CertCreateCRLContext(X509_ASN_ENCODING, NULL, 0);
89 GLE = GetLastError();
90 ok(!context && GLE == CRYPT_E_ASN1_EOD,
91 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GLE);
92 context = CertCreateCRLContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
93 ok(!context, "Expected failure\n");
94 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
95 sizeof(signedCRL) - 1);
96 ok(!context, "Expected failure\n");
97 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
98 sizeof(signedCRL));
99 ok(context != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
100 if (context)
101 CertFreeCRLContext(context);
102 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
103 ok(context != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
104 if (context)
105 CertFreeCRLContext(context);
106}
107
108static void testDupCRL(void)
109{
110 PCCRL_CONTEXT context, dupContext;
111 BOOL res;
112
113 context = CertDuplicateCRLContext(NULL);
114 ok(context == NULL, "expected NULL\n");
115 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
116 sizeof(signedCRL));
117 dupContext = CertDuplicateCRLContext(context);
118 ok(dupContext != NULL, "expected a context\n");
119 ok(dupContext == context, "expected identical context addresses\n");
120
121 res = CertFreeCRLContext(dupContext);
122 ok(res, "CertFreeCRLContext failed\n");
123
124 res = CertFreeCRLContext(context);
125 ok(res, "CertFreeCRLContext failed\n");
126
127 res = CertFreeCRLContext(NULL);
128 ok(res, "CertFreeCRLContext failed\n");
129}
130
131static void testAddCRL(void)
132{
133 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
134 CERT_STORE_CREATE_NEW_FLAG, NULL);
135 PCCRL_CONTEXT context, context2;
136 BOOL ret;
137 DWORD GLE;
138
139 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
140 if (!store) return;
141
142 /* Bad CRL encoding type */
143 ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
144 ok(!ret && GetLastError() == E_INVALIDARG,
145 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
146 ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
147 ok(!ret && GetLastError() == E_INVALIDARG,
148 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
149 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
150 ok(!ret && GetLastError() == E_INVALIDARG,
151 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
152 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
153 NULL);
154 ok(!ret && GetLastError() == E_INVALIDARG,
155 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
156 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL),
157 CERT_STORE_ADD_ALWAYS, NULL);
158 ok(!ret && GetLastError() == E_INVALIDARG,
159 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
160 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
161 CERT_STORE_ADD_ALWAYS, NULL);
162 ok(!ret && GetLastError() == E_INVALIDARG,
163 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
164
165 /* No CRL */
166 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, NULL, 0, 0, NULL);
167 GLE = GetLastError();
168 ok(!ret && GLE == CRYPT_E_ASN1_EOD,
169 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GLE);
170 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, NULL, 0, 0, NULL);
171 GLE = GetLastError();
172 ok(!ret && GLE == CRYPT_E_ASN1_EOD,
173 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GLE);
174
175 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
176 sizeof(signedCRL), 0, NULL);
177 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
178 GetLastError() == E_INVALIDARG /* Vista */),
179 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08lx\n", GetLastError());
180 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
181 sizeof(signedCRL), 0, NULL);
182 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
183 GetLastError() == E_INVALIDARG /* Vista */),
184 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08lx\n", GetLastError());
185
186 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
187 */
188 context = NULL;
189 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
190 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
191 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
192 if (context)
193 CertFreeCRLContext(context);
194
195 /* Normal cases: a "signed" CRL is okay.. */
196 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
197 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
198 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
199 /* and an unsigned one is too. */
200 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, CRL, sizeof(CRL),
201 CERT_STORE_ADD_ALWAYS, NULL);
202 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
203
204 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
205 sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
206 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
207 "Expected CRYPT_E_EXISTS, got %08lx\n", GetLastError());
208
209 /* This should replace (one of) the existing CRL(s). */
210 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
211 sizeof(newerCRL), CERT_STORE_ADD_NEWER, NULL);
212 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
213
214 CertCloseStore(store, 0);
215
216 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
217 ok(store != NULL, "CertOpenStore failed\n");
218
219 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
220 ok(context != NULL, "CertCreateCRLContext failed\n");
221
222 ret = CertAddCRLContextToStore(store, context, CERT_STORE_ADD_NEW, &context2);
223 ok(ret, "CertAddCRLContextToStore failed\n");
224 ok(context2 != NULL && context2 != context, "unexpected context2\n");
225
226 ok(context->pbCrlEncoded != context2->pbCrlEncoded, "Unexpected pbCrlEncoded\n");
227 ok(context->cbCrlEncoded == context2->cbCrlEncoded, "Unexpected cbCrlEncoded\n");
228 ok(context->pCrlInfo != context2->pCrlInfo, "Unexpected pCrlInfo\n");
229
230 CertFreeCRLContext(context2);
231 CertFreeCRLContext(context);
232 CertCloseStore(store, 0);
233}
234
235static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
236 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
237 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
238 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
239 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
240 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
241static const BYTE v2CRLWithIssuingDistPoint[] = {
2420x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
2430x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
2440x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
2450x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
2460x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
2470x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
2480x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
2490x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
250static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
251 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
252 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
253 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
254 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
255 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
256 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
257 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
258 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
259 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
260 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
261 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
