1 /*
2 * crypt32 CRL functions tests
3 *
4 * Copyright 2005-2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdio.h>
22 #include <stdarg.h>
23
24 #include <windef.h>
25 #include <winbase.h>
26 #include <winreg.h>
27 #include <winerror.h>
28 #include <wincrypt.h>
29
30 #include "wine/test.h"
31
32
33 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
54 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
63 0x02, 0x01, 0x01 };
64 static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
68 0x5a };
69 static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
79
80 static BOOL (WINAPI *pCertFindCertificateInCRL)(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
81 static PCCRL_CONTEXT (WINAPI *pCertFindCRLInStore)(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCRL_CONTEXT);
82 static BOOL (WINAPI *pCertIsValidCRLForCertificate)(PCCERT_CONTEXT, PCCRL_CONTEXT, DWORD, void*);
83
init_function_pointers(void)84 static void init_function_pointers(void)
85 {
86 HMODULE hdll = GetModuleHandleA("crypt32.dll");
87 pCertFindCertificateInCRL = (void*)GetProcAddress(hdll, "CertFindCertificateInCRL");
88 pCertFindCRLInStore = (void*)GetProcAddress(hdll, "CertFindCRLInStore");
89 pCertIsValidCRLForCertificate = (void*)GetProcAddress(hdll, "CertIsValidCRLForCertificate");
90 }
91
testCreateCRL(void)92 static void testCreateCRL(void)
93 {
94 PCCRL_CONTEXT context;
95 DWORD GLE;
96
97 context = CertCreateCRLContext(0, NULL, 0);
98 ok(!context && GetLastError() == E_INVALIDARG,
99 "Expected E_INVALIDARG, got %08x\n", GetLastError());
100 context = CertCreateCRLContext(X509_ASN_ENCODING, NULL, 0);
101 GLE = GetLastError();
102 ok(!context && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
103 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
104 context = CertCreateCRLContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
105 ok(!context, "Expected failure\n");
106 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
107 sizeof(signedCRL) - 1);
108 ok(!context, "Expected failure\n");
109 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
110 sizeof(signedCRL));
111 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
112 if (context)
113 CertFreeCRLContext(context);
114 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
115 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
116 if (context)
117 CertFreeCRLContext(context);
118 }
119
testDupCRL(void)120 static void testDupCRL(void)
121 {
122 PCCRL_CONTEXT context, dupContext;
123 BOOL res;
124
125 context = CertDuplicateCRLContext(NULL);
126 ok(context == NULL, "expected NULL\n");
127 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
128 sizeof(signedCRL));
129 dupContext = CertDuplicateCRLContext(context);
130 ok(dupContext != NULL, "expected a context\n");
131 ok(dupContext == context, "expected identical context addresses\n");
132
133 res = CertFreeCRLContext(dupContext);
134 ok(res, "CertFreeCRLContext failed\n");
135
136 res = CertFreeCRLContext(context);
137 ok(res, "CertFreeCRLContext failed\n");
138
139 res = CertFreeCRLContext(NULL);
140 ok(res, "CertFreeCRLContext failed\n");
141 }
142
testAddCRL(void)143 static void testAddCRL(void)
144 {
145 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
146 CERT_STORE_CREATE_NEW_FLAG, NULL);
147 PCCRL_CONTEXT context, context2;
148 BOOL ret;
149 DWORD GLE;
150
151 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
152 if (!store) return;
153
154 /* Bad CRL encoding type */
155 ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
156 ok(!ret && GetLastError() == E_INVALIDARG,
157 "Expected E_INVALIDARG, got %08x\n", GetLastError());
158 ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
159 ok(!ret && GetLastError() == E_INVALIDARG,
160 "Expected E_INVALIDARG, got %08x\n", GetLastError());
161 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
162 ok(!ret && GetLastError() == E_INVALIDARG,
163 "Expected E_INVALIDARG, got %08x\n", GetLastError());
164 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
165 NULL);
166 ok(!ret && GetLastError() == E_INVALIDARG,
167 "Expected E_INVALIDARG, got %08x\n", GetLastError());
168 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL),
169 CERT_STORE_ADD_ALWAYS, NULL);
170 ok(!ret && GetLastError() == E_INVALIDARG,
171 "Expected E_INVALIDARG, got %08x\n", GetLastError());
172 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
173 CERT_STORE_ADD_ALWAYS, NULL);
174 ok(!ret && GetLastError() == E_INVALIDARG,
175 "Expected E_INVALIDARG, got %08x\n", GetLastError());
176
177 /* No CRL */
178 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, NULL, 0, 0, NULL);
179 GLE = GetLastError();
180 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
181 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
182 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, NULL, 0, 0, NULL);
183 GLE = GetLastError();
184 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
185 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
186
187 /* Weird--bad add disposition leads to an access violation in Windows.
