search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
include/mscvpdb.h: Use flexible array members for the rest of structures.
[wine.git] / dlls / crypt32 / tests / crl.c
blob06cfc52fece49c3f3afffe85900bd7b6bfa7d24b
1 /*
2 * crypt32 CRL functions tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdio.h>
22 #include <stdarg.h>
23
24 #include <windef.h>
25 #include <winbase.h>
26 #include <winreg.h>
27 #include <winerror.h>
28 #include <wincrypt.h>
29
30 #include "wine/test.h"
31
32
33 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
54 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
63 0x02, 0x01, 0x01 };
64 static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
68 0x5a };
69 static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
79
80 static void testCreateCRL(void)
81 {
82 PCCRL_CONTEXT context;
83 DWORD GLE;
84
85 context = CertCreateCRLContext(0, NULL, 0);
86 ok(!context && GetLastError() == E_INVALIDARG,
87 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
88 context = CertCreateCRLContext(X509_ASN_ENCODING, NULL, 0);
89 GLE = GetLastError();
90 ok(!context && GLE == CRYPT_E_ASN1_EOD,
91 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GLE);
92 context = CertCreateCRLContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
93 ok(!context, "Expected failure\n");
94 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
95 sizeof(signedCRL) - 1);
96 ok(!context, "Expected failure\n");
97 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
98 sizeof(signedCRL));
99 ok(context != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
100 if (context)
101 CertFreeCRLContext(context);
102 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
103 ok(context != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
104 if (context)
105 CertFreeCRLContext(context);
106 }
107
108 static void testDupCRL(void)
109 {
110 PCCRL_CONTEXT context, dupContext;
111 BOOL res;
112
113 context = CertDuplicateCRLContext(NULL);
114 ok(context == NULL, "expected NULL\n");
115 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
116 sizeof(signedCRL));
117 dupContext = CertDuplicateCRLContext(context);
118 ok(dupContext != NULL, "expected a context\n");
119 ok(dupContext == context, "expected identical context addresses\n");
120
121 res = CertFreeCRLContext(dupContext);
122 ok(res, "CertFreeCRLContext failed\n");
123
124 res = CertFreeCRLContext(context);
125 ok(res, "CertFreeCRLContext failed\n");
126
127 res = CertFreeCRLContext(NULL);
128 ok(res, "CertFreeCRLContext failed\n");
129 }
130
131 static void testAddCRL(void)
132 {
133 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
134 CERT_STORE_CREATE_NEW_FLAG, NULL);
135 PCCRL_CONTEXT context, context2;
136 BOOL ret;
137 DWORD GLE;
138
139 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
140 if (!store) return;
141
142 /* Bad CRL encoding type */
143 ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
144 ok(!ret && GetLastError() == E_INVALIDARG,
145 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
146 ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
147 ok(!ret && GetLastError() == E_INVALIDARG,
148 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
149 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
150 ok(!ret && GetLastError() == E_INVALIDARG,
151 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
152 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
153 NULL);
154 ok(!ret && GetLastError() == E_INVALIDARG,
155 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
156 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL),
157 CERT_STORE_ADD_ALWAYS, NULL);
158 ok(!ret && GetLastError() == E_INVALIDARG,
159 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
160 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
161 CERT_STORE_ADD_ALWAYS, NULL);
162 ok(!ret && GetLastError() == E_INVALIDARG,
163 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
164
165 /* No CRL */
166 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, NULL, 0, 0, NULL);
167 GLE = GetLastError();
168 ok(!ret && GLE == CRYPT_E_ASN1_EOD,
169 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GLE);
170 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, NULL, 0, 0, NULL);
171 GLE = GetLastError();
172 ok(!ret && GLE == CRYPT_E_ASN1_EOD,
173 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GLE);
174
175 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
176 sizeof(signedCRL), 0, NULL);
177 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
178 GetLastError() == E_INVALIDARG /* Vista */),
179 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08lx\n", GetLastError());
180 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
181 sizeof(signedCRL), 0, NULL);
182 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
183 GetLastError() == E_INVALIDARG /* Vista */),
184 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08lx\n", GetLastError());
185
186 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
187 */
188 context = NULL;
189 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
190 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
191 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
192 if (context)
193 CertFreeCRLContext(context);
194
195 /* Normal cases: a "signed" CRL is okay.. */
196 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
197 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
198 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
199 /* and an unsigned one is too. */
200 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, CRL, sizeof(CRL),
201 CERT_STORE_ADD_ALWAYS, NULL);
202 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
203
204 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
205 sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
206 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
207 "Expected CRYPT_E_EXISTS, got %08lx\n", GetLastError());
208
209 /* This should replace (one of) the existing CRL(s). */
210 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
211 sizeof(newerCRL), CERT_STORE_ADD_NEWER, NULL);
212 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
213
214 CertCloseStore(store, 0);
215
216 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
217 ok(store != NULL, "CertOpenStore failed\n");
218
219 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
220 ok(context != NULL, "CertCreateCRLContext failed\n");
221
222 ret = CertAddCRLContextToStore(store, context, CERT_STORE_ADD_NEW, &context2);
223 ok(ret, "CertAddCRLContextToStore failed\n");
224 ok(context2 != NULL && context2 != context, "unexpected context2\n");
225
226 ok(context->pbCrlEncoded != context2->pbCrlEncoded, "Unexpected pbCrlEncoded\n");
227 ok(context->cbCrlEncoded == context2->cbCrlEncoded, "Unexpected cbCrlEncoded\n");
228 ok(context->pCrlInfo != context2->pCrlInfo, "Unexpected pCrlInfo\n");
229
230 CertFreeCRLContext(context2);
231 CertFreeCRLContext(context);
232 CertCloseStore(store, 0);
233 }
234
235 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
236 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
237 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
238 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
239 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
240 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
241 static const BYTE v2CRLWithIssuingDistPoint[] = {
242 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
243 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
244 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