262 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
263 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
264 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
265 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
266 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
267 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
268 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
269 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
270 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
271 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
272 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
273 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
274 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
275 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
276 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
277 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
278 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
279 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
280 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
281 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
282 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
283 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
284 0xcd };
285static const BYTE verisignCommercialSoftPubCA[] = {
2860x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
2870x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
2880x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
2890x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
2900x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
2910x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
2920x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
2930x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
2940x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
2950x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
2960x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
2970x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
2980x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
2990x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
3000x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
3010x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
3020x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
3030x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
3040x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
3050x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
3060x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
3070xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
3080x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
3090xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
3100x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
3110xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
3120xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
3130x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
3140x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
3150xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
3160xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
3170x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
3180x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
3190x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
3200xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
3210x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
3220x64,0x31,0x3c,0x3c
323};
324static const BYTE rootWithKeySignAndCRLSign[] = {
3250x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
3260x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
3270xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
3280x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
3290x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
3300x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
3310x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
3320x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
3330x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
3340x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
3350x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
3360x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
3370x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
3380xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
3390x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
3400x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
3410xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
3420x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
3430x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
3440xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
3450x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
3460x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
3470x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
3480x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
3490x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
3500x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
3510x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
3520x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
3530x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
3540x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
3550x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
3560x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
3570x2e,0x84,0xee };
358static const BYTE eeCert[] = {
3590x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
3600x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
3610x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
3620x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
3630x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
3640x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
3650x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
3660x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
3670x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
3680x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
3690xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
3700x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
3710xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
3720x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
3730x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
3740xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
3750x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
3760x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
3770x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
3780xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
3790xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
3800xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
3810xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
3820x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
3830xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
3840x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
3850xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
3860xef,0x9f };
387static const BYTE rootSignedCRL[] = {
3880x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
3890x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
3900x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
3910x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
3920x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
3930x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
3940x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
3950x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
