[CRYPT32] Sync with Wine Staging 1.9.4. CORE-10912
[reactos.git] / rostests / winetests / crypt32 / store.c
1 /*
2 * crypt32 cert store function tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdio.h>
22 //#include <stdarg.h>
23
24 #include <windef.h>
25 #include <winbase.h>
26 #include <winreg.h>
27 //#include <winerror.h>
28 #include <wincrypt.h>
29
30 #include <wine/test.h>
31
32 /* The following aren't defined in wincrypt.h, as they're "reserved" */
33 #define CERT_CERT_PROP_ID 32
34 #define CERT_CRL_PROP_ID 33
35 #define CERT_CTL_PROP_ID 34
36
37 struct CertPropIDHeader
38 {
39 DWORD propID;
40 DWORD unknown1;
41 DWORD cb;
42 };
43
44 static const BYTE emptyCert[] = { 0x30, 0x00 };
45 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
46 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
47 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
48 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
49 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
50 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
51 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
52 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
53 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
54 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
55 static const BYTE signedBigCert[] = {
56 0x30, 0x81, 0x93, 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06, 0x00, 0x30,
57 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
58 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f,
59 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
60 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
61 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
62 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
63 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3,
64 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
65 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
66 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 0x07,
67 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
68 static const BYTE serializedCert[] = { 0x20, 0x00, 0x00, 0x00,
69 0x01, 0x00, 0x00, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x30, 0x7a, 0x02, 0x01, 0x01,
70 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
71 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67,
72 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31,
73 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
74 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15,
75 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75,
76 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06,
77 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
78 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
79 0x01, 0x01 };
80 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
81 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
82 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
83 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
84 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
85 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
86 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
87 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
88 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
89 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
90 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
91 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
92 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
93 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
94 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
95 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
96 static const BYTE signedCTLWithCTLInnerContent[] = {
97 0x30,0x82,0x01,0x0f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,
98 0xa0,0x82,0x01,0x00,0x30,0x81,0xfd,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,
99 0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x30,0x06,0x09,
100 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x0a,0x01,0xa0,0x23,0x30,0x21,0x30,0x00,
101 0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
102 0x30,0x5a,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,
103 0x00,0x31,0x81,0xb5,0x30,0x81,0xb2,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,
104 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,
105 0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,
106 0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0xa0,0x3b,0x30,0x18,0x06,0x09,0x2a,0x86,
107 0x48,0x86,0xf7,0x0d,0x01,0x09,0x03,0x31,0x0b,0x06,0x09,0x2b,0x06,0x01,0x04,
108 0x01,0x82,0x37,0x0a,0x01,0x30,0x1f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
109 0x01,0x09,0x04,0x31,0x12,0x04,0x10,0x54,0x71,0xbc,0xe1,0x56,0x31,0xa2,0xf9,
110 0x65,0x70,0x34,0xf8,0xe2,0xe9,0xb4,0xf4,0x30,0x04,0x06,0x00,0x05,0x00,0x04,
111 0x40,0x2f,0x1b,0x9f,0x5a,0x4a,0x15,0x73,0xfa,0xb1,0x93,0x3d,0x09,0x52,0xdf,
112 0x6b,0x98,0x4b,0x13,0x5e,0xe7,0xbf,0x65,0xf4,0x9c,0xc2,0xb1,0x77,0x09,0xb1,
113 0x66,0x4d,0x72,0x0d,0xb1,0x1a,0x50,0x20,0xe0,0x57,0xa2,0x39,0xc7,0xcd,0x7f,
114 0x8e,0xe7,0x5f,0x76,0x2b,0xd1,0x6a,0x82,0xb3,0x30,0x25,0x61,0xf6,0x25,0x23,
115 0x57,0x6c,0x0b,0x47,0xb8 };
116
117
118 static BOOL (WINAPI *pCertAddStoreToCollection)(HCERTSTORE,HCERTSTORE,DWORD,DWORD);
119 static BOOL (WINAPI *pCertControlStore)(HCERTSTORE,DWORD,DWORD,void const*);
120 static PCCRL_CONTEXT (WINAPI *pCertEnumCRLsInStore)(HCERTSTORE,PCCRL_CONTEXT);
121 static BOOL (WINAPI *pCertEnumSystemStore)(DWORD,void*,void*,PFN_CERT_ENUM_SYSTEM_STORE);
122 static BOOL (WINAPI *pCertGetStoreProperty)(HCERTSTORE,DWORD,void*,DWORD*);
123 static void (WINAPI *pCertRemoveStoreFromCollection)(HCERTSTORE,HCERTSTORE);
124 static BOOL (WINAPI *pCertSetStoreProperty)(HCERTSTORE,DWORD,DWORD,const void*);
125 static BOOL (WINAPI *pCertAddCertificateLinkToStore)(HCERTSTORE,PCCERT_CONTEXT,DWORD,PCCERT_CONTEXT*);
126
127 #define test_store_is_empty(store) _test_store_is_empty(__LINE__,store)
128 static void _test_store_is_empty(unsigned line, HCERTSTORE store)
129 {
130 const CERT_CONTEXT *cert;
131
132 cert = CertEnumCertificatesInStore(store, NULL);
133 ok_(__FILE__,line)(!cert && GetLastError() == CRYPT_E_NOT_FOUND, "store is not empty\n");
134 }
135
136 static void testMemStore(void)
137 {
138 HCERTSTORE store1, store2;
139 PCCERT_CONTEXT context;
140 BOOL ret;
141 DWORD GLE;
142
143 /* NULL provider */
144 store1 = CertOpenStore(0, 0, 0, 0, NULL);
145 ok(!store1 && GetLastError() == ERROR_FILE_NOT_FOUND,
146 "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
147 /* weird flags */
148 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
149 CERT_STORE_DELETE_FLAG, NULL);
150 ok(!store1 && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED,
151 "Expected ERROR_CALL_NOT_IMPLEMENTED, got %d\n", GetLastError());
152
153 /* normal */
154 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
155 CERT_STORE_CREATE_NEW_FLAG, NULL);
156 ok(store1 != NULL, "CertOpenStore failed: %d\n", GetLastError());
157 /* open existing doesn't */
158 store2 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
159 CERT_STORE_OPEN_EXISTING_FLAG, NULL);
160 ok(store2 != NULL, "CertOpenStore failed: %d\n", GetLastError());
161 ok(store1 != store2, "Expected different stores\n");
162
163 /* add a bogus (empty) cert */
164 context = NULL;
165 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING, emptyCert,
166 sizeof(emptyCert), CERT_STORE_ADD_ALWAYS, &context);
167 /* Windows returns CRYPT_E_ASN1_EOD or OSS_DATA_ERROR, but accept
168 * CRYPT_E_ASN1_CORRUPT as well (because matching errors is tough in this
169 * case)
170 */
171 GLE = GetLastError();
172 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == CRYPT_E_ASN1_CORRUPT ||
173 GLE == OSS_DATA_ERROR),
174 "Expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
175 GLE);
176 /* add a "signed" cert--the signature isn't a real signature, so this adds
177 * without any check of the signature's validity
178 */
179 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
180 signedBigCert, sizeof(signedBigCert), CERT_STORE_ADD_ALWAYS, &context);
181 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
182 ok(context != NULL, "Expected a valid cert context\n");
183 if (context)
184 {
185 ok(context->cbCertEncoded == sizeof(signedBigCert),
186 "Wrong cert size %d\n", context->cbCertEncoded);
187 ok(!memcmp(context->pbCertEncoded, signedBigCert,
188 sizeof(signedBigCert)), "Unexpected encoded cert in context\n");
189 /* remove it, the rest of the tests will work on an unsigned cert */
190 ret = CertDeleteCertificateFromStore(context);
191 ok(ret, "CertDeleteCertificateFromStore failed: %08x\n",
192 GetLastError());
193 }
194 /* try adding a "signed" CRL as a cert */
195 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
196 signedCRL, sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
197 GLE = GetLastError();
198 ok(!ret && (GLE == CRYPT_E_ASN1_BADTAG || GLE == CRYPT_E_ASN1_CORRUPT ||
199 GLE == OSS_DATA_ERROR),
200 "Expected CRYPT_E_ASN1_BADTAG or CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
201 GLE);
202 /* add a cert to store1 */
203 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING, bigCert,
204 sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
205 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
206 ok(context != NULL, "Expected a valid cert context\n");
207 if (context)
208 {
209 DWORD size;
210 BYTE *buf;
211
212 ok(context->cbCertEncoded == sizeof(bigCert),
213 "Wrong cert size %d\n", context->cbCertEncoded);
214 ok(!memcmp(context->pbCertEncoded, bigCert, sizeof(bigCert)),
215 "Unexpected encoded cert in context\n");
216 ok(context->hCertStore == store1, "Unexpected store\n");
217
218 /* check serializing this element */
219 /* These crash
220 ret = CertSerializeCertificateStoreElement(NULL, 0, NULL, NULL);
221 ret = CertSerializeCertificateStoreElement(context, 0, NULL, NULL);
222 ret = CertSerializeCertificateStoreElement(NULL, 0, NULL, &size);
223 */
224 /* apparently flags are ignored */
225 ret = CertSerializeCertificateStoreElement(context, 1, NULL, &size);
226 ok(ret, "CertSerializeCertificateStoreElement failed: %08x\n",
227 GetLastError());
228 buf = HeapAlloc(GetProcessHeap(), 0, size);
229 if (buf)
230 {
231 ret = CertSerializeCertificateStoreElement(context, 0, buf, &size);
232 ok(ret, "CertSerializeCertificateStoreElement failed: %08x\n", GetLastError());
233 ok(size == sizeof(serializedCert), "Wrong size %d\n", size);
234 ok(!memcmp(serializedCert, buf, size),
235 "Unexpected serialized cert\n");
236 HeapFree(GetProcessHeap(), 0, buf);
237 }
238
239 ret = CertFreeCertificateContext(context);
240 ok(ret, "CertFreeCertificateContext failed: %08x\n", GetLastError());
241 }
242 /* verify the cert's in store1 */
243 context = CertEnumCertificatesInStore(store1, NULL);
244 ok(context != NULL, "Expected a valid context\n");
245 context = CertEnumCertificatesInStore(store1, context);
246 ok(!context && GetLastError() == CRYPT_E_NOT_FOUND,
247 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
248 /* verify store2 (the "open existing" mem store) is still empty */
249 context = CertEnumCertificatesInStore(store2, NULL);
250 ok(!context, "Expected an empty store\n");
251 /* delete the cert from store1, and check it's empty */
252 context = CertEnumCertificatesInStore(store1, NULL);
253 if (context)
254 {
255 /* Deleting a bitwise copy crashes with an access to an uninitialized
256 * pointer, so a cert context has some special data out there in memory
257 * someplace
258 CERT_CONTEXT copy;
259 memcpy(&copy, context, sizeof(copy));
260 ret = CertDeleteCertificateFromStore(&copy);
261 */
262 PCCERT_CONTEXT copy = CertDuplicateCertificateContext(context);
263
264 ok(copy != NULL, "CertDuplicateCertificateContext failed: %08x\n",
265 GetLastError());
266 ret = CertDeleteCertificateFromStore(context);
267 ok(ret, "CertDeleteCertificateFromStore failed: %08x\n",
268 GetLastError());
269 /* try deleting a copy */
270 ret = CertDeleteCertificateFromStore(copy);
271 ok(ret, "CertDeleteCertificateFromStore failed: %08x\n",
272 GetLastError());
273 /* check that the store is empty */
274 context = CertEnumCertificatesInStore(store1, NULL);
275 ok(!context, "Expected an empty store\n");
276 }
277
278 /* close an empty store */
279 ret = CertCloseStore(NULL, 0);
280 ok(ret, "CertCloseStore failed: %d\n", GetLastError());
281 ret = CertCloseStore(store1, 0);
282 ok(ret, "CertCloseStore failed: %d\n", GetLastError());
283 ret = CertCloseStore(store2, 0);
284 ok(ret, "CertCloseStore failed: %d\n", GetLastError());
285
286 /* This seems nonsensical, but you can open a read-only mem store, only
287 * it isn't read-only
288 */
289 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
290 CERT_STORE_READONLY_FLAG, NULL);
291 ok(store1 != NULL, "CertOpenStore failed: %d\n", GetLastError());
292 /* yep, this succeeds */
293 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING, bigCert,
294 sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
295 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
296 ok(context != NULL, "Expected a valid cert context\n");
297 if (context)
298 {
299 ok(context->cbCertEncoded == sizeof(bigCert),
300 "Wrong cert size %d\n", context->cbCertEncoded);
301 ok(!memcmp(context->pbCertEncoded, bigCert, sizeof(bigCert)),
302 "Unexpected encoded cert in context\n");
303 ok(context->hCertStore == store1, "Unexpected store\n");
304 ret = CertDeleteCertificateFromStore(context);
305 ok(ret, "CertDeleteCertificateFromStore failed: %08x\n",
306 GetLastError());
307 }
308 CertCloseStore(store1, 0);
309 }
310
311 static void compareStore(HCERTSTORE store, LPCSTR name, const BYTE *pb,
312 DWORD cb, BOOL todo)
