2 * crypt32 CRL functions tests
4 * Copyright 2005-2006 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 static const BYTE bigCert
[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
24 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
25 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
26 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
27 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
28 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
29 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
30 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
31 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
32 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
33 static const BYTE bigCert2
[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCertWithDifferentIssuer
[] = { 0x30, 0x7a, 0x02, 0x01,
44 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
45 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
46 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
47 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
48 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
49 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
50 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
51 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
52 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
54 static const BYTE CRL
[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
55 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
56 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
57 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
59 static const BYTE newerCRL
[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
60 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
61 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
62 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
63 static const BYTE signedCRL
[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
64 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
65 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
66 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
67 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
68 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
70 static BOOL (WINAPI
*pCertFindCertificateInCRL
)(PCCERT_CONTEXT
,PCCRL_CONTEXT
,DWORD
,void*,PCRL_ENTRY
*);
71 static PCCRL_CONTEXT (WINAPI
*pCertFindCRLInStore
)(HCERTSTORE
,DWORD
,DWORD
,DWORD
,const void*,PCCRL_CONTEXT
);
72 static BOOL (WINAPI
*pCertIsValidCRLForCertificate
)(PCCERT_CONTEXT
, PCCRL_CONTEXT
, DWORD
, void*);
74 static void init_function_pointers(void)
76 HMODULE hdll
= GetModuleHandleA("crypt32.dll");
77 pCertFindCertificateInCRL
= (void*)GetProcAddress(hdll
, "CertFindCertificateInCRL");
78 pCertFindCRLInStore
= (void*)GetProcAddress(hdll
, "CertFindCRLInStore");
79 pCertIsValidCRLForCertificate
= (void*)GetProcAddress(hdll
, "CertIsValidCRLForCertificate");
82 static void testCreateCRL(void)
84 PCCRL_CONTEXT context
;
87 context
= CertCreateCRLContext(0, NULL
, 0);
88 ok(!context
&& GetLastError() == E_INVALIDARG
,
89 "Expected E_INVALIDARG, got %08x\n", GetLastError());
90 context
= CertCreateCRLContext(X509_ASN_ENCODING
, NULL
, 0);
92 ok(!context
&& (GLE
== CRYPT_E_ASN1_EOD
|| GLE
== OSS_MORE_INPUT
),
93 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE
);
94 context
= CertCreateCRLContext(X509_ASN_ENCODING
, bigCert
, sizeof(bigCert
));
95 ok(!context
, "Expected failure\n");
96 context
= CertCreateCRLContext(X509_ASN_ENCODING
, signedCRL
,
97 sizeof(signedCRL
) - 1);
98 ok(!context
, "Expected failure\n");
99 context
= CertCreateCRLContext(X509_ASN_ENCODING
, signedCRL
,
101 ok(context
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
103 CertFreeCRLContext(context
);
104 context
= CertCreateCRLContext(X509_ASN_ENCODING
, CRL
, sizeof(CRL
));
105 ok(context
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
107 CertFreeCRLContext(context
);
110 static void testDupCRL(void)
112 PCCRL_CONTEXT context
, dupContext
;
115 context
= CertDuplicateCRLContext(NULL
);
116 ok(context
== NULL
, "expected NULL\n");
117 context
= CertCreateCRLContext(X509_ASN_ENCODING
, signedCRL
,
119 dupContext
= CertDuplicateCRLContext(context
);
120 ok(dupContext
!= NULL
, "expected a context\n");
121 ok(dupContext
== context
, "expected identical context addresses\n");
123 res
= CertFreeCRLContext(dupContext
);
124 ok(res
, "CertFreeCRLContext failed\n");
126 res
= CertFreeCRLContext(context
);
127 ok(res
, "CertFreeCRLContext failed\n");
129 res
= CertFreeCRLContext(NULL
);
130 ok(res
, "CertFreeCRLContext failed\n");
133 static void testAddCRL(void)
135 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
136 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
137 PCCRL_CONTEXT context
, context2
;
141 ok(store
!= NULL
, "CertOpenStore failed: %08x\n", GetLastError());
144 /* Bad CRL encoding type */
145 ret
= CertAddEncodedCRLToStore(0, 0, NULL
, 0, 0, NULL
);
146 ok(!ret
&& GetLastError() == E_INVALIDARG
,
147 "Expected E_INVALIDARG, got %08x\n", GetLastError());
148 ret
= CertAddEncodedCRLToStore(store
, 0, NULL
, 0, 0, NULL
);
149 ok(!ret
&& GetLastError() == E_INVALIDARG
,
150 "Expected E_INVALIDARG, got %08x\n", GetLastError());
151 ret
= CertAddEncodedCRLToStore(0, 0, signedCRL
, sizeof(signedCRL
), 0, NULL
);
152 ok(!ret
&& GetLastError() == E_INVALIDARG
,
153 "Expected E_INVALIDARG, got %08x\n", GetLastError());
154 ret
= CertAddEncodedCRLToStore(store
, 0, signedCRL
, sizeof(signedCRL
), 0,
156 ok(!ret
&& GetLastError() == E_INVALIDARG
,
157 "Expected E_INVALIDARG, got %08x\n", GetLastError());
158 ret
= CertAddEncodedCRLToStore(0, 0, signedCRL
, sizeof(signedCRL
),
159 CERT_STORE_ADD_ALWAYS
, NULL
);
160 ok(!ret
&& GetLastError() == E_INVALIDARG
,
161 "Expected E_INVALIDARG, got %08x\n", GetLastError());
162 ret
= CertAddEncodedCRLToStore(store
, 0, signedCRL
, sizeof(signedCRL
),
163 CERT_STORE_ADD_ALWAYS
, NULL
);
164 ok(!ret
&& GetLastError() == E_INVALIDARG
,
165 "Expected E_INVALIDARG, got %08x\n", GetLastError());
168 ret
= CertAddEncodedCRLToStore(0, X509_ASN_ENCODING
, NULL
, 0, 0, NULL
);
169 GLE
= GetLastError();
170 ok(!ret
&& (GLE
== CRYPT_E_ASN1_EOD