3960x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
3970xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
3980xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
3990x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
4000x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
4010x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
4020xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
4030x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
4040xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
4050x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
4060x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
4070x3d,0x74,0xd6,0x3b };
408
409static void testFindCRL(void)
410{
411 HCERTSTORE store;
412 PCCRL_CONTEXT context;
413 PCCERT_CONTEXT cert, endCert, rootCert;
414 CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
415 DWORD count, revoked_count;
416 BOOL ret;
417
418 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
419 CERT_STORE_CREATE_NEW_FLAG, NULL);
420 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
421 if (!store) return;
422
423 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
424 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
425 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
426
427 /* Crashes
428 context = CertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
429 */
430
431 /* Find any context */
432 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
433 ok(context != NULL, "Expected a context\n");
434 if (context)
435 CertFreeCRLContext(context);
436 /* Bogus flags are ignored */
437 context = CertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
438 ok(context != NULL, "Expected a context\n");
439 if (context)
440 CertFreeCRLContext(context);
441 /* CRL encoding type is ignored too */
442 context = CertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
443 ok(context != NULL, "Expected a context\n");
444 if (context)
445 CertFreeCRLContext(context);
446
447 /* This appears to match any cert */
448 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
449 ok(context != NULL, "Expected a context\n");
450 if (context)
451 CertFreeCRLContext(context);
452
453 /* Try to match an issuer that isn't in the store */
454 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
455 sizeof(bigCert2));
456 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
457 GetLastError());
458 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
459 ok(context == NULL, "Expected no matching context\n");
460 CertFreeCertificateContext(cert);
461
462 /* Match an issuer that is in the store */
463 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
464 sizeof(bigCert));
465 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
466 GetLastError());
467 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
468 ok(context != NULL, "Expected a context\n");
469 if (context)
470 CertFreeCRLContext(context);
471
472 /* Try various find flags */
473 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
474 CRL_FIND_ISSUED_BY, cert, NULL);
475 ok(!context, "unexpected context\n");
476 /* The CRL doesn't have an AKI extension, so it matches any cert */
477 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
478 CRL_FIND_ISSUED_BY, cert, NULL);
479 ok(context != NULL, "Expected a context\n");
480 if (context)
481 CertFreeCRLContext(context);
482
483 if (0)
484 {
485 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
486 CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
487 NULL);
488 CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
489 &issuedForPara, NULL);
490 }
491 /* Test whether the cert matches the CRL in the store */
492 issuedForPara.pSubjectCert = cert;
493 issuedForPara.pIssuerCert = cert;
494 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
495 &issuedForPara, NULL);
496 ok(context != NULL, "Expected a context\n");
497 if (context)
498 {
499 ok(context->cbCrlEncoded == sizeof(signedCRL),
500 "unexpected CRL size %ld\n", context->cbCrlEncoded);
501 ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
502 "unexpected CRL data\n");
503 CertFreeCRLContext(context);
504 }
505
506 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
507 v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry),
508 CERT_STORE_ADD_ALWAYS, NULL);
509 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
510 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
511 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
512 CERT_STORE_ADD_ALWAYS, NULL);
513 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
514 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
515 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
516 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
517 issuedForPara.pSubjectCert = cert;
518 issuedForPara.pIssuerCert = cert;
519 context = NULL;
520 count = revoked_count = 0;
521 do {
522 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
523 &issuedForPara, context);
524 if (context)
525 {
526 PCRL_ENTRY entry;
527
528 count++;
529 if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
530 entry)
531 revoked_count++;
532 }
533 } while (context);
534 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
535 * match cert's issuer, but verisignCRL does not, so the expected count
536 * is 0.
537 */
538 ok(count == 3, "expected 3 matching CRLs, got %ld\n", count);
539 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
540 * entries, so the count of CRL entries that match cert is 2.
541 */
542 ok(revoked_count == 2, "expected 2 matching CRL entries, got %ld\n", revoked_count);
543
544 CertFreeCertificateContext(cert);
545
546 /* Try again with a cert that doesn't match any CRLs in the store */
547 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
548 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
549 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
550 GetLastError());
551 issuedForPara.pSubjectCert = cert;
552 issuedForPara.pIssuerCert = cert;
553 context = NULL;
554 count = revoked_count = 0;
555 do {
556 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
557 &issuedForPara, context);
558 if (context)
559 {
560 PCRL_ENTRY entry;
561
562 count++;
563 if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
564 entry)
565 revoked_count++;
566 }
567 } while (context);
568 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
569 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
570 revoked_count);
571 CertFreeCertificateContext(cert);
572
573 /* Test again with a real certificate and CRL. The certificate wasn't
574 * revoked, but its issuer does have a CRL.
575 */
576 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
577 verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA));
578 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
579 GetLastError());
580 issuedForPara.pIssuerCert = cert;
581 issuedForPara.pSubjectCert = cert;
582 context = NULL;
583 count = revoked_count = 0;
584 do {
585 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
586 &issuedForPara, context);
587 if (context)
588 {
589 PCRL_ENTRY entry;
590
591 count++;
592 if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
593 entry)
594 revoked_count++;
595 }
596 } while (context);
597 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
598 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
599 revoked_count);
600 CertFreeCertificateContext(cert);
601
602 CertCloseStore(store, 0);
603
604 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
605 * eeCert) whose end certificate is in the CRL.
