projects / reactos.git / blob
? search:


32460e32d96e7208f46622b0d854c25548c151a1
[reactos.git] / modules / rostests / winetests / crypt32 / crl.c
1 /*
2 * crypt32 CRL functions tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include "precomp.h"
22
23 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
24 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
25 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
26 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
27 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
28 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
29 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
30 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
31 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
32 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
33 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
44 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
45 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
46 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
47 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
48 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
49 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
50 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
51 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
52 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
53 0x02, 0x01, 0x01 };
54 static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
55 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
56 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
57 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
58 0x5a };
59 static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
60 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
61 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
62 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
63 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
64 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
65 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
66 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
67 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
68 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
69
70 static BOOL (WINAPI *pCertFindCertificateInCRL)(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
71 static PCCRL_CONTEXT (WINAPI *pCertFindCRLInStore)(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCRL_CONTEXT);
72 static BOOL (WINAPI *pCertIsValidCRLForCertificate)(PCCERT_CONTEXT, PCCRL_CONTEXT, DWORD, void*);
73
74 static void init_function_pointers(void)
75 {
76 HMODULE hdll = GetModuleHandleA("crypt32.dll");
77 pCertFindCertificateInCRL = (void*)GetProcAddress(hdll, "CertFindCertificateInCRL");
78 pCertFindCRLInStore = (void*)GetProcAddress(hdll, "CertFindCRLInStore");
79 pCertIsValidCRLForCertificate = (void*)GetProcAddress(hdll, "CertIsValidCRLForCertificate");
80 }
81
82 static void testCreateCRL(void)
83 {
84 PCCRL_CONTEXT context;
85 DWORD GLE;
86
87 context = CertCreateCRLContext(0, NULL, 0);
88 ok(!context && GetLastError() == E_INVALIDARG,
89 "Expected E_INVALIDARG, got %08x\n", GetLastError());
90 context = CertCreateCRLContext(X509_ASN_ENCODING, NULL, 0);
91 GLE = GetLastError();
92 ok(!context && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
93 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
94 context = CertCreateCRLContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
95 ok(!context, "Expected failure\n");
96 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
97 sizeof(signedCRL) - 1);
98 ok(!context, "Expected failure\n");
99 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
100 sizeof(signedCRL));
101 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
102 if (context)
103 CertFreeCRLContext(context);
104 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
105 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
106 if (context)
107 CertFreeCRLContext(context);
108 }
109
110 static void testDupCRL(void)
111 {
112 PCCRL_CONTEXT context, dupContext;
113 BOOL res;
114
115 context = CertDuplicateCRLContext(NULL);
116 ok(context == NULL, "expected NULL\n");
117 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
118 sizeof(signedCRL));
119 dupContext = CertDuplicateCRLContext(context);
120 ok(dupContext != NULL, "expected a context\n");
121 ok(dupContext == context, "expected identical context addresses\n");
122
123 res = CertFreeCRLContext(dupContext);
124 ok(res, "CertFreeCRLContext failed\n");
125
126 res = CertFreeCRLContext(context);
127 ok(res, "CertFreeCRLContext failed\n");
128
129 res = CertFreeCRLContext(NULL);
130 ok(res, "CertFreeCRLContext failed\n");
131 }
132
133 static void testAddCRL(void)
134 {
135 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
136 CERT_STORE_CREATE_NEW_FLAG, NULL);
137 PCCRL_CONTEXT context, context2;
138 BOOL ret;
139 DWORD GLE;
140
141 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
142 if (!store) return;
143
144 /* Bad CRL encoding type */
145 ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
146 ok(!ret && GetLastError() == E_INVALIDARG,
147 "Expected E_INVALIDARG, got %08x\n", GetLastError());
148 ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
149 ok(!ret && GetLastError() == E_INVALIDARG,
150 "Expected E_INVALIDARG, got %08x\n", GetLastError());
151 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
152 ok(!ret && GetLastError() == E_INVALIDARG,
153 "Expected E_INVALIDARG, got %08x\n", GetLastError());
154 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
155 NULL);
156 ok(!ret && GetLastError() == E_INVALIDARG,
157 "Expected E_INVALIDARG, got %08x\n", GetLastError());
158 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL),
159 CERT_STORE_ADD_ALWAYS, NULL);
160 ok(!ret && GetLastError() == E_INVALIDARG,
161 "Expected E_INVALIDARG, got %08x\n", GetLastError());
162 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
163 CERT_STORE_ADD_ALWAYS, NULL);
164 ok(!ret && GetLastError() == E_INVALIDARG,
165 "Expected E_INVALIDARG, got %08x\n", GetLastError());
166
167 /* No CRL */
168 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, NULL, 0, 0, NULL);
169 GLE = GetLastError();
170 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
171 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
172 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, NULL, 0, 0, NULL);
173 GLE = GetLastError();
174 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
175 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
176
177 /* Weird--bad add disposition leads to an access violation in Windows.