245 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
246 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
247 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
248 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
249 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
250 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
251 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
252 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
253 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
254 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
255 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
256 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
257 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
258 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
259 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
260 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
261 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
262 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
263 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
264 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
265 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
266 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
267 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
268 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
269 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
270 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
271 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
272 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
273 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
274 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
275 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
276 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
277 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
278 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
279 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
280 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
281 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
282 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
283 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
284 0xcd };
285 static const BYTE verisignCommercialSoftPubCA[] = {
286 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
287 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
288 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
289 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
290 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
291 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
292 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
293 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
294 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
295 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
296 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
297 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
298 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
299 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
300 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
301 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
302 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
303 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
304 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
305 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
306 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
307 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
308 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
309 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
310 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
311 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
312 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
313 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
314 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
315 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
316 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
317 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
318 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
319 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
320 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
321 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
322 0x64,0x31,0x3c,0x3c
323 };
324 static const BYTE rootWithKeySignAndCRLSign[] = {
325 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
326 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
327 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
328 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
329 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
330 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
331 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
332 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
333 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
334 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
335 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
336 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
337 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
338 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
339 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
340 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
341 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
342 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
343 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
344 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
345 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
346 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
347 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
348 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
349 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
350 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
351 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
352 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
353 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
354 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
355 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
356 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
357 0x2e,0x84,0xee };
358 static const BYTE eeCert[] = {
359 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
360 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
361 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
362 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
363 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
364 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
365 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
366 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
367 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
368 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
369 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
370 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
371 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
372 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
373 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
374 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
375 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
376 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
377 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
