search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
push 8724397e7ede0f147b6e05994a72142d44d4fecc
[wine/hacks.git] / dlls / crypt32 / tests / cert.c
blob322fa2f92d90d702ec3b72d33061b74a2b9c7051
1 /*
2 * crypt32 cert functions tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <assert.h>
22 #include <stdio.h>
23 #include <stdarg.h>
24 #include <windef.h>
25 #include <winbase.h>
26 #include <winreg.h>
27 #include <winerror.h>
28 #include <wincrypt.h>
29
30 #include "wine/test.h"
31
32 static BOOL (WINAPI *pCertAddStoreToCollection)(HCERTSTORE,HCERTSTORE,DWORD,DWORD);
33 static PCCERT_CONTEXT (WINAPI *pCertCreateSelfSignCertificate)(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE,PCERT_NAME_BLOB,DWORD,PCRYPT_KEY_PROV_INFO,PCRYPT_ALGORITHM_IDENTIFIER,PSYSTEMTIME,PSYSTEMTIME,PCERT_EXTENSIONS);
34 static BOOL (WINAPI *pCertGetValidUsages)(DWORD,PCCERT_CONTEXT*,int*,LPSTR*,DWORD*);
35 static BOOL (WINAPI *pCryptAcquireCertificatePrivateKey)(PCCERT_CONTEXT,DWORD,void*,HCRYPTPROV_OR_NCRYPT_KEY_HANDLE*,DWORD*,BOOL*);
36 static BOOL (WINAPI *pCryptEncodeObjectEx)(DWORD,LPCSTR,const void*,DWORD,PCRYPT_ENCODE_PARA,void*,DWORD*);
37 static BOOL (WINAPI * pCryptVerifyCertificateSignatureEx)
38 (HCRYPTPROV, DWORD, DWORD, void *, DWORD, void *, DWORD, void *);
39
40 static BOOL (WINAPI * pCryptAcquireContextA)
41 (HCRYPTPROV *, LPCSTR, LPCSTR, DWORD, DWORD);
42
43 static void init_function_pointers(void)
44 {
45 HMODULE hCrypt32 = GetModuleHandleA("crypt32.dll");
46 HMODULE hAdvapi32 = GetModuleHandleA("advapi32.dll");
47
48 #define GET_PROC(dll, func) \
49 p ## func = (void *)GetProcAddress(dll, #func); \
50 if(!p ## func) \
51 trace("GetProcAddress(%s) failed\n", #func);
52
53 GET_PROC(hCrypt32, CertAddStoreToCollection)
54 GET_PROC(hCrypt32, CertCreateSelfSignCertificate)
55 GET_PROC(hCrypt32, CertGetValidUsages)
56 GET_PROC(hCrypt32, CryptAcquireCertificatePrivateKey)
57 GET_PROC(hCrypt32, CryptEncodeObjectEx)
58 GET_PROC(hCrypt32, CryptVerifyCertificateSignatureEx)
59
60 GET_PROC(hAdvapi32, CryptAcquireContextA)
61
62 #undef GET_PROC
63 }
64
65 static BYTE subjectName[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
66 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
67 0x6e, 0x67, 0x00 };
68 static BYTE serialNum[] = { 1 };
69 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
70 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
71 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
72 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
73 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
74 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
75 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
76 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
77 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
78 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
79 static BYTE bigCertHash[] = { 0x6e, 0x30, 0x90, 0x71, 0x5f, 0xd9, 0x23,
80 0x56, 0xeb, 0xae, 0x25, 0x40, 0xe6, 0x22, 0xda, 0x19, 0x26, 0x02, 0xa6, 0x08 };
81
82 static const BYTE bigCertWithDifferentSubject[] = { 0x30, 0x7a, 0x02, 0x01, 0x02,
83 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
84 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67,
85 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31,
86 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
87 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15,
88 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c,
89 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06,
90 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
91 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
92 0x01, 0x01 };
93 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
94 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
95 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
96 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
97 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
98 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
99 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
100 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
101 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
102 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
103 0x02, 0x01, 0x01 };
104
105 static BYTE subjectName2[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
106 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61,
107 0x6e, 0x67, 0x00 };
108 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
109 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
110 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
111 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
112 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
113 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
114 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
115 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
116 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
117 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
118 static const BYTE bigCert2WithDifferentSerial[] = { 0x30, 0x7a, 0x02, 0x01,
119 0x02, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
120 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
121 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
122 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
123 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
124 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41,
125 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
126 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
127 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
128 0x02, 0x01, 0x01 };
129 static BYTE bigCert2Hash[] = { 0x4a, 0x7f, 0x32, 0x1f, 0xcf, 0x3b, 0xc0,
130 0x87, 0x48, 0x2b, 0xa1, 0x86, 0x54, 0x18, 0xe4, 0x3a, 0x0e, 0x53, 0x7e, 0x2b };
131
132 static const BYTE certWithUsage[] = { 0x30, 0x81, 0x93, 0x02, 0x01, 0x01, 0x30,
133 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
134 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00,
135 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
136 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
137 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31,
138 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61,
139 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00,
140 0x03, 0x01, 0x00, 0xa3, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x1d,
141 0x25, 0x01, 0x01, 0xff, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01,
142 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
143 0x03, 0x02, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
144
145 static void testAddCert(void)
146 {
147 HCERTSTORE store;
148 HCERTSTORE collection;
149 PCCERT_CONTEXT context;
150 PCCERT_CONTEXT copyContext;
151 BOOL ret;
152
153 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
154 CERT_STORE_CREATE_NEW_FLAG, NULL);
155 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
156 if (!store)
157 return;
158
159 /* Weird--bad add disposition leads to an access violation in Windows.
160 * Both tests crash on some win9x boxes.
161 */
162 if (0)
163 {
164 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
165 sizeof(bigCert), 0, NULL);
166 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
167 GetLastError() == E_INVALIDARG),
168 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n",
169 GetLastError());
170 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
171 bigCert, sizeof(bigCert), 0, NULL);
172 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
173 GetLastError() == E_INVALIDARG),
174 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n",
175 GetLastError());
176 }
177
178 /* Weird--can add a cert to the NULL store (does this have special
179 * meaning?)
180 */
181 context = NULL;
182 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
183 sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
184 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
185 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
186 if (context)
187 CertFreeCertificateContext(context);
188 if (!ret && GetLastError() == OSS_DATA_ERROR)
189 {
190 skip("bigCert can't be decoded, skipping tests\n");
191 return;
192 }
193
194 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
195 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
196 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
197 GetLastError());
198 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
199 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
200 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
201 GetLastError());
202 /* This has the same name as bigCert, so finding isn't done by name */
203 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
204 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, &context);
205 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
206 GetLastError());
207 ok(context != NULL, "Expected a context\n");
208 if (context)
209 {
210 CRYPT_DATA_BLOB hash = { sizeof(bigCert2Hash), bigCert2Hash };
211
212 /* Duplicate (AddRef) the context so we can still use it after
213 * deleting it from the store.
214 */
215 CertDuplicateCertificateContext(context);
216 CertDeleteCertificateFromStore(context);
217 /* Set the same hash as bigCert2, and try to readd it */
218 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID,
219 0, &hash);
220 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
221 GetLastError());
222 ret = CertAddCertificateContextToStore(store, context,
223 CERT_STORE_ADD_NEW, NULL);
224 /* The failure is a bit odd (CRYPT_E_ASN1_BADTAG), so just check
225 * that it fails.
226 */
227 ok(!ret, "Expected failure\n");
228 CertFreeCertificateContext(context);
229 }
230 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
231 sizeof(bigCert2));
232 ok(context != NULL, "Expected a context\n");
233 if (context)
234 {
235 /* Try to readd bigCert2 to the store */
236 ret = CertAddCertificateContextToStore(store, context,
237 CERT_STORE_ADD_NEW, NULL);
238 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
239 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
240 CertFreeCertificateContext(context);
241 }
242
243 /* Adding a cert with the same issuer name and serial number (but
244 * different subject) as an existing cert succeeds.
245 */
246 context = NULL;
247 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
248 bigCert2WithDifferentSerial, sizeof(bigCert2WithDifferentSerial),
249 CERT_STORE_ADD_NEW, &context);
250 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
251 GetLastError());
252 if (context)
253 CertDeleteCertificateFromStore(context);
254
255 /* Adding a cert with the same subject name and serial number (but
256 * different issuer) as an existing cert succeeds.
257 */
258 context = NULL;
259 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
260 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject),
261 CERT_STORE_ADD_NEW, &context);
262 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
263 GetLastError());
264 if (context)
265 CertDeleteCertificateFromStore(context);
266
267 /* Adding a cert with the same issuer name and serial number (but
268 * different otherwise) as an existing cert succeeds.
269 */
270 context = NULL;
271 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
272 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer),
273 CERT_STORE_ADD_NEW, &context);
274 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
275 GetLastError());
276 if (context)
277 CertDeleteCertificateFromStore(context);
278
279 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
280 CERT_STORE_CREATE_NEW_FLAG, NULL);
281 ok(collection != NULL, "CertOpenStore failed: %08x\n", GetLastError());
282 if (collection && pCertAddStoreToCollection)
283 {
284 /* Add store to the collection, but disable updates */
285 pCertAddStoreToCollection(collection, store, 0, 0);
286
287 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
288 sizeof(bigCert2));
289 ok(context != NULL, "Expected a context\n");
290 if (context)
291 {
292 /* Try to readd bigCert2 to the collection */
293 ret = CertAddCertificateContextToStore(collection, context,
294 CERT_STORE_ADD_NEW, NULL);
295 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
296 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
297 /* Replacing an existing certificate context is allowed, even
298 * though updates to the collection aren't..
299 */
300 ret = CertAddCertificateContextToStore(collection, context,
301 CERT_STORE_ADD_REPLACE_EXISTING, NULL);
302 ok(ret, "CertAddCertificateContextToStore failed: %08x\n",
303 GetLastError());
304 /* use the existing certificate and ask for a copy of the context*/
305 copyContext = NULL;
306 ret = CertAddCertificateContextToStore(collection, context,
307 CERT_STORE_ADD_USE_EXISTING, &copyContext);
308 ok(ret, "CertAddCertificateContextToStore failed: %08x\n",
309 GetLastError());
310 ok(copyContext != NULL, "Expected on output a non NULL copyContext\n");
311 if (copyContext)
312 CertFreeCertificateContext(copyContext);
313 /* but adding a new certificate isn't allowed. */
314 ret = CertAddCertificateContextToStore(collection, context,
315 CERT_STORE_ADD_ALWAYS, NULL);
316 ok(!ret && GetLastError() == E_ACCESSDENIED,
317 "Expected E_ACCESSDENIED, got %08x\n", GetLastError());
318 CertFreeCertificateContext(context);
319 }
320
321 CertCloseStore(collection, 0);
322 }
323
324 CertCloseStore(store, 0);
325 }
326
327 static void checkHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
328 PCCERT_CONTEXT context, DWORD propID)
329 {
330 BYTE hash[20] = { 0 }, hashProperty[20];
331 BOOL ret;
332 DWORD size;
333 DWORD dwSizeWithNull;
334
335 memset(hash, 0, sizeof(hash));
336 memset(hashProperty, 0, sizeof(hashProperty));
337 size = sizeof(hash);
338 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
339 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
340 ret = CertGetCertificateContextProperty(context, propID, NULL,
341 &dwSizeWithNull);
342 ok(ret, "algID %08x, propID %d: CertGetCertificateContextProperty failed: %08x\n",
343 algID, propID, GetLastError());
344 ret = CertGetCertificateContextProperty(context, propID, hashProperty,
345 &size);
346 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
347 GetLastError());
348 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
349 propID);
350 ok(size == dwSizeWithNull, "Unexpected length of hash for property: received %d instead of %d\n",
351 dwSizeWithNull,size);
352 }
353
354 static CHAR cspNameA[] = "WineCryptTemp";
355 static WCHAR cspNameW[] = { 'W','i','n','e','C','r','y','p','t','T','e','m','p',0 };
356 static const BYTE v1CertWithPubKey[] = {
357 0x30,0x81,0x95,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
358 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
359 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
360 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
361 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
362 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
363 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
364 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
365 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
366 0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
367 0x01,0x01 };
368 static const BYTE v1CertWithSubjectKeyId[] = {
369 0x30,0x7b,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
370 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
371 0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
372 0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
373 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
374 0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
375 0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x17,0x30,0x15,0x30,
376 0x13,0x06,0x03,0x55,0x1d,0x0e,0x04,0x0c,0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,
377 0x4c,0x61,0x6e,0x67,0x00 };
378 static const BYTE subjectKeyId[] = {
379 0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
380 static const BYTE selfSignedCert[] = {
381 0x30, 0x82, 0x01, 0x1f, 0x30, 0x81, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
382 0x10, 0xeb, 0x0d, 0x57, 0x2a, 0x9c, 0x09, 0xba, 0xa4, 0x4a, 0xb7, 0x25, 0x49,
383 0xd9, 0x3e, 0xb5, 0x73, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d,
384 0x05, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
385 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30,
386 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x32, 0x39, 0x30, 0x35, 0x30, 0x30,
387 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x32, 0x39, 0x31, 0x31,
388 0x30, 0x30, 0x34, 0x36, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
389 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e,
390 0x67, 0x00, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
391 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
392 0x00, 0xe2, 0x54, 0x3a, 0xa7, 0x83, 0xb1, 0x27, 0x14, 0x3e, 0x59, 0xbb, 0xb4,
393 0x53, 0xe6, 0x1f, 0xe7, 0x5d, 0xf1, 0x21, 0x68, 0xad, 0x85, 0x53, 0xdb, 0x6b,
394 0x1e, 0xeb, 0x65, 0x97, 0x03, 0x86, 0x60, 0xde, 0xf3, 0x6c, 0x38, 0x75, 0xe0,
395 0x4c, 0x61, 0xbb, 0xbc, 0x62, 0x17, 0xa9, 0xcd, 0x79, 0x3f, 0x21, 0x4e, 0x96,
396 0xcb, 0x0e, 0xdc, 0x61, 0x94, 0x30, 0x18, 0x10, 0x6b, 0xd0, 0x1c, 0x10, 0x79,
397 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
398 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x25, 0x90, 0x53, 0x34, 0xd9, 0x56, 0x41,
399 0x5e, 0xdb, 0x7e, 0x01, 0x36, 0xec, 0x27, 0x61, 0x5e, 0xb7, 0x4d, 0x90, 0x66,
400 0xa2, 0xe1, 0x9d, 0x58, 0x76, 0xd4, 0x9c, 0xba, 0x2c, 0x84, 0xc6, 0x83, 0x7a,
401 0x22, 0x0d, 0x03, 0x69, 0x32, 0x1a, 0x6d, 0xcb, 0x0c, 0x15, 0xb3, 0x6b, 0xc7,
402 0x0a, 0x8c, 0xb4, 0x5c, 0x34, 0x78, 0xe0, 0x3c, 0x9c, 0xe9, 0xf3, 0x30, 0x9f,
403 0xa8, 0x76, 0x57, 0x92, 0x36 };
404 static const BYTE selfSignedSignatureHash[] = { 0x07,0x5a,0x3e,0xfd,0x0d,0xf6,
405 0x88,0xeb,0x00,0x64,0xbd,0xc9,0xd6,0xea,0x0a,0x7c,0xcc,0x24,0xdb,0x5d };
406
407 static void testCertProperties(void)
408 {
409 PCCERT_CONTEXT context = CertCreateCertificateContext(X509_ASN_ENCODING,
410 bigCert, sizeof(bigCert));
411 DWORD propID, numProps, access, size;
412 BOOL ret;
413 BYTE hash[20] = { 0 }, hashProperty[20];
414 CRYPT_DATA_BLOB blob;
415 CERT_KEY_CONTEXT keyContext;
416
417 ok(context != NULL || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
418 "CertCreateCertificateContext failed: %08x\n", GetLastError());
419 if (!context)
420 return;
421
422 /* This crashes
423 propID = CertEnumCertificateContextProperties(NULL, 0);
424 */
425
426 propID = 0;
427 numProps = 0;
428 do {
429 propID = CertEnumCertificateContextProperties(context, propID);
430 if (propID)
431 numProps++;
432 } while (propID != 0);
433 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
434
435 /* Tests with a NULL cert context. Prop ID 0 fails.. */
436 ret = CertSetCertificateContextProperty(NULL, 0, 0, NULL);
437 ok(!ret && GetLastError() == E_INVALIDARG,
438 "Expected E_INVALIDARG, got %08x\n", GetLastError());
439 /* while this just crashes.
440 ret = CertSetCertificateContextProperty(NULL,
441 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
442 */
443
444 ret = CertSetCertificateContextProperty(context, 0, 0, NULL);
445 ok(!ret && GetLastError() == E_INVALIDARG,
446 "Expected E_INVALIDARG, got %08x\n", GetLastError());
447 /* Can't set the cert property directly, this crashes.
448 ret = CertSetCertificateContextProperty(context,
449 CERT_CERT_PROP_ID, 0, bigCert2);
450 */
451
452 /* These all crash.
453 ret = CertGetCertificateContextProperty(context,
454 CERT_ACCESS_STATE_PROP_ID, 0, NULL);
455 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
456 NULL, NULL);
457 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
458 hashProperty, NULL);
459 */
460 /* A missing prop */
461 size = 0;
462 ret = CertGetCertificateContextProperty(context,
463 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
464 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
465 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
466 /* And, an implicit property */
467 size = sizeof(access);
468 ret = CertGetCertificateContextProperty(context,
469 CERT_ACCESS_STATE_PROP_ID, &access, &size);
470 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
471 GetLastError());
472 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
473 "Didn't expect a persisted cert\n");
474 /* Trying to set this "read only" property crashes.