188 * Both tests crash on some win9x boxes.
189 */
190 if (0)
191 {
192 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
193 sizeof(signedCRL), 0, NULL);
194 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
195 GetLastError() == E_INVALIDARG /* Vista */),
196 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
197 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
198 sizeof(signedCRL), 0, NULL);
199 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
200 GetLastError() == E_INVALIDARG /* Vista */),
201 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
202 }
203
204 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
205 */
206 context = NULL;
207 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
208 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
209 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
210 if (context)
211 CertFreeCRLContext(context);
212
213 /* Normal cases: a "signed" CRL is okay.. */
214 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
215 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
216 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
217 /* and an unsigned one is too. */
218 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, CRL, sizeof(CRL),
219 CERT_STORE_ADD_ALWAYS, NULL);
220 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
221
222 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
223 sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
224 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
225 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
226
227 /* This should replace (one of) the existing CRL(s). */
228 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
229 sizeof(newerCRL), CERT_STORE_ADD_NEWER, NULL);
230 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
231
232 CertCloseStore(store, 0);
233
234 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
235 ok(store != NULL, "CertOpenStore failed\n");
236
237 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
238 ok(context != NULL, "CertCreateCRLContext failed\n");
239
240 ret = CertAddCRLContextToStore(store, context, CERT_STORE_ADD_NEW, &context2);
241 ok(ret, "CertAddCRLContextToStore failed\n");
242 ok(context2 != NULL && context2 != context, "unexpected context2\n");
243
244 ok(context->pbCrlEncoded != context2->pbCrlEncoded, "Unexpected pbCrlEncoded\n");
245 ok(context->cbCrlEncoded == context2->cbCrlEncoded, "Unexpected cbCrlEncoded\n");
246 ok(context->pCrlInfo != context2->pCrlInfo, "Unexpected pCrlInfo\n");
247
248 CertFreeCRLContext(context2);
249 CertFreeCRLContext(context);
250 CertCloseStore(store, 0);
251 }
252
253 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
254 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
255 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
256 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
257 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
258 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
259 static const BYTE v2CRLWithIssuingDistPoint[] = {
260 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
261 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
262 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
263 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
264 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
265 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
266 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
267 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
268 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
269 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
270 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
271 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
272 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
273 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
274 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
275 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
276 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
277 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
278 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
279 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
280 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
281 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
282 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
283 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
284 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
285 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
286 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
287 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
288 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
289 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
290 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
291 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
292 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
293 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
294 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
295 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
296 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
297 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
298 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
299 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
300 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
301 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
302 0xcd };
303 static const BYTE verisignCommercialSoftPubCA[] = {
304 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
305 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
306 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
307 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
308 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
309 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
310 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
311 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
312 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
313 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
314 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
315 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
316 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
317 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
318 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
319 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
320 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
321 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
322 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
323 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
324 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
325 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
326 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
327 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
328 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
329 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
330 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
331 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
332 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
333 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
334 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
335 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
336 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
337 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
338 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
339 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
340 0x64,0x31,0x3c,0x3c
341 };
342 static const BYTE rootWithKeySignAndCRLSign[] = {
343 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
344 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
345 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
346 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
347 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
348 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
349 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
350 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
351 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
352 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
353 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
354 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
355 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
356 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
357 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