|| GLE
== OSS_MORE_INPUT
),
171 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE
);
172 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, NULL
, 0, 0, NULL
);
173 GLE
= GetLastError();
174 ok(!ret
&& (GLE
== CRYPT_E_ASN1_EOD
|| GLE
== OSS_MORE_INPUT
),
175 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE
);
177 /* Weird--bad add disposition leads to an access violation in Windows.
178 * Both tests crash on some win9x boxes.
182 ret
= CertAddEncodedCRLToStore(0, X509_ASN_ENCODING
, signedCRL
,
183 sizeof(signedCRL
), 0, NULL
);
184 ok(!ret
&& (GetLastError() == STATUS_ACCESS_VIOLATION
||
185 GetLastError() == E_INVALIDARG
/* Vista */),
186 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
187 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
188 sizeof(signedCRL
), 0, NULL
);
189 ok(!ret
&& (GetLastError() == STATUS_ACCESS_VIOLATION
||
190 GetLastError() == E_INVALIDARG
/* Vista */),
191 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
194 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
197 ret
= CertAddEncodedCRLToStore(0, X509_ASN_ENCODING
, signedCRL
,
198 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, &context
);
199 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
201 CertFreeCRLContext(context
);
203 /* Normal cases: a "signed" CRL is okay.. */
204 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
205 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
206 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
207 /* and an unsigned one is too. */
208 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, CRL
, sizeof(CRL
),
209 CERT_STORE_ADD_ALWAYS
, NULL
);
210 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
212 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, newerCRL
,
213 sizeof(newerCRL
), CERT_STORE_ADD_NEW
, NULL
);
214 ok(!ret
&& GetLastError() == CRYPT_E_EXISTS
,
215 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
217 /* This should replace (one of) the existing CRL(s). */
218 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, newerCRL
,
219 sizeof(newerCRL
), CERT_STORE_ADD_NEWER
, NULL
);
220 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
222 CertCloseStore(store
, 0);
224 store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0, CERT_STORE_CREATE_NEW_FLAG
, NULL
);
225 ok(store
!= NULL
, "CertOpenStore failed\n");
227 context
= CertCreateCRLContext(X509_ASN_ENCODING
, CRL
, sizeof(CRL
));
228 ok(context
!= NULL
, "CertCreateCRLContext failed\n");
230 ret
= CertAddCRLContextToStore(store
, context
, CERT_STORE_ADD_NEW
, &context2
);
231 ok(ret
, "CertAddCRLContextToStore failed\n");
232 ok(context2
!= NULL
&& context2
!= context
, "unexpected context2\n");
234 ok(context
->pbCrlEncoded
!= context2
->pbCrlEncoded
, "Unexpected pbCrlEncoded\n");
235 ok(context
->cbCrlEncoded
== context2
->cbCrlEncoded
, "Unexpected cbCrlEncoded\n");
236 ok(context
->pCrlInfo
!= context2
->pCrlInfo
, "Unexpected pCrlInfo\n");
238 CertFreeCRLContext(context2
);
239 CertFreeCRLContext(context
);
240 CertCloseStore(store
, 0);
243 static const BYTE v1CRLWithIssuerAndEntry
[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
244 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
245 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
246 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
247 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
248 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
249 static const BYTE v2CRLWithIssuingDistPoint
[] = {
250 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
251 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
252 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
253 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
254 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
255 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
256 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
257 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
258 static const BYTE verisignCRL
[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
259 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
260 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
261 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
262 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
263 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
264 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
265 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
266 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
267 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
268 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
269 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
270 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
271 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
272 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
273 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
274 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
275 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
276 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
277 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
278 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
279 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
280 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
281 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
282 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
283 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
284 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
285 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
286 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
287 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
288 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
289 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
290 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
291 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
293 static const BYTE verisignCommercialSoftPubCA
[] = {
294 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
295 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
296 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