313 {
314 BOOL ret;
315 CRYPT_DATA_BLOB blob = { 0, NULL };
316
317 ret = CertSaveStore(store, X509_ASN_ENCODING, CERT_STORE_SAVE_AS_STORE,
318 CERT_STORE_SAVE_TO_MEMORY, &blob, 0);
319 ok(ret, "CertSaveStore failed: %08x\n", GetLastError());
320 if (todo)
321 todo_wine
322 ok(blob.cbData == cb, "%s: expected size %d, got %d\n", name, cb,
323 blob.cbData);
324 else
325 ok(blob.cbData == cb, "%s: expected size %d, got %d\n", name, cb,
326 blob.cbData);
327 blob.pbData = HeapAlloc(GetProcessHeap(), 0, blob.cbData);
328 if (blob.pbData)
329 {
330 ret = CertSaveStore(store, X509_ASN_ENCODING, CERT_STORE_SAVE_AS_STORE,
331 CERT_STORE_SAVE_TO_MEMORY, &blob, 0);
332 ok(ret, "CertSaveStore failed: %08x\n", GetLastError());
333 if (todo)
334 todo_wine
335 ok(!memcmp(pb, blob.pbData, cb), "%s: unexpected value\n", name);
336 else
337 ok(!memcmp(pb, blob.pbData, cb), "%s: unexpected value\n", name);
338 HeapFree(GetProcessHeap(), 0, blob.pbData);
339 }
340 }
341
342 static const BYTE serializedStoreWithCert[] = {
343 0x00,0x00,0x00,0x00,0x43,0x45,0x52,0x54,0x20,0x00,0x00,0x00,0x01,0x00,0x00,
344 0x00,0x7c,0x00,0x00,0x00,0x30,0x7a,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,
345 0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,
346 0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,
347 0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,
348 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,
349 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
350 0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,
351 0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,
352 0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
353 0x00,0x00,0x00,0x00,0x00,0x00 };
354
355 static void testCollectionStore(void)
356 {
357 HCERTSTORE store1, store2, collection, collection2;
358 PCCERT_CONTEXT context;
359 BOOL ret;
360 static const WCHAR szPrefix[] = { 'c','e','r',0 };
361 static const WCHAR szDot[] = { '.',0 };
362 WCHAR filename[MAX_PATH];
363 HANDLE file;
364
365 if (!pCertAddStoreToCollection)
366 {
367 win_skip("CertAddStoreToCollection() is not available\n");
368 return;
369 }
370
371 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
372 CERT_STORE_CREATE_NEW_FLAG, NULL);
373
374 /* Try adding a cert to any empty collection */
375 ret = CertAddEncodedCertificateToStore(collection, X509_ASN_ENCODING,
376 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
377 ok(!ret && GetLastError() == E_ACCESSDENIED,
378 "Expected E_ACCESSDENIED, got %08x\n", GetLastError());
379
380 /* Create and add a cert to a memory store */
381 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
382 CERT_STORE_CREATE_NEW_FLAG, NULL);
383 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
384 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
385 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
386 /* Add the memory store to the collection, without allowing adding */
387 ret = pCertAddStoreToCollection(collection, store1, 0, 0);
388 ok(ret, "CertAddStoreToCollection failed: %08x\n", GetLastError());
389 /* Verify the cert is in the collection */
390 context = CertEnumCertificatesInStore(collection, NULL);
391 ok(context != NULL, "Expected a valid context\n");
392 if (context)
393 {
394 ok(context->hCertStore == collection, "Unexpected store\n");
395 CertFreeCertificateContext(context);
396 }
397 /* Check that adding to the collection isn't allowed */
398 ret = CertAddEncodedCertificateToStore(collection, X509_ASN_ENCODING,
399 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_ALWAYS, NULL);
400 ok(!ret && GetLastError() == E_ACCESSDENIED,
401 "Expected E_ACCESSDENIED, got %08x\n", GetLastError());
402
403 /* Create a new memory store */
404 store2 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
405 CERT_STORE_CREATE_NEW_FLAG, NULL);
406 /* Try adding a store to a non-collection store */
407 ret = pCertAddStoreToCollection(store1, store2,
408 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
409 ok(!ret && GetLastError() == E_INVALIDARG,
410 "Expected E_INVALIDARG, got %08x\n", GetLastError());
411 /* Try adding some bogus stores */
412 /* This crashes in Windows
413 ret = pCertAddStoreToCollection(0, store2,
414 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
415 */
416 /* This "succeeds"... */
417 ret = pCertAddStoreToCollection(collection, 0,
418 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
419 ok(ret, "CertAddStoreToCollection failed: %08x\n", GetLastError());
420 /* while this crashes.
421 ret = pCertAddStoreToCollection(collection, 1,
422 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
423 */
424
425 /* Add it to the collection, this time allowing adding */
426 ret = pCertAddStoreToCollection(collection, store2,
427 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
428 ok(ret, "CertAddStoreToCollection failed: %08x\n", GetLastError());
429 /* Check that adding to the collection is allowed */
430 ret = CertAddEncodedCertificateToStore(collection, X509_ASN_ENCODING,
431 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_ALWAYS, NULL);
432 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
433 /* Now check that it was actually added to store2 */
434 context = CertEnumCertificatesInStore(store2, NULL);
435 ok(context != NULL, "Expected a valid context\n");
436 if (context)
437 {
438 ok(context->hCertStore == store2, "Unexpected store\n");
439 CertFreeCertificateContext(context);
440 }
441 /* Check that the collection has both bigCert and bigCert2. bigCert comes
442 * first because store1 was added first.
443 */
444 context = CertEnumCertificatesInStore(collection, NULL);
445 ok(context != NULL, "Expected a valid context\n");
446 if (context)
447 {
448 ok(context->hCertStore == collection, "Unexpected store\n");
449 ok(context->cbCertEncoded == sizeof(bigCert),
450 "Wrong size %d\n", context->cbCertEncoded);
451 ok(!memcmp(context->pbCertEncoded, bigCert, context->cbCertEncoded),
452 "Unexpected cert\n");
453 context = CertEnumCertificatesInStore(collection, context);
454 ok(context != NULL, "Expected a valid context\n");
455 if (context)
456 {
457 ok(context->hCertStore == collection, "Unexpected store\n");
458 ok(context->cbCertEncoded == sizeof(bigCert2),
459 "Wrong size %d\n", context->cbCertEncoded);
460 ok(!memcmp(context->pbCertEncoded, bigCert2,
461 context->cbCertEncoded), "Unexpected cert\n");
462 context = CertEnumCertificatesInStore(collection, context);
463 ok(!context, "Unexpected cert\n");
464 }
465 }
466 /* close store2, and check that the collection is unmodified */
467 CertCloseStore(store2, 0);
468 context = CertEnumCertificatesInStore(collection, NULL);
469 ok(context != NULL, "Expected a valid context\n");
470 if (context)
471 {
472 ok(context->hCertStore == collection, "Unexpected store\n");
473 ok(context->cbCertEncoded == sizeof(bigCert),
474 "Wrong size %d\n", context->cbCertEncoded);
475 ok(!memcmp(context->pbCertEncoded, bigCert, context->cbCertEncoded),
476 "Unexpected cert\n");
477 context = CertEnumCertificatesInStore(collection, context);
478 ok(context != NULL, "Expected a valid context\n");
479 if (context)
480 {
481 ok(context->hCertStore == collection, "Unexpected store\n");
482 ok(context->cbCertEncoded == sizeof(bigCert2),
483 "Wrong size %d\n", context->cbCertEncoded);
484 ok(!memcmp(context->pbCertEncoded, bigCert2,
485 context->cbCertEncoded), "Unexpected cert\n");
486 context = CertEnumCertificatesInStore(collection, context);
487 ok(!context, "Unexpected cert\n");
488 }
489 }
490
491 /* Adding a collection to a collection is legal */
492 collection2 = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
493 CERT_STORE_CREATE_NEW_FLAG, NULL);
494 ret = pCertAddStoreToCollection(collection2, collection,
495 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
496 ok(ret, "CertAddStoreToCollection failed: %08x\n", GetLastError());
497 /* check the contents of collection2 */
498 context = CertEnumCertificatesInStore(collection2, NULL);
499 ok(context != NULL, "Expected a valid context\n");
500 if (context)
501 {
502 ok(context->hCertStore == collection2, "Unexpected store\n");
503 ok(context->cbCertEncoded == sizeof(bigCert),
504 "Wrong size %d\n", context->cbCertEncoded);
505 ok(!memcmp(context->pbCertEncoded, bigCert, context->cbCertEncoded),
506 "Unexpected cert\n");
507 context = CertEnumCertificatesInStore(collection2, context);
508 ok(context != NULL, "Expected a valid context\n");
509 if (context)
510 {
511 ok(context->hCertStore == collection2, "Unexpected store\n");
512 ok(context->cbCertEncoded == sizeof(bigCert2),
513 "Wrong size %d\n", context->cbCertEncoded);
514 ok(!memcmp(context->pbCertEncoded, bigCert2,
515 context->cbCertEncoded), "Unexpected cert\n");
516 context = CertEnumCertificatesInStore(collection2, context);
517 ok(!context, "Unexpected cert\n");
518 }
519 }
520
521 /* I'd like to test closing the collection in the middle of enumeration,
522 * but my tests have been inconsistent. The first time calling
523 * CertEnumCertificatesInStore on a closed collection succeeded, while the
524 * second crashed. So anything appears to be fair game.
525 * I'd also like to test removing a store from a collection in the middle
526 * of an enumeration, but my tests in Windows have been inconclusive.
527 * In one scenario it worked. In another scenario, about a third of the
528 * time this leads to "random" crashes elsewhere in the code. This
529 * probably means this is not allowed.
530 */
531
532 CertCloseStore(store1, 0);
533 CertCloseStore(collection, 0);
534 CertCloseStore(collection2, 0);
535
536 /* Add the same cert to two memory stores, then put them in a collection */
537 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
538 CERT_STORE_CREATE_NEW_FLAG, NULL);
539 ok(store1 != 0, "CertOpenStore failed: %08x\n", GetLastError());
540 store2 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
541 CERT_STORE_CREATE_NEW_FLAG, NULL);
542 ok(store2 != 0, "CertOpenStore failed: %08x\n", GetLastError());
543
544 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
545 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
546 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
547 ret = CertAddEncodedCertificateToStore(store2, X509_ASN_ENCODING,
548 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
549 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
550 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
551 CERT_STORE_CREATE_NEW_FLAG, NULL);
552 ok(collection != 0, "CertOpenStore failed: %08x\n", GetLastError());
553
554 ret = pCertAddStoreToCollection(collection, store1,
555 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
556 ok(ret, "CertAddStoreToCollection failed: %08x\n", GetLastError());
557 ret = pCertAddStoreToCollection(collection, store2,
558 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
559 ok(ret, "CertAddStoreToCollection failed: %08x\n", GetLastError());
560
561 /* Check that the collection has two copies of the same cert */
562 context = CertEnumCertificatesInStore(collection, NULL);
563 ok(context != NULL, "Expected a valid context\n");
564 if (context)
565 {
566 ok(context->hCertStore == collection, "Unexpected store\n");
567 ok(context->cbCertEncoded == sizeof(bigCert),
568 "Wrong size %d\n", context->cbCertEncoded);
569 ok(!memcmp(context->pbCertEncoded, bigCert, context->cbCertEncoded),
570 "Unexpected cert\n");
571 context = CertEnumCertificatesInStore(collection, context);
572 ok(context != NULL, "Expected a valid context\n");
573 if (context)
574 {
575 ok(context->hCertStore == collection, "Unexpected store\n");
576 ok(context->cbCertEncoded == sizeof(bigCert),
577 "Wrong size %d\n", context->cbCertEncoded);
578 ok(!memcmp(context->pbCertEncoded, bigCert, context->cbCertEncoded),
579 "Unexpected cert\n");
580 context = CertEnumCertificatesInStore(collection, context);
581 ok(context == NULL, "Unexpected cert\n");
582 }
583 }
584
585 /* The following would check whether I can delete an identical cert, rather
586 * than one enumerated from the store. It crashes, so that means I must
587 * only call CertDeleteCertificateFromStore with contexts enumerated from
588 * the store.
589 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
590 sizeof(bigCert));
591 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
592 GetLastError());
593 if (context)
594 {
595 ret = CertDeleteCertificateFromStore(collection, context);
596 printf("ret is %d, GetLastError is %08x\n", ret, GetLastError());
597 CertFreeCertificateContext(context);
598 }
599 */
600
601 /* Now check deleting from the collection. */
602 context = CertEnumCertificatesInStore(collection, NULL);
603 ok(context != NULL, "Expected a valid context\n");
604 if (context)
605 {
606 CertDeleteCertificateFromStore(context);
607 /* store1 should now be empty */
608 context = CertEnumCertificatesInStore(store1, NULL);
609 ok(!context, "Unexpected cert\n");
610 /* and there should be one certificate in the collection */
611 context = CertEnumCertificatesInStore(collection, NULL);
612 ok(context != NULL, "Expected a valid cert\n");
613 if (context)
614 {
615 ok(context->hCertStore == collection, "Unexpected store\n");
616 ok(context->cbCertEncoded == sizeof(bigCert),
617 "Wrong size %d\n", context->cbCertEncoded);
618 ok(!memcmp(context->pbCertEncoded, bigCert, context->cbCertEncoded),
619 "Unexpected cert\n");
620 }
621 context = CertEnumCertificatesInStore(collection, context);
622 ok(context == NULL, "Unexpected cert\n");
623 }
624
625 if (!pCertRemoveStoreFromCollection)
626 {
627 win_skip("CertRemoveStoreFromCollection() is not available\n");
628 }
629 else
630 {
631 /* Finally, test removing stores from the collection. No return
632 * value, so it's a bit funny to test.
