ReactOS  0.4.14-dev-342-gdc047f9
crl.c
Go to the documentation of this file.
1 /*
2  * crypt32 CRL functions tests
3  *
4  * Copyright 2005-2006 Juan Lang
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19  */
20 
21 #include <stdio.h>
22 #include <stdarg.h>
23 
24 #include <windef.h>
25 #include <winbase.h>
26 #include <winreg.h>
27 #include <winerror.h>
28 #include <wincrypt.h>
29 
30 #include "wine/test.h"
31 
32 
33 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34  0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35  0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36  0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37  0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38  0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39  0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40  0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41  0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42  0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44  0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45  0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46  0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47  0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48  0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49  0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50  0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51  0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52  0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
54  0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55  0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56  0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57  0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58  0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59  0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60  0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61  0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62  0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
63  0x02, 0x01, 0x01 };
64 static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65  0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66  0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67  0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
68  0x5a };
69 static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70  0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71  0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72  0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74  0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75  0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76  0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77  0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78  0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
79 
80 static BOOL (WINAPI *pCertFindCertificateInCRL)(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
81 static PCCRL_CONTEXT (WINAPI *pCertFindCRLInStore)(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCRL_CONTEXT);
82 static BOOL (WINAPI *pCertIsValidCRLForCertificate)(PCCERT_CONTEXT, PCCRL_CONTEXT, DWORD, void*);
83 
84 static void init_function_pointers(void)
85 {
86  HMODULE hdll = GetModuleHandleA("crypt32.dll");
87  pCertFindCertificateInCRL = (void*)GetProcAddress(hdll, "CertFindCertificateInCRL");
88  pCertFindCRLInStore = (void*)GetProcAddress(hdll, "CertFindCRLInStore");
89  pCertIsValidCRLForCertificate = (void*)GetProcAddress(hdll, "CertIsValidCRLForCertificate");
90 }
91 
92 static void testCreateCRL(void)
93 {
95  DWORD GLE;
96 
99  "Expected E_INVALIDARG, got %08x\n", GetLastError());
101  GLE = GetLastError();
103  "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
105  ok(!context, "Expected failure\n");
107  sizeof(signedCRL) - 1);
108  ok(!context, "Expected failure\n");
110  sizeof(signedCRL));
111  ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
112  if (context)
115  ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
116  if (context)
118 }
119 
120 static void testDupCRL(void)
121 {
122  PCCRL_CONTEXT context, dupContext;
123  BOOL res;
124 
126  ok(context == NULL, "expected NULL\n");
128  sizeof(signedCRL));
129  dupContext = CertDuplicateCRLContext(context);
130  ok(dupContext != NULL, "expected a context\n");
131  ok(dupContext == context, "expected identical context addresses\n");
132 
133  res = CertFreeCRLContext(dupContext);
134  ok(res, "CertFreeCRLContext failed\n");
135 
137  ok(res, "CertFreeCRLContext failed\n");
138 
140  ok(res, "CertFreeCRLContext failed\n");
141 }
142 
143 static void testAddCRL(void)
144 {
147  PCCRL_CONTEXT context, context2;
148  BOOL ret;
149  DWORD GLE;
150 
151  ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
152  if (!store) return;
153 
154  /* Bad CRL encoding type */
155  ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
156  ok(!ret && GetLastError() == E_INVALIDARG,
157  "Expected E_INVALIDARG, got %08x\n", GetLastError());
158  ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
159  ok(!ret && GetLastError() == E_INVALIDARG,
160  "Expected E_INVALIDARG, got %08x\n", GetLastError());
161  ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
162  ok(!ret && GetLastError() == E_INVALIDARG,
163  "Expected E_INVALIDARG, got %08x\n", GetLastError());
164  ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
165  NULL);
166  ok(!ret && GetLastError() == E_INVALIDARG,
167  "Expected E_INVALIDARG, got %08x\n", GetLastError());
170  ok(!ret && GetLastError() == E_INVALIDARG,
171  "Expected E_INVALIDARG, got %08x\n", GetLastError());
172  ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
174  ok(!ret && GetLastError() == E_INVALIDARG,
175  "Expected E_INVALIDARG, got %08x\n", GetLastError());
176 
177  /* No CRL */
179  GLE = GetLastError();
180  ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
181  "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
183  GLE = GetLastError();
184  ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
185  "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
186 
187  /* Weird--bad add disposition leads to an access violation in Windows.