178 * Both tests crash on some win9x boxes.
179 */
180 if (0)
181 {
182 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
183 sizeof(signedCRL), 0, NULL);
184 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
185 GetLastError() == E_INVALIDARG /* Vista */),
186 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
187 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
188 sizeof(signedCRL), 0, NULL);
189 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
190 GetLastError() == E_INVALIDARG /* Vista */),
191 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
192 }
193
194 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
195 */
196 context = NULL;
197 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
198 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
199 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
200 if (context)
201 CertFreeCRLContext(context);
202
203 /* Normal cases: a "signed" CRL is okay.. */
204 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
205 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
206 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
207 /* and an unsigned one is too. */
208 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, CRL, sizeof(CRL),
209 CERT_STORE_ADD_ALWAYS, NULL);
210 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
211
212 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
213 sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
214 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
215 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
216
217 /* This should replace (one of) the existing CRL(s). */
218 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
219 sizeof(newerCRL), CERT_STORE_ADD_NEWER, NULL);
220 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
221
222 CertCloseStore(store, 0);
223
224 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
225 ok(store != NULL, "CertOpenStore failed\n");
226
227 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
228 ok(context != NULL, "CertCreateCRLContext failed\n");
229
230 ret = CertAddCRLContextToStore(store, context, CERT_STORE_ADD_NEW, &context2);
231 ok(ret, "CertAddCRLContextToStore failed\n");
232 ok(context2 != NULL && context2 != context, "unexpected context2\n");
233
234 ok(context->pbCrlEncoded != context2->pbCrlEncoded, "Unexpected pbCrlEncoded\n");
235 ok(context->cbCrlEncoded == context2->cbCrlEncoded, "Unexpected cbCrlEncoded\n");
236 ok(context->pCrlInfo != context2->pCrlInfo, "Unexpected pCrlInfo\n");
237
238 CertFreeCRLContext(context2);
239 CertFreeCRLContext(context);
240 CertCloseStore(store, 0);
241 }
242
243 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
244 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
245 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
246 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
247 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
248 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
249 static const BYTE v2CRLWithIssuingDistPoint[] = {
250 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
251 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
252 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
253 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
254 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
255 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
256 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
257 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
258 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
259 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
260 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
261 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
262 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
263 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
264 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
265 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
266 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
267 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
268 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
269 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
270 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
271 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
272 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
273 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
274 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
275 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
276 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
277 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
278 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
279 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
280 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
281 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
282 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
283 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
284 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
285 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
286 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
287 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
288 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
289 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
290 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
291 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
292 0xcd };
293 static const BYTE verisignCommercialSoftPubCA[] = {
294 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
295 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
296 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
297 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
298 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
299 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
300 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
301 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
302 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
303 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
304 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
305 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
306 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
307 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
308 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
309 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
310 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
311 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
312 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
313 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
314 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
315 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
316 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
317 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
318 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
319 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
320 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
321 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
322 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
323 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
324 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
325 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
326 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
327 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
328 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
329 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
330 0x64,0x31,0x3c,0x3c
331 };
332 static const BYTE rootWithKeySignAndCRLSign[] = {
333 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
334 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
335 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
336 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
337 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
338 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
339 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
340 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
341 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
342 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
343 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
344 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
345 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
346 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
347 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