358 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
359 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
360 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
361 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
362 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
363 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
364 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
365 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
366 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
367 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
368 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
369 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
370 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
371 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
372 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
373 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
374 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
375 0x2e,0x84,0xee };
376 static const BYTE eeCert[] = {
377 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
378 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
379 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
380 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
381 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
382 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
383 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
384 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
385 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
386 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
387 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
388 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
389 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
390 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
391 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
392 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
393 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
394 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
395 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
396 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
397 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
398 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
399 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
400 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
401 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
402 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
403 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
404 0xef,0x9f };
405 static const BYTE rootSignedCRL[] = {
406 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
407 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
408 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
409 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
410 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
411 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
412 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
413 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
414 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
415 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
416 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
417 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
418 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
419 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
420 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
421 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
422 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
423 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
424 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
425 0x3d,0x74,0xd6,0x3b };
426
testFindCRL(void)427 static void testFindCRL(void)
428 {
429 HCERTSTORE store;
430 PCCRL_CONTEXT context;
431 PCCERT_CONTEXT cert, endCert, rootCert;
432 CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
433 DWORD count, revoked_count;
434 BOOL ret;
435
436 if (!pCertFindCRLInStore || !pCertFindCertificateInCRL)
437 {
438 win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
439 return;
440 }
441
442 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
443 CERT_STORE_CREATE_NEW_FLAG, NULL);
444 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
445 if (!store) return;
446
447 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
448 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
449 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
450
451 /* Crashes
452 context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
453 */
454
455 /* Find any context */
456 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
457 ok(context != NULL, "Expected a context\n");
458 if (context)
459 CertFreeCRLContext(context);
460 /* Bogus flags are ignored */
461 context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
462 ok(context != NULL, "Expected a context\n");
463 if (context)
464 CertFreeCRLContext(context);
465 /* CRL encoding type is ignored too */
466 context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
467 ok(context != NULL, "Expected a context\n");
468 if (context)
469 CertFreeCRLContext(context);
470
471 /* This appears to match any cert */
472 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
473 ok(context != NULL, "Expected a context\n");
474 if (context)
475 CertFreeCRLContext(context);
476
477 /* Try to match an issuer that isn't in the store */
478 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
479 sizeof(bigCert2));
480 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
481 GetLastError());
482 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
483 ok(context == NULL, "Expected no matching context\n");
484 CertFreeCertificateContext(cert);
485
486 /* Match an issuer that is in the store */
487 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
488 sizeof(bigCert));
489 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
490 GetLastError());
491 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
492 ok(context != NULL, "Expected a context\n");
493 if (context)
494 CertFreeCRLContext(context);
495
496 /* Try various find flags */
497 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
498 CRL_FIND_ISSUED_BY, cert, NULL);
499 ok(!context || broken(context != NULL /* Win9x */), "unexpected context\n");
500 /* The CRL doesn't have an AKI extension, so it matches any cert */
501 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
502 CRL_FIND_ISSUED_BY, cert, NULL);
503 ok(context != NULL, "Expected a context\n");
504 if (context)
505 CertFreeCRLContext(context);
506
507 if (0)
508 {
509 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
510 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
511 NULL);
512 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
513 &issuedForPara, NULL);
514 }
515 /* Test whether the cert matches the CRL in the store */
516 issuedForPara.pSubjectCert = cert;
517 issuedForPara.pIssuerCert = cert;
518 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
519 &issuedForPara, NULL);
520 ok(context != NULL || broken(!context /* Win9x, NT4 */),
521 "Expected a context\n");
522 if (context)
523 {
524 ok(context->cbCrlEncoded == sizeof(signedCRL),
525 "unexpected CRL size %d\n", context->cbCrlEncoded);
526 ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
527 "unexpected CRL data\n");
528 CertFreeCRLContext(context);
529 }
530
531 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
532 v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry),
533 CERT_STORE_ADD_ALWAYS, NULL);
534 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
535 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
536 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
537 CERT_STORE_ADD_ALWAYS, NULL);
538 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
539 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
540 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
541 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
542 issuedForPara.pSubjectCert = cert;
543 issuedForPara.pIssuerCert = cert;
544 context = NULL;
545 count = revoked_count = 0;
546 do {
547 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
548 &issuedForPara, context);
549 if (context)
550 {
551 PCRL_ENTRY entry;
552
553 count++;
554 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
555 entry)
556 revoked_count++;
557 }
558 } while (context);
559 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
560 * match cert's issuer, but verisignCRL does not, so the expected count
561 * is 0.
