2 * crypt32 CRL functions tests
4 * Copyright 2005-2006 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
27 //#include <winerror.h>
30 #include <wine/test.h>
33 static const BYTE bigCert
[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCert2
[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53 static const BYTE bigCertWithDifferentIssuer
[] = { 0x30, 0x7a, 0x02, 0x01,
54 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
64 static const BYTE CRL
[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
69 static const BYTE newerCRL
[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73 static const BYTE signedCRL
[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
80 static BOOL (WINAPI
*pCertFindCertificateInCRL
)(PCCERT_CONTEXT
,PCCRL_CONTEXT
,DWORD
,void*,PCRL_ENTRY
*);
81 static PCCRL_CONTEXT (WINAPI
*pCertFindCRLInStore
)(HCERTSTORE
,DWORD
,DWORD
,DWORD
,const void*,PCCRL_CONTEXT
);
82 static BOOL (WINAPI
*pCertIsValidCRLForCertificate
)(PCCERT_CONTEXT
, PCCRL_CONTEXT
, DWORD
, void*);
84 static void init_function_pointers(void)
86 HMODULE hdll
= GetModuleHandleA("crypt32.dll");
87 pCertFindCertificateInCRL
= (void*)GetProcAddress(hdll
, "CertFindCertificateInCRL");
88 pCertFindCRLInStore
= (void*)GetProcAddress(hdll
, "CertFindCRLInStore");
89 pCertIsValidCRLForCertificate
= (void*)GetProcAddress(hdll
, "CertIsValidCRLForCertificate");
92 static void testCreateCRL(void)
94 PCCRL_CONTEXT context
;
97 context
= CertCreateCRLContext(0, NULL
, 0);
98 ok(!context
&& GetLastError() == E_INVALIDARG
,
99 "Expected E_INVALIDARG, got %08x\n", GetLastError());
100 context
= CertCreateCRLContext(X509_ASN_ENCODING
, NULL
, 0);
101 GLE
= GetLastError();
102 ok(!context
&& (GLE
== CRYPT_E_ASN1_EOD
|| GLE
== OSS_MORE_INPUT
),
103 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE
);
104 context
= CertCreateCRLContext(X509_ASN_ENCODING
, bigCert
, sizeof(bigCert
));
105 ok(!context
, "Expected failure\n");
106 context
= CertCreateCRLContext(X509_ASN_ENCODING
, signedCRL
,
107 sizeof(signedCRL
) - 1);
108 ok(!context
, "Expected failure\n");
109 context
= CertCreateCRLContext(X509_ASN_ENCODING
, signedCRL
,
111 ok(context
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
113 CertFreeCRLContext(context
);
114 context
= CertCreateCRLContext(X509_ASN_ENCODING
, CRL
, sizeof(CRL
));
115 ok(context
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
117 CertFreeCRLContext(context
);
120 static void testDupCRL(void)
122 PCCRL_CONTEXT context
, dupContext
;
125 context
= CertDuplicateCRLContext(NULL
);
126 ok(context
== NULL
, "expected NULL\n");
127 context
= CertCreateCRLContext(X509_ASN_ENCODING
, signedCRL
,
129 dupContext
= CertDuplicateCRLContext(context
);
130 ok(dupContext
!= NULL
, "expected a context\n");
131 ok(dupContext
== context
, "expected identical context addresses\n");
133 res
= CertFreeCRLContext(dupContext
);
134 ok(res
, "CertFreeCRLContext failed\n");
136 res
= CertFreeCRLContext(context
);
137 ok(res
, "CertFreeCRLContext failed\n");
139 res
= CertFreeCRLContext(NULL
);
140 ok(res
, "CertFreeCRLContext failed\n");
143 static void testAddCRL(void)
145 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
146 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
147 PCCRL_CONTEXT context
, context2
;
153 /* Bad CRL encoding type */
154 ret
= CertAddEncodedCRLToStore(0, 0, NULL
, 0, 0, NULL
);
155 ok(!ret
&& GetLastError() == E_INVALIDARG
,
156 "Expected E_INVALIDARG, got %08x\n", GetLastError());
157 ret
= CertAddEncodedCRLToStore(store
, 0, NULL
, 0, 0, NULL
);
158 ok(!ret
&& GetLastError() == E_INVALIDARG
,
159 "Expected E_INVALIDARG, got %08x\n", GetLastError());
160 ret
= CertAddEncodedCRLToStore(0, 0, signedCRL
, sizeof(signedCRL
), 0, NULL
);
161 ok(!ret
&& GetLastError() == E_INVALIDARG
,
162 "Expected E_INVALIDARG, got %08x\n", GetLastError());
163 ret
= CertAddEncodedCRLToStore(store
, 0, signedCRL
, sizeof(signedCRL
), 0,
165 ok(!ret
&& GetLastError() == E_INVALIDARG
,
166 "Expected E_INVALIDARG, got %08x\n", GetLastError());
167 ret
= CertAddEncodedCRLToStore(0, 0, signedCRL
, sizeof(signedCRL
),
168 CERT_STORE_ADD_ALWAYS
, NULL
);
169 ok(!ret
&& GetLastError() == E_INVALIDARG
,
170 "Expected E_INVALIDARG, got %08x\n", GetLastError());
171 ret
= CertAddEncodedCRLToStore(store
, 0, signedCRL
, sizeof(signedCRL
),
172 CERT_STORE_ADD_ALWAYS
, NULL
);
173 ok(!ret
&& GetLastError() == E_INVALIDARG
,
174 "Expected E_INVALIDARG, got %08x\n", GetLastError());
177 ret
= CertAddEncodedCRLToStore(0, X509_ASN_ENCODING
, NULL
, 0, 0, NULL
);
178 GLE
= GetLastError();
179 ok(!ret
&& (GLE
== CRYPT_E_ASN1_EOD
|| GLE
== OSS_MORE_INPUT
),
180 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE
);
181 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, NULL
, 0, 0, NULL
);
182 GLE
= GetLastError();
183 ok(!ret
&& (GLE
== CRYPT_E_ASN1_EOD
|| GLE
== OSS_MORE_INPUT
),
184 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE
);
186 /* Weird--bad add disposition leads to an access violation in Windows.
187 * Both tests crash on some win9x boxes.
191 ret
= CertAddEncodedCRLToStore(0, X509_ASN_ENCODING
, signedCRL
,
192 sizeof(signedCRL
), 0, NULL
);
193 ok(!ret
&& (GetLastError() == STATUS_ACCESS_VIOLATION
||
194 GetLastError() == E_INVALIDARG
/* Vista */),
195 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
196 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
197 sizeof(signedCRL
), 0, NULL
);
198 ok(!ret
&& (GetLastError() == STATUS_ACCESS_VIOLATION
||
199 GetLastError() == E_INVALIDARG
/* Vista */),
200 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
203 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
206 ret
= CertAddEncodedCRLToStore(0, X509_ASN_ENCODING
, signedCRL
,
207 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, &context
);
208 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
210 CertFreeCRLContext(context
);
212 /* Normal cases: a "signed" CRL is okay.. */
213 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