348 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
349 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
350 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
351 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
352 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
353 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
354 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
355 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
356 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
357 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
358 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
359 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
360 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
361 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
362 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
363 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
364 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
365 0x2e,0x84,0xee };
366 static const BYTE eeCert[] = {
367 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
368 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
369 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
370 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
371 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
372 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
373 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
374 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
375 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
376 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
377 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
378 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
379 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
380 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
381 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
382 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
383 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
384 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
385 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
386 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
387 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
388 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
389 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
390 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
391 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
392 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
393 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
394 0xef,0x9f };
395 static const BYTE rootSignedCRL[] = {
396 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
397 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
398 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
399 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
400 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
401 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
402 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
403 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
404 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
405 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
406 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
407 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
408 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
409 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
410 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
411 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
412 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
413 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
414 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
415 0x3d,0x74,0xd6,0x3b };
416
417 static void testFindCRL(void)
418 {
419 HCERTSTORE store;
420 PCCRL_CONTEXT context;
421 PCCERT_CONTEXT cert, endCert, rootCert;
422 CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
423 DWORD count, revoked_count;
424 BOOL ret;
425
426 if (!pCertFindCRLInStore || !pCertFindCertificateInCRL)
427 {
428 win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
429 return;
430 }
431
432 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
433 CERT_STORE_CREATE_NEW_FLAG, NULL);
434 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
435 if (!store) return;
436
437 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
438 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
439 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
440
441 /* Crashes
442 context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
443 */
444
445 /* Find any context */
446 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
447 ok(context != NULL, "Expected a context\n");
448 if (context)
449 CertFreeCRLContext(context);
450 /* Bogus flags are ignored */
451 context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
452 ok(context != NULL, "Expected a context\n");
453 if (context)
454 CertFreeCRLContext(context);
455 /* CRL encoding type is ignored too */
456 context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
457 ok(context != NULL, "Expected a context\n");
458 if (context)
459 CertFreeCRLContext(context);
460
461 /* This appears to match any cert */
462 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
463 ok(context != NULL, "Expected a context\n");
464 if (context)
465 CertFreeCRLContext(context);
466
467 /* Try to match an issuer that isn't in the store */
468 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
469 sizeof(bigCert2));
470 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
471 GetLastError());
472 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
473 ok(context == NULL, "Expected no matching context\n");
474 CertFreeCertificateContext(cert);
475
476 /* Match an issuer that is in the store */
477 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
478 sizeof(bigCert));
479 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
480 GetLastError());
481 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
482 ok(context != NULL, "Expected a context\n");
483 if (context)
484 CertFreeCRLContext(context);
485
486 /* Try various find flags */
487 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
488 CRL_FIND_ISSUED_BY, cert, NULL);
489 ok(!context || broken(context != NULL /* Win9x */), "unexpected context\n");
490 /* The CRL doesn't have an AKI extension, so it matches any cert */
491 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
492 CRL_FIND_ISSUED_BY, cert, NULL);
493 ok(context != NULL, "Expected a context\n");
494 if (context)
495 CertFreeCRLContext(context);
496
497 if (0)
498 {
499 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
500 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
501 NULL);
502 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
503 &issuedForPara, NULL);
504 }
505 /* Test whether the cert matches the CRL in the store */
506 issuedForPara.pSubjectCert = cert;
507 issuedForPara.pIssuerCert = cert;
508 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
509 &issuedForPara, NULL);
510 ok(context != NULL || broken(!context /* Win9x, NT4 */),
511 "Expected a context\n");
512 if (context)
513 {
514 ok(context->cbCrlEncoded == sizeof(signedCRL),
515 "unexpected CRL size %d\n", context->cbCrlEncoded);
516 ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
517 "unexpected CRL data\n");
518 CertFreeCRLContext(context);
519 }
520
521 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
522 v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry),
523 CERT_STORE_ADD_ALWAYS, NULL);
524 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
525 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
526 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
527 CERT_STORE_ADD_ALWAYS, NULL);
528 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
529 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
530 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
531 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
532 issuedForPara.pSubjectCert = cert;
533 issuedForPara.pIssuerCert = cert;
534 context = NULL;
535 count = revoked_count = 0;
536 do {
537 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
538 &issuedForPara, context);
539 if (context)
540 {
541 PCRL_ENTRY entry;
542
543 count++;
544 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
545 entry)
546 revoked_count++;
547 }
548 } while (context);
549 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
550 * match cert's issuer, but verisignCRL does not, so the expected count
551 * is 0.