562 */
563 ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
564 "expected 3 matching CRLs, got %d\n", count);
565 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
566 * entries, so the count of CRL entries that match cert is 2.
567 */
568 ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
569 "expected 2 matching CRL entries, got %d\n", revoked_count);
570
571 CertFreeCertificateContext(cert);
572
573 /* Try again with a cert that doesn't match any CRLs in the store */
574 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
575 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
576 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
577 GetLastError());
578 issuedForPara.pSubjectCert = cert;
579 issuedForPara.pIssuerCert = cert;
580 context = NULL;
581 count = revoked_count = 0;
582 do {
583 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
584 &issuedForPara, context);
585 if (context)
586 {
587 PCRL_ENTRY entry;
588
589 count++;
590 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
591 entry)
592 revoked_count++;
593 }
594 } while (context);
595 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
596 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
597 revoked_count);
598 CertFreeCertificateContext(cert);
599
600 /* Test again with a real certificate and CRL. The certificate wasn't
601 * revoked, but its issuer does have a CRL.
602 */
603 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
604 verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA));
605 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
606 GetLastError());
607 issuedForPara.pIssuerCert = cert;
608 issuedForPara.pSubjectCert = cert;
609 context = NULL;
610 count = revoked_count = 0;
611 do {
612 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
613 &issuedForPara, context);
614 if (context)
615 {
616 PCRL_ENTRY entry;
617
618 count++;
619 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
620 entry)
621 revoked_count++;
622 }
623 } while (context);
624 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
625 "expected 1 matching CRLs, got %d\n", count);
626 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
627 revoked_count);
628 CertFreeCertificateContext(cert);
629
630 CertCloseStore(store, 0);
631
632 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
633 * eeCert) whose end certificate is in the CRL.
634 */
635 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
636 CERT_STORE_CREATE_NEW_FLAG, NULL);
637 /* Add a CRL for the end certificate */
638 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
639 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
640 /* Add another CRL unrelated to the tested chain */
641 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
642 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
643 endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
644 eeCert, sizeof(eeCert));
645 rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
646 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
647 issuedForPara.pSubjectCert = endCert;
648 issuedForPara.pIssuerCert = rootCert;
649 context = NULL;
650 count = revoked_count = 0;
651 do {
652 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
653 &issuedForPara, context);
654 if (context)
655 {
656 PCRL_ENTRY entry;
657
658 count++;
659 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
660 entry)
661 revoked_count++;
662 }
663 } while (context);
664 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
665 "expected 1 matching CRLs, got %d\n", count);
666 ok(revoked_count == 1 || broken(revoked_count == 0 /* Win9x, NT4 */),
667 "expected 1 matching CRL entries, got %d\n", revoked_count);
668
669 /* Test CRL_FIND_ISSUED_BY flags */
670 count = revoked_count = 0;
671 do {
672 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
673 endCert, context);
674 if (context)
675 {
676 PCRL_ENTRY entry;
677
678 count++;
679 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
680 entry)
681 revoked_count++;
682 }
683 } while (context);
684 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
685 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
686 revoked_count);
687 count = revoked_count = 0;
688 do {
689 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
690 rootCert, context);
691 if (context)
692 {
693 PCRL_ENTRY entry;
694
695 count++;
696 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
697 entry)
698 revoked_count++;
699 }
700 } while (context);
701 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
702 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
703 revoked_count);
704 count = revoked_count = 0;
705 do {
706 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
707 CRL_FIND_ISSUED_BY, endCert, context);
708 if (context)
709 {
710 PCRL_ENTRY entry;
711
712 count++;
713 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
714 entry)
715 revoked_count++;
716 }
717 } while (context);
718 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
719 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
720 revoked_count);
721 count = revoked_count = 0;
722 do {
723 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
724 CRL_FIND_ISSUED_BY, rootCert, context);
