f0a784e614f24c1e396a4787ada1da38aa9a4859
[reactos.git] / rostests / winetests / crypt32 / crl.c
1 /*
2 * crypt32 CRL functions tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 //#include <stdio.h>
22 #include <stdarg.h>
23
24 #include <windef.h>
25 #include <winbase.h>
26 //#include <winreg.h>
27 //#include <winerror.h>
28 #include <wincrypt.h>
29
30 #include <wine/test.h>
31
32
33 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
54 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
63 0x02, 0x01, 0x01 };
64 static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
68 0x5a };
69 static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
79
80 static BOOL (WINAPI *pCertFindCertificateInCRL)(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
81 static PCCRL_CONTEXT (WINAPI *pCertFindCRLInStore)(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCRL_CONTEXT);
82 static BOOL (WINAPI *pCertIsValidCRLForCertificate)(PCCERT_CONTEXT, PCCRL_CONTEXT, DWORD, void*);
83
84 static void init_function_pointers(void)
85 {
86 HMODULE hdll = GetModuleHandleA("crypt32.dll");
87 pCertFindCertificateInCRL = (void*)GetProcAddress(hdll, "CertFindCertificateInCRL");
88 pCertFindCRLInStore = (void*)GetProcAddress(hdll, "CertFindCRLInStore");
89 pCertIsValidCRLForCertificate = (void*)GetProcAddress(hdll, "CertIsValidCRLForCertificate");
90 }
91
92 static void testCreateCRL(void)
93 {
94 PCCRL_CONTEXT context;
95 DWORD GLE;
96
97 context = CertCreateCRLContext(0, NULL, 0);
98 ok(!context && GetLastError() == E_INVALIDARG,
99 "Expected E_INVALIDARG, got %08x\n", GetLastError());
100 context = CertCreateCRLContext(X509_ASN_ENCODING, NULL, 0);
101 GLE = GetLastError();
102 ok(!context && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
103 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
104 context = CertCreateCRLContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
105 ok(!context, "Expected failure\n");
106 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
107 sizeof(signedCRL) - 1);
108 ok(!context, "Expected failure\n");
109 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
110 sizeof(signedCRL));
111 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
112 if (context)
113 CertFreeCRLContext(context);
114 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
115 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
116 if (context)
117 CertFreeCRLContext(context);
118 }
119
120 static void testDupCRL(void)
121 {
122 PCCRL_CONTEXT context, dupContext;
123 BOOL res;
124
125 context = CertDuplicateCRLContext(NULL);
126 ok(context == NULL, "expected NULL\n");
127 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
128 sizeof(signedCRL));
129 dupContext = CertDuplicateCRLContext(context);
130 ok(dupContext != NULL, "expected a context\n");
131 ok(dupContext == context, "expected identical context addresses\n");
132
133 res = CertFreeCRLContext(dupContext);
134 ok(res, "CertFreeCRLContext failed\n");
135
136 res = CertFreeCRLContext(context);
137 ok(res, "CertFreeCRLContext failed\n");
138
139 res = CertFreeCRLContext(NULL);
140 ok(res, "CertFreeCRLContext failed\n");
141 }
142
143 static void testAddCRL(void)
144 {
145 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
146 CERT_STORE_CREATE_NEW_FLAG, NULL);
147 PCCRL_CONTEXT context, context2;
148 BOOL ret;
149 DWORD GLE;
150
151 if (!store) return;
152
153 /* Bad CRL encoding type */
154 ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
155 ok(!ret && GetLastError() == E_INVALIDARG,
156 "Expected E_INVALIDARG, got %08x\n", GetLastError());
157 ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
158 ok(!ret && GetLastError() == E_INVALIDARG,
159 "Expected E_INVALIDARG, got %08x\n", GetLastError());
160 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
161 ok(!ret && GetLastError() == E_INVALIDARG,
162 "Expected E_INVALIDARG, got %08x\n", GetLastError());
163 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
164 NULL);
165 ok(!ret && GetLastError() == E_INVALIDARG,
166 "Expected E_INVALIDARG, got %08x\n", GetLastError());
167 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL),
168 CERT_STORE_ADD_ALWAYS, NULL);
169 ok(!ret && GetLastError() == E_INVALIDARG,
170 "Expected E_INVALIDARG, got %08x\n", GetLastError());
171 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
172 CERT_STORE_ADD_ALWAYS, NULL);
173 ok(!ret && GetLastError() == E_INVALIDARG,
174 "Expected E_INVALIDARG, got %08x\n", GetLastError());
175
176 /* No CRL */
177 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, NULL, 0, 0, NULL);
178 GLE = GetLastError();
179 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
180 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
181 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, NULL, 0, 0, NULL);
182 GLE = GetLastError();
183 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
184 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
185
186 /* Weird--bad add disposition leads to an access violation in Windows.