214 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
215 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
216 /* and an unsigned one is too. */
217 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, CRL
, sizeof(CRL
),
218 CERT_STORE_ADD_ALWAYS
, NULL
);
219 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
221 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, newerCRL
,
222 sizeof(newerCRL
), CERT_STORE_ADD_NEW
, NULL
);
223 ok(!ret
&& GetLastError() == CRYPT_E_EXISTS
,
224 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
226 /* This should replace (one of) the existing CRL(s). */
227 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, newerCRL
,
228 sizeof(newerCRL
), CERT_STORE_ADD_NEWER
, NULL
);
229 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
231 CertCloseStore(store
, 0);
233 store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0, CERT_STORE_CREATE_NEW_FLAG
, NULL
);
234 ok(store
!= NULL
, "CertOpenStore failed\n");
236 context
= CertCreateCRLContext(X509_ASN_ENCODING
, CRL
, sizeof(CRL
));
237 ok(context
!= NULL
, "CertCreateCRLContext failed\n");
239 ret
= CertAddCRLContextToStore(store
, context
, CERT_STORE_ADD_NEW
, &context2
);
240 ok(ret
, "CertAddCRLContextToStore failed\n");
241 ok(context2
!= NULL
&& context2
!= context
, "unexpected context2\n");
243 ok(context
->pbCrlEncoded
!= context2
->pbCrlEncoded
, "Unexpected pbCrlEncoded\n");
244 ok(context
->cbCrlEncoded
== context2
->cbCrlEncoded
, "Unexpected cbCrlEncoded\n");
245 ok(context
->pCrlInfo
!= context2
->pCrlInfo
, "Unexpected pCrlInfo\n");
247 CertFreeCRLContext(context2
);
248 CertFreeCRLContext(context
);
249 CertCloseStore(store
, 0);
252 static const BYTE v1CRLWithIssuerAndEntry
[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
253 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
254 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
255 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
256 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
257 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
258 static const BYTE v2CRLWithIssuingDistPoint
[] = {
259 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
260 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
261 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
262 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
263 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
264 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
265 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
266 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
267 static const BYTE verisignCRL
[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
268 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
269 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
270 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
271 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
272 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
273 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
274 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
275 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
276 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
277 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
278 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
279 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
280 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
281 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
282 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
283 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
284 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
285 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
286 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
287 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
288 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
289 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
290 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
291 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
292 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
293 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
294 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
295 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
296 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
297 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
298 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
299 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
300 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
302 static const BYTE verisignCommercialSoftPubCA
[] = {
303 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
304 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
305 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
306 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
307 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
308 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
309 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
310 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
311 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
312 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
313 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
314 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
315 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
316 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
317 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
318 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
319 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
320 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
321 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
322 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
323 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
324 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
325 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