606 */
607 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
608 CERT_STORE_CREATE_NEW_FLAG, NULL);
609 /* Add a CRL for the end certificate */
610 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
611 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
612 /* Add another CRL unrelated to the tested chain */
613 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
614 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
615 endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
616 eeCert, sizeof(eeCert));
617 rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
618 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
619 issuedForPara.pSubjectCert = endCert;
620 issuedForPara.pIssuerCert = rootCert;
621 context = NULL;
622 count = revoked_count = 0;
623 do {
624 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
625 &issuedForPara, context);
626 if (context)
627 {
628 PCRL_ENTRY entry;
629
630 count++;
631 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
632 entry)
633 revoked_count++;
634 }
635 } while (context);
636 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
637 ok(revoked_count == 1, "expected 1 matching CRL entries, got %ld\n", revoked_count);
638
639 /* Test CRL_FIND_ISSUED_BY flags */
640 count = revoked_count = 0;
641 do {
642 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
643 endCert, context);
644 if (context)
645 {
646 PCRL_ENTRY entry;
647
648 count++;
649 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
650 entry)
651 revoked_count++;
652 }
653 } while (context);
654 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
655 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
656 revoked_count);
657 count = revoked_count = 0;
658 do {
659 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
660 rootCert, context);
661 if (context)
662 {
663 PCRL_ENTRY entry;
664
665 count++;
666 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
667 entry)
668 revoked_count++;
669 }
670 } while (context);
671 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
672 ok(revoked_count == 1, "expected 1 matching CRL entries, got %ld\n",
673 revoked_count);
674 count = revoked_count = 0;
675 do {
676 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
677 CRL_FIND_ISSUED_BY, endCert, context);
678 if (context)
679 {
680 PCRL_ENTRY entry;
681
682 count++;
683 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
684 entry)
685 revoked_count++;
686 }
687 } while (context);
688 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
689 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
690 revoked_count);
691 count = revoked_count = 0;
692 do {
693 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
694 CRL_FIND_ISSUED_BY, rootCert, context);
695 if (context)
696 {
697 PCRL_ENTRY entry;
698
699 count++;
700 if (CertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
701 entry)
702 revoked_count++;
703 }
704 } while (context);
705 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
706 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
707 revoked_count);
708 count = revoked_count = 0;
709 do {
710 context = CertFindCRLInStore(store, 0,
711 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
712 context);
713 if (context)
714 {
715 PCRL_ENTRY entry;
716
717 count++;
718 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
719 entry)
720 revoked_count++;
721 }
722 } while (context);
723 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
724 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
725 revoked_count);
726 count = revoked_count = 0;
727 do {
728 context = CertFindCRLInStore(store, 0,
729 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
730 context);
731 if (context)
732 {
733 PCRL_ENTRY entry;
734
735 count++;
736 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
737 entry)
738 revoked_count++;
739 }
740 } while (context);
741 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
742 ok(revoked_count == 1, "expected 1 matching CRL entries, got %ld\n",
743 revoked_count);
744 CertFreeCertificateContext(rootCert);
745 CertFreeCertificateContext(endCert);
746
747 CertCloseStore(store, 0);
748}
749
750static void testGetCRLFromStore(void)
751{
752 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
753 CERT_STORE_CREATE_NEW_FLAG, NULL);
754 PCCRL_CONTEXT context;
755 PCCERT_CONTEXT cert;
756 DWORD flags;
757 BOOL ret;
758
759 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
760 if (!store) return;
761
762 /* Crash
763 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
764 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
765 */
766
767 /* Bogus flags */
768 flags = 0xffffffff;
769 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
770 ok(!context && GetLastError() == E_INVALIDARG,
771 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
772
773 /* Test an empty store */
774 flags = 0;
775 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
776 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
777 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
778
779 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
780 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
781 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
782
783 /* NULL matches any CRL */
784 flags = 0;
785 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
786 ok(context != NULL, "Expected a context\n");
787 CertFreeCRLContext(context);
788
789 /* This cert's issuer isn't in */
790 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
791 sizeof(bigCert2));
792 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
793 GetLastError());
794 context = CertGetCRLFromStore(store, cert, NULL, &flags);
795 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
796 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
797 CertFreeCertificateContext(cert);
798
799 /* But this one is */
800 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
801 sizeof(bigCert));
802 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
803 GetLastError());
804 context = CertGetCRLFromStore(store, cert, NULL, &flags);
805 ok(context != NULL, "Expected a context\n");
806 CertFreeCRLContext(context);
807 CertFreeCertificateContext(cert);
808
809 CertCloseStore(store, 0);
810}
811
812static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
813 PCCRL_CONTEXT context, DWORD propID)
814{
815 BYTE hash[20] = { 0 }, hashProperty[20];
816 BOOL ret;
817 DWORD size;
818
819 memset(hash, 0, sizeof(hash));
820 memset(hashProperty, 0, sizeof(hashProperty));
821 size = sizeof(hash);
822 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
823 ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
824 ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
825 ok(ret, "CertGetCRLContextProperty failed: %08lx\n", GetLastError());
826 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %ld\n",
827 propID);
828}
829
830static void testCRLProperties(void)
831{
832 PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING,
833 CRL, sizeof(CRL));
834
835 ok(context != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
836 if (context)
837 {
838 DWORD propID, numProps, access, size;
839 BOOL ret;
840 BYTE hash[20] = { 0 }, hashProperty[20];
841 CRYPT_DATA_BLOB blob;
842
843 /* This crashes
844 propID = CertEnumCRLContextProperties(NULL, 0);
845 */
846
847 propID = 0;
848 numProps = 0;
849 do {
850 propID = CertEnumCRLContextProperties(context, propID);
851 if (propID)
852 numProps++;
853 } while (propID != 0);
854 ok(numProps == 0, "Expected 0 properties, got %ld\n", numProps);
855
856 /* Tests with a NULL cert context. Prop ID 0 fails.. */
857 ret = CertSetCRLContextProperty(NULL, 0, 0, NULL);
858 ok(!ret && GetLastError() == E_INVALIDARG,
859 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
860 /* while this just crashes.