187 * Both tests crash on some win9x boxes.
188 */
189 if (0)
190 {
191 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
192 sizeof(signedCRL), 0, NULL);
193 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
194 GetLastError() == E_INVALIDARG /* Vista */),
195 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
196 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
197 sizeof(signedCRL), 0, NULL);
198 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
199 GetLastError() == E_INVALIDARG /* Vista */),
200 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
201 }
202
203 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
204 */
205 context = NULL;
206 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
207 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
208 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
209 if (context)
210 CertFreeCRLContext(context);
211
212 /* Normal cases: a "signed" CRL is okay.. */
213 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
214 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
215 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
216 /* and an unsigned one is too. */
217 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, CRL, sizeof(CRL),
218 CERT_STORE_ADD_ALWAYS, NULL);
219 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
220
221 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
222 sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
223 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
224 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
225
226 /* This should replace (one of) the existing CRL(s). */
227 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
228 sizeof(newerCRL), CERT_STORE_ADD_NEWER, NULL);
229 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
230
231 CertCloseStore(store, 0);
232
233 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
234 ok(store != NULL, "CertOpenStore failed\n");
235
236 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
237 ok(context != NULL, "CertCreateCRLContext failed\n");
238
239 ret = CertAddCRLContextToStore(store, context, CERT_STORE_ADD_NEW, &context2);
240 ok(ret, "CertAddCRLContextToStore failed\n");
241 ok(context2 != NULL && context2 != context, "unexpected context2\n");
242
243 ok(context->pbCrlEncoded != context2->pbCrlEncoded, "Unexpected pbCrlEncoded\n");
244 ok(context->cbCrlEncoded == context2->cbCrlEncoded, "Unexpected cbCrlEncoded\n");
245 ok(context->pCrlInfo != context2->pCrlInfo, "Unexpected pCrlInfo\n");
246
247 CertFreeCRLContext(context2);
248 CertFreeCRLContext(context);
249 CertCloseStore(store, 0);
250 }
251
252 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
253 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
254 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
255 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
256 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
257 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
258 static const BYTE v2CRLWithIssuingDistPoint[] = {
259 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
260 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
261 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
262 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
263 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
264 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
265 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
266 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
267 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
268 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
269 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
270 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
271 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
272 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
273 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
274 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
275 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
276 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
277 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
278 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
279 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
280 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
281 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
282 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
283 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
284 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
285 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
286 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
287 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
288 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
289 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
290 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
291 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
292 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
293 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
294 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
295 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
296 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
297 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
298 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
299 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
300 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
301 0xcd };
302 static const BYTE verisignCommercialSoftPubCA[] = {
303 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
304 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
305 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
306 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
307 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
308 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
309 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
310 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
311 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
312 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
313 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
314 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
315 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
316 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
317 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
318 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
319 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
320 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
321 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
322 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
323 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
324 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
325 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
326 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
327 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
328 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
329 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
330 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
331 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
332 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
333 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
334 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
335 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
336 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
337 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
338 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
339 0x64,0x31,0x3c,0x3c
340 };
341 static const BYTE rootWithKeySignAndCRLSign[] = {
342 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
343 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
344 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
345 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
346 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
347 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
348 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
349 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
350 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
351 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
352 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
353 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
354 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
355 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
356 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