378 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
379 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
380 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
381 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
382 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
383 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
384 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
385 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
386 0xef,0x9f };
387 static const BYTE rootSignedCRL[] = {
388 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
389 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
390 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
391 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
392 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
393 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
394 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
395 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
396 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
397 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
398 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
399 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
400 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
401 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
402 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
403 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
404 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
405 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
406 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
407 0x3d,0x74,0xd6,0x3b };
408
409 static void testFindCRL(void)
410 {
411 HCERTSTORE store;
412 PCCRL_CONTEXT context;
413 PCCERT_CONTEXT cert, endCert, rootCert;
414 CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
415 DWORD count, revoked_count;
416 BOOL ret;
417
418 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
419 CERT_STORE_CREATE_NEW_FLAG, NULL);
420 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
421 if (!store) return;
422
423 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
424 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
425 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
426
427 /* Crashes
428 context = CertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
429 */
430
431 /* Find any context */
432 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
433 ok(context != NULL, "Expected a context\n");
434 if (context)
435 CertFreeCRLContext(context);
436 /* Bogus flags are ignored */
437 context = CertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
438 ok(context != NULL, "Expected a context\n");
439 if (context)
440 CertFreeCRLContext(context);
441 /* CRL encoding type is ignored too */
442 context = CertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
443 ok(context != NULL, "Expected a context\n");
444 if (context)
445 CertFreeCRLContext(context);
446
447 /* This appears to match any cert */
448 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
449 ok(context != NULL, "Expected a context\n");
450 if (context)
451 CertFreeCRLContext(context);
452
453 /* Try to match an issuer that isn't in the store */
454 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
455 sizeof(bigCert2));
456 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
457 GetLastError());
458 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
459 ok(context == NULL, "Expected no matching context\n");
460 CertFreeCertificateContext(cert);
461
462 /* Match an issuer that is in the store */
463 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
464 sizeof(bigCert));
465 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
466 GetLastError());
467 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
468 ok(context != NULL, "Expected a context\n");
469 if (context)
470 CertFreeCRLContext(context);
471
472 /* Try various find flags */
473 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
474 CRL_FIND_ISSUED_BY, cert, NULL);
475 ok(!context, "unexpected context\n");
476 /* The CRL doesn't have an AKI extension, so it matches any cert */
477 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
478 CRL_FIND_ISSUED_BY, cert, NULL);
479 ok(context != NULL, "Expected a context\n");
480 if (context)
481 CertFreeCRLContext(context);
482
483 if (0)
484 {
485 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
486 CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
487 NULL);
488 CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
489 &issuedForPara, NULL);
490 }
491 /* Test whether the cert matches the CRL in the store */
492 issuedForPara.pSubjectCert = cert;
493 issuedForPara.pIssuerCert = cert;
494 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
495 &issuedForPara, NULL);
496 ok(context != NULL, "Expected a context\n");
497 if (context)
498 {
499 ok(context->cbCrlEncoded == sizeof(signedCRL),
500 "unexpected CRL size %ld\n", context->cbCrlEncoded);
501 ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
502 "unexpected CRL data\n");
503 CertFreeCRLContext(context);
504 }
505
506 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
507 v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry),
508 CERT_STORE_ADD_ALWAYS, NULL);
509 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
510 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
511 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
512 CERT_STORE_ADD_ALWAYS, NULL);
513 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
514 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
515 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
516 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
517 issuedForPara.pSubjectCert = cert;
518 issuedForPara.pIssuerCert = cert;
519 context = NULL;
520 count = revoked_count = 0;
521 do {
522 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
523 &issuedForPara, context);
524 if (context)
525 {
526 PCRL_ENTRY entry;
527
528 count++;
529 if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
530 entry)
531 revoked_count++;
532 }
533 } while (context);
534 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
535 * match cert's issuer, but verisignCRL does not, so the expected count
536 * is 0.
537 */
538 ok(count == 3, "expected 3 matching CRLs, got %ld\n", count);
539 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
540 * entries, so the count of CRL entries that match cert is 2.
541 */
542 ok(revoked_count == 2, "expected 2 matching CRL entries, got %ld\n", revoked_count);
543
544 CertFreeCertificateContext(cert);
545
546 /* Try again with a cert that doesn't match any CRLs in the store */
547 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
548 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
549 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
550 GetLastError());
551 issuedForPara.pSubjectCert = cert;
552 issuedForPara.pIssuerCert = cert;
553 context = NULL;
554 count = revoked_count = 0;
555 do {
556 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
557 &issuedForPara, context);
558 if (context)
559 {
560 PCRL_ENTRY entry;
561
562 count++;
563 if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
564 entry)
565 revoked_count++;
566 }
567 } while (context);
568 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
569 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
570 revoked_count);
571 CertFreeCertificateContext(cert);
572
573 /* Test again with a real certificate and CRL. The certificate wasn't
574 * revoked, but its issuer does have a CRL.
