Release 1.6-rc2.
[wine/testsucceed.git] / dlls / crypt32 / tests / crl.c
blob313ebb3cf3009304aa3a297fa6c5a946ff5e06b8
1 /*
2 * crypt32 CRL functions tests
4 * Copyright 2005-2006 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 #include <stdio.h>
22 #include <stdarg.h>
24 #include <windef.h>
25 #include <winbase.h>
26 #include <winreg.h>
27 #include <winerror.h>
28 #include <wincrypt.h>
30 #include "wine/test.h"
33 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
54 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
63 0x02, 0x01, 0x01 };
64 static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
68 0x5a };
69 static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
80 static BOOL (WINAPI *pCertFindCertificateInCRL)(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
81 static PCCRL_CONTEXT (WINAPI *pCertFindCRLInStore)(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCRL_CONTEXT);
82 static BOOL (WINAPI *pCertIsValidCRLForCertificate)(PCCERT_CONTEXT, PCCRL_CONTEXT, DWORD, void*);
84 static void init_function_pointers(void)
86 HMODULE hdll = GetModuleHandleA("crypt32.dll");
87 pCertFindCertificateInCRL = (void*)GetProcAddress(hdll, "CertFindCertificateInCRL");
88 pCertFindCRLInStore = (void*)GetProcAddress(hdll, "CertFindCRLInStore");
89 pCertIsValidCRLForCertificate = (void*)GetProcAddress(hdll, "CertIsValidCRLForCertificate");
92 static void testCreateCRL(void)
94 PCCRL_CONTEXT context;
95 DWORD GLE;
97 context = CertCreateCRLContext(0, NULL, 0);
98 ok(!context && GetLastError() == E_INVALIDARG,
99 "Expected E_INVALIDARG, got %08x\n", GetLastError());
100 context = CertCreateCRLContext(X509_ASN_ENCODING, NULL, 0);
101 GLE = GetLastError();
102 ok(!context && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
103 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
104 context = CertCreateCRLContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
105 ok(!context, "Expected failure\n");
106 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
107 sizeof(signedCRL) - 1);
108 ok(!context, "Expected failure\n");
109 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
110 sizeof(signedCRL));
111 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
112 if (context)
113 CertFreeCRLContext(context);
114 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
115 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
116 if (context)
117 CertFreeCRLContext(context);
120 static void testDupCRL(void)
122 PCCRL_CONTEXT context, dupContext;
124 context = CertDuplicateCRLContext(NULL);
125 ok(context == NULL, "expected NULL\n");
126 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
127 sizeof(signedCRL));
128 dupContext = CertDuplicateCRLContext(context);
129 ok(dupContext != NULL, "expected a context\n");
130 ok(dupContext == context, "expected identical context addresses\n");
131 CertFreeCRLContext(dupContext);
132 CertFreeCRLContext(context);
135 static void testAddCRL(void)
137 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
138 CERT_STORE_CREATE_NEW_FLAG, NULL);
139 PCCRL_CONTEXT context;
140 BOOL ret;
141 DWORD GLE;
143 if (!store) return;
145 /* Bad CRL encoding type */
146 ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
147 ok(!ret && GetLastError() == E_INVALIDARG,
148 "Expected E_INVALIDARG, got %08x\n", GetLastError());
149 ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
150 ok(!ret && GetLastError() == E_INVALIDARG,
151 "Expected E_INVALIDARG, got %08x\n", GetLastError());
152 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
153 ok(!ret && GetLastError() == E_INVALIDARG,
154 "Expected E_INVALIDARG, got %08x\n", GetLastError());
155 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
156 NULL);
157 ok(!ret && GetLastError() == E_INVALIDARG,
158 "Expected E_INVALIDARG, got %08x\n", GetLastError());
159 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL),
160 CERT_STORE_ADD_ALWAYS, NULL);
161 ok(!ret && GetLastError() == E_INVALIDARG,
162 "Expected E_INVALIDARG, got %08x\n", GetLastError());
163 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
164 CERT_STORE_ADD_ALWAYS, NULL);
165 ok(!ret && GetLastError() == E_INVALIDARG,
166 "Expected E_INVALIDARG, got %08x\n", GetLastError());
168 /* No CRL */
169 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, NULL, 0, 0, NULL);
170 GLE = GetLastError();
171 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
172 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
173 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, NULL, 0, 0, NULL);
174 GLE = GetLastError();
175 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
176 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
178 /* Weird--bad add disposition leads to an access violation in Windows.
179 * Both tests crash on some win9x boxes.