475 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
476 ret = CertSetCertificateContextProperty(context,
477 CERT_ACCESS_STATE_PROP_ID, 0, &access);
478 */
479
480 /* Can I set the hash to an invalid hash? */
481 blob.pbData = hash;
482 blob.cbData = sizeof(hash);
483 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
484 &blob);
485 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
486 GetLastError());
487 size = sizeof(hashProperty);
488 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
489 hashProperty, &size);
490 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
491 /* Delete the (bogus) hash, and get the real one */
492 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
493 NULL);
494 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
495 GetLastError());
496 checkHash(bigCert, sizeof(bigCert), CALG_SHA1, context,
497 CERT_HASH_PROP_ID);
498
499 /* Now that the hash property is set, we should get one property when
500 * enumerating.
501 */
502 propID = 0;
503 numProps = 0;
504 do {
505 propID = CertEnumCertificateContextProperties(context, propID);
506 if (propID)
507 numProps++;
508 } while (propID != 0);
509 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
510
511 /* Check a few other implicit properties */
512 checkHash(bigCert, sizeof(bigCert), CALG_MD5, context,
513 CERT_MD5_HASH_PROP_ID);
514
515 /* Getting the signature hash fails with this bogus certificate */
516 size = 0;
517 ret = CertGetCertificateContextProperty(context,
518 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
519 ok(!ret &&
520 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
521 GetLastError() == CRYPT_E_NOT_FOUND ||
522 GetLastError() == OSS_DATA_ERROR), /* win9x */
523 "Expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
524
525 /* Test key contexts and handles and such */
526 size = 0;
527 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
528 NULL, &size);
529 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
530 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
531 size = sizeof(CERT_KEY_CONTEXT);
532 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
533 NULL, &size);
534 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
535 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
536 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
537 &keyContext, &size);
538 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
539 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
540 /* Key context with an invalid size */
541 keyContext.cbSize = 0;
542 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
543 0, &keyContext);
544 ok(!ret && GetLastError() == E_INVALIDARG,
545 "Expected E_INVALIDARG, got %08x\n", GetLastError());
546 size = sizeof(keyContext);
547 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
548 &keyContext, &size);
549 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
550 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
551 keyContext.cbSize = sizeof(keyContext);
552 keyContext.hCryptProv = 0;
553 keyContext.dwKeySpec = AT_SIGNATURE;
554 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
555 0, &keyContext);
556 ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
557 /* Now that that's set, the key prov handle property is also gettable.
558 */
559 size = sizeof(keyContext.hCryptProv);
560 ret = CertGetCertificateContextProperty(context,
561 CERT_KEY_PROV_HANDLE_PROP_ID, &keyContext.hCryptProv, &size);
562 ok(ret, "Expected to get the CERT_KEY_PROV_HANDLE_PROP_ID, got %08x\n",
563 GetLastError());
564 /* Remove the key prov handle property.. */
565 ret = CertSetCertificateContextProperty(context,
566 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
567 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
568 GetLastError());
569 /* and the key context's CSP is set to NULL. */
570 size = sizeof(keyContext);
571 ret = CertGetCertificateContextProperty(context,
572 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
573 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
574 GetLastError());
575 ok(keyContext.hCryptProv == 0, "Expected no hCryptProv\n");
576
577 /* According to MSDN the subject key id can be stored as a property,
578 * as a subject key extension, or as the SHA1 hash of the public key,
579 * but this cert has none of them:
580 */
581 ret = CertGetCertificateContextProperty(context,
582 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
583 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
584 "Expected ERROR_INVALID_DATA, got %08x\n", GetLastError());
585 CertFreeCertificateContext(context);
586 /* This cert does have a public key, but its subject key identifier still
587 * isn't available: */
588 context = CertCreateCertificateContext(X509_ASN_ENCODING,
589 v1CertWithPubKey, sizeof(v1CertWithPubKey));
590 ret = CertGetCertificateContextProperty(context,
591 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
592 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
593 "Expected ERROR_INVALID_DATA, got %08x\n", GetLastError());
594 CertFreeCertificateContext(context);
595 /* This cert with a subject key extension can have its key identifier
596 * property retrieved:
597 */
598 context = CertCreateCertificateContext(X509_ASN_ENCODING,
599 v1CertWithSubjectKeyId, sizeof(v1CertWithSubjectKeyId));
600 ret = CertGetCertificateContextProperty(context,
601 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
602 ok(ret, "CertGetCertificateContextProperty failed: %08x\n", GetLastError());
603 if (ret)
604 {
605 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size);
606
607 if (buf)
608 {
609 ret = CertGetCertificateContextProperty(context,
610 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
611 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
612 GetLastError());
613 ok(!memcmp(buf, subjectKeyId, size), "Unexpected subject key id\n");
614 HeapFree(GetProcessHeap(), 0, buf);
615 }
616 }
617 CertFreeCertificateContext(context);
618
619 context = CertCreateCertificateContext(X509_ASN_ENCODING,
620 selfSignedCert, sizeof(selfSignedCert));
621 /* Getting the signature hash of a valid (self-signed) cert succeeds */
622 size = 0;
623 ret = CertGetCertificateContextProperty(context,
624 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
625 ok(ret, "CertGetCertificateContextProperty failed: %08x\n", GetLastError());
626 ok(size == sizeof(selfSignedSignatureHash), "unexpected size %d\n", size);
627 ret = CertGetCertificateContextProperty(context,
628 CERT_SIGNATURE_HASH_PROP_ID, hashProperty, &size);
629 if (ret)
630 ok(!memcmp(hashProperty, selfSignedSignatureHash, size),
631 "unexpected value\n");
632 CertFreeCertificateContext(context);
633 }
634
635 static void testDupCert(void)
636 {
637 HCERTSTORE store;
638 PCCERT_CONTEXT context, dupContext;
639 BOOL ret;
640
641 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
642 CERT_STORE_CREATE_NEW_FLAG, NULL);
643 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
644 if (!store)
645 return;
646
647 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
648 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
649 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
650 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
651 if (!ret && GetLastError() == OSS_DATA_ERROR)
652 {
653 skip("bigCert can't be decoded, skipping tests\n");
654 return;
655 }
656 ok(context != NULL, "Expected a valid cert context\n");
657 if (context)
658 {
659 ok(context->cbCertEncoded == sizeof(bigCert),
660 "Wrong cert size %d\n", context->cbCertEncoded);
661 ok(!memcmp(context->pbCertEncoded, bigCert, sizeof(bigCert)),
662 "Unexpected encoded cert in context\n");
663 ok(context->hCertStore == store, "Unexpected store\n");
664
665 dupContext = CertDuplicateCertificateContext(context);
666 ok(dupContext != NULL, "Expected valid duplicate\n");
667 /* Not only is it a duplicate, it's identical: the address is the
668 * same.
669 */
670 ok(dupContext == context, "Expected identical context addresses\n");
671 CertFreeCertificateContext(dupContext);
672 CertFreeCertificateContext(context);
673 }
674 CertCloseStore(store, 0);
675
676 SetLastError(0xdeadbeef);
677 context = CertDuplicateCertificateContext(NULL);
678 ok(context == NULL, "Expected context to be NULL\n");
679 }
680
681 static BYTE subjectName3[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
682 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x52, 0x6f, 0x62, 0x20, 0x20, 0x4c, 0x61,
683 0x6e, 0x67, 0x00 };
684 static const BYTE iTunesCert0[] = {
685 0x30,0x82,0x03,0xc4,0x30,0x82,0x03,0x2d,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
686 0x47,0xbf,0x19,0x95,0xdf,0x8d,0x52,0x46,0x43,0xf7,0xdb,0x6d,0x48,0x0d,0x31,
687 0xa4,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
688 0x00,0x30,0x81,0x8b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
689 0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,
690 0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x14,0x30,0x12,0x06,
691 0x03,0x55,0x04,0x07,0x13,0x0b,0x44,0x75,0x72,0x62,0x61,0x6e,0x76,0x69,0x6c,
692 0x6c,0x65,0x31,0x0f,0x30,0x0d,0x06,0x03,0x55,0x04,0x0a,0x13,0x06,0x54,0x68,
693 0x61,0x77,0x74,0x65,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0b,0x13,0x14,
694 0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
695 0x61,0x74,0x69,0x6f,0x6e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x03,0x13,
696 0x16,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
697 0x6d,0x70,0x69,0x6e,0x67,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x33,0x31,
698 0x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x33,0x31,
699 0x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x53,0x31,0x0b,0x30,
700 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,
701 0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
702 0x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,
703 0x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,0x6d,0x65,0x20,
704 0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,0x76,0x69,0x63,
705 0x65,0x73,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,
706 0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,
707 0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0xca,0xb2,0xa4,0xcc,0xcd,0x20,
708 0xaf,0x0a,0x7d,0x89,0xac,0x87,0x75,0xf0,0xb4,0x4e,0xf1,0xdf,0xc1,0x0f,0xbf,
709 0x67,0x61,0xbd,0xa3,0x64,0x1c,0xda,0xbb,0xf9,0xca,0x33,0xab,0x84,0x30,0x89,
710 0x58,0x7e,0x8c,0xdb,0x6b,0xdd,0x36,0x9e,0x0f,0xbf,0xd1,0xec,0x78,0xf2,0x77,
711 0xa6,0x7e,0x6f,0x3c,0xbf,0x93,0xaf,0x0d,0xba,0x68,0xf4,0x6c,0x94,0xca,0xbd,
712 0x52,0x2d,0xab,0x48,0x3d,0xf5,0xb6,0xd5,0x5d,0x5f,0x1b,0x02,0x9f,0xfa,0x2f,
713 0x6b,0x1e,0xa4,0xf7,0xa3,0x9a,0xa6,0x1a,0xc8,0x02,0xe1,0x7f,0x4c,0x52,0xe3,
714 0x0e,0x60,0xec,0x40,0x1c,0x7e,0xb9,0x0d,0xde,0x3f,0xc7,0xb4,0xdf,0x87,0xbd,
715 0x5f,0x7a,0x6a,0x31,0x2e,0x03,0x99,0x81,0x13,0xa8,0x47,0x20,0xce,0x31,0x73,
716 0x0d,0x57,0x2d,0xcd,0x78,0x34,0x33,0x95,0x12,0x99,0x12,0xb9,0xde,0x68,0x2f,
717 0xaa,0xe6,0xe3,0xc2,0x8a,0x8c,0x2a,0xc3,0x8b,0x21,0x87,0x66,0xbd,0x83,0x58,
718 0x57,0x6f,0x75,0xbf,0x3c,0xaa,0x26,0x87,0x5d,0xca,0x10,0x15,0x3c,0x9f,0x84,
719 0xea,0x54,0xc1,0x0a,0x6e,0xc4,0xfe,0xc5,0x4a,0xdd,0xb9,0x07,0x11,0x97,0x22,
720 0x7c,0xdb,0x3e,0x27,0xd1,0x1e,0x78,0xec,0x9f,0x31,0xc9,0xf1,0xe6,0x22,0x19,
721 0xdb,0xc4,0xb3,0x47,0x43,0x9a,0x1a,0x5f,0xa0,0x1e,0x90,0xe4,0x5e,0xf5,0xee,
722 0x7c,0xf1,0x7d,0xab,0x62,0x01,0x8f,0xf5,0x4d,0x0b,0xde,0xd0,0x22,0x56,0xa8,
723 0x95,0xcd,0xae,0x88,0x76,0xae,0xee,0xba,0x0d,0xf3,0xe4,0x4d,0xd9,0xa0,0xfb,
724 0x68,0xa0,0xae,0x14,0x3b,0xb3,0x87,0xc1,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,
725 0x81,0xdb,0x30,0x81,0xd8,0x30,0x34,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
726 0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
727 0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,
728 0x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,
729 0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,
730 0xff,0x02,0x01,0x00,0x30,0x41,0x06,0x03,0x55,0x1d,0x1f,0x04,0x3a,0x30,0x38,
731 0x30,0x36,0xa0,0x34,0xa0,0x32,0x86,0x30,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
732 0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,
733 0x6d,0x2f,0x54,0x68,0x61,0x77,0x74,0x65,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
734 0x6d,0x70,0x69,0x6e,0x67,0x43,0x41,0x2e,0x63,0x72,0x6c,0x30,0x13,0x06,0x03,
735 0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
736 0x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,
737 0x02,0x01,0x06,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,0x04,0x1d,0x30,0x1b,0xa4,
738 0x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x13,0x0c,0x54,
739 0x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,0x33,0x30,0x0d,0x06,0x09,
740 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,
741 0x4a,0x6b,0xf9,0xea,0x58,0xc2,0x44,0x1c,0x31,0x89,0x79,0x99,0x2b,0x96,0xbf,
742 0x82,0xac,0x01,0xd6,0x1c,0x4c,0xcd,0xb0,0x8a,0x58,0x6e,0xdf,0x08,0x29,0xa3,
743 0x5e,0xc8,0xca,0x93,0x13,0xe7,0x04,0x52,0x0d,0xef,0x47,0x27,0x2f,0x00,0x38,
744 0xb0,0xe4,0xc9,0x93,0x4e,0x9a,0xd4,0x22,0x62,0x15,0xf7,0x3f,0x37,0x21,0x4f,
745 0x70,0x31,0x80,0xf1,0x8b,0x38,0x87,0xb3,0xe8,0xe8,0x97,0x00,0xfe,0xcf,0x55,
746 0x96,0x4e,0x24,0xd2,0xa9,0x27,0x4e,0x7a,0xae,0xb7,0x61,0x41,0xf3,0x2a,0xce,
747 0xe7,0xc9,0xd9,0x5e,0xdd,0xbb,0x2b,0x85,0x3e,0xb5,0x9d,0xb5,0xd9,0xe1,0x57,
748 0xff,0xbe,0xb4,0xc5,0x7e,0xf5,0xcf,0x0c,0x9e,0xf0,0x97,0xfe,0x2b,0xd3,0x3b,
749 0x52,0x1b,0x1b,0x38,0x27,0xf7,0x3f,0x4a };
750 static const BYTE iTunesCert1[] = {
751 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
752 0x0d,0xe9,0x2b,0xf0,0xd4,0xd8,0x29,0x88,0x18,0x32,0x05,0x09,0x5e,0x9a,0x76,
753 0x88,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
754 0x00,0x30,0x53,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
755 0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
756 0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,
757 0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
758 0x20,0x54,0x69,0x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,
759 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
760 0x30,0x33,0x31,0x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
761 0x30,0x38,0x31,0x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x57,
762 0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
763 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,
764 0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2f,0x30,0x2d,0x06,0x03,0x55,
765 0x04,0x03,0x13,0x26,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,
766 0x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,
767 0x76,0x69,0x63,0x65,0x73,0x20,0x53,0x69,0x67,0x6e,0x65,0x72,0x30,0x82,0x01,
768 0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
769 0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,
770 0xb2,0x50,0x28,0x48,0xdd,0xd3,0x68,0x7a,0x84,0x18,0x44,0x66,0x75,0x5d,0x7e,
771 0xc4,0xb8,0x9f,0x63,0x26,0xff,0x3d,0x43,0x9c,0x7c,0x11,0x38,0x10,0x25,0x55,
772 0x73,0xd9,0x75,0x27,0x69,0xfd,0x4e,0xb9,0x20,0x5c,0xd3,0x0a,0xf9,0xa0,0x1b,
773 0x2a,0xed,0x55,0x56,0x21,0x61,0xd8,0x1e,0xdb,0xe4,0xbc,0x33,0x6b,0xc7,0xef,
774 0xdd,0xa3,0x37,0x65,0x8e,0x1b,0x93,0x0c,0xb6,0x53,0x1e,0x5c,0x7c,0x66,0x35,
775 0x5f,0x05,0x8a,0x45,0xfe,0x76,0x4e,0xdf,0x53,0x80,0xa2,0x81,0x20,0x9d,0xae,
776 0x88,0x5c,0xa2,0x08,0xf7,0xe5,0x30,0xf9,0xee,0x22,0x37,0x4c,0x42,0x0a,0xce,
777 0xdf,0xc6,0x1f,0xc4,0xd6,0x55,0xe9,0x81,0x3f,0xb5,0x52,0xa3,0x2c,0xaa,0x01,
778 0x7a,0xf2,0xa2,0xaa,0x8d,0x35,0xfe,0x9f,0xe6,0x5d,0x6a,0x05,0x9f,0x3d,0x6b,
779 0xe3,0xbf,0x96,0xc0,0xfe,0xcc,0x60,0xf9,0x40,0xe7,0x07,0xa0,0x44,0xeb,0x81,
780 0x51,0x6e,0xa5,0x2a,0xf2,0xb6,0x8a,0x10,0x28,0xed,0x8f,0xdc,0x06,0xa0,0x86,
781 0x50,0x9a,0x7b,0x4a,0x08,0x0d,0x30,0x1d,0xca,0x10,0x9e,0x6b,0xf7,0xe9,0x58,
782 0xae,0x04,0xa9,0x40,0x99,0xb2,0x28,0xe8,0x8f,0x16,0xac,0x3c,0xe3,0x53,0x6f,
783 0x4b,0xd3,0x35,0x9d,0xb5,0x6f,0x64,0x1d,0xb3,0x96,0x2c,0xbb,0x3d,0xe7,0x79,
784 0xeb,0x6d,0x7a,0xf9,0x16,0xe6,0x26,0xad,0xaf,0xef,0x99,0x53,0xb7,0x40,0x2c,
785 0x95,0xb8,0x79,0xaa,0xfe,0xd4,0x52,0xab,0x29,0x74,0x7e,0x42,0xec,0x39,0x1e,
786 0xa2,0x6a,0x16,0xe6,0x59,0xbb,0x24,0x68,0xd8,0x00,0x80,0x43,0x10,0x87,0x80,
787 0x6b,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xca,0x30,0x81,0xc7,0x30,0x34,0x06,
788 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,
789 0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,
790 0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
791 0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
792 0xff,0x04,0x02,0x30,0x00,0x30,0x33,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2c,0x30,
793 0x2a,0x30,0x28,0xa0,0x26,0xa0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3a,0x2f,
794 0x2f,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,
795 0x6f,0x6d,0x2f,0x74,0x73,0x73,0x2d,0x63,0x61,0x2e,0x63,0x72,0x6c,0x30,0x16,
796 0x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,
797 0x06,0x01,0x05,0x05,0x07,0x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
798 0x01,0xff,0x04,0x04,0x03,0x02,0x06,0xc0,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,
799 0x04,0x1d,0x30,0x1b,0xa4,0x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,
800 0x04,0x03,0x13,0x0c,0x54,0x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,
801 0x34,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
802 0x00,0x03,0x82,0x01,0x01,0x00,0x87,0x78,0x70,0xda,0x4e,0x52,0x01,0x20,0x5b,
803 0xe0,0x79,0xc9,0x82,0x30,0xc4,0xfd,0xb9,0x19,0x96,0xbd,0x91,0x00,0xc3,0xbd,
804 0xcd,0xcd,0xc6,0xf4,0x0e,0xd8,0xff,0xf9,0x4d,0xc0,0x33,0x62,0x30,0x11,0xc5,
805 0xf5,0x74,0x1b,0xd4,0x92,0xde,0x5f,0x9c,0x20,0x13,0xb1,0x7c,0x45,0xbe,0x50,
806 0xcd,0x83,0xe7,0x80,0x17,0x83,0xa7,0x27,0x93,0x67,0x13,0x46,0xfb,0xca,0xb8,
807 0x98,0x41,0x03,0xcc,0x9b,0x51,0x5b,0x05,0x8b,0x7f,0xa8,0x6f,0xf3,0x1b,0x50,
808 0x1b,0x24,0x2e,0xf2,0x69,0x8d,0x6c,0x22,0xf7,0xbb,0xca,0x16,0x95,0xed,0x0c,
809 0x74,0xc0,0x68,0x77,0xd9,0xeb,0x99,0x62,0x87,0xc1,0x73,0x90,0xf8,0x89,0x74,
810 0x7a,0x23,0xab,0xa3,0x98,0x7b,0x97,0xb1,0xf7,0x8f,0x29,0x71,0x4d,0x2e,0x75,