575 */
576 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
577 verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA));
578 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
579 GetLastError());
580 issuedForPara.pIssuerCert = cert;
581 issuedForPara.pSubjectCert = cert;
582 context = NULL;
583 count = revoked_count = 0;
584 do {
585 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
586 &issuedForPara, context);
587 if (context)
588 {
589 PCRL_ENTRY entry;
590
591 count++;
592 if (CertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
593 entry)
594 revoked_count++;
595 }
596 } while (context);
597 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
598 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
599 revoked_count);
600 CertFreeCertificateContext(cert);
601
602 CertCloseStore(store, 0);
603
604 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
605 * eeCert) whose end certificate is in the CRL.
606 */
607 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
608 CERT_STORE_CREATE_NEW_FLAG, NULL);
609 /* Add a CRL for the end certificate */
610 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
611 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
612 /* Add another CRL unrelated to the tested chain */
613 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
614 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
615 endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
616 eeCert, sizeof(eeCert));
617 rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
618 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
619 issuedForPara.pSubjectCert = endCert;
620 issuedForPara.pIssuerCert = rootCert;
621 context = NULL;
622 count = revoked_count = 0;
623 do {
624 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
625 &issuedForPara, context);
626 if (context)
627 {
628 PCRL_ENTRY entry;
629
630 count++;
631 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
632 entry)
633 revoked_count++;
634 }
635 } while (context);
636 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
637 ok(revoked_count == 1, "expected 1 matching CRL entries, got %ld\n", revoked_count);
638
639 /* Test CRL_FIND_ISSUED_BY flags */
640 count = revoked_count = 0;
641 do {
642 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
643 endCert, context);
644 if (context)
645 {
646 PCRL_ENTRY entry;
647
648 count++;
649 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
650 entry)
651 revoked_count++;
652 }
653 } while (context);
654 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
655 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
656 revoked_count);
657 count = revoked_count = 0;
658 do {
659 context = CertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
660 rootCert, context);
661 if (context)
662 {
663 PCRL_ENTRY entry;
664
665 count++;
666 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
667 entry)
668 revoked_count++;
669 }
670 } while (context);
671 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
672 ok(revoked_count == 1, "expected 1 matching CRL entries, got %ld\n",
673 revoked_count);
674 count = revoked_count = 0;
675 do {
676 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
677 CRL_FIND_ISSUED_BY, endCert, context);
678 if (context)
679 {
680 PCRL_ENTRY entry;
681
682 count++;
683 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
684 entry)
685 revoked_count++;
686 }
687 } while (context);
688 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
689 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
690 revoked_count);
691 count = revoked_count = 0;
692 do {
693 context = CertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
694 CRL_FIND_ISSUED_BY, rootCert, context);
695 if (context)
696 {
697 PCRL_ENTRY entry;
698
699 count++;
700 if (CertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
701 entry)
702 revoked_count++;
703 }
704 } while (context);
705 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
706 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
707 revoked_count);
708 count = revoked_count = 0;
709 do {
710 context = CertFindCRLInStore(store, 0,
711 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
712 context);
713 if (context)
714 {
715 PCRL_ENTRY entry;
716
717 count++;
718 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
719 entry)
720 revoked_count++;
721 }
722 } while (context);
723 ok(count == 0, "expected 0 matching CRLs, got %ld\n", count);
724 ok(revoked_count == 0, "expected 0 matching CRL entries, got %ld\n",
725 revoked_count);
726 count = revoked_count = 0;
727 do {
728 context = CertFindCRLInStore(store, 0,
729 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
730 context);
731 if (context)
732 {
733 PCRL_ENTRY entry;
734
735 count++;
736 if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
737 entry)
738 revoked_count++;
739 }
740 } while (context);
741 ok(count == 1, "expected 1 matching CRLs, got %ld\n", count);
742 ok(revoked_count == 1, "expected 1 matching CRL entries, got %ld\n",
743 revoked_count);
744 CertFreeCertificateContext(rootCert);