181 if (0)
183 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
184 sizeof(signedCRL), 0, NULL);
185 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
186 GetLastError() == E_INVALIDARG /* Vista */),
187 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
188 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
189 sizeof(signedCRL), 0, NULL);
190 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
191 GetLastError() == E_INVALIDARG /* Vista */),
192 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
195 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
197 context = NULL;
198 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
199 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
200 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
201 if (context)
202 CertFreeCRLContext(context);
204 /* Normal cases: a "signed" CRL is okay.. */
205 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
206 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
207 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
208 /* and an unsigned one is too. */
209 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, CRL, sizeof(CRL),
210 CERT_STORE_ADD_ALWAYS, NULL);
211 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
213 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
214 sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
215 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
216 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
218 /* This should replace (one of) the existing CRL(s). */
219 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
220 sizeof(newerCRL), CERT_STORE_ADD_NEWER, NULL);
221 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
223 CertCloseStore(store, 0);
226 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
227 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
228 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
229 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
230 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
231 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
232 static const BYTE v2CRLWithIssuingDistPoint[] = {
233 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
234 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
235 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
236 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
237 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
238 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
239 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
240 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
241 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
242 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
243 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
244 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
245 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
246 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
247 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
248 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
249 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
250 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
251 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
252 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
253 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
254 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
255 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
256 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
257 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
258 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
259 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
260 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
261 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
262 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
263 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
264 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
265 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
266 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
267 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
268 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
269 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
270 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
271 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
272 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
273 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
274 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
275 0xcd };
276 static const BYTE verisignCommercialSoftPubCA[] = {
277 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
278 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
279 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
280 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
281 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
282 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
283 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
284 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
285 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
286 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
287 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
288 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
289 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
290 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
291 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
292 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
293 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
294 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
295 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
296 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
297 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
298 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
299 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
300 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
301 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
302 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
303 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
304 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
305 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
306 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
307 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
308 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
309 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
310 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
311 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
312 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
313 0x64,0x31,0x3c,0x3c
315 static const BYTE rootWithKeySignAndCRLSign[] = {
316 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
317 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
318 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
319 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
320 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
321 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
322 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
323 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
324 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
325 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
326 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
327 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
328 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
329 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
330 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
331 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
332 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
333 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
334 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
335 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
336 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
337 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
338 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
339 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
340 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
341 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
342 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
343 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
344 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
345 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
346 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
347 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
348 0x2e,0x84,0xee };
349 static const BYTE eeCert[] = {
350 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
351 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
352 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
353 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
354 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
355 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
356 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
357 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
358 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
359 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
360 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
361 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
362 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
363 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
364 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
365 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
366 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
367 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
368 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
369 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
370 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
371 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
372 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
373 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