811 0x1b,0x48,0x41,0xda,0xf0,0xb5,0x0d,0x20,0x54,0xd6,0x77,0xa0,0x97,0x82,0x63,
812 0x69,0xfd,0x09,0xcf,0x8a,0xf0,0x75,0xbb,0x09,0x9b,0xd9,0xf9,0x11,0x55,0x26,
813 0x9a,0x61,0x32,0xbe,0x7a,0x02,0xb0,0x7b,0x86,0xbe,0xa2,0xc3,0x8b,0x22,0x2c,
814 0x78,0xd1,0x35,0x76,0xbc,0x92,0x73,0x5c,0xf9,0xb9,0xe6,0x4c,0x15,0x0a,0x23,
815 0xcc,0xe4,0xd2,0xd4,0x34,0x2e,0x49,0x40,0x15,0x3c,0x0f,0x60,0x7a,0x24,0xc6,
816 0xa5,0x66,0xef,0x96,0xcf,0x70,0xeb,0x3e,0xe7,0xf4,0x0d,0x7e,0xdc,0xd1,0x7c,
817 0xa3,0x76,0x71,0x69,0xc1,0x9c,0x4f,0x47,0x30,0x35,0x21,0xb1,0xa2,0xaf,0x1a,
818 0x62,0x3c,0x2b,0xd9,0x8e,0xaa,0x2a,0x07,0x7b,0xd8,0x18,0xb3,0x5c,0x7b,0xe2,
819 0x9d,0xa5,0x6f,0xfe,0x3c,0x89,0xad };
820 static const BYTE iTunesCert2[] = {
821 0x30,0x82,0x04,0xbf,0x30,0x82,0x04,0x28,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
822 0x41,0x91,0xa1,0x5a,0x39,0x78,0xdf,0xcf,0x49,0x65,0x66,0x38,0x1d,0x4c,0x75,
823 0xc2,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
824 0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
825 0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
826 0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,
827 0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,
828 0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,
829 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,
830 0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x30,0x34,0x30,
831 0x37,0x31,0x36,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x34,0x30,
832 0x37,0x31,0x35,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,
833 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,
834 0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
835 0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,
836 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,
837 0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,
838 0x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,
839 0x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,
840 0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,
841 0x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,
842 0x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,
843 0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,0x69,
844 0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,0x20,0x43,0x41,0x30,0x82,
845 0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,
846 0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,
847 0x00,0xbe,0xbc,0xee,0xbc,0x7e,0xef,0x83,0xeb,0xe0,0x37,0x4f,0xfb,0x03,0x10,
848 0x38,0xbe,0x08,0xd2,0x8c,0x7d,0x9d,0xfa,0x92,0x7f,0x19,0x0c,0xc2,0x6b,0xee,
849 0x42,0x52,0x8c,0xde,0xd3,0x1c,0x48,0x13,0x25,0xea,0xc1,0x63,0x7a,0xf9,0x51,
850 0x65,0xee,0xd3,0xaa,0x3b,0xf5,0xf0,0x94,0x9c,0x2b,0xfb,0xf2,0x66,0xd4,0x24,
851 0xda,0xf7,0xf5,0x9f,0x6e,0x19,0x39,0x36,0xbc,0xd0,0xa3,0x76,0x08,0x1e,0x22,
852 0x27,0x24,0x6c,0x38,0x91,0x27,0xe2,0x84,0x49,0xae,0x1b,0x8a,0xa1,0xfd,0x25,
853 0x82,0x2c,0x10,0x30,0xe8,0x71,0xab,0x28,0xe8,0x77,0x4a,0x51,0xf1,0xec,0xcd,
854 0xf8,0xf0,0x54,0xd4,0x6f,0xc0,0xe3,0x6d,0x0a,0x8f,0xd9,0xd8,0x64,0x8d,0x63,
855 0xb2,0x2d,0x4e,0x27,0xf6,0x85,0x0e,0xfe,0x6d,0xe3,0x29,0x99,0xe2,0x85,0x47,
856 0x7c,0x2d,0x86,0x7f,0xe8,0x57,0x8f,0xad,0x67,0xc2,0x33,0x32,0x91,0x13,0x20,
857 0xfc,0xa9,0x23,0x14,0x9a,0x6d,0xc2,0x84,0x4b,0x76,0x68,0x04,0xd5,0x71,0x2c,
858 0x5d,0x21,0xfa,0x88,0x0d,0x26,0xfd,0x1f,0x2d,0x91,0x2b,0xe7,0x01,0x55,0x4d,
859 0xf2,0x6d,0x35,0x28,0x82,0xdf,0xd9,0x6b,0x5c,0xb6,0xd6,0xd9,0xaa,0x81,0xfd,
860 0x5f,0xcd,0x83,0xba,0x63,0x9d,0xd0,0x22,0xfc,0xa9,0x3b,0x42,0x69,0xb2,0x8e,
861 0x3a,0xb5,0xbc,0xb4,0x9e,0x0f,0x5e,0xc4,0xea,0x2c,0x82,0x8b,0x28,0xfd,0x53,
862 0x08,0x96,0xdd,0xb5,0x01,0x20,0xd1,0xf9,0xa5,0x18,0xe7,0xc0,0xee,0x51,0x70,
863 0x37,0xe1,0xb6,0x05,0x48,0x52,0x48,0x6f,0x38,0xea,0xc3,0xe8,0x6c,0x7b,0x44,
864 0x84,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0xa0,0x30,0x82,0x01,0x9c,
865 0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,
866 0x01,0xff,0x02,0x01,0x00,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,
867 0x3b,0x30,0x39,0x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,
868 0x03,0x30,0x2a,0x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,
869 0x16,0x1c,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,
870 0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,
871 0x30,0x31,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2a,0x30,0x28,0x30,0x26,0xa0,0x24,
872 0xa0,0x22,0x86,0x20,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x63,0x72,0x6c,0x2e,
873 0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x70,0x63,
874 0x61,0x33,0x2e,0x63,0x72,0x6c,0x30,0x1d,0x06,0x03,0x55,0x1d,0x25,0x04,0x16,
875 0x30,0x14,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2b,
876 0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
877 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60,0x86,0x48,
878 0x01,0x86,0xf8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x01,0x30,0x29,0x06,
879 0x03,0x55,0x1d,0x11,0x04,0x22,0x30,0x20,0xa4,0x1e,0x30,0x1c,0x31,0x1a,0x30,
880 0x18,0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6c,0x61,0x73,0x73,0x33,0x43,
881 0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x34,0x33,0x30,0x1d,0x06,0x03,0x55,
882 0x1d,0x0e,0x04,0x16,0x04,0x14,0x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,
883 0x36,0x7c,0x68,0xcf,0x5b,0x78,0xa8,0xdf,0xb9,0xc5,0x37,0x30,0x81,0x80,0x06,
884 0x03,0x55,0x1d,0x23,0x04,0x79,0x30,0x77,0xa1,0x63,0xa4,0x61,0x30,0x5f,0x31,
885 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
886 0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
887 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,
888 0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,
889 0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,
890 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,
891 0x72,0x69,0x74,0x79,0x82,0x10,0x70,0xba,0xe4,0x1d,0x10,0xd9,0x29,0x34,0xb6,
892 0x38,0xca,0x7b,0x03,0xcc,0xba,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
893 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xae,0x3a,0x17,0xb8,
894 0x4a,0x7b,0x55,0xfa,0x64,0x55,0xec,0x40,0xa4,0xed,0x49,0x41,0x90,0x99,0x9c,
895 0x89,0xbc,0xaf,0x2e,0x1d,0xca,0x78,0x23,0xf9,0x1c,0x19,0x0f,0x7f,0xeb,0x68,
896 0xbc,0x32,0xd9,0x88,0x38,0xde,0xdc,0x3f,0xd3,0x89,0xb4,0x3f,0xb1,0x82,0x96,
897 0xf1,0xa4,0x5a,0xba,0xed,0x2e,0x26,0xd3,0xde,0x7c,0x01,0x6e,0x00,0x0a,0x00,
898 0xa4,0x06,0x92,0x11,0x48,0x09,0x40,0xf9,0x1c,0x18,0x79,0x67,0x23,0x24,0xe0,
899 0xbb,0xd5,0xe1,0x50,0xae,0x1b,0xf5,0x0e,0xdd,0xe0,0x2e,0x81,0xcd,0x80,0xa3,
900 0x6c,0x52,0x4f,0x91,0x75,0x55,0x8a,0xba,0x22,0xf2,0xd2,0xea,0x41,0x75,0x88,
901 0x2f,0x63,0x55,0x7d,0x1e,0x54,0x5a,0x95,0x59,0xca,0xd9,0x34,0x81,0xc0,0x5f,
902 0x5e,0xf6,0x7a,0xb5 };
903 static const BYTE iTunesCert3[] = {
904 0x30,0x82,0x04,0xf1,0x30,0x82,0x03,0xd9,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
905 0x0f,0x1a,0xa0,0xe0,0x9b,0x9b,0x61,0xa6,0xb6,0xfe,0x40,0xd2,0xdf,0x6a,0xf6,
906 0x8d,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
907 0x00,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
908 0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,
909 0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,
910 0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
911 0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,
912 0x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,
913 0x73,0x20,0x6f,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,
914 0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
915 0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,
916 0x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,
917 0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,
918 0x6f,0x64,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,
919 0x34,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x31,0x37,0x30,
920 0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x38,0x30,0x31,0x32,0x32,0x32,
921 0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,
922 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
923 0x08,0x13,0x0a,0x43,0x61,0x6c,0x69,0x66,0x6f,0x72,0x6e,0x69,0x61,0x31,0x12,
924 0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,
925 0x69,0x6e,0x6f,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0a,0x14,0x14,0x41,
926 0x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,0x74,0x65,0x72,0x2c,0x20,
927 0x49,0x6e,0x63,0x2e,0x31,0x3e,0x30,0x3c,0x06,0x03,0x55,0x04,0x0b,0x13,0x35,
928 0x44,0x69,0x67,0x69,0x74,0x61,0x6c,0x20,0x49,0x44,0x20,0x43,0x6c,0x61,0x73,
929 0x73,0x20,0x33,0x20,0x2d,0x20,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,
930 0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x56,0x61,0x6c,0x69,0x64,
931 0x61,0x74,0x69,0x6f,0x6e,0x20,0x76,0x32,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,
932 0x04,0x03,0x14,0x14,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,
933 0x74,0x65,0x72,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x30,0x81,0x9f,0x30,0x0d,0x06,
934 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
935 0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd3,0xab,0x3b,0x7f,0xec,0x48,0x84,
936 0xce,0xa8,0x1a,0x12,0xf3,0x3c,0x87,0xcb,0x24,0x58,0x96,0x02,0x87,0x66,0x49,
937 0xeb,0x89,0xee,0x79,0x44,0x70,0x8d,0xe7,0xd4,0x1f,0x30,0x92,0xc0,0x9c,0x35,
938 0x78,0xc0,0xaf,0x1c,0xb6,0x28,0xd3,0xe0,0xe0,0x9d,0xd3,0x49,0x76,0x73,0x57,
939 0x19,0x4d,0x8d,0x70,0x85,0x64,0x4d,0x1d,0xc6,0x02,0x3e,0xe5,0x2c,0x66,0x07,
940 0xd2,0x27,0x4b,0xd6,0xc8,0x3c,0x93,0xb6,0x15,0x0c,0xde,0x5b,0xd7,0x93,0xdd,
941 0xbe,0x85,0x62,0x34,0x17,0x8a,0x05,0x60,0xf0,0x8a,0x1c,0x5a,0x40,0x21,0x8d,
942 0x51,0x6c,0xb0,0x62,0xd8,0xb5,0xd4,0xf9,0xb1,0xd0,0x58,0x7a,0x7a,0x82,0x55,
943 0xb3,0xf9,0x53,0x71,0xde,0xd2,0xc9,0x37,0x8c,0xf6,0x5a,0x1f,0x2d,0xcd,0x7c,
944 0x67,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0x7f,0x30,0x82,0x01,0x7b,0x30,
945 0x09,0x06,0x03,0x55,0x1d,0x13,0x04,0x02,0x30,0x00,0x30,0x0e,0x06,0x03,0x55,
946 0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x40,0x06,0x03,
947 0x55,0x1d,0x1f,0x04,0x39,0x30,0x37,0x30,0x35,0xa0,0x33,0xa0,0x31,0x86,0x2f,
948 0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,
949 0x34,0x2d,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,
950 0x63,0x6f,0x6d,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2e,0x63,
951 0x72,0x6c,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,0x3b,0x30,0x39,
952 0x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x30,0x2a,
953 0x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1c,0x68,
954 0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,
955 0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x30,0x13,0x06,
956 0x03,0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
957 0x07,0x03,0x03,0x30,0x75,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
958 0x04,0x69,0x30,0x67,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,
959 0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,
960 0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x3f,0x06,
961 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x33,0x68,0x74,0x74,0x70,
962 0x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,
963 0x61,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,
964 0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,0x61,0x2e,0x63,
965 0x65,0x72,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,
966 0x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,0x36,0x7c,0x68,0xcf,0x5b,0x78,
967 0xa8,0xdf,0xb9,0xc5,0x37,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,
968 0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x04,0x10,0x30,0x16,0x06,0x0a,0x2b,0x06,
969 0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x1b,0x04,0x08,0x30,0x06,0x01,0x01,0x00,
970 0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
971 0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x6a,0xa6,0x06,0xd0,0x33,0x18,0x64,
972 0xe2,0x69,0x82,0xee,0x6e,0x36,0x9e,0x9d,0x9a,0x0e,0x18,0xa8,0xac,0x9d,0x10,
973 0xed,0x01,0x3c,0xb9,0x61,0x04,0x62,0xf3,0x85,0x8f,0xcc,0x4f,0x2c,0x66,0x35,
974 0x54,0x25,0x45,0x8d,0x95,0x1c,0xd2,0x33,0xbe,0x2e,0xdd,0x7f,0x74,0xaf,0x03,
975 0x7b,0x86,0x63,0xb0,0xc9,0xe6,0xbd,0xc7,0x8e,0xde,0x03,0x18,0x98,0x82,0xc3,
976 0xbb,0xf8,0x15,0x99,0x1a,0xa9,0xdd,0xb9,0x5d,0xb9,0xbd,0x53,0x95,0x25,0x76,
977 0xfb,0x5c,0x53,0x90,0xea,0x01,0x0a,0xa0,0xb1,0xbf,0x09,0x1b,0x97,0x8f,0x40,
978 0xfa,0x85,0x12,0x74,0x01,0xdb,0xf6,0xdb,0x09,0xd6,0x5f,0x4f,0xd7,0x17,0xb4,
979 0xbf,0x9e,0x2f,0x86,0x52,0x5d,0x70,0x24,0x52,0x32,0x1e,0xa5,0x1d,0x39,0x8b,
980 0x66,0xf6,0xba,0x9b,0x69,0x8e,0x12,0x60,0xdb,0xb6,0xcf,0xe6,0x0d,0xd6,0x1c,
981 0x8f,0xd4,0x5b,0x4b,0x00,0xde,0x21,0x93,0xfb,0x6e,0xc7,0x3d,0xb4,0x66,0x0d,
982 0x29,0x0c,0x4e,0xe9,0x3f,0x94,0xd6,0xd6,0xdc,0xec,0xf8,0x53,0x3b,0x62,0xd5,
983 0x97,0x50,0x53,0x84,0x17,0xfe,0xe2,0xed,0x4c,0x23,0x0a,0x49,0xce,0x5b,0xe9,
984 0x70,0x31,0xc1,0x04,0x02,0x02,0x6c,0xb8,0x52,0xcd,0xc7,0x4e,0x70,0xb4,0x13,
985 0xd7,0xe0,0x92,0xba,0x44,0x1a,0x10,0x4c,0x6e,0x45,0xc6,0x86,0x04,0xc6,0x64,
986 0xd3,0x9c,0x6e,0xc1,0x9c,0xac,0x74,0x3d,0x77,0x06,0x5e,0x28,0x28,0x5c,0xf5,
987 0xe0,0x9c,0x19,0xd8,0xba,0x74,0x81,0x2d,0x67,0x77,0x93,0x8d,0xbf,0xd2,0x52,
988 0x00,0xe6,0xa5,0x38,0x4e,0x2e,0x73,0x66,0x7a };
989 static BYTE iTunesIssuer[] = {
990 0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
991 0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,
992 0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
993 0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,
994 0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
995 0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,
996 0x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,
997 0x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,0x73,
998 0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,
999 0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,
1000 0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,
1001 0x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,
1002 0x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,
1003 0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,
1004 0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,
1005 0x20,0x43,0x41 };
1006 static BYTE iTunesSerialNum[] = {
1007 0x8d,0xf6,0x6a,0xdf,0xd2,0x40,0xfe,0xb6,0xa6,0x61,0x9b,0x9b,
1008 0xe0,0xa0,0x1a,0x0f };
1009
1010 static void testFindCert(void)
1011 {
1012 HCERTSTORE store;
1013 PCCERT_CONTEXT context = NULL, subject;
1014 BOOL ret;
1015 CERT_INFO certInfo = { 0 };
1016 CRYPT_HASH_BLOB blob;
1017 BYTE otherSerialNumber[] = { 2 };
1018
1019 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1020 CERT_STORE_CREATE_NEW_FLAG, NULL);
1021 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
1022 if (!store)
1023 return;
1024
1025 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1026 bigCert, sizeof(bigCert), CERT_STORE_ADD_NEW, NULL);
1027 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
1028 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1029 if (!ret && GetLastError() == OSS_DATA_ERROR)
1030 {
1031 skip("bigCert can't be decoded, skipping tests\n");
1032 return;
1033 }
1034 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1035 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
1036 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1037 GetLastError());
1038 /* This has the same name as bigCert */
1039 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1040 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
1041 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1042 GetLastError());
1043
1044 /* Crashes
1045 context = CertFindCertificateInStore(NULL, 0, 0, 0, NULL, NULL);
1046 */
1047
1048 /* Check first cert's there, by issuer */
1049 certInfo.Subject.pbData = subjectName;
1050 certInfo.Subject.cbData = sizeof(subjectName);
1051 certInfo.SerialNumber.pbData = serialNum;
1052 certInfo.SerialNumber.cbData = sizeof(serialNum);
1053 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1054 CERT_FIND_ISSUER_NAME, &certInfo.Subject, NULL);
1055 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1056 GetLastError());
1057 if (context)
1058 {
1059 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1060 CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
1061 ok(context != NULL, "Expected more than one cert\n");
1062 if (context)
1063 {
1064 context = CertFindCertificateInStore(store, X509_ASN_ENCODING,
1065 0, CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
1066 ok(context == NULL, "Expected precisely two certs\n");
1067 }
1068 }
1069
1070 /* Check second cert's there as well, by subject name */
1071 certInfo.Subject.pbData = subjectName2;
1072 certInfo.Subject.cbData = sizeof(subjectName2);
1073 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1074 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, NULL);
1075 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1076 GetLastError());
1077 if (context)
1078 {
1079 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1080 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, context);
1081 ok(context == NULL, "Expected one cert only\n");
1082 }
1083
1084 /* Strange but true: searching for the subject cert requires you to set
1085 * the issuer, not the subject
1086 */
1087 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1088 CERT_FIND_SUBJECT_CERT, &certInfo.Subject, NULL);
1089 ok(context == NULL, "Expected no certificate\n");
1090 certInfo.Subject.pbData = NULL;
1091 certInfo.Subject.cbData = 0;
1092 certInfo.Issuer.pbData = subjectName2;
1093 certInfo.Issuer.cbData = sizeof(subjectName2);
1094 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1095 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1096 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1097 GetLastError());
1098 if (context)
1099 {
1100 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1101 CERT_FIND_SUBJECT_CERT, &certInfo.Subject, context);
1102 ok(context == NULL, "Expected one cert only\n");
1103 }
1104 /* A non-matching serial number will not match. */