725 if (context)
726 {
727 PCRL_ENTRY entry;
728
729 count++;
730 if (pCertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
731 entry)
732 revoked_count++;
733 }
734 } while (context);
735 ok(count == 0 || broken(count == 1 /* Win9x */),
736 "expected 0 matching CRLs, got %d\n", count);
737 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
738 revoked_count);
739 count = revoked_count = 0;
740 do {
741 context = pCertFindCRLInStore(store, 0,
742 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
743 context);
744 if (context)
745 {
746 PCRL_ENTRY entry;
747
748 count++;
749 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
750 entry)
751 revoked_count++;
752 }
753 } while (context);
754 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
755 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
756 revoked_count);
757 count = revoked_count = 0;
758 do {
759 context = pCertFindCRLInStore(store, 0,
760 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
761 context);
762 if (context)
763 {
764 PCRL_ENTRY entry;
765
766 count++;
767 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
768 entry)
769 revoked_count++;
770 }
771 } while (context);
772 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
773 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
774 revoked_count);
775 CertFreeCertificateContext(rootCert);
776 CertFreeCertificateContext(endCert);
777
778 CertCloseStore(store, 0);
779 }
780
testGetCRLFromStore(void)781 static void testGetCRLFromStore(void)
782 {
783 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
784 CERT_STORE_CREATE_NEW_FLAG, NULL);
785 PCCRL_CONTEXT context;
786 PCCERT_CONTEXT cert;
787 DWORD flags;
788 BOOL ret;
789
790 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
791 if (!store) return;
792
793 /* Crash
794 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
795 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
796 */
797
798 /* Bogus flags */
799 flags = 0xffffffff;
800 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
801 ok(!context && GetLastError() == E_INVALIDARG,
802 "Expected E_INVALIDARG, got %08x\n", GetLastError());
803
804 /* Test an empty store */
805 flags = 0;
806 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
807 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
808 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
809
810 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
811 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
812 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
813
814 /* NULL matches any CRL */
815 flags = 0;
816 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
817 ok(context != NULL, "Expected a context\n");
818 CertFreeCRLContext(context);
819
820 /* This cert's issuer isn't in */
821 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
822 sizeof(bigCert2));
823 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
824 GetLastError());
825 context = CertGetCRLFromStore(store, cert, NULL, &flags);
826 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
827 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
828 CertFreeCertificateContext(cert);
829
830 /* But this one is */
831 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
832 sizeof(bigCert));
833 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
834 GetLastError());
835 context = CertGetCRLFromStore(store, cert, NULL, &flags);
836 ok(context != NULL, "Expected a context\n");
837 CertFreeCRLContext(context);
838 CertFreeCertificateContext(cert);
839
840 CertCloseStore(store, 0);
841 }
842
checkCRLHash(const BYTE * data,DWORD dataLen,ALG_ID algID,PCCRL_CONTEXT context,DWORD propID)843 static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
844 PCCRL_CONTEXT context, DWORD propID)
845 {
846 BYTE hash[20] = { 0 }, hashProperty[20];
847 BOOL ret;
848 DWORD size;
849
850 memset(hash, 0, sizeof(hash));
851 memset(hashProperty, 0, sizeof(hashProperty));
852 size = sizeof(hash);
853 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
854 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
855 ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
856 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
857 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
858 propID);
859 }
860
testCRLProperties(void)861 static void testCRLProperties(void)
862 {
863 PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING,
864 CRL, sizeof(CRL));
865
866 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
867 if (context)
868 {
869 DWORD propID, numProps, access, size;
870 BOOL ret;
871 BYTE hash[20] = { 0 }, hashProperty[20];
872 CRYPT_DATA_BLOB blob;
873
874 /* This crashes
875 propID = CertEnumCRLContextProperties(NULL, 0);
876 */
877
878 propID = 0;
879 numProps = 0;
880 do {
881 propID = CertEnumCRLContextProperties(context, propID);
882 if (propID)
883 numProps++;
884 } while (propID != 0);
885 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
886
887 /* Tests with a NULL cert context. Prop ID 0 fails.. */
888 ret = CertSetCRLContextProperty(NULL, 0, 0, NULL);
889 ok(!ret && GetLastError() == E_INVALIDARG,
890 "Expected E_INVALIDARG, got %08x\n", GetLastError());
891 /* while this just crashes.