745 CertFreeCertificateContext(endCert);
746
747 CertCloseStore(store, 0);
748 }
749
750 static void testGetCRLFromStore(void)
751 {
752 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
753 CERT_STORE_CREATE_NEW_FLAG, NULL);
754 PCCRL_CONTEXT context;
755 PCCERT_CONTEXT cert;
756 DWORD flags;
757 BOOL ret;
758
759 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
760 if (!store) return;
761
762 /* Crash
763 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
764 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
765 */
766
767 /* Bogus flags */
768 flags = 0xffffffff;
769 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
770 ok(!context && GetLastError() == E_INVALIDARG,
771 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
772
773 /* Test an empty store */
774 flags = 0;
775 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
776 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
777 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
778
779 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
780 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
781 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
782
783 /* NULL matches any CRL */
784 flags = 0;
785 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
786 ok(context != NULL, "Expected a context\n");
787 CertFreeCRLContext(context);
788
789 /* This cert's issuer isn't in */
790 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
791 sizeof(bigCert2));
792 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
793 GetLastError());
794 context = CertGetCRLFromStore(store, cert, NULL, &flags);
795 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
796 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
797 CertFreeCertificateContext(cert);
798
799 /* But this one is */
800 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
801 sizeof(bigCert));
802 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
803 GetLastError());
804 context = CertGetCRLFromStore(store, cert, NULL, &flags);
805 ok(context != NULL, "Expected a context\n");
806 CertFreeCRLContext(context);
807 CertFreeCertificateContext(cert);
808
809 CertCloseStore(store, 0);
810 }
811
812 static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
813 PCCRL_CONTEXT context, DWORD propID)
814 {
815 BYTE hash[20] = { 0 }, hashProperty[20];
816 BOOL ret;
817 DWORD size;
818
819 memset(hash, 0, sizeof(hash));
820 memset(hashProperty, 0, sizeof(hashProperty));
821 size = sizeof(hash);
822 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
823 ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
824 ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
825 ok(ret, "CertGetCRLContextProperty failed: %08lx\n", GetLastError());
826 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %ld\n",
827 propID);
828 }
829
830 static void testCRLProperties(void)
831 {
832 PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING,
833 CRL, sizeof(CRL));
834
835 ok(context != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
836 if (context)
837 {
838 DWORD propID, numProps, access, size;
839 BOOL ret;
840 BYTE hash[20] = { 0 }, hashProperty[20];
841 CRYPT_DATA_BLOB blob;
842
843 /* This crashes
844 propID = CertEnumCRLContextProperties(NULL, 0);
845 */
846
847 propID = 0;
848 numProps = 0;
849 do {
850 propID = CertEnumCRLContextProperties(context, propID);
851 if (propID)
852 numProps++;
853 } while (propID != 0);
854 ok(numProps == 0, "Expected 0 properties, got %ld\n", numProps);
855
856 /* Tests with a NULL cert context. Prop ID 0 fails.. */
857 ret = CertSetCRLContextProperty(NULL, 0, 0, NULL);
858 ok(!ret && GetLastError() == E_INVALIDARG,
859 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
860 /* while this just crashes.
861 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
862 NULL);
863 */
864
865 ret = CertSetCRLContextProperty(context, 0, 0, NULL);
866 ok(!ret && GetLastError() == E_INVALIDARG,
867 "Expected E_INVALIDARG, got %08lx\n", GetLastError());
868 /* Can't set the cert property directly, this crashes.
869 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
870 */
871
872 /* These all crash.
873 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
874 NULL);
875 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
876 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
877 hashProperty, NULL);
878 */
879 /* A missing prop */
880 size = 0;
881 ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
882 NULL, &size);
883 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
884 "Expected CRYPT_E_NOT_FOUND, got %08lx\n", GetLastError());
885 /* And, an implicit property */
886 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
887 NULL, &size);
888 ok(ret, "CertGetCRLContextProperty failed: %08lx\n", GetLastError());
889 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
890 &access, &size);
891 ok(ret, "CertGetCRLContextProperty failed: %08lx\n", GetLastError());
892 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
893 "Didn't expect a persisted crl\n");
894 /* Trying to set this "read only" property crashes.