326 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
327 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
328 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
329 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
330 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
331 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
332 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
333 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
334 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
335 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
336 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
337 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
338 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
341 static const BYTE rootWithKeySignAndCRLSign
[] = {
342 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
343 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
344 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
345 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
346 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
347 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
348 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
349 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
350 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
351 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
352 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
353 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
354 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
355 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
356 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
357 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
358 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
359 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
360 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
361 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
362 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
363 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
364 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
365 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
366 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
367 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
368 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
369 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
370 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
371 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
372 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
373 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
375 static const BYTE eeCert
[] = {
376 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
377 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
378 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
379 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
380 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
381 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
382 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
383 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
384 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
385 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
386 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
387 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
388 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
389 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
390 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
391 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
392 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
393 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
394 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
395 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
396 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
397 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
398 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
399 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
400 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
401 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
402 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
404 static const BYTE rootSignedCRL
[] = {
405 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
406 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
407 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
408 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
409 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
410 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
411 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
412 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
413 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
414 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
415 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
416 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
417 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
418 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
419 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
420 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
421 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
422 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
423 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
424 0x3d,0x74,0xd6,0x3b };
426 static void testFindCRL(void)
428 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
429 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
430 PCCRL_CONTEXT context
;
431 PCCERT_CONTEXT cert
, endCert
, rootCert
;
432 CRL_FIND_ISSUED_FOR_PARA issuedForPara
= { NULL
, NULL
};
433 DWORD count
, revoked_count
;
437 if (!pCertFindCRLInStore
|| !pCertFindCertificateInCRL
)
439 win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
443 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