892 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
893 NULL);
894 */
895
896 ret = CertSetCRLContextProperty(context, 0, 0, NULL);
897 ok(!ret && GetLastError() == E_INVALIDARG,
898 "Expected E_INVALIDARG, got %08x\n", GetLastError());
899 /* Can't set the cert property directly, this crashes.
900 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
901 */
902
903 /* These all crash.
904 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
905 NULL);
906 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
907 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
908 hashProperty, NULL);
909 */
910 /* A missing prop */
911 size = 0;
912 ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
913 NULL, &size);
914 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
915 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
916 /* And, an implicit property */
917 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
918 NULL, &size);
919 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
920 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
921 &access, &size);
922 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
923 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
924 "Didn't expect a persisted crl\n");
925 /* Trying to set this "read only" property crashes.
926 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
927 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
928 &access);
929 */
930
931 /* Can I set the hash to an invalid hash? */
932 blob.pbData = hash;
933 blob.cbData = sizeof(hash);
934 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob);
935 ok(ret, "CertSetCRLContextProperty failed: %08x\n",
936 GetLastError());
937 size = sizeof(hashProperty);
938 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
939 hashProperty, &size);
940 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
941 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
942 /* Delete the (bogus) hash, and get the real one */
943 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL);
944 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
945 checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID);
946
947 /* Now that the hash property is set, we should get one property when
948 * enumerating.
949 */
950 propID = 0;
951 numProps = 0;
952 do {
953 propID = CertEnumCRLContextProperties(context, propID);
954 if (propID)
955 numProps++;
956 } while (propID != 0);
957 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
958
959 /* Check a few other implicit properties */
960 checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
961 CERT_MD5_HASH_PROP_ID);
962
963 CertFreeCRLContext(context);
964 }
965 }
966
967 static const BYTE bigCertWithCRLDistPoints[] = {
968 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
969 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
970 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
971 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
972 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
973 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
974 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
975 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
976 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
977 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
978 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
979 0x6f,0x72,0x67 };
980
testIsValidCRLForCert(void)981 static void testIsValidCRLForCert(void)
982 {
983 BOOL ret;
984 PCCERT_CONTEXT cert1, cert2, cert3;
985 PCCRL_CONTEXT crl;
986 HCERTSTORE store;
987
988 if(!pCertIsValidCRLForCertificate) return;
989
990 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
991 sizeof(v1CRLWithIssuerAndEntry));
992 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
993 cert1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
994 sizeof(bigCert));
995 ok(cert1 != NULL, "CertCreateCertificateContext failed: %08x\n",
996 GetLastError());
997
998 /* Crash
999 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
1000 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
1001 */
1002
1003 /* Curiously, any CRL is valid for the NULL certificate */
1004 ret = pCertIsValidCRLForCertificate(NULL, crl, 0, NULL);
1005 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1006
1007 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
1008 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1009 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1010
1011 cert2 = CertCreateCertificateContext(X509_ASN_ENCODING,
1012 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
1013 ok(cert2 != NULL, "CertCreateCertificateContext failed: %08x\n",
1014 GetLastError());
1015
1016 /* Yet more curious: different issuers for these, yet the CRL is valid for
1017 * that cert. According to MSDN, the relevant bit to check is whether the
1018 * CRL has a CRL_ISSUING_DIST_POINT extension.
1019 */
1020 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1021 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1022
1023 CertFreeCRLContext(crl);
1024
1025 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
1026 * cert doesn't have the same extension in it.
1027 */
1028 crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
1029 sizeof(v2CRLWithIssuingDistPoint));
1030 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1031
1032 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1033 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1034 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1035 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1036 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1037 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1038
1039 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1040 * a CRL_DIST_POINTS_INFO extension.
1041 */
1042 cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
1043 bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
1044 ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n",
1045 GetLastError());
1046 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1047 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1048
1049 CertFreeCRLContext(crl);
1050
1051 /* And again, with a real CRL, the CRL is valid for all three certs. */
1052 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1053 sizeof(verisignCRL));
1054 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1055
1056 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1057 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1058 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1059 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1060 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1061 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1062
1063 CertFreeCRLContext(crl);
1064
1065 /* One last test: a CRL in a different store than the cert is also valid
1066 * for the cert.