861 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
862 NULL);
863 */
864
865 ret = CertSetCRLContextProperty(context, 0, 0, NULL);
866 ok(!ret && GetLastError() == E_INVALIDARG,
867 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
868 /* Can't set the cert property directly, this crashes.
869 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
870 */
871
872 /* These all crash.
873 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
874 NULL);
875 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
876 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
877 hashProperty, NULL);
878 */
879 /* A missing prop */
880 size = 0;
881 ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
882 NULL, &size);
883 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
884 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
885 /* And, an implicit property */
886 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
887 NULL, &size);
888 ok(ret, "CertGetCRLContextProperty failed: %08lx\n", GetLastError());
889 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
890 &access, &size);
891 ok(ret, "CertGetCRLContextProperty failed: %08lx\n", GetLastError());
892 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
893 "Didn't expect a persisted crl\n");
894 /* Trying to set this "read only" property crashes.
895 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
896 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
897 &access);
898 */
899
900 /* Can I set the hash to an invalid hash? */
901 blob.pbData = hash;
902 blob.cbData = sizeof(hash);
903 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob);
904 ok(ret, "CertSetCRLContextProperty failed: %08lx\n",
905 GetLastError());
906 size = sizeof(hashProperty);
907 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
908 hashProperty, &size);
909 ok(ret, "CertSetCRLContextProperty failed: %08lx\n", GetLastError());
910 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
911 /* Delete the (bogus) hash, and get the real one */
912 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL);
913 ok(ret, "CertSetCRLContextProperty failed: %08lx\n", GetLastError());
914 checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID);
915
916 /* Now that the hash property is set, we should get one property when
917 * enumerating.
918 */
919 propID = 0;
920 numProps = 0;
921 do {
922 propID = CertEnumCRLContextProperties(context, propID);
923 if (propID)
924 numProps++;
925 } while (propID != 0);
926 ok(numProps == 1, "Expected 1 properties, got %ld\n", numProps);
927
928 /* Check a few other implicit properties */
929 checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
930 CERT_MD5_HASH_PROP_ID);
931
932 CertFreeCRLContext(context);
933 }
934}
935
936static const BYTE bigCertWithCRLDistPoints[] = {
9370x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
9380x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
9390x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
9400x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
9410x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
9420x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
9430x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
9440x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
9450x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
9460x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
9470x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
9480x6f,0x72,0x67 };
949
950static void testIsValidCRLForCert(void)
951{
952 BOOL ret;
953 PCCERT_CONTEXT cert1, cert2, cert3;
954 PCCRL_CONTEXT crl;
955 HCERTSTORE store;
956
957 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
958 sizeof(v1CRLWithIssuerAndEntry));
959 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
960 cert1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
961 sizeof(bigCert));
962 ok(cert1 != NULL, "CertCreateCertificateContext failed: %08lx\n",
963 GetLastError());
964
965 /* Crash
966 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
967 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
968 */
969
970 /* Curiously, any CRL is valid for the NULL certificate */
971 ret = CertIsValidCRLForCertificate(NULL, crl, 0, NULL);
972 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
973
974 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
975 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
976 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
977
978 cert2 = CertCreateCertificateContext(X509_ASN_ENCODING,
979 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
980 ok(cert2 != NULL, "CertCreateCertificateContext failed: %08lx\n",
981 GetLastError());
982
983 /* Yet more curious: different issuers for these, yet the CRL is valid for
984 * that cert. According to MSDN, the relevant bit to check is whether the
985 * CRL has a CRL_ISSUING_DIST_POINT extension.
986 */
987 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
988 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
989
990 CertFreeCRLContext(crl);
991
992 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
993 * cert doesn't have the same extension in it.
994 */
995 crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
996 sizeof(v2CRLWithIssuingDistPoint));
997 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
998
999 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1000 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1001 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
1002 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1003 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1004 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
1005
1006 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1007 * a CRL_DIST_POINTS_INFO extension.