633 */
634 /* This crashes
635 * pCertRemoveStoreFromCollection(NULL, NULL);
636 */
637 /* This "succeeds," no crash, no last error set */
638 SetLastError(0xdeadbeef);
639 pCertRemoveStoreFromCollection(store2, collection);
640 ok(GetLastError() == 0xdeadbeef,
641 "Didn't expect an error to be set: %08x\n", GetLastError());
642
643 /* After removing store2, the collection should be empty */
644 SetLastError(0xdeadbeef);
645 pCertRemoveStoreFromCollection(collection, store2);
646 ok(GetLastError() == 0xdeadbeef,
647 "Didn't expect an error to be set: %08x\n", GetLastError());
648 context = CertEnumCertificatesInStore(collection, NULL);
649 ok(!context, "Unexpected cert\n");
650 }
651
652 CertCloseStore(collection, 0);
653 CertCloseStore(store2, 0);
654 CertCloseStore(store1, 0);
655
656 /* Test adding certificates to and deleting certificates from collections.
657 */
658 store1 = CertOpenSystemStoreA(0, "My");
659 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
660 CERT_STORE_CREATE_NEW_FLAG, NULL);
661
662 ret = CertAddEncodedCertificateToStore(store1, X509_ASN_ENCODING,
663 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
664 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
665 CertDeleteCertificateFromStore(context);
666
667 pCertAddStoreToCollection(collection, store1,
668 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
669
670 ret = CertAddEncodedCertificateToStore(collection, X509_ASN_ENCODING,
671 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
672 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
673 CertDeleteCertificateFromStore(context);
674
675 CertCloseStore(collection, 0);
676 CertCloseStore(store1, 0);
677
678 /* Test whether a collection store can be committed */
679 if (!pCertControlStore)
680 {
681 win_skip("CertControlStore() is not available\n");
682 return;
683 }
684 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
685 CERT_STORE_CREATE_NEW_FLAG, NULL);
686
687 SetLastError(0xdeadbeef);
688 ret = pCertControlStore(collection, 0, CERT_STORE_CTRL_COMMIT, NULL);
689 ok(ret, "CertControlStore failed: %08x\n", GetLastError());
690
691 /* Adding a mem store that can't be committed prevents a successful commit.
692 */
693 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
694 CERT_STORE_CREATE_NEW_FLAG, NULL);
695 pCertAddStoreToCollection(collection, store1, 0, 0);
696 SetLastError(0xdeadbeef);
697 ret = pCertControlStore(collection, 0, CERT_STORE_CTRL_COMMIT, NULL);
698 ok(!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED,
699 "expected ERROR_CALL_NOT_IMPLEMENTED, got %d\n", GetLastError());
700 pCertRemoveStoreFromCollection(collection, store1);
701 CertCloseStore(store1, 0);
702
703 /* Test adding a cert to a collection with a file store, committing the
704 * change to the collection, and comparing the resulting file.
705 */
706 if (!GetTempFileNameW(szDot, szPrefix, 0, filename))
707 return;
708
709 DeleteFileW(filename);
710 file = CreateFileW(filename, GENERIC_READ | GENERIC_WRITE, 0, NULL,
711 CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
712 if (file == INVALID_HANDLE_VALUE)
713 return;
714
715 store1 = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0,
716 CERT_FILE_STORE_COMMIT_ENABLE_FLAG, file);
717 ok(store1 != NULL, "CertOpenStore failed: %08x\n", GetLastError());
718 CloseHandle(file);
719 pCertAddStoreToCollection(collection, store1,
720 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
721 CertCloseStore(store1, 0);
722
723 ret = CertAddEncodedCertificateToStore(collection, X509_ASN_ENCODING,
724 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
725 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
726 GetLastError());
727 ret = pCertControlStore(collection, 0, CERT_STORE_CTRL_COMMIT, NULL);
728 ok(ret, "CertControlStore failed: %d\n", ret);
729 compareStore(collection, "serialized store with cert",
730 serializedStoreWithCert, sizeof(serializedStoreWithCert), FALSE);
731 CertCloseStore(collection, 0);
732
733 DeleteFileW(filename);
734 }
735
736 /* Looks for the property with ID propID in the buffer buf. Returns a pointer
737 * to its header if found, NULL if not.
738 */
739 static const struct CertPropIDHeader *findPropID(const BYTE *buf, DWORD size,
740 DWORD propID)
741 {
742 const struct CertPropIDHeader *ret = NULL;
743 BOOL failed = FALSE;
744
745 while (size && !ret && !failed)
746 {
747 if (size < sizeof(struct CertPropIDHeader))
748 failed = TRUE;
749 else
750 {
751 const struct CertPropIDHeader *hdr =
752 (const struct CertPropIDHeader *)buf;
753
754 size -= sizeof(struct CertPropIDHeader);
755 buf += sizeof(struct CertPropIDHeader);
756 if (size < hdr->cb)
757 failed = TRUE;
758 else if (hdr->propID == propID)
759 ret = hdr;
760 else
761 {
762 buf += hdr->cb;
763 size -= hdr->cb;
764 }
765 }
766 }
767 return ret;
768 }
769
770 static void testRegStore(void)
771 {
772 static const char tempKey[] = "Software\\Wine\\CryptTemp";
773 HCERTSTORE store;
774 LONG rc;
775 HKEY key = NULL;
776 DWORD disp, GLE;
777
778 store = CertOpenStore(CERT_STORE_PROV_REG, 0, 0, 0, NULL);
779 GLE = GetLastError();
780 ok(!store && (GLE == ERROR_INVALID_HANDLE || GLE == ERROR_BADKEY),
781 "Expected ERROR_INVALID_HANDLE or ERROR_BADKEY, got %d\n", GLE);
782 store = CertOpenStore(CERT_STORE_PROV_REG, 0, 0, 0, key);
783 GLE = GetLastError();
784 ok(!store && (GLE == ERROR_INVALID_HANDLE || GLE == ERROR_BADKEY),
785 "Expected ERROR_INVALID_HANDLE or ERROR_BADKEY, got %d\n", GLE);
786
787 /* Opening up any old key works.. */
788 key = HKEY_CURRENT_USER;
789 store = CertOpenStore(CERT_STORE_PROV_REG, 0, 0, 0, key);
790 /* Not sure if this is a bug in DuplicateHandle, marking todo_wine for now
791 */
792 todo_wine ok(store != 0, "CertOpenStore failed: %08x\n", GetLastError());
793 CertCloseStore(store, 0);
794
795 /* It looks like the remainder pretty much needs CertControlStore() */
796 if (!pCertControlStore)
797 {
798 win_skip("CertControlStore() is not available\n");
799 return;
800 }
801
802 rc = RegCreateKeyExA(HKEY_CURRENT_USER, tempKey, 0, NULL, 0, KEY_ALL_ACCESS,
803 NULL, &key, NULL);
804 ok(!rc, "RegCreateKeyExA failed: %d\n", rc);
805 if (key)
806 {
807 BOOL ret;
808 BYTE hash[20];
809 DWORD size, i;
810 static const char certificates[] = "Certificates\\";
811 char subKeyName[sizeof(certificates) + 20 * 2 + 1], *ptr;
812 HKEY subKey;
813 PCCERT_CONTEXT context;
814
815 store = CertOpenStore(CERT_STORE_PROV_REG, 0, 0, 0, key);
816 ok(store != 0, "CertOpenStore failed: %08x\n", GetLastError());
817 /* Add a certificate. It isn't persisted right away, since it's only
818 * added to the cache..
819 */
820 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
821 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_ALWAYS, NULL);
822 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
823 GetLastError());
824 /* so flush the cache to force a commit.. */
825 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_COMMIT, NULL);
826 ok(ret, "CertControlStore failed: %08x\n", GetLastError());
827 /* and check that the expected subkey was written. */
828 size = sizeof(hash);
829 ret = CryptHashCertificate(0, 0, 0, bigCert2, sizeof(bigCert2),
830 hash, &size);
831 ok(ret, "CryptHashCertificate failed: %d\n", GetLastError());
832 strcpy(subKeyName, certificates);
833 for (i = 0, ptr = subKeyName + sizeof(certificates) - 1; i < size;
834 i++, ptr += 2)
835 sprintf(ptr, "%02X", hash[i]);
836 rc = RegCreateKeyExA(key, subKeyName, 0, NULL, 0, KEY_ALL_ACCESS, NULL,
837 &subKey, NULL);
838 ok(!rc, "RegCreateKeyExA failed: %d\n", rc);
839 if (subKey)
840 {
841 LPBYTE buf;
842
843 size = 0;
844 RegQueryValueExA(subKey, "Blob", NULL, NULL, NULL, &size);
845 buf = HeapAlloc(GetProcessHeap(), 0, size);
846 if (buf)
847 {
848 rc = RegQueryValueExA(subKey, "Blob", NULL, NULL, buf, &size);
849 ok(!rc, "RegQueryValueExA failed: %d\n", rc);
850 if (!rc)
851 {
852 const struct CertPropIDHeader *hdr;
853
854 /* Both the hash and the cert should be present */
855 hdr = findPropID(buf, size, CERT_CERT_PROP_ID);
856 ok(hdr != NULL, "Expected to find a cert property\n");
857 if (hdr)
858 {
859 ok(hdr->cb == sizeof(bigCert2),
860 "Wrong size %d of cert property\n", hdr->cb);
861 ok(!memcmp((const BYTE *)hdr + sizeof(*hdr), bigCert2,
862 hdr->cb), "Unexpected cert in cert property\n");
863 }
864 hdr = findPropID(buf, size, CERT_HASH_PROP_ID);
865 ok(hdr != NULL, "Expected to find a hash property\n");
866 if (hdr)
867 {
868 ok(hdr->cb == sizeof(hash),
869 "Wrong size %d of hash property\n", hdr->cb);
870 ok(!memcmp((const BYTE *)hdr + sizeof(*hdr), hash,
871 hdr->cb), "Unexpected hash in cert property\n");
872 }
873 }
874 HeapFree(GetProcessHeap(), 0, buf);
875 }
876 RegCloseKey(subKey);
877 }
878
879 /* Remove the existing context */
880 context = CertEnumCertificatesInStore(store, NULL);
881 ok(context != NULL, "Expected a cert context\n");
882 if (context)
883 CertDeleteCertificateFromStore(context);
884 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_COMMIT, NULL);
885 ok(ret, "CertControlStore failed: %08x\n", GetLastError());
886
887 /* Add a serialized cert with a bogus hash directly to the registry */
888 memset(hash, 0, sizeof(hash));
889 strcpy(subKeyName, certificates);
890 for (i = 0, ptr = subKeyName + sizeof(certificates) - 1;
891 i < sizeof(hash); i++, ptr += 2)
892 sprintf(ptr, "%02X", hash[i]);
893 rc = RegCreateKeyExA(key, subKeyName, 0, NULL, 0, KEY_ALL_ACCESS, NULL,
894 &subKey, NULL);
895 ok(!rc, "RegCreateKeyExA failed: %d\n", rc);
896 if (subKey)
897 {
898 BYTE buf[sizeof(struct CertPropIDHeader) * 2 + sizeof(hash) +
899 sizeof(bigCert)], *ptr;
900 DWORD certCount = 0;
901 struct CertPropIDHeader *hdr;
902
903 hdr = (struct CertPropIDHeader *)buf;
904 hdr->propID = CERT_HASH_PROP_ID;
905 hdr->unknown1 = 1;
906 hdr->cb = sizeof(hash);
907 ptr = buf + sizeof(*hdr);
908 memcpy(ptr, hash, sizeof(hash));
909 ptr += sizeof(hash);
910 hdr = (struct CertPropIDHeader *)ptr;
911 hdr->propID = CERT_CERT_PROP_ID;
912 hdr->unknown1 = 1;
913 hdr->cb = sizeof(bigCert);
914 ptr += sizeof(*hdr);
915 memcpy(ptr, bigCert, sizeof(bigCert));
916
917 rc = RegSetValueExA(subKey, "Blob", 0, REG_BINARY, buf,
918 sizeof(buf));
919 ok(!rc, "RegSetValueExA failed: %d\n", rc);
920
921 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_RESYNC, NULL);
922 ok(ret, "CertControlStore failed: %08x\n", GetLastError());
923
924 /* Make sure the bogus hash cert gets loaded. */
925 certCount = 0;
926 context = NULL;
927 do {
928 context = CertEnumCertificatesInStore(store, context);
929 if (context)
930 certCount++;
931 } while (context != NULL);
932 ok(certCount == 1, "Expected 1 certificates, got %d\n", certCount);
933
934 RegCloseKey(subKey);
935 }
936
937 /* Add another serialized cert directly to the registry, this time
938 * under the correct key name (named with the correct hash value).