552 */
553 ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
554 "expected 3 matching CRLs, got %d\n", count);
555 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
556 * entries, so the count of CRL entries that match cert is 2.
557 */
558 ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
559 "expected 2 matching CRL entries, got %d\n", revoked_count);
560
561 CertFreeCertificateContext(cert);
562
563 /* Try again with a cert that doesn't match any CRLs in the store */
564 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
565 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
566 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
567 GetLastError());
568 issuedForPara.pSubjectCert = cert;
569 issuedForPara.pIssuerCert = cert;
570 context = NULL;
571 count = revoked_count = 0;
572 do {
573 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
574 &issuedForPara, context);
575 if (context)
576 {
577 PCRL_ENTRY entry;
578
579 count++;
580 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
581 entry)
582 revoked_count++;
583 }
584 } while (context);
585 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
586 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
587 revoked_count);
588 CertFreeCertificateContext(cert);
589
590 /* Test again with a real certificate and CRL. The certificate wasn't
591 * revoked, but its issuer does have a CRL.
592 */
593 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
594 verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA));
595 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
596 GetLastError());
597 issuedForPara.pIssuerCert = cert;
598 issuedForPara.pSubjectCert = cert;
599 context = NULL;
600 count = revoked_count = 0;
601 do {
602 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
603 &issuedForPara, context);
604 if (context)
605 {
606 PCRL_ENTRY entry;
607
608 count++;
609 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
610 entry)
611 revoked_count++;
612 }
613 } while (context);
614 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
615 "expected 1 matching CRLs, got %d\n", count);
616 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
617 revoked_count);
618 CertFreeCertificateContext(cert);
619
620 CertCloseStore(store, 0);
621
622 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
623 * eeCert) whose end certificate is in the CRL.
624 */
625 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
626 CERT_STORE_CREATE_NEW_FLAG, NULL);
627 /* Add a CRL for the end certificate */
628 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
629 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
630 /* Add another CRL unrelated to the tested chain */
631 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
632 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
633 endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
634 eeCert, sizeof(eeCert));
635 rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
636 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
637 issuedForPara.pSubjectCert = endCert;
638 issuedForPara.pIssuerCert = rootCert;
639 context = NULL;
640 count = revoked_count = 0;
641 do {
642 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
643 &issuedForPara, context);
644 if (context)
645 {
646 PCRL_ENTRY entry;
647
648 count++;
649 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
650 entry)
651 revoked_count++;
652 }
653 } while (context);
654 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
655 "expected 1 matching CRLs, got %d\n", count);
656 ok(revoked_count == 1 || broken(revoked_count == 0 /* Win9x, NT4 */),
657 "expected 1 matching CRL entries, got %d\n", revoked_count);
658
659 /* Test CRL_FIND_ISSUED_BY flags */
660 count = revoked_count = 0;
661 do {
662 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
663 endCert, context);
664 if (context)
665 {
666 PCRL_ENTRY entry;
667
668 count++;
669 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
670 entry)
671 revoked_count++;
672 }
673 } while (context);
674 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
675 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
676 revoked_count);
677 count = revoked_count = 0;
678 do {
679 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
680 rootCert, context);
681 if (context)
682 {
683 PCRL_ENTRY entry;
684
685 count++;
686 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
687 entry)
688 revoked_count++;
689 }
690 } while (context);
691 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
692 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
693 revoked_count);
694 count = revoked_count = 0;
695 do {
696 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
697 CRL_FIND_ISSUED_BY, endCert, context);
698 if (context)
699 {
700 PCRL_ENTRY entry;
701
702 count++;
703 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
704 entry)
705 revoked_count++;
706 }
707 } while (context);
708 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
709 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
710 revoked_count);
711 count = revoked_count = 0;
712 do {
713 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