444 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
445 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
448 context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
451 /* Find any context */
452 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ANY
, NULL
, NULL
);
453 ok(context
!= NULL
, "Expected a context\n");
455 CertFreeCRLContext(context
);
456 /* Bogus flags are ignored */
457 context
= pCertFindCRLInStore(store
, 0, 1234, CRL_FIND_ANY
, NULL
, NULL
);
458 ok(context
!= NULL
, "Expected a context\n");
460 CertFreeCRLContext(context
);
461 /* CRL encoding type is ignored too */
462 context
= pCertFindCRLInStore(store
, 1234, 0, CRL_FIND_ANY
, NULL
, NULL
);
463 ok(context
!= NULL
, "Expected a context\n");
465 CertFreeCRLContext(context
);
467 /* This appears to match any cert */
468 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
, NULL
, NULL
);
469 ok(context
!= NULL
, "Expected a context\n");
471 CertFreeCRLContext(context
);
473 /* Try to match an issuer that isn't in the store */
474 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert2
,
476 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
478 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
, cert
, NULL
);
479 ok(context
== NULL
, "Expected no matching context\n");
480 CertFreeCertificateContext(cert
);
482 /* Match an issuer that is in the store */
483 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
485 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
487 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
, cert
, NULL
);
488 ok(context
!= NULL
, "Expected a context\n");
490 CertFreeCRLContext(context
);
492 /* Try various find flags */
493 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
,
494 CRL_FIND_ISSUED_BY
, cert
, NULL
);
495 ok(!context
|| broken(context
!= NULL
/* Win9x */), "unexpected context\n");
496 /* The CRL doesn't have an AKI extension, so it matches any cert */
497 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_AKI_FLAG
,
498 CRL_FIND_ISSUED_BY
, cert
, NULL
);
499 ok(context
!= NULL
, "Expected a context\n");
501 CertFreeCRLContext(context
);
505 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
506 pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
, NULL
,
508 pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
509 &issuedForPara
, NULL
);
511 /* Test whether the cert matches the CRL in the store */
512 issuedForPara
.pSubjectCert
= cert
;
513 issuedForPara
.pIssuerCert
= cert
;
514 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
515 &issuedForPara
, NULL
);
516 ok(context
!= NULL
|| broken(!context
/* Win9x, NT4 */),
517 "Expected a context\n");
520 ok(context
->cbCrlEncoded
== sizeof(signedCRL
),
521 "unexpected CRL size %d\n", context
->cbCrlEncoded
);
522 ok(!memcmp(context
->pbCrlEncoded
, signedCRL
, context
->cbCrlEncoded
),
523 "unexpected CRL data\n");
524 CertFreeCRLContext(context
);
527 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
528 v1CRLWithIssuerAndEntry
, sizeof(v1CRLWithIssuerAndEntry
),
529 CERT_STORE_ADD_ALWAYS
, NULL
);
530 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
531 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
532 v2CRLWithIssuingDistPoint
, sizeof(v2CRLWithIssuingDistPoint
),
533 CERT_STORE_ADD_ALWAYS
, NULL
);
534 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
535 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
536 verisignCRL
, sizeof(verisignCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
537 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
538 issuedForPara
.pSubjectCert
= cert
;
539 issuedForPara
.pIssuerCert
= cert
;
541 count
= revoked_count
= 0;
543 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
544 &issuedForPara
, context
);
550 if (pCertFindCertificateInCRL(cert
, context
, 0, NULL
, &entry
) &&
555 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
556 * match cert's issuer, but verisignCRL does not, so the expected count
559 ok(count
== 3 || broken(count
== 0 /* NT4, Win9x */),
560 "expected 3 matching CRLs, got %d\n", count
);
561 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
562 * entries, so the count of CRL entries that match cert is 2.
564 ok(revoked_count
== 2 || broken(revoked_count
== 0 /* NT4, Win9x */),
565 "expected 2 matching CRL entries, got %d\n", revoked_count
);
567 CertFreeCertificateContext(cert
);
569 /* Try again with a cert that doesn't match any CRLs in the store */
570 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
571 bigCertWithDifferentIssuer
, sizeof(bigCertWithDifferentIssuer
));
572 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
574 issuedForPara
.pSubjectCert
= cert
;
575 issuedForPara
.pIssuerCert
= cert
;
577 count
= revoked_count
= 0;
579 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
580 &issuedForPara
, context
);
586 if (pCertFindCertificateInCRL(cert
, context
, 0, NULL
, &entry
) &&
591 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
592 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
594 CertFreeCertificateContext(cert
);
596 /* Test again with a real certificate and CRL. The certificate wasn't
597 * revoked, but its issuer does have a CRL.
599 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
600 verisignCommercialSoftPubCA
, sizeof(verisignCommercialSoftPubCA
));
601 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
603 issuedForPara
.pIssuerCert
= cert
;
604 issuedForPara
.pSubjectCert
= cert
;
606 count
= revoked_count
= 0;
608 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
609 &issuedForPara
, context
);
615 if (pCertFindCertificateInCRL(cert
, context
, 0, NULL
, &entry
) &&
620 ok(count
== 1 || broken(count
== 0 /* Win9x, NT4 */),
621 "expected 1 matching CRLs, got %d\n", count
);
622 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
624 CertFreeCertificateContext(cert
);
626 CertCloseStore(store
, 0);
628 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
629 * eeCert) whose end certificate is in the CRL.