1105 certInfo.SerialNumber.pbData = otherSerialNumber;
1106 certInfo.SerialNumber.cbData = sizeof(otherSerialNumber);
1107 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1108 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1109 ok(context == NULL, "Expected no match\n");
1110 /* No serial number will not match */
1111 certInfo.SerialNumber.cbData = 0;
1112 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1113 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1114 ok(context == NULL, "Expected no match\n");
1115 /* A serial number still won't match if the name doesn't */
1116 certInfo.SerialNumber.pbData = serialNum;
1117 certInfo.SerialNumber.cbData = sizeof(serialNum);
1118 certInfo.Issuer.pbData = subjectName3;
1119 certInfo.Issuer.cbData = sizeof(subjectName3);
1120 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1121 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1122 ok(context == NULL, "Expected no match\n");
1123
1124 /* The nice thing about hashes, they're unique */
1125 blob.pbData = bigCertHash;
1126 blob.cbData = sizeof(bigCertHash);
1127 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1128 CERT_FIND_SHA1_HASH, &blob, NULL);
1129 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1130 GetLastError());
1131 if (context)
1132 {
1133 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1134 CERT_FIND_SHA1_HASH, &certInfo.Subject, context);
1135 ok(context == NULL, "Expected one cert only\n");
1136 }
1137
1138 CertCloseStore(store, 0);
1139
1140 /* Another subject cert search, using iTunes's certs */
1141 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1142 CERT_STORE_CREATE_NEW_FLAG, NULL);
1143 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1144 iTunesCert0, sizeof(iTunesCert0), CERT_STORE_ADD_NEW, NULL);
1145 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1146 GetLastError());
1147 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1148 iTunesCert1, sizeof(iTunesCert1), CERT_STORE_ADD_NEW, NULL);
1149 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1150 GetLastError());
1151 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1152 iTunesCert2, sizeof(iTunesCert2), CERT_STORE_ADD_NEW, NULL);
1153 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1154 GetLastError());
1155 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1156 iTunesCert3, sizeof(iTunesCert3), CERT_STORE_ADD_NEW, &subject);
1157 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1158 GetLastError());
1159
1160 /* The certInfo's issuer does not match any subject, but the serial
1161 * number does match a cert whose issuer matches certInfo's issuer.
1162 * This yields a match.
1163 */
1164 certInfo.SerialNumber.cbData = sizeof(iTunesSerialNum);
1165 certInfo.SerialNumber.pbData = iTunesSerialNum;
1166 certInfo.Issuer.cbData = sizeof(iTunesIssuer);
1167 certInfo.Issuer.pbData = iTunesIssuer;
1168 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1169 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1170 ok(context != NULL, "Expected a match\n");
1171 if (context)
1172 {
1173 ret = CertCompareCertificateName(context->dwCertEncodingType,
1174 &certInfo.Issuer, &context->pCertInfo->Subject);
1175 ok(!ret, "Expected subject name not to match\n");
1176 ret = CertCompareCertificateName(context->dwCertEncodingType,
1177 &certInfo.Issuer, &context->pCertInfo->Issuer);
1178 ok(ret, "Expected issuer name to match\n");
1179 ret = CertCompareIntegerBlob(&certInfo.SerialNumber,
1180 &context->pCertInfo->SerialNumber);
1181 ok(ret, "Expected serial number to match\n");
1182 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1183 CERT_FIND_SUBJECT_CERT, &certInfo, context);
1184 ok(context == NULL, "Expected one cert only\n");
1185 }
1186
1187 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1188 CERT_FIND_ISSUER_OF, subject, NULL);
1189 ok(context != NULL, "Expected an issuer\n");
1190 if (context)
1191 {
1192 PCCERT_CONTEXT none = CertFindCertificateInStore(store,
1193 X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_OF, context, NULL);
1194
1195 ok(!none, "Expected no parent of issuer\n");
1196 CertFreeCertificateContext(context);
1197 }
1198 CertFreeCertificateContext(subject);
1199 CertCloseStore(store, 0);
1200 }
1201
1202 static void testGetSubjectCert(void)
1203 {
1204 HCERTSTORE store;
1205 PCCERT_CONTEXT context1, context2;
1206 CERT_INFO info = { 0 };
1207 BOOL ret;
1208
1209 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1210 CERT_STORE_CREATE_NEW_FLAG, NULL);
1211 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
1212 if (!store)
1213 return;
1214
1215 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1216 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1217 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
1218 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1219 if (!ret && GetLastError() == OSS_DATA_ERROR)
1220 {
1221 skip("bigCert can't be decoded, skipping tests\n");
1222 return;
1223 }
1224 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1225 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, &context1);
1226 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1227 GetLastError());
1228 ok(context1 != NULL, "Expected a context\n");
1229 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1230 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
1231 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1232 GetLastError());
1233
1234 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1235 NULL);
1236 ok(!context2 && GetLastError() == E_INVALIDARG,
1237 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1238 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1239 &info);
1240 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1241 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1242 info.SerialNumber.cbData = sizeof(serialNum);
1243 info.SerialNumber.pbData = serialNum;
1244 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1245 &info);
1246 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1247 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1248 info.Issuer.cbData = sizeof(subjectName2);
1249 info.Issuer.pbData = subjectName2;
1250 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1251 &info);
1252 ok(context2 != NULL,
1253 "CertGetSubjectCertificateFromStore failed: %08x\n", GetLastError());
1254 /* Not only should this find a context, but it should be the same
1255 * (same address) as context1.
1256 */
1257 ok(context1 == context2, "Expected identical context addresses\n");
1258 CertFreeCertificateContext(context2);
1259
1260 CertFreeCertificateContext(context1);
1261 CertCloseStore(store, 0);
1262 }
1263
1264 /* This expires in 1970 or so */
1265 static const BYTE expiredCert[] = { 0x30, 0x82, 0x01, 0x33, 0x30, 0x81, 0xe2,
1266 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xc4, 0xd7, 0x7f, 0x0e, 0x6f, 0xa6,
1267 0x8c, 0xaa, 0x47, 0x47, 0x40, 0xe7, 0xb7, 0x0b, 0x4a, 0x7f, 0x30, 0x09, 0x06,
1268 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1269 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1270 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1271 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x36, 0x39, 0x30, 0x31, 0x30, 0x31, 0x30,
1272 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30,
1273 0x31, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1274 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1275 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1276 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
1277 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
1278 0x00, 0xa1, 0xaf, 0x4a, 0xea, 0xa7, 0x83, 0x57, 0xc0, 0x37, 0x33, 0x7e, 0x29,
1279 0x5e, 0x0d, 0xfc, 0x44, 0x74, 0x3a, 0x1d, 0xc3, 0x1b, 0x1d, 0x96, 0xed, 0x4e,
1280 0xf4, 0x1b, 0x98, 0xec, 0x69, 0x1b, 0x04, 0xea, 0x25, 0xcf, 0xb3, 0x2a, 0xf5,
1281 0xd9, 0x22, 0xd9, 0x8d, 0x08, 0x39, 0x81, 0xc6, 0xe0, 0x4f, 0x12, 0x37, 0x2a,
1282 0x3f, 0x80, 0xa6, 0x6c, 0x67, 0x43, 0x3a, 0xdd, 0x95, 0x0c, 0xbb, 0x2f, 0x6b,
1283 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
1284 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x8f, 0xa2, 0x5b, 0xd6, 0xdf, 0x34, 0xd0,
1285 0xa2, 0xa7, 0x47, 0xf1, 0x13, 0x79, 0xd3, 0xf3, 0x39, 0xbd, 0x4e, 0x2b, 0xa3,
1286 0xf4, 0x63, 0x37, 0xac, 0x5a, 0x0c, 0x5e, 0x4d, 0x0d, 0x54, 0x87, 0x4f, 0x31,
1287 0xfb, 0xa0, 0xce, 0x8f, 0x9a, 0x2f, 0x4d, 0x48, 0xc6, 0x84, 0x8d, 0xf5, 0x70,
1288 0x74, 0x17, 0xa5, 0xf3, 0x66, 0x47, 0x06, 0xd6, 0x64, 0x45, 0xbc, 0x52, 0xef,
1289 0x49, 0xe5, 0xf9, 0x65, 0xf3 };
1290
1291 /* This expires in 2036 or so */
1292 static const BYTE childOfExpired[] = { 0x30, 0x81, 0xcc, 0x30, 0x78, 0xa0,
1293 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
1294 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d,
1295 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63,
1296 0x40, 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e,
1297 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x35, 0x30, 0x35,
1298 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x36, 0x30, 0x35,
1299 0x30, 0x35, 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x30, 0x15, 0x31, 0x13,
1300 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e,
1301 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03,
1302 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1303 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x20, 0x3b, 0xdb, 0x4d, 0x67, 0x50,
1304 0xec, 0x73, 0x9d, 0xf9, 0x85, 0x5d, 0x18, 0xe9, 0xb4, 0x98, 0xe3, 0x31, 0xb7,
1305 0x03, 0x0b, 0xc0, 0x39, 0x93, 0x56, 0x81, 0x0a, 0xfc, 0x78, 0xa8, 0x29, 0x42,
1306 0x5f, 0x69, 0xfb, 0xbc, 0x5b, 0xf2, 0xa6, 0x2a, 0xbe, 0x91, 0x2c, 0xfc, 0x89,
1307 0x69, 0x15, 0x18, 0x58, 0xe5, 0x02, 0x75, 0xf7, 0x2a, 0xb6, 0xa9, 0xfb, 0x47,
1308 0x6a, 0x6e, 0x0a, 0x9b, 0xe9, 0xdc };
1309 /* chain10_0 -+
1310 * +-> chain7_1
1311 * chain10_1 -+
1312 * A chain with two issuers, only one of whose dates is valid.
1313 */
1314 static const BYTE chain10_0[] = {
1315 0x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
1316 0x4a,0x30,0x3a,0x42,0xa2,0x5a,0xb3,0x93,0x4d,0x94,0x06,0xad,0x6d,0x1c,0x34,
1317 0xe6,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
1318 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
1319 0x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
1320 0x30,0x5a,0x17,0x0d,0x30,0x36,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
1321 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
1322 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
1323 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
1324 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
1325 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
1326 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
1327 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
1328 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
1329 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
1330 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
1331 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
1332 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
1333 0x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
1334 0x81,0x00,0x85,0x6e,0x35,0x2f,0x2c,0x51,0x4f,0xd6,0x2a,0xe4,0x9e,0xd0,0x4b,
1335 0xe6,0x90,0xfd,0xf7,0x20,0xad,0x76,0x3f,0x93,0xea,0x7f,0x0d,0x1f,0xb3,0x8e,
1336 0xfd,0xe0,0xe1,0xd6,0xd7,0x9c,0x7d,0x46,0x6b,0x15,0x5c,0xe6,0xc9,0x62,0x3b,
1337 0x70,0x4a,0x4b,0xb2,0x82,0xe3,0x55,0x0c,0xc4,0x90,0x44,0x06,0x6c,0x86,0x1c,
1338 0x6d,0x47,0x12,0xda,0x33,0x95,0x5d,0x98,0x43,0xcb,0x7c,0xfa,0x2b,0xee,0xc4,
1339 0x2d,0xc8,0x95,0x33,0x89,0x08,0x3f,0x9f,0x87,0xea,0x20,0x04,0xaf,0x58,0x4b,
1340 0x9d,0xc0,0x7c,0x0a,0x1b,0x05,0x31,0x3b,0xbb,0x13,0x58,0x2e,0x3f,0x61,0x6b,
1341 0x10,0xb4,0xeb,0xb9,0x1a,0x30,0xfd,0xea,0xca,0x29,0x99,0x5f,0x42,0x2b,0x00,
1342 0xb0,0x08,0xc3,0xf0,0xb6,0xd6,0x6b,0xf9,0x35,0x95 };
1343 static const BYTE chain10_1[] = {
1344 0x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
1345 0xbf,0x99,0x4f,0x14,0x03,0x77,0x44,0xb8,0x49,0x02,0x70,0xa1,0xb8,0x9c,0xa7,
1346 0x24,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
1347 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
1348 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
1349 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
1350 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
1351 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
1352 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
1353 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
1354 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
1355 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
1356 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
1357 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
1358 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
1359 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
1360 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
1361 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
1362 0x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
1363 0x81,0x00,0xa8,0xec,0x8c,0x34,0xe7,0x2c,0xdf,0x75,0x87,0xc4,0xf7,0xda,0x71,
1364 0x72,0x29,0xb2,0x48,0xa8,0x2a,0xec,0x7b,0x7d,0x19,0xb9,0x5f,0x1d,0xd9,0x91,
1365 0x2b,0xc4,0x28,0x7e,0xd6,0xb5,0x91,0x69,0xa5,0x8a,0x1a,0x1f,0x97,0x98,0x46,
1366 0x9d,0xdf,0x12,0xf6,0x45,0x62,0xad,0x60,0xb6,0xba,0xb0,0xfd,0xf5,0x9f,0xc6,
1367 0x98,0x05,0x4f,0x4d,0x48,0xdc,0xee,0x69,0xbe,0xb8,0xc4,0xc4,0xd7,0x1b,0xb1,
1368 0x1f,0x64,0xd6,0x45,0xa7,0xdb,0xb3,0x87,0x63,0x0f,0x54,0xe1,0x3a,0x6b,0x57,
1369 0x36,0xd7,0x68,0x65,0xcf,0xda,0x57,0x8d,0xcd,0x84,0x75,0x47,0x26,0x2c,0xef,
1370 0x1e,0x8f,0xc7,0x3b,0xee,0x5d,0x03,0xa6,0xdf,0x3a,0x20,0xb2,0xcc,0xc9,0x09,
1371 0x2c,0xfe,0x2b,0x79,0xb0,0xca,0x2c,0x9a,0x81,0x6b };
1372 static const BYTE chain7_1[] = {
1373 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
1374 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
1375 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
1376 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,
1377 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,
1378 0x35,0x39,0x35,0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
1379 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
1380 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
1381 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
1382 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
1383 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
1384 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
1385 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
1386 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
1387 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
1388 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
1389 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
1390 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
1391 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9f,0x69,0xfd,0x26,0xd5,0x4b,
1392 0xe0,0xab,0x12,0x21,0xb9,0xfc,0xf7,0xe0,0x0c,0x09,0x94,0xad,0x27,0xd7,0x9d,
1393 0xa3,0xcc,0x46,0x2a,0x25,0x9a,0x24,0xa7,0x31,0x58,0x78,0xf5,0xfc,0x30,0xe1,
1394 0x6d,0xfd,0x59,0xab,0xbe,0x69,0xa0,0xea,0xe3,0x7d,0x7a,0x7b,0xe5,0x85,0xeb,
1395 0x86,0x6a,0x84,0x3c,0x96,0x01,0x1a,0x70,0xa7,0xb8,0xcb,0xf2,0x11,0xe7,0x52,
1396 0x9c,0x58,0x2d,0xac,0x63,0xce,0x72,0x4b,0xad,0x62,0xa8,0x1d,0x75,0x96,0xe2,
1397 0x27,0xf5,0x6f,0xba,0x91,0xf8,0xf1,0xb0,0xbf,0x90,0x24,0x6d,0xba,0x5d,0xd7,
1398 0x39,0x63,0x3b,0x7c,0x04,0x5d,0x89,0x9d,0x1c,0xf2,0xf7,0xcc,0xdf,0x6e,0x8a,
1399 0x43,0xa9,0xdd,0x86,0x05,0xa2,0xf3,0x22,0x2d,0x1e,0x70,0xa1,0x59,0xd7,0xa5,
1400 0x94,0x7d };
1401
1402 static void testGetIssuerCert(void)
1403 {
1404 BOOL ret;
1405 PCCERT_CONTEXT parent, child, cert1, cert2;
1406 DWORD flags = 0xffffffff;
1407 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1408 CERT_STORE_CREATE_NEW_FLAG, NULL);
1409
1410 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1411
1412 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1413 expiredCert, sizeof(expiredCert), CERT_STORE_ADD_ALWAYS, NULL);
1414 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1415 GetLastError());
1416
1417 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1418 childOfExpired, sizeof(childOfExpired), CERT_STORE_ADD_ALWAYS, &child);
1419 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1420 GetLastError());
1421
1422 /* These crash:
1423 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, NULL);
1424 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, NULL);
1425 */
1426 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, &flags);
1427 ok(!parent && GetLastError() == E_INVALIDARG,
1428 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1429 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, &flags);
1430 ok(!parent && GetLastError() == E_INVALIDARG,
1431 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1432 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1433 ok(!parent && GetLastError() == E_INVALIDARG,
1434 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1435 /* Confusing: the caller cannot set either of the
1436 * CERT_STORE_NO_*_FLAGs, as these are not checks,
1437 * they're results:
1438 */
1439 flags = CERT_STORE_NO_CRL_FLAG | CERT_STORE_NO_ISSUER_FLAG;
1440 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1441 ok(!parent && GetLastError() == E_INVALIDARG,
1442 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1443 /* Perform no checks */
1444 flags = 0;
1445 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1446 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08x\n",
1447 GetLastError());
1448 if (parent)
1449 CertFreeCertificateContext(parent);
1450 /* Check revocation and signature only */
1451 flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
1452 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1453 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08x\n",
1454 GetLastError());
1455 /* Confusing: CERT_STORE_REVOCATION_FLAG succeeds when there is no CRL by
1456 * setting CERT_STORE_NO_CRL_FLAG.