357 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
358 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
359 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
360 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
361 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
362 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
363 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
364 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
365 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
366 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
367 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
368 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
369 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
370 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
371 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
372 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
373 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
374 0x2e,0x84,0xee };
375 static const BYTE eeCert[] = {
376 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
377 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
378 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
379 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
380 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
381 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
382 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
383 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
384 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
385 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
386 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
387 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
388 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
389 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
390 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
391 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
392 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
393 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
394 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
395 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
396 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
397 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
398 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
399 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
400 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
401 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
402 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
403 0xef,0x9f };
404 static const BYTE rootSignedCRL[] = {
405 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
406 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
407 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
408 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
409 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
410 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
411 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
412 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
413 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
414 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
415 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
416 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
417 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
418 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
419 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
420 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
421 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
422 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
423 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
424 0x3d,0x74,0xd6,0x3b };
425
426 static void testFindCRL(void)
427 {
428 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
429 CERT_STORE_CREATE_NEW_FLAG, NULL);
430 PCCRL_CONTEXT context;
431 PCCERT_CONTEXT cert, endCert, rootCert;
432 CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
433 DWORD count, revoked_count;
434 BOOL ret;
435
436 if (!store) return;
437 if (!pCertFindCRLInStore || !pCertFindCertificateInCRL)
438 {
439 win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
440 return;
441 }
442
443 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
444 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
445 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
446
447 /* Crashes
448 context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
449 */
450
451 /* Find any context */
452 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
453 ok(context != NULL, "Expected a context\n");
454 if (context)
455 CertFreeCRLContext(context);
456 /* Bogus flags are ignored */
457 context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
458 ok(context != NULL, "Expected a context\n");
459 if (context)
460 CertFreeCRLContext(context);
461 /* CRL encoding type is ignored too */
462 context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
463 ok(context != NULL, "Expected a context\n");
464 if (context)
465 CertFreeCRLContext(context);
466
467 /* This appears to match any cert */
468 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
469 ok(context != NULL, "Expected a context\n");
470 if (context)
471 CertFreeCRLContext(context);
472
473 /* Try to match an issuer that isn't in the store */
474 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
475 sizeof(bigCert2));
476 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
477 GetLastError());
478 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
479 ok(context == NULL, "Expected no matching context\n");
480 CertFreeCertificateContext(cert);
481
482 /* Match an issuer that is in the store */
483 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
484 sizeof(bigCert));
485 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
486 GetLastError());
487 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
488 ok(context != NULL, "Expected a context\n");
489 if (context)
490 CertFreeCRLContext(context);
491
492 /* Try various find flags */
493 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
494 CRL_FIND_ISSUED_BY, cert, NULL);
495 ok(!context || broken(context != NULL /* Win9x */), "unexpected context\n");
496 /* The CRL doesn't have an AKI extension, so it matches any cert */
497 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
498 CRL_FIND_ISSUED_BY, cert, NULL);
499 ok(context != NULL, "Expected a context\n");
500 if (context)
501 CertFreeCRLContext(context);
502
503 if (0)
504 {
505 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
506 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
507 NULL);
508 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
509 &issuedForPara, NULL);
510 }
511 /* Test whether the cert matches the CRL in the store */
512 issuedForPara.pSubjectCert = cert;
513 issuedForPara.pIssuerCert = cert;
514 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
515 &issuedForPara, NULL);
516 ok(context != NULL || broken(!context /* Win9x, NT4 */),
517 "Expected a context\n");
518 if (context)
519 {
520 ok(context->cbCrlEncoded == sizeof(signedCRL),
521 "unexpected CRL size %d\n", context->cbCrlEncoded);
522 ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
523 "unexpected CRL data\n");
524 CertFreeCRLContext(context);
525 }
526
527 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
528 v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry),
529 CERT_STORE_ADD_ALWAYS, NULL);
530 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
531 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
532 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
533 CERT_STORE_ADD_ALWAYS, NULL);
534 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
535 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
536 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
537 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
538 issuedForPara.pSubjectCert = cert;
539 issuedForPara.pIssuerCert = cert;
540 context = NULL;
541 count = revoked_count = 0;
542 do {
543 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
544 &issuedForPara, context);
545 if (context)
546 {
547 PCRL_ENTRY entry;
548
549 count++;
550 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
551 entry)
552 revoked_count++;
553 }
554 } while (context);
555 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
556 * match cert's issuer, but verisignCRL does not, so the expected count
557 * is 0.