631 store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
632 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
633 /* Add a CRL for the end certificate */
634 CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
635 rootSignedCRL
, sizeof(rootSignedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
636 /* Add another CRL unrelated to the tested chain */
637 CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
,
638 verisignCRL
, sizeof(verisignCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
639 endCert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
640 eeCert
, sizeof(eeCert
));
641 rootCert
= CertCreateCertificateContext(X509_ASN_ENCODING
,
642 rootWithKeySignAndCRLSign
, sizeof(rootWithKeySignAndCRLSign
));
643 issuedForPara
.pSubjectCert
= endCert
;
644 issuedForPara
.pIssuerCert
= rootCert
;
646 count
= revoked_count
= 0;
648 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_FOR
,
649 &issuedForPara
, context
);
655 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
660 ok(count
== 1 || broken(count
== 0 /* Win9x, NT4 */),
661 "expected 1 matching CRLs, got %d\n", count
);
662 ok(revoked_count
== 1 || broken(revoked_count
== 0 /* Win9x, NT4 */),
663 "expected 1 matching CRL entries, got %d\n", revoked_count
);
665 /* Test CRL_FIND_ISSUED_BY flags */
666 count
= revoked_count
= 0;
668 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
,
675 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
680 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
681 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
683 count
= revoked_count
= 0;
685 context
= pCertFindCRLInStore(store
, 0, 0, CRL_FIND_ISSUED_BY
,
692 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
697 ok(count
== 1, "expected 1 matching CRLs, got %d\n", count
);
698 ok(revoked_count
== 1, "expected 1 matching CRL entries, got %d\n",
700 count
= revoked_count
= 0;
702 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_AKI_FLAG
,
703 CRL_FIND_ISSUED_BY
, endCert
, context
);
709 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
714 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
715 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
717 count
= revoked_count
= 0;
719 context
= pCertFindCRLInStore(store
, 0, CRL_FIND_ISSUED_BY_AKI_FLAG
,
720 CRL_FIND_ISSUED_BY
, rootCert
, context
);
726 if (pCertFindCertificateInCRL(rootCert
, context
, 0, NULL
, &entry
) &&
731 ok(count
== 0 || broken(count
== 1 /* Win9x */),
732 "expected 0 matching CRLs, got %d\n", count
);
733 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
735 count
= revoked_count
= 0;
737 context
= pCertFindCRLInStore(store
, 0,
738 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
, CRL_FIND_ISSUED_BY
, endCert
,
745 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
750 ok(count
== 0, "expected 0 matching CRLs, got %d\n", count
);
751 ok(revoked_count
== 0, "expected 0 matching CRL entries, got %d\n",
753 count
= revoked_count
= 0;
755 context
= pCertFindCRLInStore(store
, 0,
756 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
, CRL_FIND_ISSUED_BY
, rootCert
,
763 if (pCertFindCertificateInCRL(endCert
, context
, 0, NULL
, &entry
) &&
768 ok(count
== 1, "expected 1 matching CRLs, got %d\n", count
);
769 ok(revoked_count
== 1, "expected 1 matching CRL entries, got %d\n",
771 CertFreeCertificateContext(rootCert
);
772 CertFreeCertificateContext(endCert
);
774 CertCloseStore(store
, 0);
777 static void testGetCRLFromStore(void)
779 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
780 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
781 PCCRL_CONTEXT context
;
789 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
790 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
795 context
= CertGetCRLFromStore(store
, NULL
, NULL
, &flags
);
796 ok(!context
&& GetLastError() == E_INVALIDARG
,
797 "Expected E_INVALIDARG, got %08x\n", GetLastError());