188  * Both tests crash on some win9x boxes.
189  */
190  if (0)
191  {
193  sizeof(signedCRL), 0, NULL);
195  GetLastError() == E_INVALIDARG /* Vista */),
196  "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
198  sizeof(signedCRL), 0, NULL);
200  GetLastError() == E_INVALIDARG /* Vista */),
201  "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
202  }
203 
204  /* Weird--can add a CRL to the NULL store (does this have special meaning?)
205  */
206  context = NULL;
209  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
210  if (context)
212 
213  /* Normal cases: a "signed" CRL is okay.. */
216  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
217  /* and an unsigned one is too. */
220  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
221 
223  sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
225  "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
226 
227  /* This should replace (one of) the existing CRL(s). */
230  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
231 
232  CertCloseStore(store, 0);
233 
235  ok(store != NULL, "CertOpenStore failed\n");
236 
238  ok(context != NULL, "CertCreateCRLContext failed\n");
239 
241  ok(ret, "CertAddCRLContextToStore failed\n");
242  ok(context2 != NULL && context2 != context, "unexpected context2\n");
243 
244  ok(context->pbCrlEncoded != context2->pbCrlEncoded, "Unexpected pbCrlEncoded\n");
245  ok(context->cbCrlEncoded == context2->cbCrlEncoded, "Unexpected cbCrlEncoded\n");
246  ok(context->pCrlInfo != context2->pCrlInfo, "Unexpected pCrlInfo\n");
247 
248  CertFreeCRLContext(context2);
250  CertCloseStore(store, 0);
251 }
252 
253 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
254  0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
255  0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
256  0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
257  0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
258  0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
259 static const BYTE v2CRLWithIssuingDistPoint[] = {
260 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
261 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
262 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
263 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
264 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
265 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
266 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
267 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
268 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
269  0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
270  0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
271  0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
272  0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
273  0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
274  0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
275  0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
276  0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
277  0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
278  0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
279  0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
280  0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
281  0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
282  0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
283  0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
284  0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
285  0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
286  0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
287  0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
288  0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
289  0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
290  0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
291  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
292  0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
293  0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
294  0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
295  0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
296  0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
297  0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
298  0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
299  0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
300  0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
301  0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
302  0xcd };
304 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
305 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
306 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
307 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
308 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
309 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
310 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
311 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
312 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
313 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
314 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
315 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
316 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
317 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
318 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
319 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
320 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
321 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
322 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
323 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
324 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
325 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
326 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
327 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
328 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
329 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
330 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
331 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
332 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
333 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
334 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
335 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
336 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
337 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
338 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
339 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
340 0x64,0x31,0x3c,0x3c
341 };
342 static const BYTE rootWithKeySignAndCRLSign[] = {
343 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
344 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
345 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
346 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
347 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
348 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
349 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
350 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
351 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
352 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
353 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
354 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
355 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
356 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
357 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
358 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
359 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
360 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
361 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
362 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
363 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
364 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
365 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
366 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
367 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
368 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
369 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
370 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
371 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
372 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
373 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
374 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
375 0x2e,0x84,0xee };