297 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
298 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
299 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
300 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
301 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
302 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
303 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
304 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
305 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
306 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
307 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
308 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
309 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
310 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
311 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
312 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
313 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
314 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
315 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
316 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
317 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
318 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
319 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
320 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
321 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
322 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
323 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
324 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
325 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
326 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
327 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
328 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
329 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
332 static const BYTE rootWithKeySignAndCRLSign
[] = {
333 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
334 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
335 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
336 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
337 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
338 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
339 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
340 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
341 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
342 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
343 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
344 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
345 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
346 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
347 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
348 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
349 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
350 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
351 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
352 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
353 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
354 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
355 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
356 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
357 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
358 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
359 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
360 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
361 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
362 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
363 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
364 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
366 static const BYTE eeCert
[] = {
367 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
368 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
369 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
370 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
371 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
372 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
373 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
374 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
375 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
376 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
377 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
378 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
379 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
380 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
381 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
382 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
383 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
384 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
385 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
386 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
387 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
388 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
389 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
390 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
391 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
392 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
393 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
395 static const BYTE rootSignedCRL
[] = {
396 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
397 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
398 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
399 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
400 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
401 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
402 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
403 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
404 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
405 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
406 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
407 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
408 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
409 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
410 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
411 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
412 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
413 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
414 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
415 0x3d,0x74,0xd6,0x3b };
417 static void testFindCRL(void)
420 PCCRL_CONTEXT context
;
421 PCCERT_CONTEXT cert
, endCert
, rootCert
;
422 CRL_FIND_ISSUED_FOR_PARA issuedForPara
= { NULL
, NULL
};
423 DWORD count
, revoked_count
;
426 if (!pCertFindCRLInStore
|| !pCertFindCertificateInCRL
)
428 win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
432 store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
433 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
434 ok(store
!= NULL
, "CertOpenStore failed: %08x\n", GetLastError());
437 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
438 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
439 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
442 context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
445 /* Find any context */
446 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ANY
, NULL
, NULL
);
447 ok(context
!= NULL
, "Expected a context\n");
449 CertFreeCRLContext(context
);
450 /* Bogus flags are ignored */
451 context
= pCertFindCRLInStore(store
, 0, 1234, CRL_FIND_ANY
, NULL
, NULL
);
452 ok(context
!= NULL
, "Expected a context\n");
454 CertFreeCRLContext(context
);
455 /* CRL encoding type is ignored too */
456 context
= pCertFindCRLInStore(store
, 1234, 0, CRL_FIND_ANY
, NULL
, NULL
);
457 ok(context
!= NULL
, "Expected a context\n");
459 CertFreeCRLContext(context
);
461 /* This appears to match any cert */
462 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
, NULL
, NULL
);
463 ok(context
!= NULL
, "Expected a context\n");
465 CertFreeCRLContext(context
);
467 /* Try to match an issuer that isn't in the store */
468 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert2
,
470 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
472 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
, cert
, NULL
);
473 ok(context
== NULL
, "Expected no matching context\n");
474 CertFreeCertificateContext(cert
);
476 /* Match an issuer that is in the store */
477 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
479 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
481 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
, cert
, NULL
);
482 ok(context
!= NULL
, "Expected a context\n");
484 CertFreeCRLContext(context
);
486 /* Try various find flags */
487 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
,
488 CRL_FIND_ISSUED_BY
, cert
, NULL
);
489 ok(!context
|| broken(context
!= NULL
/* Win9x */), "unexpected context\n");
490 /* The CRL doesn't have an AKI extension, so it matches any cert */
491 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_AKI_FLAG
,
492 CRL_FIND_ISSUED_BY
, cert
, NULL
);
493 ok(context
!= NULL
, "Expected a context\n");
495 CertFreeCRLContext(context
);
499 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
500 pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
, NULL
,
502 pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
503 &issuedForPara
, NULL
);
505 /* Test whether the cert matches the CRL in the store */
506 issuedForPara
.pSubjectCert
= cert
;
507 issuedForPara
.pIssuerCert
= cert
;
508 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
509 &issuedForPara
, NULL
);
510 ok(context
!= NULL
|| broken(!context
/* Win9x, NT4 */),
511 "Expected a context\n");
514 ok(context
->cbCrlEncoded
== sizeof(signedCRL
),
515 "unexpected CRL size %d\n", context
->cbCrlEncoded
);
516 ok(!memcmp(context
->pbCrlEncoded
, signedCRL
, context
->cbCrlEncoded
),
517 "unexpected CRL data\n");
518 CertFreeCRLContext(context
);
521 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
522 v1CRLWithIssuerAndEntry
, sizeof(v1CRLWithIssuerAndEntry
),
523 CERT_STORE_ADD_ALWAYS
, NULL
);
524 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
525 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
526 v2CRLWithIssuingDistPoint
, sizeof(v2CRLWithIssuingDistPoint
),
527 CERT_STORE_ADD_ALWAYS
, NULL
);
528 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
529 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
530 verisignCRL
, sizeof(verisignCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
531 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
532 issuedForPara
.pSubjectCert
= cert
;
533 issuedForPara
.pIssuerCert
= cert
;
535 count
= revoked_count
= 0;
537 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
538 &issuedForPara
, context
);
544 if (pCertFindCertificateInCRL(cert
, context
, 0, NULL
, &entry
) &&
549 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
550 * match cert's issuer, but verisignCRL does not, so the expected count
553 ok(count
== 3 || broken(count
== 0 /* NT4, Win9x */),
554 "expected 3 matching CRLs, got %d\n", count
);
555 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
556 * entries, so the count of CRL entries that match cert is 2.
558 ok(revoked_count
== 2 || broken(revoked_count
== 0 /* NT4, Win9x */),
559 "expected 2 matching CRL entries, got %d\n", revoked_count
);
561 CertFreeCertificateContext(cert
);
563 /* Try again with a cert that doesn't match any CRLs in the store */
564 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
565 bigCertWithDifferentIssuer
, sizeof(bigCertWithDifferentIssuer
));
566 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
568 issuedForPara
.pSubjectCert
= cert
;
569 issuedForPara
.pIssuerCert
= cert
;
571 count
= revoked_count
= 0;
573 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
574 &issuedForPara
, context
);
580 if (pCertFindCertificateInCRL(cert
, context
, 0, NULL
, &entry
) &&
585 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
586 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
588 CertFreeCertificateContext(cert
);
590 /* Test again with a real certificate and CRL. The certificate wasn't
591 * revoked, but its issuer does have a CRL.