558 */
559 ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
560 "expected 3 matching CRLs, got %d\n", count);
561 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
562 * entries, so the count of CRL entries that match cert is 2.
563 */
564 ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
565 "expected 2 matching CRL entries, got %d\n", revoked_count);
566
567 CertFreeCertificateContext(cert);
568
569 /* Try again with a cert that doesn't match any CRLs in the store */
570 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
571 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
572 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
573 GetLastError());
574 issuedForPara.pSubjectCert = cert;
575 issuedForPara.pIssuerCert = cert;
576 context = NULL;
577 count = revoked_count = 0;
578 do {
579 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
580 &issuedForPara, context);
581 if (context)
582 {
583 PCRL_ENTRY entry;
584
585 count++;
586 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
587 entry)
588 revoked_count++;
589 }
590 } while (context);
591 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
592 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
593 revoked_count);
594 CertFreeCertificateContext(cert);
595
596 /* Test again with a real certificate and CRL. The certificate wasn't
597 * revoked, but its issuer does have a CRL.
598 */
599 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
600 verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA));
601 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
602 GetLastError());
603 issuedForPara.pIssuerCert = cert;
604 issuedForPara.pSubjectCert = cert;
605 context = NULL;
606 count = revoked_count = 0;
607 do {
608 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
609 &issuedForPara, context);
610 if (context)
611 {
612 PCRL_ENTRY entry;
613
614 count++;
615 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
616 entry)
617 revoked_count++;
618 }
619 } while (context);
620 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
621 "expected 1 matching CRLs, got %d\n", count);
622 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
623 revoked_count);
624 CertFreeCertificateContext(cert);
625
626 CertCloseStore(store, 0);
627
628 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
629 * eeCert) whose end certificate is in the CRL.
630 */
631 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
632 CERT_STORE_CREATE_NEW_FLAG, NULL);
633 /* Add a CRL for the end certificate */
634 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
635 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
636 /* Add another CRL unrelated to the tested chain */
637 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
638 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
639 endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
640 eeCert, sizeof(eeCert));
641 rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
642 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
643 issuedForPara.pSubjectCert = endCert;
644 issuedForPara.pIssuerCert = rootCert;
645 context = NULL;
646 count = revoked_count = 0;
647 do {
648 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
649 &issuedForPara, context);
650 if (context)
651 {
652 PCRL_ENTRY entry;
653
654 count++;
655 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
656 entry)
657 revoked_count++;
658 }
659 } while (context);
660 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
661 "expected 1 matching CRLs, got %d\n", count);
662 ok(revoked_count == 1 || broken(revoked_count == 0 /* Win9x, NT4 */),
663 "expected 1 matching CRL entries, got %d\n", revoked_count);
664
665 /* Test CRL_FIND_ISSUED_BY flags */
666 count = revoked_count = 0;
667 do {
668 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
669 endCert, context);
670 if (context)
671 {
672 PCRL_ENTRY entry;
673
674 count++;
675 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
676 entry)
677 revoked_count++;
678 }
679 } while (context);
680 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
681 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
682 revoked_count);
683 count = revoked_count = 0;
684 do {
685 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
686 rootCert, context);
687 if (context)
688 {
689 PCRL_ENTRY entry;
690
691 count++;
692 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
693 entry)
694 revoked_count++;
695 }
696 } while (context);
697 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
698 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
699 revoked_count);
700 count = revoked_count = 0;
701 do {
702 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
703 CRL_FIND_ISSUED_BY, endCert, context);
704 if (context)
705 {
706 PCRL_ENTRY entry;
707
708 count++;
709 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
710 entry)
711 revoked_count++;
712 }
713 } while (context);
714 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
715 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
716 revoked_count);
717 count = revoked_count = 0;
718 do {