714 CRL_FIND_ISSUED_BY, rootCert, context);
715 if (context)
716 {
717 PCRL_ENTRY entry;
718
719 count++;
720 if (pCertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
721 entry)
722 revoked_count++;
723 }
724 } while (context);
725 ok(count == 0 || broken(count == 1 /* Win9x */),
726 "expected 0 matching CRLs, got %d\n", count);
727 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
728 revoked_count);
729 count = revoked_count = 0;
730 do {
731 context = pCertFindCRLInStore(store, 0,
732 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
733 context);
734 if (context)
735 {
736 PCRL_ENTRY entry;
737
738 count++;
739 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
740 entry)
741 revoked_count++;
742 }
743 } while (context);
744 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
745 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
746 revoked_count);
747 count = revoked_count = 0;
748 do {
749 context = pCertFindCRLInStore(store, 0,
750 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
751 context);
752 if (context)
753 {
754 PCRL_ENTRY entry;
755
756 count++;
757 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
758 entry)
759 revoked_count++;
760 }
761 } while (context);
762 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
763 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
764 revoked_count);
765 CertFreeCertificateContext(rootCert);
766 CertFreeCertificateContext(endCert);
767
768 CertCloseStore(store, 0);
769 }
770
771 static void testGetCRLFromStore(void)
772 {
773 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
774 CERT_STORE_CREATE_NEW_FLAG, NULL);
775 PCCRL_CONTEXT context;
776 PCCERT_CONTEXT cert;
777 DWORD flags;
778 BOOL ret;
779
780 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
781 if (!store) return;
782
783 /* Crash
784 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
785 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
786 */
787
788 /* Bogus flags */
789 flags = 0xffffffff;
790 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
791 ok(!context && GetLastError() == E_INVALIDARG,
792 "Expected E_INVALIDARG, got %08x\n", GetLastError());
793
794 /* Test an empty store */
795 flags = 0;
796 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
797 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
798 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
799
800 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
801 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
802 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
803
804 /* NULL matches any CRL */
805 flags = 0;
806 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
807 ok(context != NULL, "Expected a context\n");
808 CertFreeCRLContext(context);
809
810 /* This cert's issuer isn't in */
811 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
812 sizeof(bigCert2));
813 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
814 GetLastError());
815 context = CertGetCRLFromStore(store, cert, NULL, &flags);
816 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
817 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
818 CertFreeCertificateContext(cert);
819
820 /* But this one is */
821 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
822 sizeof(bigCert));
823 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
824 GetLastError());
825 context = CertGetCRLFromStore(store, cert, NULL, &flags);
826 ok(context != NULL, "Expected a context\n");
827 CertFreeCRLContext(context);
828 CertFreeCertificateContext(cert);
829
830 CertCloseStore(store, 0);
831 }
832
833 static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
834 PCCRL_CONTEXT context, DWORD propID)
835 {
836 BYTE hash[20] = { 0 }, hashProperty[20];
837 BOOL ret;
838 DWORD size;
839
840 memset(hash, 0, sizeof(hash));
841 memset(hashProperty, 0, sizeof(hashProperty));
842 size = sizeof(hash);
843 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
844 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
845 ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
846 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
847 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
848 propID);
849 }
850
851 static void testCRLProperties(void)
852 {
853 PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING,
854 CRL, sizeof(CRL));
855
856 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
857 if (context)
858 {
859 DWORD propID, numProps, access, size;
860 BOOL ret;
861 BYTE hash[20] = { 0 }, hashProperty[20];
862 CRYPT_DATA_BLOB blob;
863
864 /* This crashes
865 propID = CertEnumCRLContextProperties(NULL, 0);
866 */
867
868 propID = 0;
869 numProps = 0;
870 do {
871 propID = CertEnumCRLContextProperties(context, propID);
872 if (propID)
873 numProps++;
874 } while (propID != 0);
875 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
876
877 /* Tests with a NULL cert context. Prop ID 0 fails.. */
878 ret = CertSetCRLContextProperty(NULL, 0, 0, NULL);
879 ok(!ret && GetLastError() == E_INVALIDARG,
880 "Expected E_INVALIDARG, got %08x\n", GetLastError());
881 /* while this just crashes.