1457 */
1458 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
1459 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08x\n",
1460 flags);
1461 if (parent)
1462 CertFreeCertificateContext(parent);
1463 /* Checking time validity is not productive, because while most Windows
1464 * versions return 0 (time valid) because the child is not expired,
1465 * Windows 2003 SP1 returns that it is expired. Thus the range of
1466 * possibilities is covered, and a test verifies nothing.
1467 */
1468
1469 CertFreeCertificateContext(child);
1470 CertCloseStore(store, 0);
1471
1472 flags = 0;
1473 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1474 CERT_STORE_CREATE_NEW_FLAG, NULL);
1475 /* With only the child certificate, no issuer will be found */
1476 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1477 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1478 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1479 ok(parent == NULL, "Expected no issuer\n");
1480 /* Adding an issuer allows one (and only one) issuer to be found */
1481 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1482 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert1);
1483 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1484 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1485 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1486 ok(parent == NULL, "Expected only one issuer\n");
1487 /* Adding a second issuer allows two issuers to be found - and the second
1488 * issuer is found before the first, implying certs are added to the head
1489 * of a list.
1490 */
1491 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1492 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert2);
1493 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1494 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1495 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1496 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1497 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1498 ok(parent == NULL, "Expected no more than two issuers\n");
1499 CertFreeCertificateContext(child);
1500 CertFreeCertificateContext(cert1);
1501 CertFreeCertificateContext(cert2);
1502 CertCloseStore(store, 0);
1503
1504 /* Repeat the test, reversing the order in which issuers are added,
1505 * to show it's order-dependent.
1506 */
1507 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1508 CERT_STORE_CREATE_NEW_FLAG, NULL);
1509 /* With only the child certificate, no issuer will be found */
1510 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1511 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1512 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1513 ok(parent == NULL, "Expected no issuer\n");
1514 /* Adding an issuer allows one (and only one) issuer to be found */
1515 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1516 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert1);
1517 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1518 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1519 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1520 ok(parent == NULL, "Expected only one issuer\n");
1521 /* Adding a second issuer allows two issuers to be found - and the second
1522 * issuer is found before the first, implying certs are added to the head
1523 * of a list.
1524 */
1525 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1526 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert2);
1527 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1528 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1529 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1530 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1531 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1532 ok(parent == NULL, "Expected no more than two issuers\n");
1533 CertFreeCertificateContext(child);
1534 CertFreeCertificateContext(cert1);
1535 CertFreeCertificateContext(cert2);
1536 CertCloseStore(store, 0);
1537 }
1538
1539 static void testCryptHashCert(void)
1540 {
1541 static const BYTE emptyHash[] = { 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b,
1542 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07,
1543 0x09 };
1544 static const BYTE knownHash[] = { 0xae, 0x9d, 0xbf, 0x6d, 0xf5, 0x46, 0xee,
1545 0x8b, 0xc5, 0x7a, 0x13, 0xba, 0xc2, 0xb1, 0x04, 0xf2, 0xbf, 0x52, 0xa8,
1546 0xa2 };
1547 static const BYTE toHash[] = "abcdefghijklmnopqrstuvwxyz0123456789.,;!?:";
1548 BOOL ret;
1549 BYTE hash[20];
1550 DWORD hashLen = sizeof(hash);
1551
1552 /* NULL buffer and nonzero length crashes
1553 ret = CryptHashCertificate(0, 0, 0, NULL, size, hash, &hashLen);
1554 empty hash length also crashes
1555 ret = CryptHashCertificate(0, 0, 0, buf, size, hash, NULL);
1556 */
1557 /* Test empty hash */
1558 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), NULL,
1559 &hashLen);
1560 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1561 ok(hashLen == sizeof(hash), "Got unexpected size of hash %d\n", hashLen);
1562 /* Test with empty buffer */
1563 ret = CryptHashCertificate(0, 0, 0, NULL, 0, hash, &hashLen);
1564 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1565 ok(!memcmp(hash, emptyHash, sizeof(emptyHash)),
1566 "Unexpected hash of nothing\n");
1567 /* Test a known value */
1568 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), hash,
1569 &hashLen);
1570 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1571 ok(!memcmp(hash, knownHash, sizeof(knownHash)), "Unexpected hash\n");
1572 }
1573
1574 static void verifySig(HCRYPTPROV csp, const BYTE *toSign, size_t toSignLen,
1575 const BYTE *sig, unsigned int sigLen)
1576 {
1577 HCRYPTHASH hash;
1578 BOOL ret = CryptCreateHash(csp, CALG_SHA1, 0, 0, &hash);
1579
1580 ok(ret, "CryptCreateHash failed: %08x\n", GetLastError());
1581 if (ret)
1582 {
1583 BYTE mySig[64];
1584 DWORD mySigSize = sizeof(mySig);
1585
1586 ret = CryptHashData(hash, toSign, toSignLen, 0);
1587 ok(ret, "CryptHashData failed: %08x\n", GetLastError());
1588 /* use the A variant so the test can run on Win9x */
1589 ret = CryptSignHashA(hash, AT_SIGNATURE, NULL, 0, mySig, &mySigSize);
1590 ok(ret, "CryptSignHash failed: %08x\n", GetLastError());
1591 if (ret)
1592 {
1593 ok(mySigSize == sigLen, "Expected sig length %d, got %d\n",
1594 sigLen, mySigSize);
1595 ok(!memcmp(mySig, sig, sigLen), "Unexpected signature\n");
1596 }
1597 CryptDestroyHash(hash);
1598 }
1599 }
1600
1601 /* Tests signing the certificate described by toBeSigned with the CSP passed in,
1602 * using the algorithm with OID sigOID. The CSP is assumed to be empty, and a
1603 * keyset named AT_SIGNATURE will be added to it. The signing key will be
1604 * stored in *key, and the signature will be stored in sig. sigLen should be
1605 * at least 64 bytes.
1606 */
1607 static void testSignCert(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1608 LPCSTR sigOID, HCRYPTKEY *key, BYTE *sig, DWORD *sigLen)
1609 {
1610 BOOL ret;
1611 DWORD size = 0;
1612 CRYPT_ALGORITHM_IDENTIFIER algoID = { NULL, { 0, NULL } };
1613
1614 /* These all crash
1615 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, NULL);
1616 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, &size);
1617 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1618 NULL, NULL, NULL, &size);
1619 */
1620 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1621 &algoID, NULL, NULL, &size);
1622 ok(!ret && GetLastError() == NTE_BAD_ALGID,
1623 "Expected NTE_BAD_ALGID, got %08x\n", GetLastError());
1624 algoID.pszObjId = (LPSTR)sigOID;
1625 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1626 &algoID, NULL, NULL, &size);
1627 ok(!ret && (GetLastError() == ERROR_INVALID_PARAMETER || NTE_BAD_ALGID),
1628 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08x\n",
1629 GetLastError());
1630 ret = CryptSignCertificate(0, AT_SIGNATURE, 0, toBeSigned->pbData,
1631 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1632 ok(!ret && (GetLastError() == ERROR_INVALID_PARAMETER || NTE_BAD_ALGID),
1633 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08x\n",
1634 GetLastError());
1635
1636 /* No keys exist in the new CSP yet.. */
1637 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1638 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1639 ok(!ret && (GetLastError() == NTE_BAD_KEYSET || GetLastError() ==
1640 NTE_NO_KEY), "Expected NTE_BAD_KEYSET or NTE_NO_KEY, got %08x\n",
1641 GetLastError());
1642 ret = CryptGenKey(csp, AT_SIGNATURE, 0, key);
1643 ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
1644 if (ret)
1645 {
1646 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1647 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1648 ok(ret, "CryptSignCertificate failed: %08x\n", GetLastError());
1649 ok(size <= *sigLen, "Expected size <= %d, got %d\n", *sigLen, size);
1650 if (ret)
1651 {
1652 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1653 toBeSigned->cbData, &algoID, NULL, sig, &size);
1654 ok(ret, "CryptSignCertificate failed: %08x\n", GetLastError());
1655 if (ret)
1656 {
1657 *sigLen = size;
1658 verifySig(csp, toBeSigned->pbData, toBeSigned->cbData, sig,
1659 size);
1660 }
1661 }
1662 }
1663 }
1664
1665 static void testVerifyCertSig(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1666 LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
1667 {
1668 CERT_SIGNED_CONTENT_INFO info;
1669 LPBYTE cert = NULL;
1670 DWORD size = 0;
1671 BOOL ret;
1672
1673 if (!pCryptVerifyCertificateSignatureEx)
1674 {
1675 win_skip("no CryptVerifyCertificateSignatureEx support\n");
1676 return;
1677 }
1678 if (!pCryptEncodeObjectEx)
1679 {
1680 win_skip("no CryptEncodeObjectEx support\n");
1681 return;
1682 }
1683 ret = pCryptVerifyCertificateSignatureEx(0, 0, 0, NULL, 0, NULL, 0, NULL);
1684 ok(!ret && GetLastError() == E_INVALIDARG,
1685 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1686 ret = pCryptVerifyCertificateSignatureEx(csp, 0, 0, NULL, 0, NULL, 0, NULL);
1687 ok(!ret && GetLastError() == E_INVALIDARG,
1688 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1689 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING, 0, NULL, 0,
1690 NULL, 0, NULL);
1691 ok(!ret && GetLastError() == E_INVALIDARG,
1692 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1693 /* This crashes
1694 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1695 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, NULL, 0, NULL, 0, NULL);
1696 */
1697 info.ToBeSigned.cbData = toBeSigned->cbData;
1698 info.ToBeSigned.pbData = toBeSigned->pbData;
1699 info.SignatureAlgorithm.pszObjId = (LPSTR)sigOID;
1700 info.SignatureAlgorithm.Parameters.cbData = 0;
1701 info.Signature.cbData = sigLen;
1702 info.Signature.pbData = (BYTE *)sig;
1703 info.Signature.cUnusedBits = 0;
1704 ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT, &info,
1705 CRYPT_ENCODE_ALLOC_FLAG, NULL, &cert, &size);
1706 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1707 if (cert)
1708 {
1709 CRYPT_DATA_BLOB certBlob = { 0, NULL };
1710 PCERT_PUBLIC_KEY_INFO pubKeyInfo = NULL;
1711
1712 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1713 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1714 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
1715 "Expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
1716 certBlob.cbData = 1;
1717 certBlob.pbData = (void *)0xdeadbeef;
1718 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1719 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1720 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
1721 GetLastError() == CRYPT_E_ASN1_EOD /* Win9x */ ||
1722 GetLastError() == CRYPT_E_ASN1_BADTAG /* Win98 */),
1723 "Expected STATUS_ACCESS_VIOLATION, CRYPT_E_ASN1_EOD, OR CRYPT_E_ASN1_BADTAG, got %08x\n",
1724 GetLastError());
1725
1726 certBlob.cbData = size;
1727 certBlob.pbData = cert;
1728 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1729 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1730 ok(!ret && GetLastError() == E_INVALIDARG,
1731 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1732 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1733 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1734 CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL, NULL, 0, NULL);
1735 ok(!ret && GetLastError() == E_INVALIDARG,
1736 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1737 /* This crashes
1738 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1739 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1740 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, NULL, 0, NULL);
1741 */
1742 CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
1743 (LPSTR)sigOID, 0, NULL, NULL, &size);
1744 pubKeyInfo = HeapAlloc(GetProcessHeap(), 0, size);
1745 if (pubKeyInfo)
1746 {
1747 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
1748 X509_ASN_ENCODING, (LPSTR)sigOID, 0, NULL, pubKeyInfo, &size);
1749 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
1750 if (ret)
1751 {
1752 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1753 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1754 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pubKeyInfo, 0, NULL);
1755 ok(ret, "CryptVerifyCertificateSignatureEx failed: %08x\n",
1756 GetLastError());
1757 }
1758 HeapFree(GetProcessHeap(), 0, pubKeyInfo);
1759 }
1760 LocalFree(cert);
1761 }
1762 }
1763
1764 static BYTE emptyCert[] = { 0x30, 0x00 };
1765
1766 static void testCertSigs(void)
1767 {
1768 HCRYPTPROV csp;
1769 CRYPT_DATA_BLOB toBeSigned = { sizeof(emptyCert), emptyCert };
1770 BOOL ret;
1771 HCRYPTKEY key;
1772 BYTE sig[64];
1773 DWORD sigSize = sizeof(sig);
1774
1775 /* Just in case a previous run failed, delete this thing */
1776 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1777 CRYPT_DELETEKEYSET);
1778 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1779 CRYPT_NEWKEYSET);
1780 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
1781
1782 testSignCert(csp, &toBeSigned, szOID_RSA_SHA1RSA, &key, sig, &sigSize);
1783 testVerifyCertSig(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, sigSize);
1784
1785 CryptDestroyKey(key);
1786 CryptReleaseContext(csp, 0);
1787 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1788 CRYPT_DELETEKEYSET);
1789 }
1790
1791 static const BYTE md5SignedEmptyCert[] = {
1792 0x30,0x56,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
1793 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
1794 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
1795 0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
1796 0x0d,0x02,0x05,0x05,0x00,0x03,0x11,0x00,0xfb,0x0f,0x66,0x82,0x66,0xd9,0xe5,0xf8,
1797 0xd8,0xa2,0x55,0x2b,0xe1,0xa5,0xd9,0x04 };
1798 static const BYTE md5SignedEmptyCertNoNull[] = {
1799 0x30,0x54,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
1800 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
1801 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
1802 0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
1803 0x0d,0x02,0x05,0x03,0x11,0x00,0x04,0xd9,0xa5,0xe1,0x2b,0x55,0xa2,0xd8,0xf8,0xe5,
1804 0xd9,0x66,0x82,0x66,0x0f,0xfb };
1805
1806 static void testSignAndEncodeCert(void)
1807 {
1808 static char oid_rsa_md5rsa[] = szOID_RSA_MD5RSA;
1809 static char oid_rsa_md5[] = szOID_RSA_MD5;
1810 BOOL ret;
1811 DWORD size;
1812 CRYPT_ALGORITHM_IDENTIFIER algID = { 0 };
1813 CERT_INFO info = { 0 };
1814
1815 /* Crash
1816 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
1817 NULL);
1818 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
1819 &size);
1820 */
1821 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, &algID, NULL, NULL,
1822 &size);
1823 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1824 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1825 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING, NULL, NULL,
1826 &algID, NULL, NULL, &size);
1827 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1828 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1829 ret = CryptSignAndEncodeCertificate(0, 0, 0, X509_CERT_TO_BE_SIGNED, NULL,
1830 &algID, NULL, NULL, &size);
1831 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1832 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1833 /* Crashes on some win9x boxes */
1834 if (0)
1835 {
1836 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1837 X509_CERT_TO_BE_SIGNED, NULL, &algID, NULL, NULL, &size);
1838 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
1839 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
1840 }
1841 /* Crashes
1842 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1843 X509_CERT_TO_BE_SIGNED, &info, NULL, NULL, NULL, &size);
1844 */
1845 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1846 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
1847 ok(!ret &&
1848 (GetLastError() == NTE_BAD_ALGID ||
1849 GetLastError() == OSS_BAD_PTR), /* win9x */
1850 "Expected NTE_BAD_ALGID, got %08x\n", GetLastError());
1851 algID.pszObjId = oid_rsa_md5rsa;
1852 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1853 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
1854 ok(!ret && (GetLastError() == ERROR_INVALID_PARAMETER || NTE_BAD_ALGID),
1855 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08x\n",
1856 GetLastError());
1857 algID.pszObjId = oid_rsa_md5;
1858 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1859 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
1860 /* oid_rsa_md5 not present in some win2k */
1861 if (ret)
1862 {
1863 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size);
1864
1865 if (buf)
1866 {
1867 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1868 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, buf, &size);
1869 ok(ret, "CryptSignAndEncodeCertificate failed: %08x\n",
1870 GetLastError());
1871 /* Tricky: because the NULL parameters may either be omitted or
1872 * included as an asn.1-encoded NULL (0x05,0x00), two different
1873 * values are allowed.