939 */
940 size = sizeof(hash);
941 ret = CryptHashCertificate(0, 0, 0, bigCert2,
942 sizeof(bigCert2), hash, &size);
943 ok(ret, "CryptHashCertificate failed: %d\n", GetLastError());
944 strcpy(subKeyName, certificates);
945 for (i = 0, ptr = subKeyName + sizeof(certificates) - 1;
946 i < sizeof(hash); i++, ptr += 2)
947 sprintf(ptr, "%02X", hash[i]);
948 rc = RegCreateKeyExA(key, subKeyName, 0, NULL, 0, KEY_ALL_ACCESS, NULL,
949 &subKey, NULL);
950 ok(!rc, "RegCreateKeyExA failed: %d\n", rc);
951 if (subKey)
952 {
953 BYTE buf[sizeof(struct CertPropIDHeader) * 2 + sizeof(hash) +
954 sizeof(bigCert2)], *ptr;
955 DWORD certCount = 0;
956 PCCERT_CONTEXT context;
957 struct CertPropIDHeader *hdr;
958
959 /* First try with a bogus hash... */
960 hdr = (struct CertPropIDHeader *)buf;
961 hdr->propID = CERT_HASH_PROP_ID;
962 hdr->unknown1 = 1;
963 hdr->cb = sizeof(hash);
964 ptr = buf + sizeof(*hdr);
965 memset(ptr, 0, sizeof(hash));
966 ptr += sizeof(hash);
967 hdr = (struct CertPropIDHeader *)ptr;
968 hdr->propID = CERT_CERT_PROP_ID;
969 hdr->unknown1 = 1;
970 hdr->cb = sizeof(bigCert2);
971 ptr += sizeof(*hdr);
972 memcpy(ptr, bigCert2, sizeof(bigCert2));
973
974 rc = RegSetValueExA(subKey, "Blob", 0, REG_BINARY, buf,
975 sizeof(buf));
976 ok(!rc, "RegSetValueExA failed: %d\n", rc);
977
978 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_RESYNC, NULL);
979 ok(ret, "CertControlStore failed: %08x\n", GetLastError());
980
981 /* and make sure just one cert still gets loaded. */
982 certCount = 0;
983 context = NULL;
984 do {
985 context = CertEnumCertificatesInStore(store, context);
986 if (context)
987 certCount++;
988 } while (context != NULL);
989 ok(certCount == 1 ||
990 broken(certCount == 2) /* NT4 */ ,
991 "Expected 1 certificates, got %d\n", certCount);
992
993 /* Try again with the correct hash... */
994 ptr = buf + sizeof(*hdr);
995 memcpy(ptr, hash, sizeof(hash));
996
997 rc = RegSetValueExA(subKey, "Blob", 0, REG_BINARY, buf,
998 sizeof(buf));
999 ok(!rc, "RegSetValueExA failed: %d\n", rc);
1000
1001 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_RESYNC, NULL);
1002 ok(ret, "CertControlStore failed: %08x\n", GetLastError());
1003
1004 /* and make sure two certs get loaded. */
1005 certCount = 0;
1006 context = NULL;
1007 do {
1008 context = CertEnumCertificatesInStore(store, context);
1009 if (context)
1010 certCount++;
1011 } while (context != NULL);
1012 ok(certCount == 2, "Expected 2 certificates, got %d\n", certCount);
1013
1014 RegCloseKey(subKey);
1015 }
1016 CertCloseStore(store, 0);
1017 /* Is delete allowed on a reg store? */
1018 store = CertOpenStore(CERT_STORE_PROV_REG, 0, 0,
1019 CERT_STORE_DELETE_FLAG, key);
1020 ok(store == NULL, "Expected NULL return from CERT_STORE_DELETE_FLAG\n");
1021 ok(GetLastError() == 0, "CertOpenStore failed: %08x\n",
1022 GetLastError());
1023
1024 RegCloseKey(key);
1025 }
1026 /* The CertOpenStore with CERT_STORE_DELETE_FLAG above will delete the
1027 * contents of the key, but not the key itself.
1028 */
1029 rc = RegCreateKeyExA(HKEY_CURRENT_USER, tempKey, 0, NULL, 0, KEY_ALL_ACCESS,
1030 NULL, &key, &disp);
1031 ok(!rc, "RegCreateKeyExA failed: %d\n", rc);
1032 ok(disp == REG_OPENED_EXISTING_KEY,
1033 "Expected REG_OPENED_EXISTING_KEY, got %d\n", disp);
1034 if (!rc)
1035 {
1036 RegCloseKey(key);
1037 rc = RegDeleteKeyA(HKEY_CURRENT_USER, tempKey);
1038 if (rc)
1039 {
1040 HMODULE shlwapi = LoadLibraryA("shlwapi");
1041
1042 /* Use shlwapi's SHDeleteKeyA to _really_ blow away the key,
1043 * otherwise subsequent tests will fail.
1044 */
1045 if (shlwapi)
1046 {
1047 DWORD (WINAPI *pSHDeleteKeyA)(HKEY, LPCSTR);
1048
1049 pSHDeleteKeyA = (void*)GetProcAddress(shlwapi, "SHDeleteKeyA");
1050 if (pSHDeleteKeyA)
1051 pSHDeleteKeyA(HKEY_CURRENT_USER, tempKey);
1052 FreeLibrary(shlwapi);
1053 }
1054 }
1055 }
1056 }
1057
1058 static const char MyA[] = { 'M','y',0,0 };
1059 static const WCHAR MyW[] = { 'M','y',0 };
1060 static const WCHAR BogusW[] = { 'B','o','g','u','s',0 };
1061 static const WCHAR BogusPathW[] = { 'S','o','f','t','w','a','r','e','\\',
1062 'M','i','c','r','o','s','o','f','t','\\','S','y','s','t','e','m','C','e','r',
1063 't','i','f','i','c','a','t','e','s','\\','B','o','g','u','s',0 };
1064
1065 static void testSystemRegStore(void)
1066 {
1067 HCERTSTORE store, memStore;
1068
1069 /* Check with a UNICODE name */
1070 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0,
1071 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG, MyW);
1072 /* Not all OSes support CERT_STORE_PROV_SYSTEM_REGISTRY, so don't continue
1073 * testing if they don't.
1074 */
1075 if (!store)
1076 return;
1077
1078 /* Check that it isn't a collection store */
1079 memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1080 CERT_STORE_CREATE_NEW_FLAG, NULL);
1081 if (memStore)
1082 {
1083 if (pCertAddStoreToCollection)
1084 {
1085 BOOL ret = pCertAddStoreToCollection(store, memStore, 0, 0);
1086 ok(!ret && GetLastError() == E_INVALIDARG,
1087 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1088 }
1089 CertCloseStore(memStore, 0);
1090 }
1091 CertCloseStore(store, 0);
1092
1093 /* Check opening a bogus store */
1094 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0,
1095 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG, BogusW);
1096 ok(!store && GetLastError() == ERROR_FILE_NOT_FOUND,
1097 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1098 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0,
1099 CERT_SYSTEM_STORE_CURRENT_USER, BogusW);
1100 ok(store != 0, "CertOpenStore failed: %08x\n", GetLastError());
1101 if (store)
1102 CertCloseStore(store, 0);
1103 /* Now check whether deleting is allowed */
1104 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0,
1105 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_DELETE_FLAG, BogusW);
1106 ok(!store, "CertOpenStore failed: %08x\n", GetLastError());
1107 RegDeleteKeyW(HKEY_CURRENT_USER, BogusPathW);
1108
1109 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0, 0, NULL);
1110 ok(!store && GetLastError() == E_INVALIDARG,
1111 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1112 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0,
1113 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_SYSTEM_STORE_CURRENT_USER, MyA);
1114 ok(!store && GetLastError() == E_INVALIDARG,
1115 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1116 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0,
1117 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_SYSTEM_STORE_CURRENT_USER, MyW);
1118 ok(!store && GetLastError() == E_INVALIDARG,
1119 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1120 /* The name is expected to be UNICODE, check with an ASCII name */
1121 store = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY, 0, 0,
1122 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG, MyA);
1123 ok(!store && GetLastError() == ERROR_FILE_NOT_FOUND,
1124 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1125 }
1126
1127 static void testSystemStore(void)
1128 {
1129 static const WCHAR baskslashW[] = { '\\',0 };
1130 HCERTSTORE store;
1131 WCHAR keyName[MAX_PATH];
1132 HKEY key;
1133 LONG rc;
1134
1135 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, 0, NULL);
1136 ok(!store && GetLastError() == ERROR_FILE_NOT_FOUND,
1137 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1138 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1139 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_SYSTEM_STORE_CURRENT_USER, MyA);
1140 ok(!store && GetLastError() == ERROR_FILE_NOT_FOUND,
1141 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1142 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1143 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_SYSTEM_STORE_CURRENT_USER, MyW);
1144 ok(!store && GetLastError() == ERROR_FILE_NOT_FOUND,
1145 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1146 /* The name is expected to be UNICODE, first check with an ASCII name */
1147 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1148 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG, MyA);
1149 ok(!store && GetLastError() == ERROR_FILE_NOT_FOUND,
1150 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1151 /* Create the expected key */
1152 lstrcpyW(keyName, CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH);
1153 lstrcatW(keyName, baskslashW);
1154 lstrcatW(keyName, MyW);
1155 rc = RegCreateKeyExW(HKEY_CURRENT_USER, keyName, 0, NULL, 0, KEY_READ,
1156 NULL, &key, NULL);
1157 ok(!rc, "RegCreateKeyEx failed: %d\n", rc);
1158 if (!rc)
1159 RegCloseKey(key);
1160 /* Check opening with a UNICODE name, specifying the create new flag */
1161 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1162 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_CREATE_NEW_FLAG, MyW);
1163 ok(!store && GetLastError() == ERROR_FILE_EXISTS,
1164 "Expected ERROR_FILE_EXISTS, got %08x\n", GetLastError());
1165 /* Now check opening with a UNICODE name, this time opening existing */
1166 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1167 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG, MyW);
1168 ok(store != 0, "CertOpenStore failed: %08x\n", GetLastError());
1169 if (store)
1170 {
1171 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1172 CERT_STORE_CREATE_NEW_FLAG, NULL);
1173
1174 /* Check that it's a collection store */
1175 if (memStore)
1176 {
1177 if (pCertAddStoreToCollection)
1178 {
1179 BOOL ret = pCertAddStoreToCollection(store, memStore, 0, 0);
1180 /* FIXME: this'll fail on NT4, but what error will it give? */
1181 ok(ret, "CertAddStoreToCollection failed: %08x\n", GetLastError());
1182 }
1183 CertCloseStore(memStore, 0);
1184 }
1185 CertCloseStore(store, 0);
1186 }
1187
1188 /* Check opening a bogus store */
1189 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1190 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG, BogusW);
1191 ok(!store, "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1192 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1193 CERT_SYSTEM_STORE_CURRENT_USER, BogusW);
1194 ok(store != 0, "CertOpenStore failed: %08x\n", GetLastError());
1195 if (store)
1196 CertCloseStore(store, 0);
1197 /* Now check whether deleting is allowed */
1198 store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1199 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_DELETE_FLAG, BogusW);
1200 ok(!store, "Didn't expect a store to be returned when deleting\n");
1201 RegDeleteKeyW(HKEY_CURRENT_USER, BogusPathW);
1202 }
1203
1204 static const BYTE serializedStoreWithCertAndCRL[] = {
1205 0x00,0x00,0x00,0x00,0x43,0x45,0x52,0x54,0x20,0x00,0x00,0x00,0x01,0x00,0x00,
1206 0x00,0x7c,0x00,0x00,0x00,0x30,0x7a,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,
1207 0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,
1208 0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,
1209 0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,
1210 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,
1211 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
1212 0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,
1213 0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,
1214 0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0x21,0x00,0x00,0x00,0x01,0x00,
1215 0x00,0x00,0x47,0x00,0x00,0x00,0x30,0x45,0x30,0x2c,0x30,0x02,0x06,0x00,0x30,
1216 0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,
1217 0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
1218 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x03,0x11,
1219 0x00,0x0f,0x0e,0x0d,0x0c,0x0b,0x0a,0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,
1220 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
1221
1222 static void testFileStore(void)
1223 {
1224 static const WCHAR szPrefix[] = { 'c','e','r',0 };
1225 static const WCHAR szDot[] = { '.',0 };
1226 WCHAR filename[MAX_PATH];
1227 HCERTSTORE store;
1228 BOOL ret;
1229 PCCERT_CONTEXT cert;
1230 HANDLE file;
1231
1232 if (!pCertControlStore)
1233 {
1234 win_skip("CertControlStore() is not available\n");
1235 return;
1236 }
1237
1238 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0, 0, NULL);
1239 ok(!store && GetLastError() == ERROR_INVALID_HANDLE,
1240 "Expected ERROR_INVALID_HANDLE, got %08x\n", GetLastError());
1241
1242 if (!GetTempFileNameW(szDot, szPrefix, 0, filename))
1243 return;
1244
1245 DeleteFileW(filename);
1246 file = CreateFileW(filename, GENERIC_READ | GENERIC_WRITE, 0, NULL,
1247 CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
1248 if (file == INVALID_HANDLE_VALUE)
1249 return;
1250
1251 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0, CERT_STORE_DELETE_FLAG,
1252 file);
1253 ok(!store && GetLastError() == E_INVALIDARG,
1254 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1255 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0,