882 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
883 NULL);
884 */
885
886 ret = CertSetCRLContextProperty(context, 0, 0, NULL);
887 ok(!ret && GetLastError() == E_INVALIDARG,
888 "Expected E_INVALIDARG, got %08x\n", GetLastError());
889 /* Can't set the cert property directly, this crashes.
890 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
891 */
892
893 /* These all crash.
894 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
895 NULL);
896 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
897 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
898 hashProperty, NULL);
899 */
900 /* A missing prop */
901 size = 0;
902 ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
903 NULL, &size);
904 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
905 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
906 /* And, an implicit property */
907 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
908 NULL, &size);
909 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
910 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
911 &access, &size);
912 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
913 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
914 "Didn't expect a persisted crl\n");
915 /* Trying to set this "read only" property crashes.
916 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
917 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
918 &access);
919 */
920
921 /* Can I set the hash to an invalid hash? */
922 blob.pbData = hash;
923 blob.cbData = sizeof(hash);
924 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob);
925 ok(ret, "CertSetCRLContextProperty failed: %08x\n",
926 GetLastError());
927 size = sizeof(hashProperty);
928 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
929 hashProperty, &size);
930 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
931 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
932 /* Delete the (bogus) hash, and get the real one */
933 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL);
934 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
935 checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID);
936
937 /* Now that the hash property is set, we should get one property when
938 * enumerating.
939 */
940 propID = 0;
941 numProps = 0;
942 do {
943 propID = CertEnumCRLContextProperties(context, propID);
944 if (propID)
945 numProps++;
946 } while (propID != 0);
947 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
948
949 /* Check a few other implicit properties */
950 checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
951 CERT_MD5_HASH_PROP_ID);
952
953 CertFreeCRLContext(context);
954 }
955 }
956
957 static const BYTE bigCertWithCRLDistPoints[] = {
958 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
959 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
960 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
961 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
962 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
963 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
964 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
965 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
966 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
967 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
968 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
969 0x6f,0x72,0x67 };
970
971 static void testIsValidCRLForCert(void)
972 {
973 BOOL ret;
974 PCCERT_CONTEXT cert1, cert2, cert3;
975 PCCRL_CONTEXT crl;
976 HCERTSTORE store;
977
978 if(!pCertIsValidCRLForCertificate) return;
979
980 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
981 sizeof(v1CRLWithIssuerAndEntry));
982 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
983 cert1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
984 sizeof(bigCert));
985 ok(cert1 != NULL, "CertCreateCertificateContext failed: %08x\n",
986 GetLastError());
987
988 /* Crash
989 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
990 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
991 */
992
993 /* Curiously, any CRL is valid for the NULL certificate */
994 ret = pCertIsValidCRLForCertificate(NULL, crl, 0, NULL);
995 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
996
997 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
998 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
999 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1000
1001 cert2 = CertCreateCertificateContext(X509_ASN_ENCODING,
1002 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
1003 ok(cert2 != NULL, "CertCreateCertificateContext failed: %08x\n",
1004 GetLastError());
1005
1006 /* Yet more curious: different issuers for these, yet the CRL is valid for
1007 * that cert. According to MSDN, the relevant bit to check is whether the
1008 * CRL has a CRL_ISSUING_DIST_POINT extension.
1009 */
1010 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1011 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1012
1013 CertFreeCRLContext(crl);
1014
1015 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
1016 * cert doesn't have the same extension in it.
1017 */
1018 crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
1019 sizeof(v2CRLWithIssuingDistPoint));
1020 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1021
1022 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1023 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1024 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1025 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1026 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1027 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1028
1029 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1030 * a CRL_DIST_POINTS_INFO extension.
1031 */
1032 cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
1033 bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
1034 ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n",
1035 GetLastError());
1036 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1037 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1038
1039 CertFreeCRLContext(crl);
1040
1041 /* And again, with a real CRL, the CRL is valid for all three certs. */
1042 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1043 sizeof(verisignCRL));
1044 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1045
1046 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1047 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1048 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1049 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1050 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1051 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1052
1053 CertFreeCRLContext(crl);
1054
1055 /* One last test: a CRL in a different store than the cert is also valid
1056 * for the cert.