799 /* Test an empty store */
801 context
= CertGetCRLFromStore(store
, NULL
, NULL
, &flags
);
802 ok(context
== NULL
&& GetLastError() == CRYPT_E_NOT_FOUND
,
803 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
805 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, signedCRL
,
806 sizeof(signedCRL
), CERT_STORE_ADD_ALWAYS
, NULL
);
807 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
809 /* NULL matches any CRL */
811 context
= CertGetCRLFromStore(store
, NULL
, NULL
, &flags
);
812 ok(context
!= NULL
, "Expected a context\n");
813 CertFreeCRLContext(context
);
815 /* This cert's issuer isn't in */
816 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert2
,
818 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
820 context
= CertGetCRLFromStore(store
, cert
, NULL
, &flags
);
821 ok(context
== NULL
&& GetLastError() == CRYPT_E_NOT_FOUND
,
822 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
823 CertFreeCertificateContext(cert
);
825 /* But this one is */
826 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
828 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
830 context
= CertGetCRLFromStore(store
, cert
, NULL
, &flags
);
831 ok(context
!= NULL
, "Expected a context\n");
832 CertFreeCRLContext(context
);
833 CertFreeCertificateContext(cert
);
835 CertCloseStore(store
, 0);
838 static void checkCRLHash(const BYTE
*data
, DWORD dataLen
, ALG_ID algID
,
839 PCCRL_CONTEXT context
, DWORD propID
)
841 BYTE hash
[20] = { 0 }, hashProperty
[20];
845 memset(hash
, 0, sizeof(hash
));
846 memset(hashProperty
, 0, sizeof(hashProperty
));
848 ret
= CryptHashCertificate(0, algID
, 0, data
, dataLen
, hash
, &size
);
849 ok(ret
, "CryptHashCertificate failed: %08x\n", GetLastError());
850 ret
= CertGetCRLContextProperty(context
, propID
, hashProperty
, &size
);
851 ok(ret
, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
852 ok(!memcmp(hash
, hashProperty
, size
), "Unexpected hash for property %d\n",
856 static void testCRLProperties(void)
858 PCCRL_CONTEXT context
= CertCreateCRLContext(X509_ASN_ENCODING
,
861 ok(context
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
864 DWORD propID
, numProps
, access
, size
;
866 BYTE hash
[20] = { 0 }, hashProperty
[20];
867 CRYPT_DATA_BLOB blob
;
870 propID = CertEnumCRLContextProperties(NULL, 0);
876 propID
= CertEnumCRLContextProperties(context
, propID
);
879 } while (propID
!= 0);
880 ok(numProps
== 0, "Expected 0 properties, got %d\n", numProps
);
882 /* Tests with a NULL cert context. Prop ID 0 fails.. */
883 ret
= CertSetCRLContextProperty(NULL
, 0, 0, NULL
);
884 ok(!ret
&& GetLastError() == E_INVALIDARG
,
885 "Expected E_INVALIDARG, got %08x\n", GetLastError());
886 /* while this just crashes.
887 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
891 ret
= CertSetCRLContextProperty(context
, 0, 0, NULL
);
892 ok(!ret
&& GetLastError() == E_INVALIDARG
,
893 "Expected E_INVALIDARG, got %08x\n", GetLastError());
894 /* Can't set the cert property directly, this crashes.
895 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
899 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
901 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
902 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
907 ret
= CertGetCRLContextProperty(context
, CERT_KEY_PROV_INFO_PROP_ID
,
909 ok(!ret
&& GetLastError() == CRYPT_E_NOT_FOUND
,
910 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
911 /* And, an implicit property */
912 ret
= CertGetCRLContextProperty(context
, CERT_ACCESS_STATE_PROP_ID
,
914 ok(ret
, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
915 ret
= CertGetCRLContextProperty(context
, CERT_ACCESS_STATE_PROP_ID
,
917 ok(ret
, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
918 ok(!(access
& CERT_ACCESS_STATE_WRITE_PERSIST_FLAG
),
919 "Didn't expect a persisted crl\n");
920 /* Trying to set this "read only" property crashes.