376 static const BYTE eeCert[] = {
377 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
378 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
379 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
380 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
381 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
382 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
383 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
384 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
385 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
386 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
387 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
388 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
389 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
390 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
391 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
392 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
393 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
394 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
395 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
396 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
397 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
398 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
399 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
400 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
401 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
402 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
403 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
404 0xef,0x9f };
405 static const BYTE rootSignedCRL[] = {
406 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
407 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
408 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
409 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
410 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
411 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
412 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
413 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
414 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
415 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
416 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
417 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
418 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
419 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
420 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
421 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
422 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
423 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
424 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
425 0x3d,0x74,0xd6,0x3b };
426 
427 static void testFindCRL(void)
428 {
429  HCERTSTORE store;
431  PCCERT_CONTEXT cert, endCert, rootCert;
432  CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
433  DWORD count, revoked_count;
434  BOOL ret;
435 
436  if (!pCertFindCRLInStore || !pCertFindCertificateInCRL)
437  {
438  win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
439  return;
440  }
441 
444  ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
445  if (!store) return;
446 
449  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
450 
451  /* Crashes
452  context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
453  */
454 
455  /* Find any context */
456  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
457  ok(context != NULL, "Expected a context\n");
458  if (context)
460  /* Bogus flags are ignored */
461  context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
462  ok(context != NULL, "Expected a context\n");
463  if (context)
465  /* CRL encoding type is ignored too */
466  context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
467  ok(context != NULL, "Expected a context\n");
468  if (context)
470 
471  /* This appears to match any cert */
472  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
473  ok(context != NULL, "Expected a context\n");
474  if (context)
476 
477  /* Try to match an issuer that isn't in the store */
479  sizeof(bigCert2));
480  ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
481  GetLastError());
482  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
483  ok(context == NULL, "Expected no matching context\n");
485 
486  /* Match an issuer that is in the store */
488  sizeof(bigCert));
489  ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
490  GetLastError());
491  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
492  ok(context != NULL, "Expected a context\n");
493  if (context)
495 
496  /* Try various find flags */
497  context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
499  ok(!context || broken(context != NULL /* Win9x */), "unexpected context\n");
500  /* The CRL doesn't have an AKI extension, so it matches any cert */
501  context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
503  ok(context != NULL, "Expected a context\n");
504  if (context)
506 
507  if (0)
508  {
509  /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
510  pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
511  NULL);
512  pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
513  &issuedForPara, NULL);
514  }
515  /* Test whether the cert matches the CRL in the store */
516  issuedForPara.pSubjectCert = cert;
517  issuedForPara.pIssuerCert = cert;
518  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
519  &issuedForPara, NULL);
520  ok(context != NULL || broken(!context /* Win9x, NT4 */),
521  "Expected a context\n");
522  if (context)
523  {
524  ok(context->cbCrlEncoded == sizeof(signedCRL),
525  "unexpected CRL size %d\n", context->cbCrlEncoded);
526  ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
527  "unexpected CRL data\n");
529  }
530 
534  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
538  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
541  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
542  issuedForPara.pSubjectCert = cert;
543  issuedForPara.pIssuerCert = cert;
544  context = NULL;
545  count = revoked_count = 0;
546  do {
547  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
548  &issuedForPara, context);
549  if (context)
550  {
552 
553  count++;
554  if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
555  entry)
556  revoked_count++;
557  }
558  } while (context);
559  /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
560  * match cert's issuer, but verisignCRL does not, so the expected count
561  * is 0.
562  */
563  ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
564  "expected 3 matching CRLs, got %d\n", count);
565  /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
566  * entries, so the count of CRL entries that match cert is 2.
567  */
568  ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
569  "expected 2 matching CRL entries, got %d\n", revoked_count);
570 
572 
573  /* Try again with a cert that doesn't match any CRLs in the store */
576  ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
577  GetLastError());
578  issuedForPara.pSubjectCert = cert;
579  issuedForPara.pIssuerCert = cert;
580  context = NULL;
581  count = revoked_count = 0;
582  do {
583  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
584  &issuedForPara, context);
585  if (context)
586  {
588 
589  count++;
590  if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
591  entry)
592  revoked_count++;
593  }
594  } while (context);
595  ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
596  ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
597  revoked_count);
599 
600  /* Test again with a real certificate and CRL. The certificate wasn't
601  * revoked, but its issuer does have a CRL.
602  */
605  ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
606  GetLastError());
607  issuedForPara.pIssuerCert = cert;
608  issuedForPara.pSubjectCert = cert;
609  context = NULL;
610  count = revoked_count = 0;
611  do {
612  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
613  &issuedForPara, context);
614  if (context)
615  {
617 
618  count++;
619  if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
620  entry)
621  revoked_count++;
622  }
623  } while (context);
624  ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
625  "expected 1 matching CRLs, got %d\n", count);
626  ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
627  revoked_count);
629 
630  CertCloseStore(store, 0);
631 
632  /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
633  * eeCert) whose end certificate is in the CRL.