1256 CERT_FILE_STORE_COMMIT_ENABLE_FLAG | CERT_STORE_READONLY_FLAG, file);
1257 ok(!store && GetLastError() == E_INVALIDARG,
1258 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1259
1260 /* A "read-only" file store.. */
1261 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0,
1262 CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, file);
1263 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1264 if (store)
1265 {
1266 DWORD size;
1267
1268 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1269 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1270 /* apparently allows adding certificates.. */
1271 ok(ret, "CertAddEncodedCertificateToStore failed: %d\n", ret);
1272 /* but not commits.. */
1273 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_COMMIT, NULL);
1274 ok(!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED,
1275 "Expected ERROR_CALL_NOT_IMPLEMENTED, got %08x\n", GetLastError());
1276 /* It still has certs in memory.. */
1277 cert = CertEnumCertificatesInStore(store, NULL);
1278 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1279 GetLastError());
1280 CertFreeCertificateContext(cert);
1281 /* but the file size is still 0. */
1282 size = GetFileSize(file, NULL);
1283 ok(size == 0, "Expected size 0, got %d\n", size);
1284 CertCloseStore(store, 0);
1285 }
1286
1287 /* The create new flag is allowed.. */
1288 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0,
1289 CERT_STORE_CREATE_NEW_FLAG, file);
1290 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1291 if (store)
1292 {
1293 /* but without the commit enable flag, commits don't happen. */
1294 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1295 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1296 ok(ret, "CertAddEncodedCertificateToStore failed: %d\n", ret);
1297 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_COMMIT, NULL);
1298 ok(!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED,
1299 "Expected ERROR_CALL_NOT_IMPLEMENTED, got %08x\n", GetLastError());
1300 CertCloseStore(store, 0);
1301 }
1302 /* as is the open existing flag. */
1303 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0,
1304 CERT_STORE_OPEN_EXISTING_FLAG, file);
1305 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1306 if (store)
1307 {
1308 /* but without the commit enable flag, commits don't happen. */
1309 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1310 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1311 ok(ret, "CertAddEncodedCertificateToStore failed: %d\n", ret);
1312 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_COMMIT, NULL);
1313 ok(!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED,
1314 "Expected ERROR_CALL_NOT_IMPLEMENTED, got %08x\n", GetLastError());
1315 CertCloseStore(store, 0);
1316 }
1317 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0,
1318 CERT_FILE_STORE_COMMIT_ENABLE_FLAG, file);
1319 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1320 if (store)
1321 {
1322 CloseHandle(file);
1323 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1324 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1325 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1326 GetLastError());
1327 /* with commits enabled, commit is allowed */
1328 ret = pCertControlStore(store, 0, CERT_STORE_CTRL_COMMIT, NULL);
1329 ok(ret, "CertControlStore failed: %d\n", ret);
1330 compareStore(store, "serialized store with cert",
1331 serializedStoreWithCert, sizeof(serializedStoreWithCert), FALSE);
1332 CertCloseStore(store, 0);
1333 }
1334 file = CreateFileW(filename, GENERIC_READ | GENERIC_WRITE, 0, NULL,
1335 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1336 if (file == INVALID_HANDLE_VALUE)
1337 return;
1338 store = CertOpenStore(CERT_STORE_PROV_FILE, 0, 0,
1339 CERT_FILE_STORE_COMMIT_ENABLE_FLAG, file);
1340 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1341 if (store)
1342 {
1343 CloseHandle(file);
1344 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
1345 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
1346 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1347 compareStore(store, "serialized store with cert and CRL",
1348 serializedStoreWithCertAndCRL, sizeof(serializedStoreWithCertAndCRL),
1349 FALSE);
1350 CertCloseStore(store, 0);
1351 }
1352
1353 DeleteFileW(filename);
1354 }
1355
1356 static BOOL initFileFromData(LPCWSTR filename, const BYTE *pb, DWORD cb)
1357 {
1358 HANDLE file = CreateFileW(filename, GENERIC_READ | GENERIC_WRITE, 0, NULL,
1359 CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
1360 BOOL ret;
1361
1362 if (file != INVALID_HANDLE_VALUE)
1363 {
1364 DWORD written;
1365
1366 ret = WriteFile(file, pb, cb, &written, NULL);
1367 CloseHandle(file);
1368 }
1369 else
1370 ret = FALSE;
1371 return ret;
1372 }
1373
1374 static const BYTE base64SPC[] =
1375 "MIICJQYJKoZIhvcNAQcCoIICFjCCAhICAQExADALBgkqhkiG9w0BBwGgggH6MIIB"
1376 "9jCCAV+gAwIBAgIQnP8+EF4opr9OxH7h4uBPWTANBgkqhkiG9w0BAQQFADAUMRIw"
1377 "EAYDVQQDEwlKdWFuIExhbmcwHhcNMDgxMjEyMTcxMDE0WhcNMzkxMjMxMjM1OTU5"
1378 "WjAUMRIwEAYDVQQDEwlKdWFuIExhbmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
1379 "AoGBALCgNjyNvOic0FOfjxvi43HbM+D5joDkhiGSXe+gbZlf8f16k07kkObFEunz"
1380 "mdB5coscmA7gyqiWNN4ZUyr2cA3lCbnpGPA/0IblyyOcuGIFmmCzeZaVa5ZG6xZP"
1381 "K7L7o+73Qo6jXVbGhBGnMZ7Q9sAn6s2933olnStnejnqwV0NAgMBAAGjSTBHMEUG"
1382 "A1UdAQQ+MDyAEFKbKEdXYyx+CWKcV6vxM6ShFjAUMRIwEAYDVQQDEwlKdWFuIExh"
1383 "bmeCEJz/PhBeKKa/TsR+4eLgT1kwDQYJKoZIhvcNAQEEBQADgYEALpkgLgW3mEaK"
1384 "idPQ3iPJYLG0Ub1wraqEl9bd42hrhzIdcDzlQgxnm8/5cHYVxIF/C20x/HJplb1R"
1385 "G6U1ipFe/q8byWD/9JpiBKMGPi9YlUTgXHfS9d4S/QWO1h9Z7KeipBYhoslQpHXu"
1386 "y9bUr8Adqi6SzgHpCnMu53dxgxUD1r4xAA==";
1387 /* Same as base64SPC, but as a wide-char string */
1388 static const WCHAR utf16Base64SPC[] = {
1389 'M','I','I','C','J','Q','Y','J','K','o','Z','I','h','v','c','N','A',
1390 'Q','c','C','o','I','I','C','F','j','C','C','A','h','I','C','A','Q',
1391 'E','x','A','D','A','L','B','g','k','q','h','k','i','G','9','w','0',
1392 'B','B','w','G','g','g','g','H','6','M','I','I','B','9','j','C','C',
1393 'A','V','+','g','A','w','I','B','A','g','I','Q','n','P','8','+','E',
1394 'F','4','o','p','r','9','O','x','H','7','h','4','u','B','P','W','T',
1395 'A','N','B','g','k','q','h','k','i','G','9','w','0','B','A','Q','Q',
1396 'F','A','D','A','U','M','R','I','w','E','A','Y','D','V','Q','Q','D',
1397 'E','w','l','K','d','W','F','u','I','E','x','h','b','m','c','w','H',
1398 'h','c','N','M','D','g','x','M','j','E','y','M','T','c','x','M','D',
1399 'E','0','W','h','c','N','M','z','k','x','M','j','M','x','M','j','M',
1400 '1','O','T','U','5','W','j','A','U','M','R','I','w','E','A','Y','D',
1401 'V','Q','Q','D','E','w','l','K','d','W','F','u','I','E','x','h','b',
1402 'm','c','w','g','Z','8','w','D','Q','Y','J','K','o','Z','I','h','v',
1403 'c','N','A','Q','E','B','B','Q','A','D','g','Y','0','A','M','I','G',
1404 'J','A','o','G','B','A','L','C','g','N','j','y','N','v','O','i','c',
1405 '0','F','O','f','j','x','v','i','4','3','H','b','M','+','D','5','j',
1406 'o','D','k','h','i','G','S','X','e','+','g','b','Z','l','f','8','f',
1407 '1','6','k','0','7','k','k','O','b','F','E','u','n','z','m','d','B',
1408 '5','c','o','s','c','m','A','7','g','y','q','i','W','N','N','4','Z',
1409 'U','y','r','2','c','A','3','l','C','b','n','p','G','P','A','/','0',
1410 'I','b','l','y','y','O','c','u','G','I','F','m','m','C','z','e','Z',
1411 'a','V','a','5','Z','G','6','x','Z','P','K','7','L','7','o','+','7',
1412 '3','Q','o','6','j','X','V','b','G','h','B','G','n','M','Z','7','Q',
1413 '9','s','A','n','6','s','2','9','3','3','o','l','n','S','t','n','e',
1414 'j','n','q','w','V','0','N','A','g','M','B','A','A','G','j','S','T',
1415 'B','H','M','E','U','G','A','1','U','d','A','Q','Q','+','M','D','y',
1416 'A','E','F','K','b','K','E','d','X','Y','y','x','+','C','W','K','c',
1417 'V','6','v','x','M','6','S','h','F','j','A','U','M','R','I','w','E',
1418 'A','Y','D','V','Q','Q','D','E','w','l','K','d','W','F','u','I','E',
1419 'x','h','b','m','e','C','E','J','z','/','P','h','B','e','K','K','a',
1420 '/','T','s','R','+','4','e','L','g','T','1','k','w','D','Q','Y','J',
1421 'K','o','Z','I','h','v','c','N','A','Q','E','E','B','Q','A','D','g',
1422 'Y','E','A','L','p','k','g','L','g','W','3','m','E','a','K','i','d',
1423 'P','Q','3','i','P','J','Y','L','G','0','U','b','1','w','r','a','q',
1424 'E','l','9','b','d','4','2','h','r','h','z','I','d','c','D','z','l',
1425 'Q','g','x','n','m','8','/','5','c','H','Y','V','x','I','F','/','C',
1426 '2','0','x','/','H','J','p','l','b','1','R','G','6','U','1','i','p',
1427 'F','e','/','q','8','b','y','W','D','/','9','J','p','i','B','K','M',
1428 'G','P','i','9','Y','l','U','T','g','X','H','f','S','9','d','4','S',
1429 '/','Q','W','O','1','h','9','Z','7','K','e','i','p','B','Y','h','o',
1430 's','l','Q','p','H','X','u','y','9','b','U','r','8','A','d','q','i',
1431 '6','S','z','g','H','p','C','n','M','u','5','3','d','x','g','x','U',
1432 'D','1','r','4','x','A','A','=','=',0 };
1433
1434 static void testFileNameStore(void)
1435 {
1436 static const WCHAR szPrefix[] = { 'c','e','r',0 };
1437 static const WCHAR spcPrefix[] = { 's','p','c',0 };
1438 static const WCHAR szDot[] = { '.',0 };
1439 WCHAR filename[MAX_PATH];
1440 HCERTSTORE store;
1441 BOOL ret;
1442 DWORD GLE;
1443
1444 if (0)
1445 {
1446 /* Crashes on NT4 */
1447 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0, 0, NULL);
1448 GLE = GetLastError();
1449 ok(!store && (GLE == ERROR_PATH_NOT_FOUND || GLE == ERROR_INVALID_PARAMETER),
1450 "Expected ERROR_PATH_NOT_FOUND or ERROR_INVALID_PARAMETER, got %08x\n",
1451 GLE);
1452 }
1453
1454 if (!GetTempFileNameW(szDot, szPrefix, 0, filename))
1455 return;
1456 DeleteFileW(filename);
1457
1458 /* The two flags are mutually exclusive */
1459 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1460 CERT_FILE_STORE_COMMIT_ENABLE_FLAG | CERT_STORE_READONLY_FLAG, filename);
1461 ok(!store && GetLastError() == E_INVALIDARG,
1462 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1463
1464 /* In all of the following tests, the encoding type seems to be ignored */
1465 if (initFileFromData(filename, bigCert, sizeof(bigCert)))
1466 {
1467 PCCERT_CONTEXT cert;
1468 PCCRL_CONTEXT crl;
1469
1470 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1471 CERT_STORE_READONLY_FLAG, filename);
1472 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1473
1474 cert = CertEnumCertificatesInStore(store, NULL);
1475 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1476 GetLastError());
1477 cert = CertEnumCertificatesInStore(store, cert);
1478 ok(!cert, "Expected only one cert\n");
1479 if (pCertEnumCRLsInStore)
1480 {
1481 crl = pCertEnumCRLsInStore(store, NULL);
1482 ok(!crl, "Expected no CRLs\n");
1483 }
1484
1485 CertCloseStore(store, 0);
1486 DeleteFileW(filename);
1487 }
1488 if (initFileFromData(filename, serializedStoreWithCert,
1489 sizeof(serializedStoreWithCert)))
1490 {
1491 PCCERT_CONTEXT cert;
1492 PCCRL_CONTEXT crl;
1493
1494 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1495 CERT_STORE_READONLY_FLAG, filename);
1496 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1497
1498 cert = CertEnumCertificatesInStore(store, NULL);
1499 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1500 GetLastError());
1501 cert = CertEnumCertificatesInStore(store, cert);
1502 ok(!cert, "Expected only one cert\n");
1503 if (pCertEnumCRLsInStore)
1504 {
1505 crl = pCertEnumCRLsInStore(store, NULL);
1506 ok(!crl, "Expected no CRLs\n");
1507 }
1508
1509 CertCloseStore(store, 0);
1510 DeleteFileW(filename);
1511 }
1512 if (initFileFromData(filename, serializedStoreWithCertAndCRL,
1513 sizeof(serializedStoreWithCertAndCRL)))
1514 {
1515 PCCERT_CONTEXT cert;
1516 PCCRL_CONTEXT crl;
1517
1518 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1519 CERT_STORE_READONLY_FLAG, filename);
1520 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1521
1522 cert = CertEnumCertificatesInStore(store, NULL);
1523 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1524 GetLastError());
1525 cert = CertEnumCertificatesInStore(store, cert);
1526 ok(!cert, "Expected only one cert\n");
1527 if (pCertEnumCRLsInStore)
1528 {
1529 crl = pCertEnumCRLsInStore(store, NULL);
1530 ok(crl != NULL, "CertEnumCRLsInStore failed: %08x\n", GetLastError());
1531 crl = pCertEnumCRLsInStore(store, crl);
1532 ok(!crl, "Expected only one CRL\n");
1533 }
1534
1535 CertCloseStore(store, 0);
1536 /* Don't delete it this time, the next test uses it */
1537 }
1538 /* Now that the file exists, we can open it read-only */
1539 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1540 CERT_STORE_READONLY_FLAG, filename);
1541 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1542 CertCloseStore(store, 0);
1543 DeleteFileW(filename);