921 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
922 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
926 /* Can I set the hash to an invalid hash? */
928 blob
.cbData
= sizeof(hash
);
929 ret
= CertSetCRLContextProperty(context
, CERT_HASH_PROP_ID
, 0, &blob
);
930 ok(ret
, "CertSetCRLContextProperty failed: %08x\n",
932 size
= sizeof(hashProperty
);
933 ret
= CertGetCRLContextProperty(context
, CERT_HASH_PROP_ID
,
934 hashProperty
, &size
);
935 ok(ret
, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
936 ok(!memcmp(hashProperty
, hash
, sizeof(hash
)), "Unexpected hash\n");
937 /* Delete the (bogus) hash, and get the real one */
938 ret
= CertSetCRLContextProperty(context
, CERT_HASH_PROP_ID
, 0, NULL
);
939 ok(ret
, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
940 checkCRLHash(CRL
, sizeof(CRL
), CALG_SHA1
, context
, CERT_HASH_PROP_ID
);
942 /* Now that the hash property is set, we should get one property when
948 propID
= CertEnumCRLContextProperties(context
, propID
);
951 } while (propID
!= 0);
952 ok(numProps
== 1, "Expected 1 properties, got %d\n", numProps
);
954 /* Check a few other implicit properties */
955 checkCRLHash(CRL
, sizeof(CRL
), CALG_MD5
, context
,
956 CERT_MD5_HASH_PROP_ID
);
958 CertFreeCRLContext(context
);
962 static const BYTE bigCertWithCRLDistPoints
[] = {
963 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
964 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
965 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
966 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
967 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
968 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
969 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
970 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
971 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
972 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
973 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
976 static void testIsValidCRLForCert(void)
979 PCCERT_CONTEXT cert1
, cert2
, cert3
;
983 if(!pCertIsValidCRLForCertificate
) return;
985 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v1CRLWithIssuerAndEntry
,
986 sizeof(v1CRLWithIssuerAndEntry
));
987 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
988 cert1
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
990 ok(cert1
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
994 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
995 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
998 /* Curiously, any CRL is valid for the NULL certificate */
999 ret
= pCertIsValidCRLForCertificate(NULL
, crl
, 0, NULL
);
1000 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1002 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
1003 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
1004 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1006 cert2
= CertCreateCertificateContext(X509_ASN_ENCODING
,
1007 bigCertWithDifferentIssuer
, sizeof(bigCertWithDifferentIssuer
));
1008 ok(cert2
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
1011 /* Yet more curious: different issuers for these, yet the CRL is valid for
1012 * that cert. According to MSDN, the relevant bit to check is whether the
1013 * CRL has a CRL_ISSUING_DIST_POINT extension.
1015 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1016 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1018 CertFreeCRLContext(crl
);
1020 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
1021 * cert doesn't have the same extension in it.
1023 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v2CRLWithIssuingDistPoint
,
1024 sizeof(v2CRLWithIssuingDistPoint
));
1025 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
1027 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
1028 ok(!ret
&& GetLastError() == CRYPT_E_NO_MATCH
,
1029 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1030 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1031 ok(!ret
&& GetLastError() == CRYPT_E_NO_MATCH
,
1032 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1034 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1035 * a CRL_DIST_POINTS_INFO extension.
1037 cert3
= CertCreateCertificateContext(X509_ASN_ENCODING
,
1038 bigCertWithCRLDistPoints
, sizeof(bigCertWithCRLDistPoints
));
1039 ok(cert3
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
1041 ret
= pCertIsValidCRLForCertificate(cert3
, crl
, 0, NULL
);
1042 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1044 CertFreeCRLContext(crl
);
1046 /* And again, with a real CRL, the CRL is valid for all three certs. */
1047 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, verisignCRL
,
1048 sizeof(verisignCRL
));
1049 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
1051 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
1052 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1053 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1054 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1055 ret
= pCertIsValidCRLForCertificate(cert3
, crl
, 0, NULL
);
1056 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1058 CertFreeCRLContext(crl
);
1060 /* One last test: a CRL in a different store than the cert is also valid
1063 store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, X509_ASN_ENCODING
, 0,
1064 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1065 ok(store
!= NULL