1008 */
1009 cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
1010 bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
1011 ok(cert3 != NULL, "CertCreateCertificateContext failed: %08lx\n",
1012 GetLastError());
1013 ret = CertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1014 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1015
1016 CertFreeCRLContext(crl);
1017
1018 /* And again, with a real CRL, the CRL is valid for all three certs. */
1019 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1020 sizeof(verisignCRL));
1021 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
1022
1023 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1024 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1025 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1026 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1027 ret = CertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1028 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1029
1030 CertFreeCRLContext(crl);
1031
1032 /* One last test: a CRL in a different store than the cert is also valid
1033 * for the cert.
1034 */
1035 store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
1036 CERT_STORE_CREATE_NEW_FLAG, NULL);
1037 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
1038
1039 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL,
1040 sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl);
1041 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
1042
1043 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1044 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1045 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1046 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1047 ret = CertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1048 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1049
1050 CertFreeCRLContext(crl);
1051
1052 CertCloseStore(store, 0);
1053
1054 CertFreeCertificateContext(cert3);
1055 CertFreeCertificateContext(cert2);
1056 CertFreeCertificateContext(cert1);
1057}
1058
1059static const BYTE crlWithDifferentIssuer[] = {
1060 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1061 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1062 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1063 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1064 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1065
1066static void testFindCertInCRL(void)
1067{
1068 BOOL ret;
1069 PCCERT_CONTEXT cert;
1070 PCCRL_CONTEXT crl;
1071 PCRL_ENTRY entry;
1072
1073 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1074 sizeof(bigCert));
1075 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
1076 GetLastError());
1077
1078 /* Crash
1079 ret = CertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1080 ret = CertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1081 ret = CertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1082 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1083 ret = CertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1084 ret = CertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1085 ret = CertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1086 */
1087
1088 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1089 sizeof(verisignCRL));
1090 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1091 ok(ret, "CertFindCertificateInCRL failed: %08lx\n", GetLastError());
1092 ok(entry == NULL, "Expected not to find an entry in CRL\n");
1093 CertFreeCRLContext(crl);
1094
1095 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1096 sizeof(v1CRLWithIssuerAndEntry));
1097 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1098 ok(ret, "CertFindCertificateInCRL failed: %08lx\n", GetLastError());
1099 ok(entry != NULL, "Expected to find an entry in CRL\n");
1100 CertFreeCRLContext(crl);
1101
1102 /* Entry found even though CRL issuer doesn't match cert issuer */
1103 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1104 sizeof(crlWithDifferentIssuer));
1105 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1106 ok(ret, "CertFindCertificateInCRL failed: %08lx\n", GetLastError());
1107 ok(entry != NULL, "Expected to find an entry in CRL\n");
1108 CertFreeCRLContext(crl);
1109
1110 CertFreeCertificateContext(cert);
1111}
1112
1113static void testVerifyCRLRevocation(void)
1114{
1115 BOOL ret;
1116 PCCERT_CONTEXT cert;
1117 PCCRL_CONTEXT crl;
1118
1119 ret = CertVerifyCRLRevocation(0, NULL, 0, NULL);
1120 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1121 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, NULL, 0, NULL);
1122 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1123
1124 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1125 sizeof(bigCert));
1126
1127 /* Check against no CRL */
1128 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1129 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1130 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 0, NULL);
1131 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1132
1133 /* Check against CRL with entry for the cert */
1134 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1135 sizeof(v1CRLWithIssuerAndEntry));
1136 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1137 (PCRL_INFO *)&crl->pCrlInfo);
1138 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1139 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1140 (PCRL_INFO *)&crl->pCrlInfo);
1141 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1142 CertFreeCRLContext(crl);
1143
1144 /* Check against CRL with different issuer and entry for the cert */
1145 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1146 sizeof(crlWithDifferentIssuer));
1147 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
1148 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1149 (PCRL_INFO *)&crl->pCrlInfo);
1150 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1151 CertFreeCRLContext(crl);
1152
1153 /* Check against CRL without entry for the cert */
1154 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1155 sizeof(verisignCRL));
1156 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1157 (PCRL_INFO *)&crl->pCrlInfo);
1158 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1159 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1160 (PCRL_INFO *)&crl->pCrlInfo);
1161 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1162 CertFreeCRLContext(crl);
1163
1164 CertFreeCertificateContext(cert);
1165}
1166
1167START_TEST(crl)
1168{
1169 testCreateCRL();
1170 testDupCRL();
1171 testAddCRL();
1172 testFindCRL();
1173 testGetCRLFromStore();
1174 testCRLProperties();
1175 testIsValidCRLForCert();
1176 testFindCertInCRL();
1177 testVerifyCRLRevocation();
1178}
memcmp
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
ok
#define ok(value,...)