634  */
637  /* Add a CRL for the end certificate */
640  /* Add another CRL unrelated to the tested chain */
644  eeCert, sizeof(eeCert));
647  issuedForPara.pSubjectCert = endCert;
648  issuedForPara.pIssuerCert = rootCert;
649  context = NULL;
650  count = revoked_count = 0;
651  do {
652  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
653  &issuedForPara, context);
654  if (context)
655  {
657 
658  count++;
659  if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
660  entry)
661  revoked_count++;
662  }
663  } while (context);
664  ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
665  "expected 1 matching CRLs, got %d\n", count);
666  ok(revoked_count == 1 || broken(revoked_count == 0 /* Win9x, NT4 */),
667  "expected 1 matching CRL entries, got %d\n", revoked_count);
668 
669  /* Test CRL_FIND_ISSUED_BY flags */
670  count = revoked_count = 0;
671  do {
672  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
673  endCert, context);
674  if (context)
675  {
677 
678  count++;
679  if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
680  entry)
681  revoked_count++;
682  }
683  } while (context);
684  ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
685  ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
686  revoked_count);
687  count = revoked_count = 0;
688  do {
689  context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
690  rootCert, context);
691  if (context)
692  {
694 
695  count++;
696  if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
697  entry)
698  revoked_count++;
699  }
700  } while (context);
701  ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
702  ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
703  revoked_count);
704  count = revoked_count = 0;
705  do {
706  context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
707  CRL_FIND_ISSUED_BY, endCert, context);
708  if (context)
709  {
711 
712  count++;
713  if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
714  entry)
715  revoked_count++;
716  }
717  } while (context);
718  ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
719  ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
720  revoked_count);
721  count = revoked_count = 0;
722  do {
723  context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
724  CRL_FIND_ISSUED_BY, rootCert, context);
725  if (context)
726  {
728 
729  count++;
730  if (pCertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
731  entry)
732  revoked_count++;
733  }
734  } while (context);
735  ok(count == 0 || broken(count == 1 /* Win9x */),
736  "expected 0 matching CRLs, got %d\n", count);
737  ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
738  revoked_count);
739  count = revoked_count = 0;
740  do {
741  context = pCertFindCRLInStore(store, 0,
743  context);
744  if (context)
745  {
747 
748  count++;
749  if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
750  entry)
751  revoked_count++;
752  }
753  } while (context);
754  ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
755  ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
756  revoked_count);
757  count = revoked_count = 0;
758  do {
759  context = pCertFindCRLInStore(store, 0,
761  context);
762  if (context)
763  {
765 
766  count++;
767  if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
768  entry)
769  revoked_count++;
770  }
771  } while (context);
772  ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
773  ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
774  revoked_count);
775  CertFreeCertificateContext(rootCert);
777 
778  CertCloseStore(store, 0);
779 }
780 
781 static void testGetCRLFromStore(void)
782 {
787  DWORD flags;
788  BOOL ret;
789 
790  ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
791  if (!store) return;
792 
793  /* Crash
794  context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
795  context = CertGetCRLFromStore(store, NULL, NULL, NULL);
796  */
797 
798  /* Bogus flags */
799  flags = 0xffffffff;
802  "Expected E_INVALIDARG, got %08x\n", GetLastError());
803 
804  /* Test an empty store */
805  flags = 0;
808  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
809 
812  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
813 
814  /* NULL matches any CRL */
815  flags = 0;
817  ok(context != NULL, "Expected a context\n");
819 
820  /* This cert's issuer isn't in */
822  sizeof(bigCert2));
823  ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
824  GetLastError());
827  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
829 
830  /* But this one is */
832  sizeof(bigCert));
833  ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
834  GetLastError());
836  ok(context != NULL, "Expected a context\n");
839 
840  CertCloseStore(store, 0);
841 }
842 
843 static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
844  PCCRL_CONTEXT context, DWORD propID)
845 {
846  BYTE hash[20] = { 0 }, hashProperty[20];
847  BOOL ret;
848  DWORD size;
849 
850  memset(hash, 0, sizeof(hash));
851  memset(hashProperty, 0, sizeof(hashProperty));
852  size = sizeof(hash);
853  ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
854  ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
855  ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
856  ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
857  ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
858  propID);
859 }
860 
861 static void testCRLProperties(void)
862 {
864  CRL, sizeof(CRL));
865 
866  ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
867  if (context)
868  {
869  DWORD propID, numProps, access, size;
870  BOOL ret;
871  BYTE hash[20] = { 0 }, hashProperty[20];
873 
874  /* This crashes
875  propID = CertEnumCRLContextProperties(NULL, 0);
876  */
877 
878  propID = 0;
879  numProps = 0;
880  do {
881  propID = CertEnumCRLContextProperties(context, propID);
882  if (propID)
883  numProps++;
884  } while (propID != 0);
885  ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
886 
887  /* Tests with a NULL cert context. Prop ID 0 fails.. */
889  ok(!ret && GetLastError() == E_INVALIDARG,
890  "Expected E_INVALIDARG, got %08x\n", GetLastError());
891  /* while this just crashes.