, "CertOpenStore failed: %08x\n", GetLastError());
1067 ret
= CertAddEncodedCRLToStore(store
, X509_ASN_ENCODING
, verisignCRL
,
1068 sizeof(verisignCRL
), CERT_STORE_ADD_ALWAYS
, &crl
);
1069 ok(ret
, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1071 ret
= pCertIsValidCRLForCertificate(cert1
, crl
, 0, NULL
);
1072 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1073 ret
= pCertIsValidCRLForCertificate(cert2
, crl
, 0, NULL
);
1074 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1075 ret
= pCertIsValidCRLForCertificate(cert3
, crl
, 0, NULL
);
1076 ok(ret
, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1078 CertFreeCRLContext(crl
);
1080 CertCloseStore(store
, 0);
1082 CertFreeCertificateContext(cert3
);
1083 CertFreeCertificateContext(cert2
);
1084 CertFreeCertificateContext(cert1
);
1087 static const BYTE crlWithDifferentIssuer
[] = {
1088 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1089 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1090 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1091 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1092 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1094 static void testFindCertInCRL(void)
1097 PCCERT_CONTEXT cert
;
1101 if (!pCertFindCertificateInCRL
)
1103 win_skip("CertFindCertificateInCRL() is not available\n");
1107 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
1109 ok(cert
!= NULL
, "CertCreateCertificateContext failed: %08x\n",
1113 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1114 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1115 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1116 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1117 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1118 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1119 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1122 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, verisignCRL
,
1123 sizeof(verisignCRL
));
1124 ret
= pCertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1125 ok(ret
, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1126 ok(entry
== NULL
, "Expected not to find an entry in CRL\n");
1127 CertFreeCRLContext(crl
);
1129 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v1CRLWithIssuerAndEntry
,
1130 sizeof(v1CRLWithIssuerAndEntry
));
1131 ret
= pCertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1132 ok(ret
, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1133 ok(entry
!= NULL
, "Expected to find an entry in CRL\n");
1134 CertFreeCRLContext(crl
);
1136 /* Entry found even though CRL issuer doesn't match cert issuer */
1137 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, crlWithDifferentIssuer
,
1138 sizeof(crlWithDifferentIssuer
));
1139 ret
= pCertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1140 ok(ret
, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1141 ok(entry
!= NULL
, "Expected to find an entry in CRL\n");
1142 CertFreeCRLContext(crl
);
1144 CertFreeCertificateContext(cert
);
1147 static void testVerifyCRLRevocation(void)
1150 PCCERT_CONTEXT cert
;
1153 ret
= CertVerifyCRLRevocation(0, NULL
, 0, NULL
);
1154 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1155 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, NULL
, 0, NULL
);
1156 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1158 cert
= CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
,
1161 /* Check against no CRL */
1162 ret
= CertVerifyCRLRevocation(0, cert
->pCertInfo
, 0, NULL
);
1163 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1164 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 0, NULL
);
1165 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1167 /* Check against CRL with entry for the cert */
1168 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, v1CRLWithIssuerAndEntry
,
1169 sizeof(v1CRLWithIssuerAndEntry
));
1170 ret
= CertVerifyCRLRevocation(0, cert
->pCertInfo
, 1,
1171 (PCRL_INFO
*)&crl
->pCrlInfo
);
1172 ok(!ret
, "CertVerifyCRLRevocation should have been revoked\n");
1173 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 1,
1174 (PCRL_INFO
*)&crl
->pCrlInfo
);
1175 ok(!ret
, "CertVerifyCRLRevocation should have been revoked\n");
1176 CertFreeCRLContext(crl
);
1178 /* Check against CRL with different issuer and entry for the cert */
1179 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, crlWithDifferentIssuer
,
1180 sizeof(crlWithDifferentIssuer
));
1181 ok(crl
!= NULL
, "CertCreateCRLContext failed: %08x\n", GetLastError());
1182 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 1,
1183 (PCRL_INFO
*)&crl
->pCrlInfo
);
1184 ok(!ret
, "CertVerifyCRLRevocation should have been revoked\n");
1185 CertFreeCRLContext(crl
);
1187 /* Check against CRL without entry for the cert */
1188 crl
= CertCreateCRLContext(X509_ASN_ENCODING
, verisignCRL
,
1189 sizeof(verisignCRL
));
1190 ret
= CertVerifyCRLRevocation(0, cert
->pCertInfo
, 1,
1191 (PCRL_INFO
*)&crl
->pCrlInfo
);
1192 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1193 ret
= CertVerifyCRLRevocation(X509_ASN_ENCODING
, cert
->pCertInfo
, 1,
1194 (PCRL_INFO
*)&crl
->pCrlInfo
);
1195 ok(ret
, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1196 CertFreeCRLContext(crl
);
1198 CertFreeCertificateContext(cert
);
1203 init_function_pointers();
1209 testGetCRLFromStore();
1211 testCRLProperties();
1213 testIsValidCRLForCert();
1214 testFindCertInCRL();
1215 testVerifyCRLRevocation();