593 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
594 verisignCommercialSoftPubCA
, sizeof(verisignCommercialSoftPubCA
));
595 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
597 issuedForPara
.pIssuerCert
= cert
;
598 issuedForPara
.pSubjectCert
= cert
;
600 count
= revoked_count
= 0;
602 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
603 &issuedForPara
, context
);
609 if (pCertFindCertificateInCRL(cert
, context
, 0, NULL
, &entry
) &&
614 ok(count
== 1 || broken(count
== 0 /* Win9x, NT4 */),
615 "expected 1 matching CRLs, got %d\n", count
);
616 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
618 CertFreeCertificateContext(cert
);
620 CertCloseStore(store
, 0);
622 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
623 * eeCert) whose end certificate is in the CRL.
625 store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
626 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
627 /* Add a CRL for the end certificate */
628 CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
629 rootSignedCRL
, sizeof(rootSignedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
630 /* Add another CRL unrelated to the tested chain */
631 CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
632 verisignCRL
, sizeof(verisignCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
633 endCert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
634 eeCert
, sizeof(eeCert
));
635 rootCert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
636 rootWithKeySignAndCRLSign
, sizeof(rootWithKeySignAndCRLSign
));
637 issuedForPara
.pSubjectCert
= endCert
;
638 issuedForPara
.pIssuerCert
= rootCert
;
640 count
= revoked_count
= 0;
642 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
643 &issuedForPara
, context
);
649 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
654 ok(count
== 1 || broken(count
== 0 /* Win9x, NT4 */),
655 "expected 1 matching CRLs, got %d\n", count
);
656 ok(revoked_count
== 1 || broken(revoked_count
== 0 /* Win9x, NT4 */),
657 "expected 1 matching CRL entries, got %d\n", revoked_count
);
659 /* Test CRL_FIND_ISSUED_BY flags */
660 count
= revoked_count
= 0;
662 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
,
669 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
674 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
675 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
677 count
= revoked_count
= 0;
679 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
,
686 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
691 ok(count
== 1, "expected 1 matching CRLs, got %d\n", count
);
692 ok(revoked_count
== 1, "expected 1 matching CRL entries, got %d\n",
694 count
= revoked_count
= 0;
696 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_AKI_FLAG
,
697 CRL_FIND_ISSUED_BY
, endCert
, context
);
703 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
708 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
709 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
711 count
= revoked_count
= 0;
713 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_AKI_FLAG
,
714 CRL_FIND_ISSUED_BY
, rootCert
, context
);
720 if (pCertFindCertificateInCRL(rootCert
, context
, 0, NULL
, &entry
) &&
725 ok(count
== 0 || broken(count
== 1 /* Win9x */),
726 "expected 0 matching CRLs, got %d\n", count
);
727 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
729 count
= revoked_count
= 0;
731 context
= pCertFindCRLInStore(store
, 0,
732 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
, CRL_FIND_ISSUED_BY
, endCert
,
739 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
744 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
745 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
747 count
= revoked_count
= 0;
749 context
= pCertFindCRLInStore(store
, 0,
750 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
, CRL_FIND_ISSUED_BY
, rootCert
,
757 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
762 ok(count
== 1, "expected 1 matching CRLs, got %d\n", count
);
763 ok(revoked_count
== 1, "expected 1 matching CRL entries, got %d\n",
765 CertFreeCertificateContext(rootCert
);
766 CertFreeCertificateContext(endCert
);
768 CertCloseStore(store
, 0);
771 static void testGetCRLFromStore(void)
773 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