Definition: atltest.h:57
START_TEST
#define START_TEST(x)
Definition: atltest.h:75
E_INVALIDARG
#define E_INVALIDARG
Definition: ddrawi.h:101
NULL
#define NULL
Definition: types.h:112
CertFreeCertificateContext
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
CertCreateCertificateContext
PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded)
Definition: cert.c:316
CryptHashCertificate
BOOL WINAPI CryptHashCertificate(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash)
Definition: cert.c:2187
CertGetCRLContextProperty
BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
Definition: crl.c:472
CertEnumCRLContextProperties
DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext, DWORD dwPropId)
Definition: crl.c:395
CertIsValidCRLForCertificate
BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert, PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
Definition: crl.c:681
CertFreeCRLContext
BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT pCrlContext)
Definition: crl.c:386
CertFindCertificateInCRL
BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert, PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved, PCRL_ENTRY *ppCrlEntry)
Definition: crl.c:750
CertSetCRLContextProperty
BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext, DWORD dwPropId, DWORD dwFlags, const void *pvData)
Definition: crl.c:566
CertDuplicateCRLContext
PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
Definition: crl.c:378
CertFindCRLInStore
PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
Definition: crl.c:287
CertGetCRLFromStore
PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
Definition: crl.c:337
CertAddEncodedCRLToStore
BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded, DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
Definition: crl.c:129
CertCreateCRLContext
PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded)
Definition: crl.c:85
CertVerifyCRLRevocation
BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType, PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
Definition: crl.c:762
CertAddCRLContextToStore
BOOL WINAPI CertAddCRLContextToStore(HCERTSTORE hCertStore, PCCRL_CONTEXT pCrlContext, DWORD dwAddDisposition, PCCRL_CONTEXT *ppStoreContext)
Definition: store.c:960
CertOpenStore
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
CertCloseStore
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
ret
return ret
Definition: mutex.c:146
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: fpEnumPrinters.c:23
count
GLuint GLuint GLsizei count
Definition: gl.h:1545
data
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
res
GLuint res
Definition: glext.h:9613
size
GLsizeiptr size
Definition: glext.h:5919
flags
GLbitfield flags
Definition: glext.h:7161
access
GLuint GLint GLboolean GLint GLenum access
Definition: glext.h:7866
entry
uint32_t entry
Definition: isohybrid.c:63
GLE
static DWORD GLE
Definition: registry.c:38
testFindCertInCRL
static void testFindCertInCRL(void)
Definition: crl.c:1066
verisignCommercialSoftPubCA
static const BYTE verisignCommercialSoftPubCA[]
Definition: crl.c:285
testGetCRLFromStore
static void testGetCRLFromStore(void)
Definition: crl.c:750
v2CRLWithIssuingDistPoint
static const BYTE v2CRLWithIssuingDistPoint[]
Definition: crl.c:241
signedCRL
static const BYTE signedCRL[]
Definition: crl.c:73
bigCert
static const BYTE bigCert[]
Definition: crl.c:33
CRL
static const BYTE CRL[]
Definition: crl.c:64
newerCRL
static const BYTE newerCRL[]
Definition: crl.c:69
rootSignedCRL
static const BYTE rootSignedCRL[]
Definition: crl.c:387
testCreateCRL
static void testCreateCRL(void)
Definition: crl.c:80
verisignCRL
static const BYTE verisignCRL[]
Definition: crl.c:250
bigCertWithCRLDistPoints
static const BYTE bigCertWithCRLDistPoints[]
Definition: crl.c:936
testAddCRL
static void testAddCRL(void)
Definition: crl.c:131
testIsValidCRLForCert