895 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
896 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
897 &access);
898 */
899
900 /* Can I set the hash to an invalid hash? */
901 blob.pbData = hash;
902 blob.cbData = sizeof(hash);
903 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob);
904 ok(ret, "CertSetCRLContextProperty failed: %08lx\n",
905 GetLastError());
906 size = sizeof(hashProperty);
907 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
908 hashProperty, &size);
909 ok(ret, "CertSetCRLContextProperty failed: %08lx\n", GetLastError());
910 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
911 /* Delete the (bogus) hash, and get the real one */
912 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL);
913 ok(ret, "CertSetCRLContextProperty failed: %08lx\n", GetLastError());
914 checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID);
915
916 /* Now that the hash property is set, we should get one property when
917 * enumerating.
918 */
919 propID = 0;
920 numProps = 0;
921 do {
922 propID = CertEnumCRLContextProperties(context, propID);
923 if (propID)
924 numProps++;
925 } while (propID != 0);
926 ok(numProps == 1, "Expected 1 properties, got %ld\n", numProps);
927
928 /* Check a few other implicit properties */
929 checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
930 CERT_MD5_HASH_PROP_ID);
931
932 CertFreeCRLContext(context);
933 }
934 }
935
936 static const BYTE bigCertWithCRLDistPoints[] = {
937 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
938 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
939 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
940 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
941 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
942 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
943 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
944 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
945 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
946 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
947 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
948 0x6f,0x72,0x67 };
949
950 static void testIsValidCRLForCert(void)
951 {
952 BOOL ret;
953 PCCERT_CONTEXT cert1, cert2, cert3;
954 PCCRL_CONTEXT crl;
955 HCERTSTORE store;
956
957 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
958 sizeof(v1CRLWithIssuerAndEntry));
959 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
960 cert1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
961 sizeof(bigCert));
962 ok(cert1 != NULL, "CertCreateCertificateContext failed: %08lx\n",
963 GetLastError());
964
965 /* Crash
966 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
967 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
968 */
969
970 /* Curiously, any CRL is valid for the NULL certificate */
971 ret = CertIsValidCRLForCertificate(NULL, crl, 0, NULL);
972 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
973
974 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
975 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
976 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
977
978 cert2 = CertCreateCertificateContext(X509_ASN_ENCODING,
979 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
980 ok(cert2 != NULL, "CertCreateCertificateContext failed: %08lx\n",
981 GetLastError());
982
983 /* Yet more curious: different issuers for these, yet the CRL is valid for
984 * that cert. According to MSDN, the relevant bit to check is whether the
985 * CRL has a CRL_ISSUING_DIST_POINT extension.
986 */
987 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
988 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
989
990 CertFreeCRLContext(crl);
991
992 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
993 * cert doesn't have the same extension in it.
994 */
995 crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
996 sizeof(v2CRLWithIssuingDistPoint));
997 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
998
999 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1000 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1001 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
1002 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1003 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1004 "expected CRYPT_E_NO_MATCH, got %08lx\n", GetLastError());
1005
1006 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1007 * a CRL_DIST_POINTS_INFO extension.
1008 */
1009 cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
1010 bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
1011 ok(cert3 != NULL, "CertCreateCertificateContext failed: %08lx\n",
1012 GetLastError());
1013 ret = CertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1014 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1015
1016 CertFreeCRLContext(crl);
1017
1018 /* And again, with a real CRL, the CRL is valid for all three certs. */
1019 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1020 sizeof(verisignCRL));
1021 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
1022
1023 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1024 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1025 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1026 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1027 ret = CertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1028 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1029
1030 CertFreeCRLContext(crl);
1031
1032 /* One last test: a CRL in a different store than the cert is also valid
1033 * for the cert.