774 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
775 PCCRL_CONTEXT context
;
780 ok(store
!= NULL
, "CertOpenStore failed: %08x\n", GetLastError());
784 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
785 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
790 context
= CertGetCRLFromStore(store
, NULL
, NULL
, &flags
);
791 ok(!context
&& GetLastError() == E_INVALIDARG
,
792 "Expected E_INVALIDARG, got %08x\n", GetLastError());
794 /* Test an empty store */
796 context
= CertGetCRLFromStore(store
, NULL
, NULL
, &flags
);
797 ok(context
== NULL
&& GetLastError() == CRYPT_E_NOT_FOUND
,
798 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
800 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
801 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
802 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
804 /* NULL matches any CRL */
806 context
= CertGetCRLFromStore(store
, NULL
, NULL
, &flags
);
807 ok(context
!= NULL
, "Expected a context\n");
808 CertFreeCRLContext(context
);
810 /* This cert's issuer isn't in */
811 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert2
,
813 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
815 context
= CertGetCRLFromStore(store
, cert
, NULL
, &flags
);
816 ok(context
== NULL
&& GetLastError() == CRYPT_E_NOT_FOUND
,
817 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
818 CertFreeCertificateContext(cert
);
820 /* But this one is */
821 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
823 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
825 context
= CertGetCRLFromStore(store
, cert
, NULL
, &flags
);
826 ok(context
!= NULL
, "Expected a context\n");
827 CertFreeCRLContext(context
);
828 CertFreeCertificateContext(cert
);
830 CertCloseStore(store
, 0);
833 static void checkCRLHash(const BYTE
*data
, DWORD dataLen
, ALG_ID algID
,
834 PCCRL_CONTEXT context
, DWORD propID
)
836 BYTE hash
[20] = { 0 }, hashProperty
[20];
840 memset(hash
, 0, sizeof(hash
));
841 memset(hashProperty
, 0, sizeof(hashProperty
));
843 ret
= CryptHashCertificate(0, algID
, 0, data
, dataLen
, hash
, &size
);
844 ok(ret
, "CryptHashCertificate failed: %08x\n", GetLastError());
845 ret
= CertGetCRLContextProperty(context
, propID
, hashProperty
, &size
);
846 ok(ret
, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
847 ok(!memcmp(hash
, hashProperty
, size
), "Unexpected hash for property %d\n",
851 static void testCRLProperties(void)
853 PCCRL_CONTEXT context
= CertCreateCRLContext(X509_ASN_ENCODING
,
856 ok(context
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
859 DWORD propID
, numProps
, access
, size
;
861 BYTE hash
[20] = { 0 }, hashProperty
[20];
862 CRYPT_DATA_BLOB blob
;
865 propID = CertEnumCRLContextProperties(NULL, 0);
871 propID
= CertEnumCRLContextProperties(context
, propID
);
874 } while (propID
!= 0);
875 ok(numProps
== 0, "Expected 0 properties, got %d\n", numProps
);
877 /* Tests with a NULL cert context. Prop ID 0 fails.. */
878 ret
= CertSetCRLContextProperty(NULL
, 0, 0, NULL
);
879 ok(!ret
&& GetLastError() == E_INVALIDARG
,
880 "Expected E_INVALIDARG, got %08x\n", GetLastError());
881 /* while this just crashes.
882 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
886 ret
= CertSetCRLContextProperty(context
, 0, 0, NULL
);
887 ok(!ret
&& GetLastError() == E_INVALIDARG
,
888 "Expected E_INVALIDARG, got %08x\n", GetLastError());
889 /* Can't set the cert property directly, this crashes.
890 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
894 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
896 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
897 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
902 ret
= CertGetCRLContextProperty(context
, CERT_KEY_PROV_INFO_PROP_ID
,
904 ok(!ret
&& GetLastError() == CRYPT_E_NOT_FOUND
,
905 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
906 /* And, an implicit property */
907 ret
= CertGetCRLContextProperty(context
, CERT_ACCESS_STATE_PROP_ID
,
909 ok(ret
, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
910 ret
= CertGetCRLContextProperty(context
, CERT_ACCESS_STATE_PROP_ID
,
912 ok(ret
, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
913 ok(!(access
& CERT_ACCESS_STATE_WRITE_PERSIST_FLAG
),
914 "Didn't expect a persisted crl\n");
915 /* Trying to set this "read only" property crashes.