1874 */
1875 ok(size == sizeof(md5SignedEmptyCert) ||
1876 size == sizeof(md5SignedEmptyCertNoNull), "Unexpected size %d\n",
1877 size);
1878 if (size == sizeof(md5SignedEmptyCert))
1879 ok(!memcmp(buf, md5SignedEmptyCert, size),
1880 "Unexpected value\n");
1881 else if (size == sizeof(md5SignedEmptyCertNoNull))
1882 ok(!memcmp(buf, md5SignedEmptyCertNoNull, size),
1883 "Unexpected value\n");
1884 HeapFree(GetProcessHeap(), 0, buf);
1885 }
1886 }
1887 }
1888
1889 static void testCreateSelfSignCert(void)
1890 {
1891 PCCERT_CONTEXT context;
1892 CERT_NAME_BLOB name = { sizeof(subjectName), subjectName };
1893 HCRYPTPROV csp;
1894 BOOL ret;
1895 HCRYPTKEY key;
1896 CRYPT_KEY_PROV_INFO info;
1897
1898 if (!pCertCreateSelfSignCertificate)
1899 {
1900 win_skip("CertCreateSelfSignCertificate() is not available\n");
1901 return;
1902 }
1903
1904 /* This crashes:
1905 context = pCertCreateSelfSignCertificate(0, NULL, 0, NULL, NULL, NULL, NULL,
1906 NULL);
1907 * Calling this with no first parameter creates a new key container, which
1908 * lasts beyond the test, so I don't test that. Nb: the generated key
1909 * name is a GUID.
1910 context = pCertCreateSelfSignCertificate(0, &name, 0, NULL, NULL, NULL, NULL,
1911 NULL);
1912 */
1913
1914 /* Acquire a CSP */
1915 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1916 CRYPT_DELETEKEYSET);
1917 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1918 CRYPT_NEWKEYSET);
1919 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
1920
1921 context = pCertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
1922 NULL, NULL);
1923 ok(!context && GetLastError() == NTE_NO_KEY,
1924 "Expected NTE_NO_KEY, got %08x\n", GetLastError());
1925 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
1926 ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
1927 if (ret)
1928 {
1929 context = pCertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
1930 NULL, NULL);
1931 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08x\n",
1932 GetLastError());
1933 if (context)
1934 {
1935 DWORD size = 0;
1936 PCRYPT_KEY_PROV_INFO info;
1937
1938 /* The context must have a key provider info property */
1939 ret = CertGetCertificateContextProperty(context,
1940 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
1941 ok(ret && size, "Expected non-zero key provider info\n");
1942 if (size)
1943 {
1944 info = HeapAlloc(GetProcessHeap(), 0, size);
1945 if (info)
1946 {
1947 ret = CertGetCertificateContextProperty(context,
1948 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
1949 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
1950 GetLastError());
1951 if (ret)
1952 {
1953 /* Sanity-check the key provider */
1954 ok(!lstrcmpW(info->pwszContainerName, cspNameW),
1955 "Unexpected key container\n");
1956 ok(!lstrcmpW(info->pwszProvName, MS_DEF_PROV_W),
1957 "Unexpected provider\n");
1958 ok(info->dwKeySpec == AT_SIGNATURE,
1959 "Expected AT_SIGNATURE, got %d\n", info->dwKeySpec);
1960 }
1961 HeapFree(GetProcessHeap(), 0, info);
1962 }
1963 }
1964
1965 CertFreeCertificateContext(context);
1966 }
1967
1968 CryptDestroyKey(key);
1969 }
1970
1971 CryptReleaseContext(csp, 0);
1972 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1973 CRYPT_DELETEKEYSET);
1974
1975 /* do the same test with AT_KEYEXCHANGE and key info*/
1976 memset(&info,0,sizeof(info));
1977 info.dwProvType = PROV_RSA_FULL;
1978 info.dwKeySpec = AT_KEYEXCHANGE;
1979 info.pwszProvName = (LPWSTR) MS_DEF_PROV_W;
1980 info.pwszContainerName = cspNameW;
1981 context = pCertCreateSelfSignCertificate(0, &name, 0, &info, NULL, NULL,
1982 NULL, NULL);
1983 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08x\n",
1984 GetLastError());
1985 if (context)
1986 {
1987 DWORD size = 0;
1988 PCRYPT_KEY_PROV_INFO info;
1989
1990 /* The context must have a key provider info property */
1991 ret = CertGetCertificateContextProperty(context,
1992 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
1993 ok(ret && size, "Expected non-zero key provider info\n");
1994 if (size)
1995 {
1996 info = HeapAlloc(GetProcessHeap(), 0, size);
1997 if (info)
1998 {
1999 ret = CertGetCertificateContextProperty(context,
2000 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
2001 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
2002 GetLastError());
2003 if (ret)
2004 {
2005 /* Sanity-check the key provider */
2006 ok(!lstrcmpW(info->pwszContainerName, cspNameW),
2007 "Unexpected key container\n");
2008 ok(!lstrcmpW(info->pwszProvName, MS_DEF_PROV_W),
2009 "Unexpected provider\n");
2010 ok(info->dwKeySpec == AT_KEYEXCHANGE,
2011 "Expected AT_KEYEXCHANGE, got %d\n", info->dwKeySpec);
2012 }
2013 HeapFree(GetProcessHeap(), 0, info);
2014 }
2015 }
2016
2017 CertFreeCertificateContext(context);
2018 }
2019
2020 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2021 CRYPT_DELETEKEYSET);
2022 }
2023
2024 static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
2025 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
2026
2027 static void testKeyUsage(void)
2028 {
2029 BOOL ret;
2030 PCCERT_CONTEXT context;
2031 DWORD size;
2032
2033 /* Test base cases */
2034 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, NULL);
2035 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2036 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2037 size = 1;
2038 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
2039 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2040 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2041 size = 0;
2042 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
2043 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2044 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2045 /* These crash
2046 ret = CertSetEnhancedKeyUsage(NULL, NULL);
2047 usage.cUsageIdentifier = 0;
2048 ret = CertSetEnhancedKeyUsage(NULL, &usage);
2049 */
2050 /* Test with a cert with no enhanced key usage extension */
2051 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2052 sizeof(bigCert));
2053 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
2054 GetLastError());
2055 if (context)
2056 {
2057 static const char oid[] = "1.2.3.4";
2058 BYTE buf[sizeof(CERT_ENHKEY_USAGE) + 2 * (sizeof(LPSTR) + sizeof(oid))];
2059 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2060
2061 ret = CertGetEnhancedKeyUsage(context, 0, NULL, NULL);
2062 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2063 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2064 size = 1;
2065 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &size);
2066 if (ret)
2067 {
2068 /* Windows 2000, ME, or later: even though it succeeded, we expect
2069 * CRYPT_E_NOT_FOUND, which indicates there is no enhanced key
2070 * usage set for this cert (which implies it's valid for all uses.)
2071 */
2072 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2073 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2074 ok(size == sizeof(CERT_ENHKEY_USAGE), "Wrong size %d\n", size);
2075 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2076 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2077 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2078 pUsage->cUsageIdentifier);
2079 }
2080 else
2081 {
2082 /* Windows NT, 95, or 98: it fails, and the last error is
2083 * CRYPT_E_NOT_FOUND.
2084 */
2085 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2086 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2087 }
2088 /* I can add a usage identifier when no key usage has been set */
2089 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2090 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2091 GetLastError());
2092 size = sizeof(buf);
2093 ret = CertGetEnhancedKeyUsage(context,
2094 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2095 ok(ret && GetLastError() == 0,
2096 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2097 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %d\n",
2098 pUsage->cUsageIdentifier);
2099 if (pUsage->cUsageIdentifier)
2100 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2101 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2102 /* Now set an empty key usage */
2103 pUsage->cUsageIdentifier = 0;
2104 ret = CertSetEnhancedKeyUsage(context, pUsage);
2105 ok(ret, "CertSetEnhancedKeyUsage failed: %08x\n", GetLastError());
2106 /* Shouldn't find it in the cert */
2107 size = sizeof(buf);
2108 ret = CertGetEnhancedKeyUsage(context,
2109 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2110 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2111 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2112 /* Should find it as an extended property */
2113 ret = CertGetEnhancedKeyUsage(context,
2114 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2115 ok(ret && GetLastError() == 0,
2116 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2117 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2118 pUsage->cUsageIdentifier);
2119 /* Should find it as either */
2120 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2121 ok(ret && GetLastError() == 0,
2122 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2123 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2124 pUsage->cUsageIdentifier);
2125 /* Add a usage identifier */
2126 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2127 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2128 GetLastError());
2129 size = sizeof(buf);
2130 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2131 ok(ret && GetLastError() == 0,
2132 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2133 ok(pUsage->cUsageIdentifier == 1, "Expected 1 identifier, got %d\n",
2134 pUsage->cUsageIdentifier);
2135 if (pUsage->cUsageIdentifier)
2136 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2137 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2138 /* Re-adding the same usage identifier succeeds, though it only adds
2139 * a duplicate usage identifier on versions prior to Vista
2140 */
2141 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2142 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2143 GetLastError());
2144 size = sizeof(buf);
2145 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2146 ok(ret && GetLastError() == 0,
2147 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2148 ok(pUsage->cUsageIdentifier == 1 || pUsage->cUsageIdentifier == 2,
2149 "Expected 1 or 2 identifiers, got %d\n", pUsage->cUsageIdentifier);
2150 if (pUsage->cUsageIdentifier)
2151 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2152 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2153 if (pUsage->cUsageIdentifier >= 2)
2154 ok(!strcmp(pUsage->rgpszUsageIdentifier[1], oid),
2155 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[1]);
2156 /* Now set a NULL extended property--this deletes the property. */
2157 ret = CertSetEnhancedKeyUsage(context, NULL);
2158 ok(ret, "CertSetEnhancedKeyUsage failed: %08x\n", GetLastError());
2159 SetLastError(0xbaadcafe);
2160 size = sizeof(buf);
2161 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2162 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2163 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2164
2165 CertFreeCertificateContext(context);
2166 }
2167 /* Now test with a cert with an enhanced key usage extension */
2168 context = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2169 sizeof(certWithUsage));
2170 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
2171 GetLastError());
2172 if (context)
2173 {
2174 LPBYTE buf = NULL;
2175 DWORD bufSize = 0, i;
2176
2177 /* The size may depend on what flags are used to query it, so I
2178 * realloc the buffer for each test.
2179 */
2180 ret = CertGetEnhancedKeyUsage(context,
2181 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2182 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2183 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2184 if (buf)
2185 {
2186 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2187
2188 /* Should find it in the cert */
2189 size = bufSize;
2190 ret = CertGetEnhancedKeyUsage(context,
2191 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2192 ok(ret && GetLastError() == 0,
2193 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2194 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2195 pUsage->cUsageIdentifier);
2196 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2197 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2198 "Expected %s, got %s\n", keyUsages[i],
2199 pUsage->rgpszUsageIdentifier[i]);
2200 HeapFree(GetProcessHeap(), 0, buf);
2201 }
2202 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2203 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2204 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2205 if (buf)
2206 {
2207 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2208
2209 /* Should find it as either */
2210 size = bufSize;
2211 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2212 /* In Windows, GetLastError returns CRYPT_E_NOT_FOUND not found
2213 * here, even though the return is successful and the usage id
2214 * count is positive. I don't enforce that here.
2215 */
2216 ok(ret,
2217 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2218 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2219 pUsage->cUsageIdentifier);
2220 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2221 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2222 "Expected %s, got %s\n", keyUsages[i],
2223 pUsage->rgpszUsageIdentifier[i]);
2224 HeapFree(GetProcessHeap(), 0, buf);
2225 }
2226 /* Shouldn't find it as an extended property */
2227 ret = CertGetEnhancedKeyUsage(context,
2228 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size);
2229 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2230 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2231 /* Adding a usage identifier overrides the cert's usage!? */
2232 ret = CertAddEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2233 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2234 GetLastError());
2235 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2236 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2237 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2238 if (buf)
2239 {
2240 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2241
2242 /* Should find it as either */
2243 size = bufSize;
2244 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2245 ok(ret,
2246 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2247 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %d\n",
2248 pUsage->cUsageIdentifier);
2249 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], szOID_RSA_RSA),
2250 "Expected %s, got %s\n", szOID_RSA_RSA,
2251 pUsage->rgpszUsageIdentifier[0]);
2252 HeapFree(GetProcessHeap(), 0, buf);
2253 }
2254 /* But querying the cert directly returns its usage */
2255 ret = CertGetEnhancedKeyUsage(context,
2256 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2257 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2258 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2259 if (buf)
2260 {
2261 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2262
2263 size = bufSize;
2264 ret = CertGetEnhancedKeyUsage(context,
2265 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2266 ok(ret,
2267 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2268 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2269 pUsage->cUsageIdentifier);
2270 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2271 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2272 "Expected %s, got %s\n", keyUsages[i],
2273 pUsage->rgpszUsageIdentifier[i]);
2274 HeapFree(GetProcessHeap(), 0, buf);
2275 }
2276 /* And removing the only usage identifier in the extended property
2277 * results in the cert's key usage being found.