719 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
720 CRL_FIND_ISSUED_BY, rootCert, context);
721 if (context)
722 {
723 PCRL_ENTRY entry;
724
725 count++;
726 if (pCertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
727 entry)
728 revoked_count++;
729 }
730 } while (context);
731 ok(count == 0 || broken(count == 1 /* Win9x */),
732 "expected 0 matching CRLs, got %d\n", count);
733 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
734 revoked_count);
735 count = revoked_count = 0;
736 do {
737 context = pCertFindCRLInStore(store, 0,
738 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
739 context);
740 if (context)
741 {
742 PCRL_ENTRY entry;
743
744 count++;
745 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
746 entry)
747 revoked_count++;
748 }
749 } while (context);
750 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
751 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
752 revoked_count);
753 count = revoked_count = 0;
754 do {
755 context = pCertFindCRLInStore(store, 0,
756 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
757 context);
758 if (context)
759 {
760 PCRL_ENTRY entry;
761
762 count++;
763 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
764 entry)
765 revoked_count++;
766 }
767 } while (context);
768 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
769 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
770 revoked_count);
771 CertFreeCertificateContext(rootCert);
772 CertFreeCertificateContext(endCert);
773
774 CertCloseStore(store, 0);
775 }
776
777 static void testGetCRLFromStore(void)
778 {
779 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
780 CERT_STORE_CREATE_NEW_FLAG, NULL);
781 PCCRL_CONTEXT context;
782 PCCERT_CONTEXT cert;
783 DWORD flags;
784 BOOL ret;
785
786 if (!store) return;
787
788 /* Crash
789 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
790 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
791 */
792
793 /* Bogus flags */
794 flags = 0xffffffff;
795 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
796 ok(!context && GetLastError() == E_INVALIDARG,
797 "Expected E_INVALIDARG, got %08x\n", GetLastError());
798
799 /* Test an empty store */
800 flags = 0;
801 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
802 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
803 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
804
805 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
806 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
807 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
808
809 /* NULL matches any CRL */
810 flags = 0;
811 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
812 ok(context != NULL, "Expected a context\n");
813 CertFreeCRLContext(context);
814
815 /* This cert's issuer isn't in */
816 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
817 sizeof(bigCert2));
818 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
819 GetLastError());
820 context = CertGetCRLFromStore(store, cert, NULL, &flags);
821 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
822 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
823 CertFreeCertificateContext(cert);
824
825 /* But this one is */
826 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
827 sizeof(bigCert));
828 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
829 GetLastError());
830 context = CertGetCRLFromStore(store, cert, NULL, &flags);
831 ok(context != NULL, "Expected a context\n");
832 CertFreeCRLContext(context);
833 CertFreeCertificateContext(cert);
834
835 CertCloseStore(store, 0);
836 }
837
838 static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
839 PCCRL_CONTEXT context, DWORD propID)
840 {
841 BYTE hash[20] = { 0 }, hashProperty[20];
842 BOOL ret;
843 DWORD size;
844
845 memset(hash, 0, sizeof(hash));
846 memset(hashProperty, 0, sizeof(hashProperty));
847 size = sizeof(hash);
848 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
849 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
850 ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
851 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
852 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
853 propID);
854 }
855
856 static void testCRLProperties(void)
857 {
858 PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING,
859 CRL, sizeof(CRL));
860
861 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
862 if (context)
863 {
864 DWORD propID, numProps, access, size;
865 BOOL ret;
866 BYTE hash[20] = { 0 }, hashProperty[20];
867 CRYPT_DATA_BLOB blob;
868
869 /* This crashes
870 propID = CertEnumCRLContextProperties(NULL, 0);
871 */
872
873 propID = 0;
874 numProps = 0;
875 do {
876 propID = CertEnumCRLContextProperties(context, propID);
877 if (propID)
878 numProps++;
879 } while (propID != 0);
880 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
881
882 /* Tests with a NULL cert context. Prop ID 0 fails.. */
883 ret = CertSetCRLContextProperty(NULL, 0, 0, NULL);
884 ok(!ret && GetLastError() == E_INVALIDARG,
885 "Expected E_INVALIDARG, got %08x\n", GetLastError());
886 /* while this just crashes.