916 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
917 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
921 /* Can I set the hash to an invalid hash? */
923 blob
.cbData
= sizeof(hash
);
924 ret
= CertSetCRLContextProperty(context
, CERT_HASH_PROP_ID
, 0, &blob
);
925 ok(ret
, "CertSetCRLContextProperty failed: %08x\n",
927 size
= sizeof(hashProperty
);
928 ret
= CertGetCRLContextProperty(context
, CERT_HASH_PROP_ID
,
929 hashProperty
, &size
);
930 ok(ret
, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
931 ok(!memcmp(hashProperty
, hash
, sizeof(hash
)), "Unexpected hash\n");
932 /* Delete the (bogus) hash, and get the real one */
933 ret
= CertSetCRLContextProperty(context
, CERT_HASH_PROP_ID
, 0, NULL
);
934 ok(ret
, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
935 checkCRLHash(CRL
, sizeof(CRL
), CALG_SHA1
, context
, CERT_HASH_PROP_ID
);
937 /* Now that the hash property is set, we should get one property when
943 propID
= CertEnumCRLContextProperties(context
, propID
);
946 } while (propID
!= 0);
947 ok(numProps
== 1, "Expected 1 properties, got %d\n", numProps
);
949 /* Check a few other implicit properties */
950 checkCRLHash(CRL
, sizeof(CRL
), CALG_MD5
, context
,
951 CERT_MD5_HASH_PROP_ID
);
953 CertFreeCRLContext(context
);
957 static const BYTE bigCertWithCRLDistPoints
[] = {
958 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
959 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
960 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
961 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
962 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
963 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
964 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
965 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
966 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
967 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
968 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
971 static void testIsValidCRLForCert(void)
974 PCCERT_CONTEXT cert1
, cert2
, cert3
;
978 if(!pCertIsValidCRLForCertificate
) return;
980 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v1CRLWithIssuerAndEntry
,
981 sizeof(v1CRLWithIssuerAndEntry
));
982 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
983 cert1
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
985 ok(cert1
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
989 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
990 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
993 /* Curiously, any CRL is valid for the NULL certificate */
994 ret
= pCertIsValidCRLForCertificate(NULL
, crl
, 0, NULL
);
995 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
997 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
998 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
999 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1001 cert2
= CertCreateCertificateContext(X509_ASN_ENCODING
,
1002 bigCertWithDifferentIssuer
, sizeof(bigCertWithDifferentIssuer
));
1003 ok(cert2
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
1006 /* Yet more curious: different issuers for these, yet the CRL is valid for
1007 * that cert. According to MSDN, the relevant bit to check is whether the
1008 * CRL has a CRL_ISSUING_DIST_POINT extension.
1010 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1011 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1013 CertFreeCRLContext(crl
);
1015 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
1016 * cert doesn't have the same extension in it.
1018 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v2CRLWithIssuingDistPoint
,
1019 sizeof(v2CRLWithIssuingDistPoint
));
1020 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
1022 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
1023 ok(!ret
&& GetLastError() == CRYPT_E_NO_MATCH
,
1024 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1025 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1026 ok(!ret
&& GetLastError() == CRYPT_E_NO_MATCH
,
1027 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1029 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1030 * a CRL_DIST_POINTS_INFO extension.