892  ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
893  NULL);
894  */
895 
897  ok(!ret && GetLastError() == E_INVALIDARG,
898  "Expected E_INVALIDARG, got %08x\n", GetLastError());
899  /* Can't set the cert property directly, this crashes.
900  ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
901  */
902 
903  /* These all crash.
904  ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
905  NULL);
906  ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
907  ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
908  hashProperty, NULL);
909  */
910  /* A missing prop */
911  size = 0;
913  NULL, &size);
915  "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
916  /* And, an implicit property */
918  NULL, &size);
919  ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
921  &access, &size);
922  ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
924  "Didn't expect a persisted crl\n");
925  /* Trying to set this "read only" property crashes.
926  access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
927  ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
928  &access);
929  */
930 
931  /* Can I set the hash to an invalid hash? */
932  blob.pbData = hash;
933  blob.cbData = sizeof(hash);
935  ok(ret, "CertSetCRLContextProperty failed: %08x\n",
936  GetLastError());
937  size = sizeof(hashProperty);
939  hashProperty, &size);
940  ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
941  ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
942  /* Delete the (bogus) hash, and get the real one */
944  ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
946 
947  /* Now that the hash property is set, we should get one property when
948  * enumerating.
949  */
950  propID = 0;
951  numProps = 0;
952  do {
953  propID = CertEnumCRLContextProperties(context, propID);
954  if (propID)
955  numProps++;
956  } while (propID != 0);
957  ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
958 
959  /* Check a few other implicit properties */
960  checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
962 
964  }
965 }
966 
967 static const BYTE bigCertWithCRLDistPoints[] = {
968 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
969 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
970 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
971 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
972 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
973 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
974 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
975 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
976 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
977 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
978 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
979 0x6f,0x72,0x67 };
980 
981 static void testIsValidCRLForCert(void)
982 {
983  BOOL ret;
984  PCCERT_CONTEXT cert1, cert2, cert3;
986  HCERTSTORE store;
987 
988  if(!pCertIsValidCRLForCertificate) return;
989 
991  sizeof(v1CRLWithIssuerAndEntry));
992  ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
994  sizeof(bigCert));
995  ok(cert1 != NULL, "CertCreateCertificateContext failed: %08x\n",
996  GetLastError());
997 
998  /* Crash
999  ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
1000  ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
1001  */
1002 
1003  /* Curiously, any CRL is valid for the NULL certificate */
1004  ret = pCertIsValidCRLForCertificate(NULL, crl, 0, NULL);
1005  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1006 
1007  /* Same issuer for both cert and CRL, this CRL is valid for that cert */
1008  ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1009  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1010 
1013  ok(cert2 != NULL, "CertCreateCertificateContext failed: %08x\n",
1014  GetLastError());
1015 
1016  /* Yet more curious: different issuers for these, yet the CRL is valid for
1017  * that cert. According to MSDN, the relevant bit to check is whether the
1018  * CRL has a CRL_ISSUING_DIST_POINT extension.
1019  */
1020  ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1021  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1022 
1024 
1025  /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
1026  * cert doesn't have the same extension in it.
1027  */
1029  sizeof(v2CRLWithIssuingDistPoint));
1030  ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1031 
1032  ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1034  "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1035  ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1037  "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1038 
1039  /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1040  * a CRL_DIST_POINTS_INFO extension.
1041  */
1044  ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n",
1045  GetLastError());
1046  ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1047  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1048 
1050 
1051  /* And again, with a real CRL, the CRL is valid for all three certs. */
1053  sizeof(verisignCRL));
1054  ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1055 
1056  ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1057  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1058  ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1059  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1060  ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1061  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1062 
1064 
1065  /* One last test: a CRL in a different store than the cert is also valid
1066  * for the cert.