1544
1545 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1546 CERT_FILE_STORE_COMMIT_ENABLE_FLAG | CERT_STORE_CREATE_NEW_FLAG, filename);
1547 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1548 if (store)
1549 {
1550 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1551 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1552 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1553 GetLastError());
1554 compareStore(store, "serialized store with cert",
1555 serializedStoreWithCert, sizeof(serializedStoreWithCert), FALSE);
1556 CertCloseStore(store, 0);
1557 }
1558 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1559 CERT_FILE_STORE_COMMIT_ENABLE_FLAG, filename);
1560 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1561 if (store)
1562 {
1563 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
1564 signedCRL, sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
1565 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1566 compareStore(store, "serialized store with cert and CRL",
1567 serializedStoreWithCertAndCRL, sizeof(serializedStoreWithCertAndCRL),
1568 FALSE);
1569 CertCloseStore(store, 0);
1570 }
1571 DeleteFileW(filename);
1572
1573 if (!GetTempFileNameW(szDot, spcPrefix, 0, filename))
1574 return;
1575 DeleteFileW(filename);
1576
1577 if (initFileFromData(filename, base64SPC, sizeof(base64SPC)))
1578 {
1579 PCCERT_CONTEXT cert;
1580 PCCRL_CONTEXT crl;
1581
1582 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1583 CERT_STORE_READONLY_FLAG, filename);
1584 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1585
1586 cert = CertEnumCertificatesInStore(store, NULL);
1587 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1588 GetLastError());
1589 cert = CertEnumCertificatesInStore(store, cert);
1590 ok(!cert, "Expected only one cert\n");
1591 if (pCertEnumCRLsInStore)
1592 {
1593 crl = pCertEnumCRLsInStore(store, NULL);
1594 ok(!crl, "Expected no CRLs\n");
1595 }
1596
1597 CertCloseStore(store, 0);
1598 DeleteFileW(filename);
1599 }
1600 if (initFileFromData(filename, (BYTE *)utf16Base64SPC,
1601 sizeof(utf16Base64SPC)))
1602 {
1603 PCCERT_CONTEXT cert;
1604 PCCRL_CONTEXT crl;
1605
1606 store = CertOpenStore(CERT_STORE_PROV_FILENAME_W, 0, 0,
1607 CERT_STORE_READONLY_FLAG, filename);
1608 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1609
1610 cert = CertEnumCertificatesInStore(store, NULL);
1611 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1612 GetLastError());
1613 cert = CertEnumCertificatesInStore(store, cert);
1614 ok(!cert, "Expected only one cert\n");
1615 if (pCertEnumCRLsInStore)
1616 {
1617 crl = pCertEnumCRLsInStore(store, NULL);
1618 ok(!crl, "Expected no CRLs\n");
1619 }
1620
1621 CertCloseStore(store, 0);
1622 DeleteFileW(filename);
1623 }
1624 }
1625
1626 static const BYTE signedContent[] = {
1627 0x30,0x81,0xb2,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,0xa0,
1628 0x81,0xa4,0x30,0x81,0xa1,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,
1629 0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x13,0x06,0x09,0x2a,0x86,
1630 0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x06,0x04,0x04,0x01,0x02,0x03,0x04,
1631 0x31,0x77,0x30,0x75,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,0x13,0x30,0x11,
1632 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
1633 0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,
1634 0x02,0x05,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,0x40,0x81,0xa6,0x70,
1635 0xb3,0xef,0x59,0xd1,0x66,0xd1,0x9b,0xc0,0x9a,0xb6,0x9a,0x5e,0x6d,0x6f,0x6d,
1636 0x0d,0x59,0xa9,0xaa,0x6e,0xe9,0x2c,0xa0,0x1e,0xee,0xc2,0x60,0xbc,0x59,0xbe,
1637 0x3f,0x63,0x06,0x8d,0xc9,0x11,0x1d,0x23,0x64,0x92,0xef,0x2e,0xfc,0x57,0x29,
1638 0xa4,0xaf,0xe0,0xee,0x93,0x19,0x39,0x51,0xe4,0x44,0xb8,0x0b,0x28,0xf4,0xa8,
1639 0x0d };
1640 static const BYTE signedWithCertAndCrlBareContent[] = {
1641 0x30,0x82,0x01,0x4f,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,0x86,
1642 0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x13,0x06,0x09,0x2a,0x86,0x48,
1643 0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x06,0x04,0x04,0x01,0x02,0x03,0x04,0xa0,
1644 0x7c,0x30,0x7a,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
1645 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
1646 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
1647 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
1648 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
1649 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
1650 0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x16,0x30,0x14,
1651 0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,
1652 0x01,0xff,0x02,0x01,0x01,0xa1,0x2e,0x30,0x2c,0x30,0x02,0x06,0x00,0x30,0x15,
1653 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
1654 0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
1655 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x31,0x77,0x30,0x75,0x02,0x01,0x01,
1656 0x30,0x1a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,
1657 0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,
1658 0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x04,0x06,
1659 0x00,0x05,0x00,0x04,0x40,0x81,0xa6,0x70,0xb3,0xef,0x59,0xd1,0x66,0xd1,0x9b,
1660 0xc0,0x9a,0xb6,0x9a,0x5e,0x6d,0x6f,0x6d,0x0d,0x59,0xa9,0xaa,0x6e,0xe9,0x2c,
1661 0xa0,0x1e,0xee,0xc2,0x60,0xbc,0x59,0xbe,0x3f,0x63,0x06,0x8d,0xc9,0x11,0x1d,
1662 0x23,0x64,0x92,0xef,0x2e,0xfc,0x57,0x29,0xa4,0xaf,0xe0,0xee,0x93,0x19,0x39,
1663 0x51,0xe4,0x44,0xb8,0x0b,0x28,0xf4,0xa8,0x0d };
1664 static const BYTE hashContent[] = {
1665 0x30,0x47,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x05,0xa0,0x3a,
1666 0x30,0x38,0x02,0x01,0x00,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,
1667 0x02,0x05,0x05,0x00,0x30,0x13,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
1668 0x07,0x01,0xa0,0x06,0x04,0x04,0x01,0x02,0x03,0x04,0x04,0x10,0x08,0xd6,0xc0,
1669 0x5a,0x21,0x51,0x2a,0x79,0xa1,0xdf,0xeb,0x9d,0x2a,0x8f,0x26,0x2f };
1670 static const BYTE hashBareContent[] = {
1671 0x30,0x38,0x02,0x01,0x00,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,
1672 0x02,0x05,0x05,0x00,0x30,0x13,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
1673 0x07,0x01,0xa0,0x06,0x04,0x04,0x01,0x02,0x03,0x04,0x04,0x10,0x08,0xd6,0xc0,
1674 0x5a,0x21,0x51,0x2a,0x79,0xa1,0xdf,0xeb,0x9d,0x2a,0x8f,0x26,0x2f };
1675
1676 static void testMessageStore(void)
1677 {
1678 HCERTSTORE store;
1679 HCRYPTMSG msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING, 0, 0, 0, NULL,
1680 NULL);
1681 CRYPT_DATA_BLOB blob = { sizeof(signedWithCertAndCrlBareContent),
1682 (LPBYTE)signedWithCertAndCrlBareContent };
1683 DWORD count, size;
1684 BOOL ret;
1685
1686 /* Crashes
1687 store = CertOpenStore(CERT_STORE_PROV_MSG, 0, 0, 0, NULL);
1688 */
1689 SetLastError(0xdeadbeef);
1690 store = CertOpenStore(CERT_STORE_PROV_MSG, 0, 0, 0, msg);
1691 ok(!store && GetLastError() == CRYPT_E_INVALID_MSG_TYPE,
1692 "Expected CRYPT_E_INVALID_MSG_TYPE, got %08x\n", GetLastError());
1693 CryptMsgUpdate(msg, signedContent, sizeof(signedContent), TRUE);
1694 store = CertOpenStore(CERT_STORE_PROV_MSG, 0, 0, 0, msg);
1695 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1696 if (store)
1697 {
1698 PCCERT_CONTEXT cert = NULL;
1699 PCCRL_CONTEXT crl = NULL;
1700
1701 count = 0;
1702 do {
1703 cert = CertEnumCertificatesInStore(store, cert);
1704 if (cert)
1705 count++;
1706 } while (cert);
1707 ok(count == 0, "Expected 0 certificates, got %d\n", count);
1708
1709 if (pCertEnumCRLsInStore)
1710 {
1711 count = 0;
1712 do {
1713 crl = pCertEnumCRLsInStore(store, crl);
1714 if (crl)
1715 count++;
1716 } while (crl);
1717 ok(count == 0, "Expected 0 CRLs, got %d\n", count);
1718 }
1719
1720 /* Can add certs to a message store */
1721 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1722 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1723 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1724 GetLastError());
1725 count = 0;
1726 do {
1727 cert = CertEnumCertificatesInStore(store, cert);
1728 if (cert)
1729 count++;
1730 } while (cert);
1731 ok(count == 1, "Expected 1 certificate, got %d\n", count);
1732
1733 CertCloseStore(store, 0);
1734 }
1735 /* but the added certs weren't actually added to the message */
1736 size = sizeof(count);
1737 ret = CryptMsgGetParam(msg, CMSG_CERT_COUNT_PARAM, 0, &count, &size);
1738 ok(ret, "CryptMsgGetParam failed: %08x\n", GetLastError());
1739 ok(count == 0, "Expected 0 certificates, got %d\n", count);
1740 CryptMsgClose(msg);
1741
1742 /* Crashes
1743 store = CertOpenStore(CERT_STORE_PROV_PKCS7, 0, 0, 0, NULL);
1744 */
1745 store = CertOpenStore(CERT_STORE_PROV_PKCS7, 0, 0, 0, &blob);
1746 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1747 if (store)
1748 {
1749 DWORD count = 0;
1750 PCCERT_CONTEXT cert = NULL;
1751 PCCRL_CONTEXT crl = NULL;
1752
1753 do {
1754 cert = CertEnumCertificatesInStore(store, cert);
1755 if (cert)
1756 count++;
1757 } while (cert);
1758 ok(count == 1, "Expected 1 certificate, got %d\n", count);
1759
1760 if (pCertEnumCRLsInStore)
1761 {
1762 count = 0;
1763 do {
1764 crl = pCertEnumCRLsInStore(store, crl);
1765 if (crl)
1766 count++;
1767 } while (crl);
1768 ok(count == 1, "Expected 1 CRL, got %d\n", count);
1769 }
1770 CertCloseStore(store, 0);
1771 }
1772 /* Encoding appears to be ignored */
1773 store = CertOpenStore(CERT_STORE_PROV_PKCS7, X509_ASN_ENCODING, 0, 0,
1774 &blob);
1775 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1776 if (store)
1777 CertCloseStore(store, 0);
1778 /* Messages other than signed messages aren't allowed */
1779 blob.cbData = sizeof(hashContent);
1780 blob.pbData = (LPBYTE)hashContent;
1781 SetLastError(0xdeadbeef);
1782 store = CertOpenStore(CERT_STORE_PROV_PKCS7, 0, 0, 0, &blob);
1783 ok(!store && GetLastError() == CRYPT_E_INVALID_MSG_TYPE,
1784 "Expected CRYPT_E_INVALID_MSG_TYPE, got %08x\n", GetLastError());
1785 blob.cbData = sizeof(hashBareContent);
1786 blob.pbData = (LPBYTE)hashBareContent;
1787 SetLastError(0xdeadbeef);
1788 store = CertOpenStore(CERT_STORE_PROV_PKCS7, 0, 0, 0, &blob);
1789 ok(!store &&
1790 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
1791 broken(GetLastError() == OSS_DATA_ERROR)), /* NT4 */
1792 "Expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
1793 }
1794
1795 static void testSerializedStore(void)
1796 {
1797 HCERTSTORE store;
1798 CRYPT_DATA_BLOB blob;
1799
1800 if (0)
1801 {
1802 /* Crash */
1803 store = CertOpenStore(CERT_STORE_PROV_SERIALIZED, 0, 0, 0, NULL);
1804 store = CertOpenStore(CERT_STORE_PROV_SERIALIZED, 0, 0,
1805 CERT_STORE_DELETE_FLAG, NULL);
1806 }
1807 blob.cbData = sizeof(serializedStoreWithCert);
1808 blob.pbData = (BYTE *)serializedStoreWithCert;
1809 store = CertOpenStore(CERT_STORE_PROV_SERIALIZED, 0, 0,
1810 CERT_STORE_DELETE_FLAG, &blob);
1811 ok(!store && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED,
1812 "Expected ERROR_CALL_NOT_IMPLEMENTED, got %08x\n", GetLastError());
1813 store = CertOpenStore(CERT_STORE_PROV_SERIALIZED, 0, 0, 0, &blob);
1814 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1815 if (store)
1816 {
1817 PCCERT_CONTEXT cert;
1818 PCCRL_CONTEXT crl;
1819
1820 cert = CertEnumCertificatesInStore(store, NULL);
1821 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1822 GetLastError());
1823 cert = CertEnumCertificatesInStore(store, cert);
1824 ok(!cert, "Expected only one cert\n");
1825 if (pCertEnumCRLsInStore)
1826 {
1827 crl = pCertEnumCRLsInStore(store, NULL);
1828 ok(!crl, "Expected no CRLs\n");
1829 }
1830 CertCloseStore(store, 0);
1831 }
1832 blob.cbData = sizeof(serializedStoreWithCertAndCRL);
1833 blob.pbData = (BYTE *)serializedStoreWithCertAndCRL;
1834 store = CertOpenStore(CERT_STORE_PROV_SERIALIZED, 0, 0, 0, &blob);
1835 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1836 if (store)
1837 {
1838 PCCERT_CONTEXT cert;
1839 PCCRL_CONTEXT crl;
1840
1841 cert = CertEnumCertificatesInStore(store, NULL);
1842 ok(cert != NULL, "CertEnumCertificatesInStore failed: %08x\n",
1843 GetLastError());
1844 cert = CertEnumCertificatesInStore(store, cert);
1845 ok(!cert, "Expected only one cert\n");
1846 if (pCertEnumCRLsInStore)
1847 {
1848 crl = pCertEnumCRLsInStore(store, NULL);
1849 ok(crl != NULL, "CertEnumCRLsInStore failed: %08x\n",
1850 GetLastError());
1851 crl = pCertEnumCRLsInStore(store, crl);
1852 ok(!crl, "Expected only one CRL\n");
1853 }
1854 CertCloseStore(store, 0);
1855 }
1856 }
1857
1858 static void testCertOpenSystemStore(void)
1859 {
1860 HCERTSTORE store;
1861
1862 store = CertOpenSystemStoreW(0, NULL);
1863 ok(!store && GetLastError() == E_INVALIDARG,
1864 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1865 /* This succeeds, and on WinXP at least, the Bogus key is created under
1866 * HKCU (but not under HKLM, even when run as an administrator.)