1032 cert3
= CertCreateCertificateContext(X509_ASN_ENCODING
,
1033 bigCertWithCRLDistPoints
, sizeof(bigCertWithCRLDistPoints
));
1034 ok(cert3
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
1036 ret
= pCertIsValidCRLForCertificate(cert3
, crl
, 0, NULL
);
1037 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1039 CertFreeCRLContext(crl
);
1041 /* And again, with a real CRL, the CRL is valid for all three certs. */
1042 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, verisignCRL
,
1043 sizeof(verisignCRL
));
1044 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
1046 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
1047 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1048 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1049 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1050 ret
= pCertIsValidCRLForCertificate(cert3
, crl
, 0, NULL
);
1051 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1053 CertFreeCRLContext(crl
);
1055 /* One last test: a CRL in a different store than the cert is also valid
1058 store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, X509_ASN_ENCODING
, 0,
1059 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1060 ok(store
!= NULL
, "CertOpenStore failed: %08x\n", GetLastError());
1062 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, verisignCRL
,
1063 sizeof(verisignCRL
), CERT_STORE_ADD_ALWAYS
, &crl
);
1064 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1066 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
1067 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1068 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1069 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1070 ret
= pCertIsValidCRLForCertificate(cert3
, crl
, 0, NULL
);
1071 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1073 CertFreeCRLContext(crl
);
1075 CertCloseStore(store
, 0);
1077 CertFreeCertificateContext(cert3
);
1078 CertFreeCertificateContext(cert2
);
1079 CertFreeCertificateContext(cert1
);
1082 static const BYTE crlWithDifferentIssuer
[] = {
1083 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1084 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1085 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1086 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1087 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1089 static void testFindCertInCRL(void)
1092 PCCERT_CONTEXT cert
;
1096 if (!pCertFindCertificateInCRL
)
1098 win_skip("CertFindCertificateInCRL() is not available\n");
1102 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
1104 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
1108 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1109 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1110 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1111 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1112 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1113 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1114 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1117 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, verisignCRL
,
1118 sizeof(verisignCRL
));
1119 ret
= pCertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1120 ok(ret
, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1121 ok(entry
== NULL
, "Expected not to find an entry in CRL\n");
1122 CertFreeCRLContext(crl
);
1124 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v1CRLWithIssuerAndEntry
,
1125 sizeof(v1CRLWithIssuerAndEntry
));
1126 ret
= pCertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1127 ok(ret
, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1128 ok(entry
!= NULL
, "Expected to find an entry in CRL\n");
1129 CertFreeCRLContext(crl
);
1131 /* Entry found even though CRL issuer doesn't match cert issuer */
1132 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, crlWithDifferentIssuer
,
1133 sizeof(crlWithDifferentIssuer
));
1134 ret
= pCertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1135 ok(ret
, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1136 ok(entry
!= NULL
, "Expected to find an entry in CRL\n");
1137 CertFreeCRLContext(crl
);
1139 CertFreeCertificateContext(cert
);
1142 static void testVerifyCRLRevocation(void)
1145 PCCERT_CONTEXT cert
;
1148 ret
= CertVerifyCRLRevocation(0, NULL
, 0, NULL
);
1149 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1150 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, NULL
, 0, NULL
);
1151 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1153 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
1156 /* Check against no CRL */
1157 ret
= CertVerifyCRLRevocation(0, cert
->pCertInfo
, 0, NULL
);
1158 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1159 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 0, NULL
);
1160 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1162 /* Check against CRL with entry for the cert */
1163 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v1CRLWithIssuerAndEntry
,
1164 sizeof(v1CRLWithIssuerAndEntry
));
1165 ret
= CertVerifyCRLRevocation(0, cert
->pCertInfo
, 1,
1166 (PCRL_INFO
*)&crl
->pCrlInfo
);
1167 ok(!ret
, "CertVerifyCRLRevocation should have been revoked\n");
1168 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 1,
1169 (PCRL_INFO
*)&crl
->pCrlInfo
);
1170 ok(!ret
, "CertVerifyCRLRevocation should have been revoked\n");
1171 CertFreeCRLContext(crl
);
1173 /* Check against CRL with different issuer and entry for the cert */
1174 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, crlWithDifferentIssuer
,
1175 sizeof(crlWithDifferentIssuer
));
1176 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
1177 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 1,
1178 (PCRL_INFO
*)&crl
->pCrlInfo
);
1179 ok(!ret
, "CertVerifyCRLRevocation should have been revoked\n");
1180 CertFreeCRLContext(crl
);
1182 /* Check against CRL without entry for the cert */
1183 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, verisignCRL
,
1184 sizeof(verisignCRL
));
1185 ret
= CertVerifyCRLRevocation(0, cert
->pCertInfo
, 1,
1186 (PCRL_INFO
*)&crl
->pCrlInfo
);
1187 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1188 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 1,
1189 (PCRL_INFO
*)&crl
->pCrlInfo
);
1190 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1191 CertFreeCRLContext(crl
);
1193 CertFreeCertificateContext(cert
);
1198 init_function_pointers();
1204 testGetCRLFromStore();
1206 testCRLProperties();
1208 testIsValidCRLForCert();
1209 testFindCertInCRL();
1210 testVerifyCRLRevocation();