1057 */
1058 store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
1059 CERT_STORE_CREATE_NEW_FLAG, NULL);
1060 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1061
1062 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL,
1063 sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl);
1064 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1065
1066 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1067 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1068 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1069 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1070 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1071 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1072
1073 CertFreeCRLContext(crl);
1074
1075 CertCloseStore(store, 0);
1076
1077 CertFreeCertificateContext(cert3);
1078 CertFreeCertificateContext(cert2);
1079 CertFreeCertificateContext(cert1);
1080 }
1081
1082 static const BYTE crlWithDifferentIssuer[] = {
1083 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1084 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1085 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1086 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1087 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1088
1089 static void testFindCertInCRL(void)
1090 {
1091 BOOL ret;
1092 PCCERT_CONTEXT cert;
1093 PCCRL_CONTEXT crl;
1094 PCRL_ENTRY entry;
1095
1096 if (!pCertFindCertificateInCRL)
1097 {
1098 win_skip("CertFindCertificateInCRL() is not available\n");
1099 return;
1100 }
1101
1102 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1103 sizeof(bigCert));
1104 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
1105 GetLastError());
1106
1107 /* Crash
1108 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1109 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1110 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1111 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1112 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1113 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1114 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1115 */
1116
1117 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1118 sizeof(verisignCRL));
1119 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1120 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1121 ok(entry == NULL, "Expected not to find an entry in CRL\n");
1122 CertFreeCRLContext(crl);
1123
1124 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1125 sizeof(v1CRLWithIssuerAndEntry));
1126 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1127 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1128 ok(entry != NULL, "Expected to find an entry in CRL\n");
1129 CertFreeCRLContext(crl);
1130
1131 /* Entry found even though CRL issuer doesn't match cert issuer */
1132 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1133 sizeof(crlWithDifferentIssuer));
1134 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1135 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1136 ok(entry != NULL, "Expected to find an entry in CRL\n");
1137 CertFreeCRLContext(crl);
1138
1139 CertFreeCertificateContext(cert);
1140 }
1141
1142 static void testVerifyCRLRevocation(void)
1143 {
1144 BOOL ret;
1145 PCCERT_CONTEXT cert;
1146 PCCRL_CONTEXT crl;
1147
1148 ret = CertVerifyCRLRevocation(0, NULL, 0, NULL);
1149 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1150 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, NULL, 0, NULL);
1151 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1152
1153 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1154 sizeof(bigCert));
1155
1156 /* Check against no CRL */
1157 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1158 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1159 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 0, NULL);
1160 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1161
1162 /* Check against CRL with entry for the cert */
1163 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1164 sizeof(v1CRLWithIssuerAndEntry));
1165 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1166 (PCRL_INFO *)&crl->pCrlInfo);
1167 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1168 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1169 (PCRL_INFO *)&crl->pCrlInfo);
1170 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1171 CertFreeCRLContext(crl);
1172
1173 /* Check against CRL with different issuer and entry for the cert */
1174 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1175 sizeof(crlWithDifferentIssuer));
1176 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1177 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1178 (PCRL_INFO *)&crl->pCrlInfo);
1179 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1180 CertFreeCRLContext(crl);
1181
1182 /* Check against CRL without entry for the cert */
1183 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1184 sizeof(verisignCRL));
1185 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1186 (PCRL_INFO *)&crl->pCrlInfo);
1187 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1188 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1189 (PCRL_INFO *)&crl->pCrlInfo);
1190 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1191 CertFreeCRLContext(crl);
1192
1193 CertFreeCertificateContext(cert);
1194 }
1195
1196 START_TEST(crl)
1197 {
1198 init_function_pointers();
1199
1200 testCreateCRL();
1201 testDupCRL();
1202 testAddCRL();
1203 testFindCRL();
1204 testGetCRLFromStore();
1205
1206 testCRLProperties();
1207
1208 testIsValidCRLForCert();
1209 testFindCertInCRL();
1210 testVerifyCRLRevocation();
1211 }
A free Windows-compatible Operating System