1867 */
1868 store = CertOpenSystemStoreW(0, BogusW);
1869 ok(store != 0, "CertOpenSystemStore failed: %08x\n", GetLastError());
1870 if (store)
1871 CertCloseStore(store, 0);
1872 /* Delete it so other tests succeed next time around */
1873 CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
1874 CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_DELETE_FLAG, BogusW);
1875 RegDeleteKeyW(HKEY_CURRENT_USER, BogusPathW);
1876 }
1877
1878 struct EnumSystemStoreInfo
1879 {
1880 BOOL goOn;
1881 DWORD storeCount;
1882 };
1883
1884 static BOOL CALLBACK enumSystemStoreCB(const void *systemStore, DWORD dwFlags,
1885 PCERT_SYSTEM_STORE_INFO pStoreInfo, void *pvReserved, void *pvArg)
1886 {
1887 struct EnumSystemStoreInfo *info = pvArg;
1888
1889 info->storeCount++;
1890 return info->goOn;
1891 }
1892
1893 static void testCertEnumSystemStore(void)
1894 {
1895 BOOL ret;
1896 struct EnumSystemStoreInfo info = { FALSE, 0 };
1897
1898 if (!pCertEnumSystemStore)
1899 {
1900 win_skip("CertEnumSystemStore() is not available\n");
1901 return;
1902 }
1903
1904 SetLastError(0xdeadbeef);
1905 ret = pCertEnumSystemStore(0, NULL, NULL, NULL);
1906 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1907 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1908 /* Crashes
1909 ret = pCertEnumSystemStore(CERT_SYSTEM_STORE_LOCAL_MACHINE, NULL, NULL,
1910 NULL);
1911 */
1912
1913 SetLastError(0xdeadbeef);
1914 ret = pCertEnumSystemStore(CERT_SYSTEM_STORE_LOCAL_MACHINE, NULL, &info,
1915 enumSystemStoreCB);
1916 /* Callback returning FALSE stops enumeration */
1917 ok(!ret, "Expected CertEnumSystemStore to stop\n");
1918 ok(info.storeCount == 0 || info.storeCount == 1,
1919 "Expected 0 or 1 stores\n");
1920
1921 info.goOn = TRUE;
1922 info.storeCount = 0;
1923 ret = pCertEnumSystemStore(CERT_SYSTEM_STORE_LOCAL_MACHINE, NULL, &info,
1924 enumSystemStoreCB);
1925 ok(ret, "CertEnumSystemStore failed: %08x\n", GetLastError());
1926 /* There should always be at least My, Root, and CA stores */
1927 ok(info.storeCount == 0 || info.storeCount >= 3,
1928 "Expected at least 3 stores\n");
1929 }
1930
1931 static void testStoreProperty(void)
1932 {
1933 HCERTSTORE store;
1934 BOOL ret;
1935 DWORD propID, size = 0, state;
1936 CRYPT_DATA_BLOB blob;
1937
1938 if (!pCertGetStoreProperty || !pCertSetStoreProperty)
1939 {
1940 win_skip("CertGet/SetStoreProperty() is not available\n");
1941 return;
1942 }
1943
1944 /* Crash
1945 ret = pCertGetStoreProperty(NULL, 0, NULL, NULL);
1946 ret = pCertGetStoreProperty(NULL, 0, NULL, &size);
1947 ret = pCertGetStoreProperty(store, 0, NULL, NULL);
1948 */
1949
1950 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1951 CERT_STORE_CREATE_NEW_FLAG, NULL);
1952 /* Check a missing prop ID */
1953 SetLastError(0xdeadbeef);
1954 ret = pCertGetStoreProperty(store, 0, NULL, &size);
1955 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
1956 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1957 /* Contrary to MSDN, CERT_ACCESS_STATE_PROP_ID is supported for stores.. */
1958 size = sizeof(state);
1959 ret = pCertGetStoreProperty(store, CERT_ACCESS_STATE_PROP_ID, &state, &size);
1960 ok(ret, "CertGetStoreProperty failed for CERT_ACCESS_STATE_PROP_ID: %08x\n",
1961 GetLastError());
1962 ok(!state, "Expected a non-persisted store\n");
1963 /* and CERT_STORE_LOCALIZED_NAME_PROP_ID isn't supported by default. */
1964 size = 0;
1965 ret = pCertGetStoreProperty(store, CERT_STORE_LOCALIZED_NAME_PROP_ID, NULL,
1966 &size);
1967 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
1968 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1969 /* Delete an arbitrary property on a store */
1970 ret = pCertSetStoreProperty(store, CERT_FIRST_USER_PROP_ID, 0, NULL);
1971 ok(ret, "CertSetStoreProperty failed: %08x\n", GetLastError());
1972 /* Set an arbitrary property on a store */
1973 blob.pbData = (LPBYTE)&state;
1974 blob.cbData = sizeof(state);
1975 ret = pCertSetStoreProperty(store, CERT_FIRST_USER_PROP_ID, 0, &blob);
1976 ok(ret, "CertSetStoreProperty failed: %08x\n", GetLastError());
1977 /* Get an arbitrary property that's been set */
1978 ret = pCertGetStoreProperty(store, CERT_FIRST_USER_PROP_ID, NULL, &size);
1979 ok(ret, "CertGetStoreProperty failed: %08x\n", GetLastError());
1980 ok(size == sizeof(state), "Unexpected data size %d\n", size);
1981 ret = pCertGetStoreProperty(store, CERT_FIRST_USER_PROP_ID, &propID, &size);
1982 ok(ret, "CertGetStoreProperty failed: %08x\n", GetLastError());
1983 ok(propID == state, "CertGetStoreProperty got the wrong value\n");
1984 /* Delete it again */
1985 ret = pCertSetStoreProperty(store, CERT_FIRST_USER_PROP_ID, 0, NULL);
1986 ok(ret, "CertSetStoreProperty failed: %08x\n", GetLastError());
1987 /* And check that it's missing */
1988 SetLastError(0xdeadbeef);
1989 ret = pCertGetStoreProperty(store, CERT_FIRST_USER_PROP_ID, NULL, &size);
1990 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
1991 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1992 CertCloseStore(store, 0);
1993
1994 /* Recheck on the My store.. */
1995 store = CertOpenSystemStoreW(0, MyW);
1996 size = sizeof(state);
1997 ret = pCertGetStoreProperty(store, CERT_ACCESS_STATE_PROP_ID, &state, &size);
1998 ok(ret, "CertGetStoreProperty failed for CERT_ACCESS_STATE_PROP_ID: %08x\n",
1999 GetLastError());
2000 ok(state, "Expected a persisted store\n");
2001 SetLastError(0xdeadbeef);
2002 size = 0;
2003 ret = pCertGetStoreProperty(store, CERT_STORE_LOCALIZED_NAME_PROP_ID, NULL,
2004 &size);
2005 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2006 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2007 CertCloseStore(store, 0);
2008 }
2009
2010 static void testAddSerialized(void)
2011 {
2012 BOOL ret;
2013 HCERTSTORE store;
2014 BYTE buf[sizeof(struct CertPropIDHeader) * 2 + 20 + sizeof(bigCert)] =
2015 { 0 };
2016 BYTE hash[20];
2017 struct CertPropIDHeader *hdr;
2018 PCCERT_CONTEXT context;
2019
2020 ret = CertAddSerializedElementToStore(0, NULL, 0, 0, 0, 0, NULL, NULL);
2021 ok(!ret && GetLastError() == ERROR_END_OF_MEDIA,
2022 "Expected ERROR_END_OF_MEDIA, got %08x\n", GetLastError());
2023
2024 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
2025 CERT_STORE_CREATE_NEW_FLAG, NULL);
2026 ok(store != 0, "CertOpenStore failed: %08x\n", GetLastError());
2027
2028 ret = CertAddSerializedElementToStore(store, NULL, 0, 0, 0, 0, NULL, NULL);
2029 ok(!ret && GetLastError() == ERROR_END_OF_MEDIA,
2030 "Expected ERROR_END_OF_MEDIA, got %08x\n", GetLastError());
2031
2032 /* Test with an empty property */
2033 hdr = (struct CertPropIDHeader *)buf;
2034 hdr->propID = CERT_CERT_PROP_ID;
2035 hdr->unknown1 = 1;
2036 hdr->cb = 0;
2037 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf), 0, 0, 0,
2038 NULL, NULL);
2039 ok(!ret && GetLastError() == E_INVALIDARG,
2040 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2041 /* Test with a bad size in property header */
2042 hdr->cb = sizeof(bigCert) - 1;
2043 memcpy(buf + sizeof(struct CertPropIDHeader), bigCert, sizeof(bigCert));
2044 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf), 0, 0, 0,
2045 NULL, NULL);
2046 ok(!ret && GetLastError() == E_INVALIDARG,
2047 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2048 ret = CertAddSerializedElementToStore(store, buf,
2049 sizeof(struct CertPropIDHeader) + sizeof(bigCert), 0, 0, 0, NULL,
2050 NULL);
2051 ok(!ret && GetLastError() == E_INVALIDARG,
2052 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2053 ret = CertAddSerializedElementToStore(store, buf,
2054 sizeof(struct CertPropIDHeader) + sizeof(bigCert), CERT_STORE_ADD_NEW,
2055 0, 0, NULL, NULL);
2056 ok(!ret && GetLastError() == E_INVALIDARG,
2057 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2058 /* Kosher size in property header, but no context type */
2059 hdr->cb = sizeof(bigCert);
2060 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf), 0, 0, 0,
2061 NULL, NULL);
2062 ok(!ret && GetLastError() == E_INVALIDARG,
2063 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2064 ret = CertAddSerializedElementToStore(store, buf,
2065 sizeof(struct CertPropIDHeader) + sizeof(bigCert), 0, 0, 0, NULL,
2066 NULL);
2067 ok(!ret && GetLastError() == E_INVALIDARG,
2068 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2069 ret = CertAddSerializedElementToStore(store, buf,
2070 sizeof(struct CertPropIDHeader) + sizeof(bigCert), CERT_STORE_ADD_NEW,
2071 0, 0, NULL, NULL);
2072 ok(!ret && GetLastError() == E_INVALIDARG,
2073 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2074 /* With a bad context type */
2075 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf), 0, 0,
2076 CERT_STORE_CRL_CONTEXT_FLAG, NULL, NULL);
2077 ok(!ret && GetLastError() == E_INVALIDARG,
2078 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2079 ret = CertAddSerializedElementToStore(store, buf,
2080 sizeof(struct CertPropIDHeader) + sizeof(bigCert), 0, 0,
2081 CERT_STORE_CRL_CONTEXT_FLAG, NULL, NULL);
2082 ok(!ret && GetLastError() == E_INVALIDARG,
2083 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2084 ret = CertAddSerializedElementToStore(store, buf,
2085 sizeof(struct CertPropIDHeader) + sizeof(bigCert), CERT_STORE_ADD_NEW,
2086 0, CERT_STORE_CRL_CONTEXT_FLAG, NULL, NULL);
2087 ok(!ret && GetLastError() == E_INVALIDARG,
2088 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2089 /* Bad unknown field, good type */
2090 hdr->unknown1 = 2;
2091 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf), 0, 0,
2092 CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL, NULL);
2093 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2094 "Expected ERROR_FILE_NOT_FOUND got %08x\n", GetLastError());
2095 ret = CertAddSerializedElementToStore(store, buf,
2096 sizeof(struct CertPropIDHeader) + sizeof(bigCert), 0, 0,
2097 CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL, NULL);
2098 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2099 "Expected ERROR_FILE_NOT_FOUND got %08x\n", GetLastError());
2100 ret = CertAddSerializedElementToStore(store, buf,
2101 sizeof(struct CertPropIDHeader) + sizeof(bigCert), CERT_STORE_ADD_NEW,
2102 0, CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL, NULL);
2103 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2104 "Expected ERROR_FILE_NOT_FOUND got %08x\n", GetLastError());
2105 /* Most everything okay, but bad add disposition */
2106 hdr->unknown1 = 1;
2107 /* This crashes
2108 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf), 0, 0,
2109 CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL, NULL);
2110 * as does this
2111 ret = CertAddSerializedElementToStore(store, buf,
2112 sizeof(struct CertPropIDHeader) + sizeof(bigCert), 0, 0,
2113 CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL, NULL);
2114 */
2115 /* Everything okay, but buffer's too big */
2116 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf),
2117 CERT_STORE_ADD_NEW, 0, CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL, NULL);
2118 ok(ret, "CertAddSerializedElementToStore failed: %08x\n", GetLastError());
2119 /* Everything okay, check it's not re-added */
2120 ret = CertAddSerializedElementToStore(store, buf,
2121 sizeof(struct CertPropIDHeader) + sizeof(bigCert), CERT_STORE_ADD_NEW,
2122 0, CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL, NULL);
2123 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
2124 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
2125
2126 context = CertEnumCertificatesInStore(store, NULL);
2127 ok(context != NULL, "Expected a cert\n");
2128 if (context)
2129 CertDeleteCertificateFromStore(context);
2130
2131 /* Try adding with a bogus hash. Oddly enough, it succeeds, and the hash,
2132 * when queried, is the real hash rather than the bogus hash.