1067  */
1070  ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1071 
1074  ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1075 
1076  ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1077  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1078  ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1079  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1080  ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1081  ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1082 
1084 
1085  CertCloseStore(store, 0);
1086 
1090 }
1091 
1092 static const BYTE crlWithDifferentIssuer[] = {
1093  0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1094  0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1095  0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1096  0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1097  0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1098 
1099 static void testFindCertInCRL(void)
1100 {
1101  BOOL ret;
1104  PCRL_ENTRY entry;
1105 
1106  if (!pCertFindCertificateInCRL)
1107  {
1108  win_skip("CertFindCertificateInCRL() is not available\n");
1109  return;
1110  }
1111 
1113  sizeof(bigCert));
1114  ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
1115  GetLastError());
1116 
1117  /* Crash
1118  ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1119  ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1120  ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1121  ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1122  ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1123  ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1124  ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1125  */
1126 
1128  sizeof(verisignCRL));
1129  ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1130  ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1131  ok(entry == NULL, "Expected not to find an entry in CRL\n");
1133 
1135  sizeof(v1CRLWithIssuerAndEntry));
1136  ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1137  ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1138  ok(entry != NULL, "Expected to find an entry in CRL\n");
1140 
1141  /* Entry found even though CRL issuer doesn't match cert issuer */
1143  sizeof(crlWithDifferentIssuer));
1144  ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1145  ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1146  ok(entry != NULL, "Expected to find an entry in CRL\n");
1148 
1150 }
1151 
1152 static void testVerifyCRLRevocation(void)
1153 {
1154  BOOL ret;
1157 
1159  ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1161  ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1162 
1164  sizeof(bigCert));
1165 
1166  /* Check against no CRL */
1167  ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1168  ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1170  ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1171 
1172  /* Check against CRL with entry for the cert */
1174  sizeof(v1CRLWithIssuerAndEntry));
1175  ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1176  (PCRL_INFO *)&crl->pCrlInfo);
1177  ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1179  (PCRL_INFO *)&crl->pCrlInfo);
1180  ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1182 
1183  /* Check against CRL with different issuer and entry for the cert */
1185  sizeof(crlWithDifferentIssuer));
1186  ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1188  (PCRL_INFO *)&crl->pCrlInfo);
1189  ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1191 
1192  /* Check against CRL without entry for the cert */
1194  sizeof(verisignCRL));
1195  ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1196  (PCRL_INFO *)&crl->pCrlInfo);
1197  ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1199  (PCRL_INFO *)&crl->pCrlInfo);
1200  ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1202 
1204 }
1205 
1207 {
1209 
1210  testCreateCRL();
1211  testDupCRL();
1212  testAddCRL();
1213  testFindCRL();
1215 
1217 
1221 }
static void testCreateCRL(void)
Definition: crl.c:92
static void testIsValidCRLForCert(void)
Definition: crl.c:981
static const BYTE bigCert2[]
Definition: crl.c:43
#define CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
Definition: wincrypt.h:2933
PCRL_INFO pCrlInfo
Definition: wincrypt.h:622
START_TEST(crl)
Definition: crl.c:1206
static const BYTE crl[]
Definition: message.c:864
static const BYTE v2CRLWithIssuingDistPoint[]
Definition: crl.c:259
BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext, DWORD dwPropId, DWORD dwFlags, const void *pvData)
Definition: crl.c:566
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
#define CRYPT_E_NOT_FOUND
Definition: winerror.h:3007
unsigned int ALG_ID
Definition: wincrypt.h:45
Definition: image.c:133
static const BYTE CRL[]
Definition: crl.c:64
Definition: http.c:6587
BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
Definition: crl.c:472
static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID, PCCRL_CONTEXT context, DWORD propID)
Definition: crl.c:843
GLuint GLuint GLsizei count
Definition: gl.h:1545
static const BYTE bigCert[]
Definition: crl.c:33
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