1034 */
1035 store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
1036 CERT_STORE_CREATE_NEW_FLAG, NULL);
1037 ok(store != NULL, "CertOpenStore failed: %08lx\n", GetLastError());
1038
1039 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL,
1040 sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl);
1041 ok(ret, "CertAddEncodedCRLToStore failed: %08lx\n", GetLastError());
1042
1043 ret = CertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1044 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1045 ret = CertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1046 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1047 ret = CertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1048 ok(ret, "CertIsValidCRLForCertificate failed: %08lx\n", GetLastError());
1049
1050 CertFreeCRLContext(crl);
1051
1052 CertCloseStore(store, 0);
1053
1054 CertFreeCertificateContext(cert3);
1055 CertFreeCertificateContext(cert2);
1056 CertFreeCertificateContext(cert1);
1057 }
1058
1059 static const BYTE crlWithDifferentIssuer[] = {
1060 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1061 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1062 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1063 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1064 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1065
1066 static void testFindCertInCRL(void)
1067 {
1068 BOOL ret;
1069 PCCERT_CONTEXT cert;
1070 PCCRL_CONTEXT crl;
1071 PCRL_ENTRY entry;
1072
1073 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1074 sizeof(bigCert));
1075 ok(cert != NULL, "CertCreateCertificateContext failed: %08lx\n",
1076 GetLastError());
1077
1078 /* Crash
1079 ret = CertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1080 ret = CertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1081 ret = CertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1082 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1083 ret = CertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1084 ret = CertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1085 ret = CertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1086 */
1087
1088 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1089 sizeof(verisignCRL));
1090 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1091 ok(ret, "CertFindCertificateInCRL failed: %08lx\n", GetLastError());
1092 ok(entry == NULL, "Expected not to find an entry in CRL\n");
1093 CertFreeCRLContext(crl);
1094
1095 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1096 sizeof(v1CRLWithIssuerAndEntry));
1097 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1098 ok(ret, "CertFindCertificateInCRL failed: %08lx\n", GetLastError());
1099 ok(entry != NULL, "Expected to find an entry in CRL\n");
1100 CertFreeCRLContext(crl);
1101
1102 /* Entry found even though CRL issuer doesn't match cert issuer */
1103 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1104 sizeof(crlWithDifferentIssuer));
1105 ret = CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1106 ok(ret, "CertFindCertificateInCRL failed: %08lx\n", GetLastError());
1107 ok(entry != NULL, "Expected to find an entry in CRL\n");
1108 CertFreeCRLContext(crl);
1109
1110 CertFreeCertificateContext(cert);
1111 }
1112
1113 static void testVerifyCRLRevocation(void)
1114 {
1115 BOOL ret;
1116 PCCERT_CONTEXT cert;
1117 PCCRL_CONTEXT crl;
1118
1119 ret = CertVerifyCRLRevocation(0, NULL, 0, NULL);
1120 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1121 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, NULL, 0, NULL);
1122 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1123
1124 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1125 sizeof(bigCert));
1126
1127 /* Check against no CRL */
1128 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1129 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1130 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 0, NULL);
1131 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1132
1133 /* Check against CRL with entry for the cert */
1134 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1135 sizeof(v1CRLWithIssuerAndEntry));
1136 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1137 (PCRL_INFO *)&crl->pCrlInfo);
1138 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1139 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1140 (PCRL_INFO *)&crl->pCrlInfo);
1141 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1142 CertFreeCRLContext(crl);
1143
1144 /* Check against CRL with different issuer and entry for the cert */
1145 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1146 sizeof(crlWithDifferentIssuer));
1147 ok(crl != NULL, "CertCreateCRLContext failed: %08lx\n", GetLastError());
1148 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1149 (PCRL_INFO *)&crl->pCrlInfo);
1150 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1151 CertFreeCRLContext(crl);
1152
1153 /* Check against CRL without entry for the cert */
1154 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1155 sizeof(verisignCRL));
1156 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1157 (PCRL_INFO *)&crl->pCrlInfo);
1158 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1159 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1160 (PCRL_INFO *)&crl->pCrlInfo);
1161 ok(ret, "CertVerifyCRLRevocation failed: %08lx\n", GetLastError());
1162 CertFreeCRLContext(crl);
1163
1164 CertFreeCertificateContext(cert);
1165 }
1166
1167 START_TEST(crl)
1168 {
1169 testCreateCRL();
1170 testDupCRL();
1171 testAddCRL();
1172 testFindCRL();
1173 testGetCRLFromStore();
1174 testCRLProperties();
1175 testIsValidCRLForCert();
1176 testFindCertInCRL();
1177 testVerifyCRLRevocation();
1178 }
Windows API implementation