887 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
888 NULL);
889 */
890
891 ret = CertSetCRLContextProperty(context, 0, 0, NULL);
892 ok(!ret && GetLastError() == E_INVALIDARG,
893 "Expected E_INVALIDARG, got %08x\n", GetLastError());
894 /* Can't set the cert property directly, this crashes.
895 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
896 */
897
898 /* These all crash.
899 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
900 NULL);
901 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
902 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
903 hashProperty, NULL);
904 */
905 /* A missing prop */
906 size = 0;
907 ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
908 NULL, &size);
909 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
910 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
911 /* And, an implicit property */
912 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
913 NULL, &size);
914 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
915 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
916 &access, &size);
917 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
918 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
919 "Didn't expect a persisted crl\n");
920 /* Trying to set this "read only" property crashes.
921 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
922 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
923 &access);
924 */
925
926 /* Can I set the hash to an invalid hash? */
927 blob.pbData = hash;
928 blob.cbData = sizeof(hash);
929 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob);
930 ok(ret, "CertSetCRLContextProperty failed: %08x\n",
931 GetLastError());
932 size = sizeof(hashProperty);
933 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
934 hashProperty, &size);
935 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
936 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
937 /* Delete the (bogus) hash, and get the real one */
938 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL);
939 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
940 checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID);
941
942 /* Now that the hash property is set, we should get one property when
943 * enumerating.
944 */
945 propID = 0;
946 numProps = 0;
947 do {
948 propID = CertEnumCRLContextProperties(context, propID);
949 if (propID)
950 numProps++;
951 } while (propID != 0);
952 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
953
954 /* Check a few other implicit properties */
955 checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
956 CERT_MD5_HASH_PROP_ID);
957
958 CertFreeCRLContext(context);
959 }
960 }
961
962 static const BYTE bigCertWithCRLDistPoints[] = {
963 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
964 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
965 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
966 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
967 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
968 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
969 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
970 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
971 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
972 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
973 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
974 0x6f,0x72,0x67 };
975
976 static void testIsValidCRLForCert(void)
977 {
978 BOOL ret;
979 PCCERT_CONTEXT cert1, cert2, cert3;
980 PCCRL_CONTEXT crl;
981 HCERTSTORE store;
982
983 if(!pCertIsValidCRLForCertificate) return;
984
985 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
986 sizeof(v1CRLWithIssuerAndEntry));
987 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
988 cert1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
989 sizeof(bigCert));
990 ok(cert1 != NULL, "CertCreateCertificateContext failed: %08x\n",
991 GetLastError());
992
993 /* Crash
994 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
995 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
996 */
997
998 /* Curiously, any CRL is valid for the NULL certificate */
999 ret = pCertIsValidCRLForCertificate(NULL, crl, 0, NULL);
1000 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1001
1002 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
1003 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1004 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1005
1006 cert2 = CertCreateCertificateContext(X509_ASN_ENCODING,
1007 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
1008 ok(cert2 != NULL, "CertCreateCertificateContext failed: %08x\n",
1009 GetLastError());
1010
1011 /* Yet more curious: different issuers for these, yet the CRL is valid for
1012 * that cert. According to MSDN, the relevant bit to check is whether the
1013 * CRL has a CRL_ISSUING_DIST_POINT extension.
1014 */
1015 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1016 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1017
1018 CertFreeCRLContext(crl);
1019
1020 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
1021 * cert doesn't have the same extension in it.
1022 */
1023 crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
1024 sizeof(v2CRLWithIssuingDistPoint));
1025 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1026
1027 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1028 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1029 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1030 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1031 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1032 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1033
1034 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1035 * a CRL_DIST_POINTS_INFO extension.
1036 */
1037 cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
1038 bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
1039 ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n",
1040 GetLastError());
1041 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1042 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1043
1044 CertFreeCRLContext(crl);
1045
1046 /* And again, with a real CRL, the CRL is valid for all three certs. */
1047 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1048 sizeof(verisignCRL));
1049 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1050
1051 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1052 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1053 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1054 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1055 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1056 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1057
1058 CertFreeCRLContext(crl);
1059
1060 /* One last test: a CRL in a different store than the cert is also valid
1061 * for the cert.