static void testIsValidCRLForCert(void)
Definition: crl.c:950
rootWithKeySignAndCRLSign
static const BYTE rootWithKeySignAndCRLSign[]
Definition: crl.c:324
crlWithDifferentIssuer
static const BYTE crlWithDifferentIssuer[]
Definition: crl.c:1059
bigCertWithDifferentIssuer
static const BYTE bigCertWithDifferentIssuer[]
Definition: crl.c:53
testDupCRL
static void testDupCRL(void)
Definition: crl.c:108
checkCRLHash
static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID, PCCRL_CONTEXT context, DWORD propID)
Definition: crl.c:812
v1CRLWithIssuerAndEntry
static const BYTE v1CRLWithIssuerAndEntry[]
Definition: crl.c:235
testFindCRL
static void testFindCRL(void)
Definition: crl.c:409
testCRLProperties
static void testCRLProperties(void)
Definition: crl.c:830
eeCert
static const BYTE eeCert[]
Definition: crl.c:358
testVerifyCRLRevocation
static void testVerifyCRLRevocation(void)
Definition: crl.c:1113
bigCert2
static const BYTE bigCert2[]
Definition: crl.c:43
cert2
static const BYTE cert2[]
Definition: message.c:797
crl
static const BYTE crl[]
Definition: message.c:817
cert1
static const BYTE cert1[]
Definition: message.c:781
cert
static BYTE cert[]
Definition: msg.c:1374
memset
#define memset(x, y, z)
Definition: compat.h:39
_CERT_CONTEXT
Definition: wincrypt.h:487
_CRL_CONTEXT
Definition: wincrypt.h:730
_CRL_CONTEXT::cbCrlEncoded
DWORD cbCrlEncoded
Definition: wincrypt.h:733
_CRL_CONTEXT::pbCrlEncoded
BYTE * pbCrlEncoded
Definition: wincrypt.h:732
_CRL_CONTEXT::pCrlInfo
PCRL_INFO pCrlInfo
Definition: wincrypt.h:734
_CRL_ENTRY
Definition: wincrypt.h:496
_CRL_FIND_ISSUED_FOR_PARA
Definition: wincrypt.h:3085
_CRL_FIND_ISSUED_FOR_PARA::pIssuerCert
PCCERT_CONTEXT pIssuerCert
Definition: wincrypt.h:3087
_CRL_FIND_ISSUED_FOR_PARA::pSubjectCert
PCCERT_CONTEXT pSubjectCert
Definition: wincrypt.h:3086
_CRL_INFO
Definition: wincrypt.h:503
_CRYPTOAPI_BLOB
Definition: wincrypt.h:110
blob
Definition: image.c:134
context
Definition: http.c:7252
hash
Definition: _hash_fun.h:40
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
CERT_MD5_HASH_PROP_ID
#define CERT_MD5_HASH_PROP_ID
Definition: wincrypt.h:2836
CRL_FIND_ISSUED_BY_AKI_FLAG
#define CRL_FIND_ISSUED_BY_AKI_FLAG
Definition: wincrypt.h:3079
CALG_SHA1
#define CALG_SHA1
Definition: wincrypt.h:2060
CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
#define CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
Definition: wincrypt.h:3080
CERT_KEY_PROV_INFO_PROP_ID
#define CERT_KEY_PROV_INFO_PROP_ID
Definition: wincrypt.h:2833
CALG_MD5
#define CALG_MD5
Definition: wincrypt.h:2058
CERT_STORE_ADD_NEWER
#define CERT_STORE_ADD_NEWER
Definition: wincrypt.h:2656
CERT_STORE_CREATE_NEW_FLAG
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2633
CRL_FIND_ANY
#define CRL_FIND_ANY
Definition: wincrypt.h:3074
CRL_FIND_ISSUED_FOR
#define CRL_FIND_ISSUED_FOR
Definition: wincrypt.h:3077
X509_ASN_ENCODING
#define X509_ASN_ENCODING
Definition: wincrypt.h:2501
CERT_STORE_PROV_MEMORY
#define CERT_STORE_PROV_MEMORY
Definition: wincrypt.h:2455
CERT_ACCESS_STATE_PROP_ID
#define CERT_ACCESS_STATE_PROP_ID
Definition: wincrypt.h:2847
CERT_ACCESS_STATE_WRITE_PERSIST_FLAG
#define CERT_ACCESS_STATE_WRITE_PERSIST_FLAG
Definition: wincrypt.h:2913
CERT_STORE_ADD_NEW
#define CERT_STORE_ADD_NEW
Definition: wincrypt.h:2651
CERT_HASH_PROP_ID
#define CERT_HASH_PROP_ID
Definition: wincrypt.h:2835
CERT_STORE_ADD_ALWAYS
#define CERT_STORE_ADD_ALWAYS
Definition: wincrypt.h:2654
CRL_FIND_ISSUED_BY
#define CRL_FIND_ISSUED_BY
Definition: wincrypt.h:3075
ALG_ID
unsigned int ALG_ID
Definition: wincrypt.h:54
CRYPT_E_NO_MATCH
#define CRYPT_E_NO_MATCH
Definition: winerror.h:4426
CRYPT_E_NOT_FOUND
#define CRYPT_E_NOT_FOUND
Definition: winerror.h:4421
CRYPT_E_EXISTS
#define CRYPT_E_EXISTS
Definition: winerror.h:4422
CRYPT_E_ASN1_EOD
#define CRYPT_E_ASN1_EOD
Definition: winerror.h:4501
BYTE
unsigned char BYTE
Definition: xxhash.c:193