2278 */
2279 ret = CertRemoveEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2280 ok(ret, "CertRemoveEnhancedKeyUsage failed: %08x\n", GetLastError());
2281 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2282 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2283 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2284 if (buf)
2285 {
2286 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2287
2288 /* Should find it as either */
2289 size = bufSize;
2290 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2291 ok(ret,
2292 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2293 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2294 pUsage->cUsageIdentifier);
2295 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2296 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2297 "Expected %s, got %s\n", keyUsages[i],
2298 pUsage->rgpszUsageIdentifier[i]);
2299 HeapFree(GetProcessHeap(), 0, buf);
2300 }
2301
2302 CertFreeCertificateContext(context);
2303 }
2304 }
2305
2306 static const BYTE cert2WithUsage[] = {
2307 0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
2308 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
2309 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
2310 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
2311 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
2312 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
2313 0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x25,0x30,0x23,
2314 0x30,0x21,0x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x17,0x30,0x15,0x06,
2315 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x2a,0x86,0x48,0x86,
2316 0xf7,0x0d,0x01,0x01,0x01 };
2317
2318 static void testGetValidUsages(void)
2319 {
2320 static const LPCSTR expectedOIDs[] = {
2321 "1.3.6.1.5.5.7.3.3",
2322 "1.3.6.1.5.5.7.3.2",
2323 "1.2.840.113549.1.1.1",
2324 };
2325 static const LPCSTR expectedOIDs2[] = {
2326 "1.3.6.1.5.5.7.3.2",
2327 "1.2.840.113549.1.1.1",
2328 };
2329 BOOL ret;
2330 int numOIDs;
2331 DWORD size;
2332 LPSTR *oids = NULL;
2333 PCCERT_CONTEXT contexts[3];
2334
2335 if (!pCertGetValidUsages)
2336 {
2337 win_skip("CertGetValidUsages() is not available\n");
2338 return;
2339 }
2340
2341 /* Crash
2342 ret = pCertGetValidUsages(0, NULL, NULL, NULL, NULL);
2343 ret = pCertGetValidUsages(0, NULL, NULL, NULL, &size);
2344 */
2345 contexts[0] = NULL;
2346 numOIDs = size = 0xdeadbeef;
2347 SetLastError(0xdeadbeef);
2348 ret = pCertGetValidUsages(1, &contexts[0], &numOIDs, NULL, &size);
2349 ok(ret, "CertGetValidUsages failed: %d\n", GetLastError());
2350 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2351 ok(size == 0, "Expected size 0, got %d\n", size);
2352 contexts[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2353 sizeof(bigCert));
2354 contexts[1] = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2355 sizeof(certWithUsage));
2356 contexts[2] = CertCreateCertificateContext(X509_ASN_ENCODING,
2357 cert2WithUsage, sizeof(cert2WithUsage));
2358 numOIDs = size = 0xdeadbeef;
2359 ret = pCertGetValidUsages(0, NULL, &numOIDs, NULL, &size);
2360 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2361 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2362 ok(size == 0, "Expected size 0, got %d\n", size);
2363 numOIDs = size = 0xdeadbeef;
2364 ret = pCertGetValidUsages(1, contexts, &numOIDs, NULL, &size);
2365 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2366 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2367 ok(size == 0, "Expected size 0, got %d\n", size);
2368 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, NULL, &size);
2369 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2370 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2371 ok(size, "Expected non-zero size\n");
2372 oids = HeapAlloc(GetProcessHeap(), 0, size);
2373 if (oids)
2374 {
2375 int i;
2376 DWORD smallSize = 1;
2377
2378 SetLastError(0xdeadbeef);
2379 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, oids, &smallSize);
2380 ok(!ret && GetLastError() == ERROR_MORE_DATA,
2381 "Expected ERROR_MORE_DATA, got %d\n", GetLastError());
2382 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2383 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2384 for (i = 0; i < numOIDs; i++)
2385 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2386 oids[i]);
2387 HeapFree(GetProcessHeap(), 0, oids);
2388 }
2389 numOIDs = size = 0xdeadbeef;
2390 /* Oddly enough, this crashes when the number of contexts is not 1:
2391 ret = pCertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2392 * but setting size to 0 allows it to succeed:
2393 */
2394 size = 0;
2395 ret = pCertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2396 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2397 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2398 ok(size, "Expected non-zero size\n");
2399 oids = HeapAlloc(GetProcessHeap(), 0, size);
2400 if (oids)
2401 {
2402 int i;
2403
2404 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2405 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2406 for (i = 0; i < numOIDs; i++)
2407 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2408 oids[i]);
2409 HeapFree(GetProcessHeap(), 0, oids);
2410 }
2411 numOIDs = 0xdeadbeef;
2412 size = 0;
2413 ret = pCertGetValidUsages(1, &contexts[2], &numOIDs, NULL, &size);
2414 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2415 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2416 ok(size, "Expected non-zero size\n");
2417 oids = HeapAlloc(GetProcessHeap(), 0, size);
2418 if (oids)
2419 {
2420 int i;
2421
2422 ret = pCertGetValidUsages(1, &contexts[2], &numOIDs, oids, &size);
2423 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2424 for (i = 0; i < numOIDs; i++)
2425 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2426 oids[i]);
2427 HeapFree(GetProcessHeap(), 0, oids);
2428 }
2429 numOIDs = 0xdeadbeef;
2430 size = 0;
2431 ret = pCertGetValidUsages(3, contexts, &numOIDs, NULL, &size);
2432 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2433 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2434 ok(size, "Expected non-zero size\n");
2435 oids = HeapAlloc(GetProcessHeap(), 0, size);
2436 if (oids)
2437 {
2438 int i;
2439
2440 ret = pCertGetValidUsages(3, contexts, &numOIDs, oids, &size);
2441 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2442 for (i = 0; i < numOIDs; i++)
2443 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2444 oids[i]);
2445 HeapFree(GetProcessHeap(), 0, oids);
2446 }
2447 CertFreeCertificateContext(contexts[0]);
2448 CertFreeCertificateContext(contexts[1]);
2449 CertFreeCertificateContext(contexts[2]);
2450 }
2451
2452 static void testCompareCertName(void)
2453 {
2454 static BYTE bogus[] = { 1, 2, 3, 4 };
2455 static BYTE bogusPrime[] = { 0, 1, 2, 3, 4 };
2456 static BYTE emptyPrime[] = { 0x30, 0x00, 0x01 };
2457 BOOL ret;
2458 CERT_NAME_BLOB blob1, blob2;
2459
2460 /* crashes
2461 ret = CertCompareCertificateName(0, NULL, NULL);
2462 */
2463 /* An empty name checks against itself.. */
2464 blob1.pbData = emptyCert;
2465 blob1.cbData = sizeof(emptyCert);
2466 ret = CertCompareCertificateName(0, &blob1, &blob1);
2467 ok(ret, "CertCompareCertificateName failed: %08x\n", GetLastError());
2468 /* It doesn't have to be a valid encoded name.. */
2469 blob1.pbData = bogus;
2470 blob1.cbData = sizeof(bogus);
2471 ret = CertCompareCertificateName(0, &blob1, &blob1);
2472 ok(ret, "CertCompareCertificateName failed: %08x\n", GetLastError());
2473 /* Leading zeroes matter.. */
2474 blob2.pbData = bogusPrime;
2475 blob2.cbData = sizeof(bogusPrime);
2476 ret = CertCompareCertificateName(0, &blob1, &blob2);
2477 ok(!ret, "Expected failure\n");
2478 /* As do trailing extra bytes. */
2479 blob2.pbData = emptyPrime;
2480 blob2.cbData = sizeof(emptyPrime);
2481 ret = CertCompareCertificateName(0, &blob1, &blob2);
2482 ok(!ret, "Expected failure\n");
2483 }
2484
2485 static BYTE int1[] = { 0x88, 0xff, 0xff, 0xff };
2486 static BYTE int2[] = { 0x88, 0xff };
2487 static BYTE int3[] = { 0x23, 0xff };
2488 static BYTE int4[] = { 0x7f, 0x00 };
2489 static BYTE int5[] = { 0x7f };
2490 static BYTE int6[] = { 0x80, 0x00, 0x00, 0x00 };
2491 static BYTE int7[] = { 0x80, 0x00 };
2492
2493 static struct IntBlobTest
2494 {
2495 CRYPT_INTEGER_BLOB blob1;
2496 CRYPT_INTEGER_BLOB blob2;
2497 BOOL areEqual;
2498 } intBlobs[] = {
2499 { { sizeof(int1), int1 }, { sizeof(int2), int2 }, TRUE },
2500 { { sizeof(int3), int3 }, { sizeof(int3), int3 }, TRUE },
2501 { { sizeof(int4), int4 }, { sizeof(int5), int5 }, TRUE },
2502 { { sizeof(int6), int6 }, { sizeof(int7), int7 }, TRUE },
2503 { { sizeof(int1), int1 }, { sizeof(int7), int7 }, FALSE },
2504 };
2505
2506 static void testCompareIntegerBlob(void)
2507 {
2508 DWORD i;
2509 BOOL ret;
2510
2511 for (i = 0; i < sizeof(intBlobs) / sizeof(intBlobs[0]); i++)
2512 {
2513 ret = CertCompareIntegerBlob(&intBlobs[i].blob1, &intBlobs[i].blob2);
2514 ok(ret == intBlobs[i].areEqual,
2515 "%d: expected blobs %s compare\n", i, intBlobs[i].areEqual ?
2516 "to" : "not to");
2517 }
2518 }
2519
2520 static void testComparePublicKeyInfo(void)
2521 {
2522 BOOL ret;
2523 CERT_PUBLIC_KEY_INFO info1 = { { 0 } }, info2 = { { 0 } };
2524 static CHAR oid_rsa_rsa[] = szOID_RSA_RSA;
2525 static CHAR oid_rsa_sha1rsa[] = szOID_RSA_SHA1RSA;
2526 static CHAR oid_x957_dsa[] = szOID_X957_DSA;
2527 static BYTE bits1[] = { 1, 0 };
2528 static BYTE bits2[] = { 0 };
2529 static BYTE bits3[] = { 1 };
2530 static BYTE bits4[] = { 0x30,8, 2,1,0x81, 2,3,1,0,1 };
2531 static BYTE bits5[] = { 0x30,9, 2,2,0,0x81, 2,3,1,0,1 };
2532 static BYTE bits6[] = { 0x30,9, 2,2,0,0x82, 2,3,1,0,1 };
2533
2534 /* crashes
2535 ret = CertComparePublicKeyInfo(0, NULL, NULL);
2536 */
2537 /* Empty public keys compare */
2538 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2539 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2540 /* Different OIDs appear to compare */
2541 info1.Algorithm.pszObjId = oid_rsa_rsa;
2542 info2.Algorithm.pszObjId = oid_rsa_sha1rsa;
2543 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2544 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2545 info2.Algorithm.pszObjId = oid_x957_dsa;
2546 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2547 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2548 info1.PublicKey.cbData = sizeof(bits1);
2549 info1.PublicKey.pbData = bits1;
2550 info1.PublicKey.cUnusedBits = 0;
2551 info2.PublicKey.cbData = sizeof(bits1);
2552 info2.PublicKey.pbData = bits1;
2553 info2.PublicKey.cUnusedBits = 0;
2554 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2555 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2556 info2.Algorithm.pszObjId = oid_rsa_rsa;
2557 info1.PublicKey.cbData = sizeof(bits4);
2558 info1.PublicKey.pbData = bits4;
2559 info1.PublicKey.cUnusedBits = 0;
2560 info2.PublicKey.cbData = sizeof(bits5);
2561 info2.PublicKey.pbData = bits5;
2562 info2.PublicKey.cUnusedBits = 0;
2563 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2564 ok(!ret, "CertComparePublicKeyInfo: as raw binary: keys should be unequal\n");
2565 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
2566 ok(ret ||
2567 broken(!ret), /* win9x */
2568 "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
2569 info1.PublicKey.cUnusedBits = 1;
2570 info2.PublicKey.cUnusedBits = 5;
2571 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
2572 ok(ret ||
2573 broken(!ret), /* win9x */
2574 "CertComparePublicKeyInfo: ASN.1 encoding should ignore cUnusedBits\n");
2575 info1.PublicKey.cUnusedBits = 0;
2576 info2.PublicKey.cUnusedBits = 0;
2577 info1.PublicKey.cbData--; /* kill one byte, make ASN.1 encoded data invalid */
2578 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
2579 ok(!ret, "CertComparePublicKeyInfo: comparing bad ASN.1 encoded key should fail\n");
2580 /* Even though they compare in their used bits, these do not compare */
2581 info1.PublicKey.cbData = sizeof(bits2);
2582 info1.PublicKey.pbData = bits2;
2583 info1.PublicKey.cUnusedBits = 0;
2584 info2.PublicKey.cbData = sizeof(bits3);
2585 info2.PublicKey.pbData = bits3;
2586 info2.PublicKey.cUnusedBits = 1;
2587 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2588 /* Simple (non-comparing) case */
2589 ok(!ret, "Expected keys not to compare\n");
2590 info2.PublicKey.cbData = sizeof(bits1);
2591 info2.PublicKey.pbData = bits1;
2592 info2.PublicKey.cUnusedBits = 0;
2593 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2594 ok(!ret, "Expected keys not to compare\n");
2595 /* ASN.1 encoded non-comparing case */
2596 info1.PublicKey.cbData = sizeof(bits5);
2597 info1.PublicKey.pbData = bits5;
2598 info1.PublicKey.cUnusedBits = 0;
2599 info2.PublicKey.cbData = sizeof(bits6);
2600 info2.PublicKey.pbData = bits6;
2601 info2.PublicKey.cUnusedBits = 0;
2602 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
2603 ok(!ret, "CertComparePublicKeyInfo: different keys should be unequal\n");
2604 }
2605
2606 static void testHashPublicKeyInfo(void)
2607 {
2608 BOOL ret;
2609 CERT_PUBLIC_KEY_INFO info = { { 0 } };
2610 DWORD len;
2611
2612 /* Crash
2613 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, NULL);
2614 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, &info, NULL, NULL);
2615 */
2616 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, &len);
2617 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2618 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2619 /* Crashes on some win9x boxes */
2620 if (0)
2621 {
2622 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, NULL, NULL, &len);
2623 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2624 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
2625 }
2626 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, NULL, &len);
2627 ok(ret ||
2628 broken(!ret), /* win9x */
2629 "CryptHashPublicKeyInfo failed: %08x\n", GetLastError());
2630 if (ret)
2631 {
2632 ok(len == 16, "Expected hash size 16, got %d\n", len);
2633 if (len == 16)
2634 {
2635 static const BYTE emptyHash[] = { 0xb8,0x51,0x3a,0x31,0x0e,0x9f,0x40,
2636 0x36,0x9c,0x92,0x45,0x1b,0x9d,0xc8,0xf9,0xf6 };
2637 BYTE buf[16];
2638
2639 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, buf,
2640 &len);
2641 ok(ret, "CryptHashPublicKeyInfo failed: %08x\n", GetLastError());
2642 ok(!memcmp(buf, emptyHash, len), "Unexpected hash\n");
2643 }
2644 }
2645 }
2646
2647 static const BYTE md5SignedEmptyCertHash[] = { 0xfb,0x0f,0x66,0x82,0x66,0xd9,
2648 0xe5,0xf8,0xd8,0xa2,0x55,0x2b,0xe1,0xa5,0xd9,0x04 };
2649
2650 static void testHashToBeSigned(void)
2651 {
2652 BOOL ret;
2653 DWORD size;
2654 BYTE hash[16];
2655
2656 /* Crash */
2657 if (0)
2658 {
2659 ret = CryptHashToBeSigned(0, 0, NULL, 0, NULL, NULL);
2660 }
2661 SetLastError(0xdeadbeef);
2662 ret = CryptHashToBeSigned(0, 0, NULL, 0, NULL, &size);
2663 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2664 "expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
2665 SetLastError(0xdeadbeef);
2666 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, NULL, 0, NULL, &size);
2667 ok(!ret &&
2668 (GetLastError() == CRYPT_E_ASN1_EOD ||
2669 GetLastError() == OSS_BAD_ARG), /* win9x */
2670 "expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
2671 /* Can't sign anything: has to be asn.1 encoded, at least */
2672 SetLastError(0xdeadbeef);
2673 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, int1, sizeof(int1),
2674 NULL, &size);
2675 ok(!ret &&
2676 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
2677 GetLastError() == OSS_MORE_INPUT), /* win9x */
2678 "expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
2679 /* Can't be empty, either */
2680 SetLastError(0xdeadbeef);
2681 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, emptyCert,
2682 sizeof(emptyCert), NULL, &size);
2683 ok(!ret &&
2684 (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
2685 GetLastError() == OSS_DATA_ERROR), /* win9x */
2686 "expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
2687 /* Signing a cert works */
2688 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, md5SignedEmptyCert,
2689 sizeof(md5SignedEmptyCert), NULL, &size);
2690 ok(ret ||
2691 broken(!ret), /* win9x */
2692 "CryptHashToBeSigned failed: %08x\n", GetLastError());
2693 if (ret)
2694 {
2695 ok(size == sizeof(md5SignedEmptyCertHash), "unexpected size %d\n", size);
2696 }
2697
2698 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, md5SignedEmptyCert,
2699 sizeof(md5SignedEmptyCert), hash, &size);
2700 ok(!memcmp(hash, md5SignedEmptyCertHash, size), "unexpected value\n");
2701 }
2702
2703 static void testCompareCert(void)
2704 {
2705 CERT_INFO info1 = { 0 }, info2 = { 0 };
2706 BOOL ret;
2707
2708 /* Crashes
2709 ret = CertCompareCertificate(X509_ASN_ENCODING, NULL, NULL);
2710 */
2711
2712 /* Certs with the same issuer and serial number are equal, even if they
2713 * differ in other respects (like subject).