1067 */
1068 store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
1069 CERT_STORE_CREATE_NEW_FLAG, NULL);
1070 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1071
1072 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL,
1073 sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl);
1074 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1075
1076 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1077 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1078 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1079 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1080 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1081 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1082
1083 CertFreeCRLContext(crl);
1084
1085 CertCloseStore(store, 0);
1086
1087 CertFreeCertificateContext(cert3);
1088 CertFreeCertificateContext(cert2);
1089 CertFreeCertificateContext(cert1);
1090 }
1091
1092 static const BYTE crlWithDifferentIssuer[] = {
1093 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1094 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1095 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1096 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1097 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1098
testFindCertInCRL(void)1099 static void testFindCertInCRL(void)
1100 {
1101 BOOL ret;
1102 PCCERT_CONTEXT cert;
1103 PCCRL_CONTEXT crl;
1104 PCRL_ENTRY entry;
1105
1106 if (!pCertFindCertificateInCRL)
1107 {
1108 win_skip("CertFindCertificateInCRL() is not available\n");
1109 return;
1110 }
1111
1112 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1113 sizeof(bigCert));
1114 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
1115 GetLastError());
1116
1117 /* Crash
1118 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1119 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1120 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1121 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1122 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1123 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1124 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1125 */
1126
1127 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1128 sizeof(verisignCRL));
1129 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1130 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1131 ok(entry == NULL, "Expected not to find an entry in CRL\n");
1132 CertFreeCRLContext(crl);
1133
1134 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1135 sizeof(v1CRLWithIssuerAndEntry));
1136 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1137 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1138 ok(entry != NULL, "Expected to find an entry in CRL\n");
1139 CertFreeCRLContext(crl);
1140
1141 /* Entry found even though CRL issuer doesn't match cert issuer */
1142 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1143 sizeof(crlWithDifferentIssuer));
1144 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1145 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1146 ok(entry != NULL, "Expected to find an entry in CRL\n");
1147 CertFreeCRLContext(crl);
1148
1149 CertFreeCertificateContext(cert);
1150 }
1151
testVerifyCRLRevocation(void)1152 static void testVerifyCRLRevocation(void)
1153 {
1154 BOOL ret;
1155 PCCERT_CONTEXT cert;
1156 PCCRL_CONTEXT crl;
1157
1158 ret = CertVerifyCRLRevocation(0, NULL, 0, NULL);
1159 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1160 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, NULL, 0, NULL);
1161 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1162
1163 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1164 sizeof(bigCert));
1165
1166 /* Check against no CRL */
1167 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1168 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1169 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 0, NULL);
1170 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1171
1172 /* Check against CRL with entry for the cert */
1173 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1174 sizeof(v1CRLWithIssuerAndEntry));
1175 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1176 (PCRL_INFO *)&crl->pCrlInfo);
1177 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1178 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1179 (PCRL_INFO *)&crl->pCrlInfo);
1180 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1181 CertFreeCRLContext(crl);
1182
1183 /* Check against CRL with different issuer and entry for the cert */
1184 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1185 sizeof(crlWithDifferentIssuer));
1186 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1187 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1188 (PCRL_INFO *)&crl->pCrlInfo);
1189 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1190 CertFreeCRLContext(crl);
1191
1192 /* Check against CRL without entry for the cert */
1193 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1194 sizeof(verisignCRL));
1195 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1196 (PCRL_INFO *)&crl->pCrlInfo);
1197 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1198 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1199 (PCRL_INFO *)&crl->pCrlInfo);
1200 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1201 CertFreeCRLContext(crl);
1202
1203 CertFreeCertificateContext(cert);
1204 }
1205
START_TEST(crl)1206 START_TEST(crl)
1207 {
1208 init_function_pointers();
1209
1210 testCreateCRL();
1211 testDupCRL();
1212 testAddCRL();
1213 testFindCRL();
1214 testGetCRLFromStore();
1215
1216 testCRLProperties();
1217
1218 testIsValidCRLForCert();
1219 testFindCertInCRL();
1220 testVerifyCRLRevocation();
1221 }
1222