2133 */
2134 hdr = (struct CertPropIDHeader *)(buf + sizeof(struct CertPropIDHeader) +
2135 sizeof(bigCert));
2136 hdr->propID = CERT_HASH_PROP_ID;
2137 hdr->unknown1 = 1;
2138 hdr->cb = sizeof(hash);
2139 memset(hash, 0xc, sizeof(hash));
2140 memcpy((LPBYTE)hdr + sizeof(struct CertPropIDHeader), hash, sizeof(hash));
2141 ret = CertAddSerializedElementToStore(store, buf, sizeof(buf),
2142 CERT_STORE_ADD_NEW, 0, CERT_STORE_CERTIFICATE_CONTEXT_FLAG, NULL,
2143 (const void **)&context);
2144 ok(ret, "CertAddSerializedElementToStore failed: %08x\n", GetLastError());
2145 if (context)
2146 {
2147 BYTE hashVal[20], realHash[20];
2148 DWORD size = sizeof(hashVal);
2149
2150 ret = CryptHashCertificate(0, 0, 0, bigCert, sizeof(bigCert),
2151 realHash, &size);
2152 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
2153 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
2154 hashVal, &size);
2155 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
2156 GetLastError());
2157 ok(!memcmp(hashVal, realHash, size), "Unexpected hash\n");
2158 CertFreeCertificateContext(context);
2159 }
2160
2161 CertCloseStore(store, 0);
2162 }
2163
2164 static const BYTE serializedCertWithFriendlyName[] = {
2165 0x0b,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x12,0x00,0x00,0x00,0x57,0x00,0x69,
2166 0x00,0x6e,0x00,0x65,0x00,0x54,0x00,0x65,0x00,0x73,0x00,0x74,0x00,0x00,0x00,
2167 0x20,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x7c,0x00,0x00,0x00,0x30,0x7a,0x02,
2168 0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
2169 0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,
2170 0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,
2171 0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,
2172 0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
2173 0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x07,
2174 0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,
2175 0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,
2176 0x01 };
2177 static const BYTE serializedStoreWithCertWithFriendlyName[] = {
2178 0x00,0x00,0x00,0x00,0x43,0x45,0x52,0x54,0x0b,0x00,0x00,0x00,0x01,0x00,0x00,
2179 0x00,0x12,0x00,0x00,0x00,0x57,0x00,0x69,0x00,0x6e,0x00,0x65,0x00,0x54,0x00,
2180 0x65,0x00,0x73,0x00,0x74,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x00,
2181 0x00,0x7c,0x00,0x00,0x00,0x30,0x7a,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,
2182 0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,
2183 0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,
2184 0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,
2185 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,
2186 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
2187 0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,
2188 0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,
2189 0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
2190 0x00,0x00,0x00,0x00,0x00,0x00 };
2191 static const BYTE serializedStoreWithCertAndHash[] = {
2192 0x00,0x00,0x00,0x00,0x43,0x45,0x52,0x54,0x03,0x00,0x00,0x00,0x01,0x00,0x00,
2193 0x00,0x14,0x00,0x00,0x00,0x6e,0x30,0x90,0x71,0x5f,0xd9,0x23,0x56,0xeb,0xae,
2194 0x25,0x40,0xe6,0x22,0xda,0x19,0x26,0x02,0xa6,0x08,0x20,0x00,0x00,0x00,0x01,
2195 0x00,0x00,0x00,0x7c,0x00,0x00,0x00,0x30,0x7a,0x02,0x01,0x01,0x30,0x02,0x06,
2196 0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,
2197 0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
2198 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,
2199 0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,
2200 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
2201 0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,
2202 0x01,0x00,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
2203 0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0x00,0x00,0x00,0x00,
2204 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
2205
2206 static void delete_test_key(void)
2207 {
2208 HKEY root_key, test_key;
2209 static const WCHAR SysCertW[] = {'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
2210 'S','y','s','t','e','m','C','e','r','t','i','f','i','c','a','t','e','s',0};
2211 static const WCHAR WineTestW[] = {'W','i','n','e','T','e','s','t',0};
2212 WCHAR subkey_name[32];
2213 DWORD num_subkeys, subkey_name_len;
2214 int idx;
2215
2216 if (RegOpenKeyExW(HKEY_CURRENT_USER, SysCertW, 0, KEY_READ, &root_key))
2217 return;
2218 if (RegOpenKeyExW(root_key, WineTestW, 0, KEY_READ, &test_key))
2219 {
2220 RegCloseKey(root_key);
2221 return;
2222 }
2223 RegQueryInfoKeyW(test_key, NULL, NULL, NULL, &num_subkeys, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
2224 for (idx = num_subkeys; idx-- > 0;)
2225 {
2226 subkey_name_len = sizeof(subkey_name)/sizeof(WCHAR);
2227 RegEnumKeyExW(test_key, idx, subkey_name, &subkey_name_len, NULL, NULL, NULL, NULL);
2228 RegDeleteKeyW(test_key, subkey_name);
2229 }
2230 RegCloseKey(test_key);
2231 RegDeleteKeyW(root_key, WineTestW);
2232 RegCloseKey(root_key);
2233 }
2234
2235 static void testAddCertificateLink(void)
2236 {
2237 BOOL ret;
2238 HCERTSTORE store1, store2;
2239 PCCERT_CONTEXT source, linked;
2240 DWORD size;
2241 LPBYTE buf;
2242 CERT_NAME_BLOB blob;
2243 static const WCHAR szPrefix[] = { 'c','e','r',0 };
2244 static const WCHAR szDot[] = { '.',0 };
2245 static const WCHAR WineTestW[] = { 'W','i','n','e','T','e','s','t',0 };
2246 WCHAR filename1[MAX_PATH], filename2[MAX_PATH];
2247 HANDLE file;
2248
2249 if (!pCertAddCertificateLinkToStore)
2250 {
2251 win_skip("CertAddCertificateLinkToStore not found\n");
2252 return;
2253 }
2254
2255 if (0)
2256 {
2257 /* Crashes, i.e. the store is dereferenced without checking. */
2258 ret = pCertAddCertificateLinkToStore(NULL, NULL, 0, NULL);
2259 }
2260
2261 /* Adding a certificate link to a store requires a valid add disposition */
2262 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
2263 CERT_STORE_CREATE_NEW_FLAG, NULL);
2264 SetLastError(0xdeadbeef);
2265 ret = pCertAddCertificateLinkToStore(store1, NULL, 0, NULL);
2266 ok(!ret && GetLastError() == E_INVALIDARG,
2267 "expected E_INVALIDARG, got %08x\n", GetLastError());
2268 source = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2269 sizeof(bigCert));
2270 SetLastError(0xdeadbeef);
2271 ret = pCertAddCertificateLinkToStore(store1, source, 0, NULL);
2272 ok(!ret && GetLastError() == E_INVALIDARG,
2273 "expected E_INVALIDARG, got %08x\n", GetLastError());
2274 ret = pCertAddCertificateLinkToStore(store1, source, CERT_STORE_ADD_ALWAYS,
2275 NULL);
2276 ok(ret, "CertAddCertificateLinkToStore failed: %08x\n", GetLastError());
2277 if (0)
2278 {
2279 /* Crashes, i.e. the source certificate is dereferenced without
2280 * checking when a valid add disposition is given.
2281 */
2282 ret = pCertAddCertificateLinkToStore(store1, NULL, CERT_STORE_ADD_ALWAYS,
2283 NULL);
2284 }
2285 CertCloseStore(store1, 0);
2286
2287 store1 = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
2288 CERT_STORE_CREATE_NEW_FLAG, NULL);
2289 ret = pCertAddCertificateLinkToStore(store1, source, CERT_STORE_ADD_ALWAYS,
2290 &linked);
2291 ok(ret, "CertAddCertificateLinkToStore failed: %08x\n", GetLastError());
2292 if (ret)
2293 {
2294 ok(linked->hCertStore == store1, "unexpected store\n");
2295 ret = CertSerializeCertificateStoreElement(linked, 0, NULL, &size);
2296 ok(ret, "CertSerializeCertificateStoreElement failed: %08x\n",
2297 GetLastError());
2298 buf = HeapAlloc(GetProcessHeap(), 0, size);
2299 if (buf)
2300 {
2301 ret = CertSerializeCertificateStoreElement(linked, 0, buf, &size);
2302 ok(ret, "CertSerializeCertificateStoreElement failed: %08x\n",
2303 GetLastError());
2304 /* The serialized linked certificate is identical to the serialized
2305 * original certificate.
2306 */
2307 ok(size == sizeof(serializedCert), "Wrong size %d\n", size);
2308 ok(!memcmp(serializedCert, buf, size),
2309 "Unexpected serialized cert\n");
2310 HeapFree(GetProcessHeap(), 0, buf);
2311 }
2312 /* Set a friendly name on the source certificate... */
2313 blob.pbData = (LPBYTE)WineTestW;
2314 blob.cbData = sizeof(WineTestW);
2315 ret = CertSetCertificateContextProperty(source,
2316 CERT_FRIENDLY_NAME_PROP_ID, 0, &blob);
2317 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
2318 GetLastError());
2319 /* and the linked certificate has the same friendly name. */
2320 ret = CertGetCertificateContextProperty(linked,
2321 CERT_FRIENDLY_NAME_PROP_ID, NULL, &size);
2322 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
2323 GetLastError());
2324 buf = HeapAlloc(GetProcessHeap(), 0, size);
2325 if (buf)
2326 {
2327 ret = CertGetCertificateContextProperty(linked,
2328 CERT_FRIENDLY_NAME_PROP_ID, buf, &size);
2329 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",