static BOOL(WINAPI *pCertFindCertificateInCRL)(PCCERT_CONTEXT
PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
Definition: crl.c:337
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define CRYPT_E_EXISTS
Definition: winerror.h:3008
static void testCRLProperties(void)
Definition: crl.c:861
#define CRL_FIND_ISSUED_BY_AKI_FLAG
Definition: wincrypt.h:2932
#define CERT_STORE_ADD_NEW
Definition: wincrypt.h:2482
static const BYTE cert1[]
Definition: message.c:828
PCCERT_CONTEXT pSubjectCert
Definition: wincrypt.h:2939
#define CERT_STORE_ADD_NEWER
Definition: wincrypt.h:2487
BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded, DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
Definition: crl.c:129
static void testDupCRL(void)
Definition: crl.c:120
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
#define CERT_ACCESS_STATE_PROP_ID
Definition: wincrypt.h:2700
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2464
int hash
Definition: main.c:58
unsigned int BOOL
Definition: ntddk_ex.h:94
BYTE * pbCrlEncoded
Definition: wincrypt.h:620
#define CRL_FIND_ANY
Definition: wincrypt.h:2927
#define E_INVALIDARG
Definition: ddrawi.h:101
#define CERT_STORE_PROV_MEMORY
Definition: wincrypt.h:2251
static const BYTE v1CRLWithIssuerAndEntry[]
Definition: crl.c:253
static PCCRL_CONTEXT
Definition: crl.c:80
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
static BYTE cert[]
Definition: msg.c:1437
static DWORD
Definition: crl.c:80
PCCERT_CONTEXT pIssuerCert
Definition: wincrypt.h:2940
DWORD cbCrlEncoded
Definition: wincrypt.h:621
static const BYTE crlWithDifferentIssuer[]
Definition: crl.c:1092
BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType, PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
Definition: crl.c:762
static void testFindCRL(void)
Definition: crl.c:427
static void testAddCRL(void)
Definition: crl.c:143
static const BYTE verisignCRL[]
Definition: crl.c:268
#define CERT_MD5_HASH_PROP_ID
Definition: wincrypt.h:2689
GLsizeiptr size
Definition: glext.h:5919
#define CRYPT_E_ASN1_EOD
Definition: winerror.h:3086
static void testFindCertInCRL(void)
Definition: crl.c:1099
const CERT_CONTEXT * PCCERT_CONTEXT
Definition: wincrypt.h:485
PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded)
Definition: crl.c:85
#define WINAPI
Definition: msvc.h:8
unsigned long DWORD
Definition: ntddk_ex.h:95
static const BYTE cert2[]
Definition: message.c:844
#define CERT_HASH_PROP_ID
Definition: wincrypt.h:2688
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
static void testVerifyCRLRevocation(void)
Definition: crl.c:1152
GLbitfield flags
Definition: glext.h:7161
static const BYTE verisignCommercialSoftPubCA[]
Definition: crl.c:303
static void *static void init_function_pointers(void)
Definition: crl.c:84
int ret
#define OSS_MORE_INPUT
Definition: winerror.h:3041
PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded)
Definition: cert.c:316
uint32_t entry
Definition: isohybrid.c:63
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:821
unsigned char BYTE
Definition: mem.h:68
DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext, DWORD dwPropId)
Definition: crl.c:395
#define CALG_MD5
Definition: wincrypt.h:1805
#define broken(x)
Definition: _sntprintf.h:21
static const BYTE rootWithKeySignAndCRLSign[]
Definition: crl.c:342
#define CRYPT_E_NO_MATCH
Definition: winerror.h:3012
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:228
GLuint GLint GLboolean GLint GLenum access
Definition: glext.h:7866
#define CERT_KEY_PROV_INFO_PROP_ID
Definition: wincrypt.h:2686
#define ok(value,...)
Definition: atltest.h:57
#define CALG_SHA1
Definition: wincrypt.h:1807
static const BYTE signedCRL[]
Definition: crl.c:73
BOOL WINAPI CertAddCRLContextToStore(HCERTSTORE hCertStore, PCCRL_CONTEXT pCrlContext, DWORD dwAddDisposition, PCCRL_CONTEXT *ppStoreContext)
Definition: store.c:960
#define CRL_FIND_ISSUED_BY
Definition: wincrypt.h:2928
static PVOID hdll
Definition: shimdbg.c:126
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
static const BYTE bigCertWithDifferentIssuer[]
Definition: crl.c:53
GLuint res
Definition: glext.h:9613
#define CRL_FIND_ISSUED_FOR
Definition: wincrypt.h:2930
static const BYTE rootSignedCRL[]
Definition: crl.c:405
#define GetProcAddress(x, y)
Definition: compat.h:418
Definition: wincrypt.h:487
BOOL WINAPI CryptHashCertificate(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash)
Definition: cert.c:2187
void * HCERTSTORE
Definition: wincrypt.h:51
static void testGetCRLFromStore(void)
Definition: crl.c:781
static const BYTE bigCertWithCRLDistPoints[]
Definition: crl.c:967
Definition: _hash_fun.h:40
#define memset(x, y, z)
Definition: compat.h:39
#define win_skip
Definition: test.h:141
#define CERT_STORE_ADD_ALWAYS
Definition: wincrypt.h:2485
PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
Definition: crl.c:378
#define CERT_ACCESS_STATE_WRITE_PERSIST_FLAG
Definition: wincrypt.h:2766
static const BYTE newerCRL[]
Definition: crl.c:69
BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT pCrlContext)
Definition: crl.c:386
static const BYTE eeCert[]
Definition: crl.c:376
static DWORD GLE
Definition: registry.c:38