2714 */
2715 info1.SerialNumber.pbData = serialNum;
2716 info1.SerialNumber.cbData = sizeof(serialNum);
2717 info1.Issuer.pbData = subjectName;
2718 info1.Issuer.cbData = sizeof(subjectName);
2719 info1.Subject.pbData = subjectName2;
2720 info1.Subject.cbData = sizeof(subjectName2);
2721 info2.SerialNumber.pbData = serialNum;
2722 info2.SerialNumber.cbData = sizeof(serialNum);
2723 info2.Issuer.pbData = subjectName;
2724 info2.Issuer.cbData = sizeof(subjectName);
2725 info2.Subject.pbData = subjectName;
2726 info2.Subject.cbData = sizeof(subjectName);
2727 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
2728 ok(ret, "Expected certs to be equal\n");
2729
2730 info2.Issuer.pbData = subjectName2;
2731 info2.Issuer.cbData = sizeof(subjectName2);
2732 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
2733 ok(!ret, "Expected certs not to be equal\n");
2734 }
2735
2736 static void testVerifySubjectCert(void)
2737 {
2738 BOOL ret;
2739 DWORD flags;
2740 PCCERT_CONTEXT context1, context2;
2741
2742 /* Crashes
2743 ret = CertVerifySubjectCertificateContext(NULL, NULL, NULL);
2744 */
2745 flags = 0;
2746 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
2747 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2748 GetLastError());
2749 flags = CERT_STORE_NO_CRL_FLAG;
2750 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
2751 ok(!ret && GetLastError() == E_INVALIDARG,
2752 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2753
2754 flags = 0;
2755 context1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2756 sizeof(bigCert));
2757 ret = CertVerifySubjectCertificateContext(NULL, context1, &flags);
2758 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2759 GetLastError());
2760 ret = CertVerifySubjectCertificateContext(context1, NULL, &flags);
2761 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2762 GetLastError());
2763 ret = CertVerifySubjectCertificateContext(context1, context1, &flags);
2764 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2765 GetLastError());
2766
2767 context2 = CertCreateCertificateContext(X509_ASN_ENCODING,
2768 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject));
2769 SetLastError(0xdeadbeef);
2770 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
2771 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2772 GetLastError());
2773 flags = CERT_STORE_REVOCATION_FLAG;
2774 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
2775 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2776 GetLastError());
2777 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
2778 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08x\n",
2779 flags);
2780 flags = CERT_STORE_SIGNATURE_FLAG;
2781 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
2782 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2783 GetLastError());
2784 ok(flags == CERT_STORE_SIGNATURE_FLAG,
2785 "Expected CERT_STORE_SIGNATURE_FLAG, got %08x\n", flags);
2786 CertFreeCertificateContext(context2);
2787
2788 CertFreeCertificateContext(context1);
2789 }
2790
2791 static void testVerifyRevocation(void)
2792 {
2793 BOOL ret;
2794 CERT_REVOCATION_STATUS status = { 0 };
2795 PCCERT_CONTEXT cert = CertCreateCertificateContext(X509_ASN_ENCODING,
2796 bigCert, sizeof(bigCert));
2797
2798 /* Crash
2799 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL);
2800 */
2801 SetLastError(0xdeadbeef);
2802 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
2803 ok(!ret && GetLastError() == E_INVALIDARG,
2804 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2805 status.cbSize = sizeof(status);
2806 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
2807 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
2808 ret = CertVerifyRevocation(0, 2, 0, NULL, 0, NULL, &status);
2809 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
2810 ret = CertVerifyRevocation(2, 0, 0, NULL, 0, NULL, &status);
2811 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
2812 SetLastError(0xdeadbeef);
2813 ret = CertVerifyRevocation(0, 0, 1, (void **)&cert, 0, NULL, &status);
2814 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
2815 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError());
2816 SetLastError(0xdeadbeef);
2817 ret = CertVerifyRevocation(0, 2, 1, (void **)&cert, 0, NULL, &status);
2818 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
2819 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError());
2820
2821 CertFreeCertificateContext(cert);
2822 }
2823
2824 static BYTE privKey[] = {
2825 0x07, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00,
2826 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x79, 0x10, 0x1c, 0xd0, 0x6b, 0x10,
2827 0x18, 0x30, 0x94, 0x61, 0xdc, 0x0e, 0xcb, 0x96, 0x4e, 0x21, 0x3f, 0x79, 0xcd,
2828 0xa9, 0x17, 0x62, 0xbc, 0xbb, 0x61, 0x4c, 0xe0, 0x75, 0x38, 0x6c, 0xf3, 0xde,
2829 0x60, 0x86, 0x03, 0x97, 0x65, 0xeb, 0x1e, 0x6b, 0xdb, 0x53, 0x85, 0xad, 0x68,
2830 0x21, 0xf1, 0x5d, 0xe7, 0x1f, 0xe6, 0x53, 0xb4, 0xbb, 0x59, 0x3e, 0x14, 0x27,
2831 0xb1, 0x83, 0xa7, 0x3a, 0x54, 0xe2, 0x8f, 0x65, 0x8e, 0x6a, 0x4a, 0xcf, 0x3b,
2832 0x1f, 0x65, 0xff, 0xfe, 0xf1, 0x31, 0x3a, 0x37, 0x7a, 0x8b, 0xcb, 0xc6, 0xd4,
2833 0x98, 0x50, 0x36, 0x67, 0xe4, 0xa1, 0xe8, 0x7e, 0x8a, 0xc5, 0x23, 0xf2, 0x77,
2834 0xf5, 0x37, 0x61, 0x49, 0x72, 0x59, 0xe8, 0x3d, 0xf7, 0x60, 0xb2, 0x77, 0xca,
2835 0x78, 0x54, 0x6d, 0x65, 0x9e, 0x03, 0x97, 0x1b, 0x61, 0xbd, 0x0c, 0xd8, 0x06,
2836 0x63, 0xe2, 0xc5, 0x48, 0xef, 0xb3, 0xe2, 0x6e, 0x98, 0x7d, 0xbd, 0x4e, 0x72,
2837 0x91, 0xdb, 0x31, 0x57, 0xe3, 0x65, 0x3a, 0x49, 0xca, 0xec, 0xd2, 0x02, 0x4e,
2838 0x22, 0x7e, 0x72, 0x8e, 0xf9, 0x79, 0x84, 0x82, 0xdf, 0x7b, 0x92, 0x2d, 0xaf,
2839 0xc9, 0xe4, 0x33, 0xef, 0x89, 0x5c, 0x66, 0x99, 0xd8, 0x80, 0x81, 0x47, 0x2b,
2840 0xb1, 0x66, 0x02, 0x84, 0x59, 0x7b, 0xc3, 0xbe, 0x98, 0x45, 0x4a, 0x3d, 0xdd,
2841 0xea, 0x2b, 0xdf, 0x4e, 0xb4, 0x24, 0x6b, 0xec, 0xe7, 0xd9, 0x0c, 0x45, 0xb8,
2842 0xbe, 0xca, 0x69, 0x37, 0x92, 0x4c, 0x38, 0x6b, 0x96, 0x6d, 0xcd, 0x86, 0x67,
2843 0x5c, 0xea, 0x54, 0x94, 0xa4, 0xca, 0xa4, 0x02, 0xa5, 0x21, 0x4d, 0xae, 0x40,
2844 0x8f, 0x9d, 0x51, 0x83, 0xf2, 0x3f, 0x33, 0xc1, 0x72, 0xb4, 0x1d, 0x94, 0x6e,
2845 0x7d, 0xe4, 0x27, 0x3f, 0xea, 0xff, 0xe5, 0x9b, 0xa7, 0x5e, 0x55, 0x8e, 0x0d,
2846 0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
2847 0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
2848 0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
2849
2850 static const BYTE exportedPublicKeyBlob[] = {
2851 0x06,0x02,0x00,0x00,0x00,0xa4,0x00,0x00,0x52,0x53,0x41,0x31,0x00,0x02,0x00,0x00,
2852 0x01,0x00,0x01,0x00,0x79,0x10,0x1c,0xd0,0x6b,0x10,0x18,0x30,0x94,0x61,0xdc,0x0e,
2853 0xcb,0x96,0x4e,0x21,0x3f,0x79,0xcd,0xa9,0x17,0x62,0xbc,0xbb,0x61,0x4c,0xe0,0x75,
2854 0x38,0x6c,0xf3,0xde,0x60,0x86,0x03,0x97,0x65,0xeb,0x1e,0x6b,0xdb,0x53,0x85,0xad,
2855 0x68,0x21,0xf1,0x5d,0xe7,0x1f,0xe6,0x53,0xb4,0xbb,0x59,0x3e,0x14,0x27,0xb1,0x83,
2856 0xa7,0x3a,0x54,0xe2 };
2857
2858 static const BYTE asnEncodedPublicKey[] = {
2859 0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,0x83,0xb1,0x27,0x14,0x3e,0x59,0xbb,
2860 0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,0x68,0xad,0x85,0x53,0xdb,0x6b,0x1e,0xeb,
2861 0x65,0x97,0x03,0x86,0x60,0xde,0xf3,0x6c,0x38,0x75,0xe0,0x4c,0x61,0xbb,0xbc,0x62,
2862 0x17,0xa9,0xcd,0x79,0x3f,0x21,0x4e,0x96,0xcb,0x0e,0xdc,0x61,0x94,0x30,0x18,0x10,
2863 0x6b,0xd0,0x1c,0x10,0x79,0x02,0x03,0x01,0x00,0x01 };
2864
2865 static void testAcquireCertPrivateKey(void)
2866 {
2867 BOOL ret;
2868 PCCERT_CONTEXT cert;
2869 HCRYPTPROV csp;
2870 DWORD size, keySpec;
2871 BOOL callerFree;
2872 CRYPT_KEY_PROV_INFO keyProvInfo;
2873 HCRYPTKEY key;
2874 WCHAR ms_def_prov_w[MAX_PATH];
2875
2876 if (!pCryptAcquireCertificatePrivateKey)
2877 {
2878 win_skip("CryptAcquireCertificatePrivateKey() is not available\n");
2879 return;
2880 }
2881
2882 lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
2883
2884 keyProvInfo.pwszContainerName = cspNameW;
2885 keyProvInfo.pwszProvName = ms_def_prov_w;
2886 keyProvInfo.dwProvType = PROV_RSA_FULL;
2887 keyProvInfo.dwFlags = 0;
2888 keyProvInfo.cProvParam = 0;
2889 keyProvInfo.rgProvParam = NULL;
2890 keyProvInfo.dwKeySpec = AT_SIGNATURE;
2891
2892 pCryptAcquireContextA(NULL, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2893 CRYPT_DELETEKEYSET);
2894
2895 cert = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
2896 sizeof(selfSignedCert));
2897
2898 /* Crash
2899 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL, NULL);
2900 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL,
2901 &callerFree);
2902 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, &keySpec,
2903 NULL);
2904 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, NULL, NULL);
2905 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, &keySpec,
2906 &callerFree);
2907 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, NULL, NULL, NULL);
2908 */
2909
2910 /* Missing private key */
2911 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, NULL, NULL);
2912 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
2913 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
2914 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
2915 &callerFree);
2916 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
2917 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
2918 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
2919 &keyProvInfo);
2920 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
2921 &callerFree);
2922 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
2923 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
2924
2925 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2926 CRYPT_NEWKEYSET);
2927 ret = CryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
2928 ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
2929 if (ret)
2930 {
2931 HCRYPTPROV certCSP;
2932 DWORD size;
2933 CERT_KEY_CONTEXT keyContext;
2934
2935 /* Don't cache provider */
2936 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
2937 &keySpec, &callerFree);
2938 ok(ret ||
2939 broken(!ret), /* win95 */
2940 "CryptAcquireCertificatePrivateKey failed: %08x\n",
2941 GetLastError());
2942 if (ret)
2943 {
2944 ok(callerFree, "Expected callerFree to be TRUE\n");
2945 CryptReleaseContext(certCSP, 0);
2946 }
2947
2948 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
2949 NULL, NULL);
2950 ok(ret ||
2951 broken(!ret), /* win95 */
2952 "CryptAcquireCertificatePrivateKey failed: %08x\n",
2953 GetLastError());
2954 CryptReleaseContext(certCSP, 0);
2955
2956 /* Use the key prov info's caching (there shouldn't be any) */
2957 ret = pCryptAcquireCertificatePrivateKey(cert,
2958 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
2959 &callerFree);
2960 ok(ret ||
2961 broken(!ret), /* win95 */
2962 "CryptAcquireCertificatePrivateKey failed: %08x\n",
2963 GetLastError());
2964 if (ret)
2965 {
2966 ok(callerFree, "Expected callerFree to be TRUE\n");
2967 CryptReleaseContext(certCSP, 0);
2968 }
2969
2970 /* Cache it (and check that it's cached) */
2971 ret = pCryptAcquireCertificatePrivateKey(cert,
2972 CRYPT_ACQUIRE_CACHE_FLAG, NULL, &certCSP, &keySpec, &callerFree);
2973 ok(ret ||
2974 broken(!ret), /* win95 */
2975 "CryptAcquireCertificatePrivateKey failed: %08x\n",
2976 GetLastError());
2977 ok(!callerFree, "Expected callerFree to be FALSE\n");
2978 size = sizeof(keyContext);
2979 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
2980 &keyContext, &size);
2981 ok(ret ||
2982 broken(!ret), /* win95 */
2983 "CertGetCertificateContextProperty failed: %08x\n",
2984 GetLastError());
2985
2986 /* Remove the cached provider */
2987 CryptReleaseContext(keyContext.hCryptProv, 0);
2988 CertSetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID, 0,
2989 NULL);
2990 /* Allow caching via the key prov info */
2991 keyProvInfo.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
2992 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
2993 &keyProvInfo);
2994 /* Now use the key prov info's caching */
2995 ret = pCryptAcquireCertificatePrivateKey(cert,
2996 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
2997 &callerFree);
2998 ok(ret ||
2999 broken(!ret), /* win95 */
3000 "CryptAcquireCertificatePrivateKey failed: %08x\n",
3001 GetLastError());
3002 ok(!callerFree, "Expected callerFree to be FALSE\n");
3003 size = sizeof(keyContext);
3004 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
3005 &keyContext, &size);
3006 ok(ret ||
3007 broken(!ret), /* win95 */
3008 "CertGetCertificateContextProperty failed: %08x\n",
3009 GetLastError());
3010 CryptReleaseContext(certCSP, 0);
3011
3012 CryptDestroyKey(key);
3013 }
3014
3015 /* Some sanity-checking on public key exporting */
3016 ret = CryptImportPublicKeyInfo(csp, X509_ASN_ENCODING,
3017 &cert->pCertInfo->SubjectPublicKeyInfo, &key);
3018 ok(ret, "CryptImportPublicKeyInfo failed: %08x\n", GetLastError());
3019 if (ret)
3020 {
3021 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, NULL, &size);
3022 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
3023 if (ret)
3024 {
3025 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size), encodedKey;
3026
3027 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, buf, &size);
3028 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
3029 ok(size == sizeof(exportedPublicKeyBlob), "Unexpected size %d\n",
3030 size);
3031 ok(!memcmp(buf, exportedPublicKeyBlob, size), "Unexpected value\n");
3032 ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB,
3033 buf, CRYPT_ENCODE_ALLOC_FLAG, NULL, &encodedKey, &size);
3034 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3035 if (ret)
3036 {
3037 ok(size == sizeof(asnEncodedPublicKey), "Unexpected size %d\n",
3038 size);
3039 ok(!memcmp(encodedKey, asnEncodedPublicKey, size),
3040 "Unexpected value\n");
3041 LocalFree(encodedKey);
3042 }
3043 HeapFree(GetProcessHeap(), 0, buf);
3044 }
3045 CryptDestroyKey(key);
3046 }
3047 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
3048 NULL, 0, NULL, NULL, &size);
3049 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
3050 if (ret)
3051 {
3052 PCERT_PUBLIC_KEY_INFO info = HeapAlloc(GetProcessHeap(), 0, size);
3053
3054 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
3055 NULL, 0, NULL, info, &size);
3056 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
3057 if (ret)
3058 {
3059 ok(info->PublicKey.cbData == sizeof(asnEncodedPublicKey),
3060 "Unexpected size %d\n", info->PublicKey.cbData);
3061 ok(!memcmp(info->PublicKey.pbData, asnEncodedPublicKey,
3062 info->PublicKey.cbData), "Unexpected value\n");
3063 }
3064 HeapFree(GetProcessHeap(), 0, info);
3065 }
3066
3067 CryptReleaseContext(csp, 0);
3068 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
3069 CRYPT_DELETEKEYSET);
3070
3071 CertFreeCertificateContext(cert);
3072 }
3073
3074 static void testGetPublicKeyLength(void)
3075 {
3076 static char oid_rsa_rsa[] = szOID_RSA_RSA;
3077 static char oid_rsa_dh[] = szOID_RSA_DH;
3078 static char bogusOID[] = "1.2.3";
3079 DWORD ret;
3080 CERT_PUBLIC_KEY_INFO info = { { 0 } };
3081 BYTE bogusKey[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
3082 BYTE key[] = { 0x30,0x0f,0x02,0x08,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
3083 0x02,0x03,0x01,0x00,0x01 };
3084
3085 /* Crashes
3086 ret = CertGetPublicKeyLength(0, NULL);
3087 */
3088 /* With an empty public key info */
3089 SetLastError(0xdeadbeef);
3090 ret = CertGetPublicKeyLength(0, &info);
3091 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3092 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3093 ret, GetLastError());
3094 SetLastError(0xdeadbeef);
3095 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3096 ok(ret == 0 &&
3097 (GetLastError() == CRYPT_E_ASN1_EOD ||
3098 GetLastError() == OSS_BAD_ARG), /* win9x */
3099 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %d, %08x\n",
3100 ret, GetLastError());
3101 /* With a nearly-empty public key info */
3102 info.Algorithm.pszObjId = oid_rsa_rsa;
3103 SetLastError(0xdeadbeef);
3104 ret = CertGetPublicKeyLength(0, &info);
3105 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3106 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3107 ret, GetLastError());
3108 SetLastError(0xdeadbeef);
3109 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3110 ok(ret == 0 &&
3111 (GetLastError() == CRYPT_E_ASN1_EOD ||
3112 GetLastError() == OSS_BAD_ARG), /* win9x */
3113 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %d, %08x\n",
3114 ret, GetLastError());
3115 /* With a bogus key */
3116 info.PublicKey.cbData = sizeof(bogusKey);
3117 info.PublicKey.pbData = bogusKey;
3118 SetLastError(0xdeadbeef);
3119 ret = CertGetPublicKeyLength(0, &info);
3120 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3121 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3122 ret, GetLastError());
3123 SetLastError(0xdeadbeef);
3124 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3125 ok(ret == 0 &&
3126 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
3127 GetLastError() == OSS_PDU_MISMATCH), /* win9x */
3128 "Expected length 0 and CRYPT_E_ASN1_BADTAGTAG, got length %d, %08x\n",
3129 ret, GetLastError());
3130 /* With a believable RSA key but a bogus OID */
3131 info.Algorithm.pszObjId = bogusOID;
3132 info.PublicKey.cbData = sizeof(key);
3133 info.PublicKey.pbData = key;
3134 SetLastError(0xdeadbeef);
3135 ret = CertGetPublicKeyLength(0, &info);
3136 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3137 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3138 ret, GetLastError());
3139 SetLastError(0xdeadbeef);
3140 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3141 ok(ret == 56, "Expected length 56, got %d\n", ret);
3142 /* An RSA key with the DH OID */
3143 info.Algorithm.pszObjId = oid_rsa_dh;
3144 SetLastError(0xdeadbeef);
3145 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3146 ok(ret == 0 &&
3147 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
3148 GetLastError() == E_INVALIDARG), /* win9x */
3149 "Expected length 0 and CRYPT_E_ASN1_BADTAG, got length %d, %08x\n",
3150 ret, GetLastError());
3151 /* With the RSA OID */
3152 info.Algorithm.pszObjId = oid_rsa_rsa;
3153 SetLastError(0xdeadbeef);
3154 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3155 ok(ret == 56, "Expected length 56, got %d\n", ret);
3156 /* With the RSA OID and a message encoding */
3157 info.Algorithm.pszObjId = oid_rsa_rsa;
3158 SetLastError(0xdeadbeef);
3159 ret = CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &info);
3160 ok(ret == 56, "Expected length 56, got %d\n", ret);
3161 }
3162
3163 START_TEST(cert)
3164 {
3165 init_function_pointers();
3166
3167 testAddCert();
3168 testCertProperties();
3169 testDupCert();
3170 testFindCert();
3171 testGetSubjectCert();
3172 testGetIssuerCert();
3173
3174 testCryptHashCert();
3175 testCertSigs();
3176 testSignAndEncodeCert();
3177 testCreateSelfSignCert();
3178 testKeyUsage();
3179 testGetValidUsages();
3180 testCompareCertName();
3181 testCompareIntegerBlob();
3182 testComparePublicKeyInfo();
3183 testHashPublicKeyInfo();
3184 testHashToBeSigned();
3185 testCompareCert();
3186 testVerifySubjectCert();
3187 testVerifyRevocation();
3188 testAcquireCertPrivateKey();
3189 testGetPublicKeyLength();
3190 }
useful hacks and other patches not (yet) suitable for mainline