1062 */
1063 store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
1064 CERT_STORE_CREATE_NEW_FLAG, NULL);
1065 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1066
1067 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL,
1068 sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl);
1069 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1070
1071 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1072 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1073 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1074 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1075 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1076 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1077
1078 CertFreeCRLContext(crl);
1079
1080 CertCloseStore(store, 0);
1081
1082 CertFreeCertificateContext(cert3);
1083 CertFreeCertificateContext(cert2);
1084 CertFreeCertificateContext(cert1);
1085 }
1086
1087 static const BYTE crlWithDifferentIssuer[] = {
1088 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1089 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1090 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1091 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1092 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1093
1094 static void testFindCertInCRL(void)
1095 {
1096 BOOL ret;
1097 PCCERT_CONTEXT cert;
1098 PCCRL_CONTEXT crl;
1099 PCRL_ENTRY entry;
1100
1101 if (!pCertFindCertificateInCRL)
1102 {
1103 win_skip("CertFindCertificateInCRL() is not available\n");
1104 return;
1105 }
1106
1107 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1108 sizeof(bigCert));
1109 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
1110 GetLastError());
1111
1112 /* Crash
1113 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1114 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1115 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1116 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1117 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1118 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1119 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1120 */
1121
1122 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1123 sizeof(verisignCRL));
1124 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1125 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1126 ok(entry == NULL, "Expected not to find an entry in CRL\n");
1127 CertFreeCRLContext(crl);
1128
1129 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1130 sizeof(v1CRLWithIssuerAndEntry));
1131 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1132 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1133 ok(entry != NULL, "Expected to find an entry in CRL\n");
1134 CertFreeCRLContext(crl);
1135
1136 /* Entry found even though CRL issuer doesn't match cert issuer */
1137 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1138 sizeof(crlWithDifferentIssuer));
1139 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1140 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1141 ok(entry != NULL, "Expected to find an entry in CRL\n");
1142 CertFreeCRLContext(crl);
1143
1144 CertFreeCertificateContext(cert);
1145 }
1146
1147 static void testVerifyCRLRevocation(void)
1148 {
1149 BOOL ret;
1150 PCCERT_CONTEXT cert;
1151 PCCRL_CONTEXT crl;
1152
1153 ret = CertVerifyCRLRevocation(0, NULL, 0, NULL);
1154 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1155 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, NULL, 0, NULL);
1156 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1157
1158 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1159 sizeof(bigCert));
1160
1161 /* Check against no CRL */
1162 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1163 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1164 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 0, NULL);
1165 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1166
1167 /* Check against CRL with entry for the cert */
1168 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1169 sizeof(v1CRLWithIssuerAndEntry));
1170 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1171 (PCRL_INFO *)&crl->pCrlInfo);
1172 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1173 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1174 (PCRL_INFO *)&crl->pCrlInfo);
1175 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1176 CertFreeCRLContext(crl);
1177
1178 /* Check against CRL with different issuer and entry for the cert */
1179 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1180 sizeof(crlWithDifferentIssuer));
1181 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1182 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1183 (PCRL_INFO *)&crl->pCrlInfo);
1184 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1185 CertFreeCRLContext(crl);
1186
1187 /* Check against CRL without entry for the cert */
1188 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1189 sizeof(verisignCRL));
1190 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1191 (PCRL_INFO *)&crl->pCrlInfo);
1192 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1193 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1194 (PCRL_INFO *)&crl->pCrlInfo);
1195 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1196 CertFreeCRLContext(crl);
1197
1198 CertFreeCertificateContext(cert);
1199 }
1200
1201 START_TEST(crl)
1202 {
1203 init_function_pointers();
1204
1205 testCreateCRL();
1206 testDupCRL();
1207 testAddCRL();
1208 testFindCRL();
1209 testGetCRLFromStore();
1210
1211 testCRLProperties();
1212
1213 testIsValidCRLForCert();
1214 testFindCertInCRL();
1215 testVerifyCRLRevocation();
1216 }