374 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
375 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
376 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
377 0xef,0x9f };
378 static const BYTE rootSignedCRL[] = {
379 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
380 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
381 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
382 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
383 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
384 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
385 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
386 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
387 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
388 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
389 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
390 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
391 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
392 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
393 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
394 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
395 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
396 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
397 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
398 0x3d,0x74,0xd6,0x3b };
400 static void testFindCRL(void)
402 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
403 CERT_STORE_CREATE_NEW_FLAG, NULL);
404 PCCRL_CONTEXT context;
405 PCCERT_CONTEXT cert, endCert, rootCert;
406 CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
407 DWORD count, revoked_count;
408 BOOL ret;
410 if (!store) return;
411 if (!pCertFindCRLInStore || !pCertFindCertificateInCRL)
413 win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
414 return;
417 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
418 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
419 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
421 /* Crashes
422 context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
425 /* Find any context */
426 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
427 ok(context != NULL, "Expected a context\n");
428 if (context)
429 CertFreeCRLContext(context);
430 /* Bogus flags are ignored */
431 context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
432 ok(context != NULL, "Expected a context\n");
433 if (context)
434 CertFreeCRLContext(context);
435 /* CRL encoding type is ignored too */
436 context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
437 ok(context != NULL, "Expected a context\n");
438 if (context)
439 CertFreeCRLContext(context);
441 /* This appears to match any cert */
442 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
443 ok(context != NULL, "Expected a context\n");
444 if (context)
445 CertFreeCRLContext(context);
447 /* Try to match an issuer that isn't in the store */
448 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
449 sizeof(bigCert2));
450 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
451 GetLastError());
452 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
453 ok(context == NULL, "Expected no matching context\n");
454 CertFreeCertificateContext(cert);
456 /* Match an issuer that is in the store */
457 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
458 sizeof(bigCert));
459 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
460 GetLastError());
461 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
462 ok(context != NULL, "Expected a context\n");
463 if (context)
464 CertFreeCRLContext(context);
466 /* Try various find flags */
467 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
468 CRL_FIND_ISSUED_BY, cert, NULL);
469 ok(!context || broken(context != NULL /* Win9x */), "unexpected context\n");
470 /* The CRL doesn't have an AKI extension, so it matches any cert */
471 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
472 CRL_FIND_ISSUED_BY, cert, NULL);
473 ok(context != NULL, "Expected a context\n");
474 if (context)
475 CertFreeCRLContext(context);
477 if (0)
479 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
480 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
481 NULL);
482 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
483 &issuedForPara, NULL);
485 /* Test whether the cert matches the CRL in the store */
486 issuedForPara.pSubjectCert = cert;
487 issuedForPara.pIssuerCert = cert;
488 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
489 &issuedForPara, NULL);
490 ok(context != NULL || broken(!context /* Win9x, NT4 */),
491 "Expected a context\n");
492 if (context)
494 ok(context->cbCrlEncoded == sizeof(signedCRL),
495 "unexpected CRL size %d\n", context->cbCrlEncoded);
496 ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
497 "unexpected CRL data\n");
498 CertFreeCRLContext(context);
501 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
502 v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry),
503 CERT_STORE_ADD_ALWAYS, NULL);
504 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
505 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
506 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
507 CERT_STORE_ADD_ALWAYS, NULL);
508 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
509 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
510 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
511 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
512 issuedForPara.pSubjectCert = cert;
513 issuedForPara.pIssuerCert = cert;
514 context = NULL;
515 count = revoked_count = 0;
516 do {
517 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
518 &issuedForPara, context);
519 if (context)
521 PCRL_ENTRY entry;
523 count++;
524 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
525 entry)
526 revoked_count++;
528 } while (context);
529 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
530 * match cert's issuer, but verisignCRL does not, so the expected count
531 * is 0.
533 ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
534 "expected 3 matching CRLs, got %d\n", count);
535 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
536 * entries, so the count of CRL entries that match cert is 2.
538 ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
539 "expected 2 matching CRL entries, got %d\n", revoked_count);
541 CertFreeCertificateContext(cert);
543 /* Try again with a cert that doesn't match any CRLs in the store */
544 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
545 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
546 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
547 GetLastError());
548 issuedForPara.pSubjectCert = cert;
549 issuedForPara.pIssuerCert = cert;
550 context = NULL;
551 count = revoked_count = 0;
552 do {
553 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
554 &issuedForPara, context);
555 if (context)
557 PCRL_ENTRY entry;
559 count++;
560 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
561 entry)
562 revoked_count++;
564 } while (context);
565 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
566 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
567 revoked_count);
568 CertFreeCertificateContext(cert);
570 /* Test again with a real certificate and CRL. The certificate wasn't
571 * revoked, but its issuer does have a CRL.
573 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
574 verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA));
575 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
576 GetLastError());
577 issuedForPara.pIssuerCert = cert;
578 issuedForPara.pSubjectCert = cert;
579 context = NULL;
580 count = revoked_count = 0;
581 do {
582 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
583 &issuedForPara, context);
584 if (context)
586 PCRL_ENTRY entry;
588 count++;
589 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
590 entry)
591 revoked_count++;
593 } while (context);
594 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
595 "expected 1 matching CRLs, got %d\n", count);
596 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
597 revoked_count);
598 CertFreeCertificateContext(cert);
600 CertCloseStore(store, 0);
602 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
603 * eeCert) whose end certificate is in the CRL.
605 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
606 CERT_STORE_CREATE_NEW_FLAG, NULL);
607 /* Add a CRL for the end certificate */
608 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
609 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
610 /* Add another CRL unrelated to the tested chain */
611 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
612 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
613 endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
614 eeCert, sizeof(eeCert));
615 rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
616 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
617 issuedForPara.pSubjectCert = endCert;
618 issuedForPara.pIssuerCert = rootCert;
619 context = NULL;
620 count = revoked_count = 0;
621 do {
622 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
623 &issuedForPara, context);
624 if (context)
626 PCRL_ENTRY entry;
628 count++;
629 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
630 entry)
631 revoked_count++;
633 } while (context);
634 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
635 "expected 1 matching CRLs, got %d\n", count);
636 ok(revoked_count == 1 || broken(revoked_count == 0 /* Win9x, NT4 */),
637 "expected 1 matching CRL entries, got %d\n", revoked_count);
639 /* Test CRL_FIND_ISSUED_BY flags */
640 count = revoked_count = 0;
641 do {
642 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
643 endCert, context);
644 if (context)
646 PCRL_ENTRY entry;
648 count++;
649 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
650 entry)
651 revoked_count++;
653 } while (context);
654 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
655 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
656 revoked_count);
657 count = revoked_count = 0;
658 do {
659 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
660 rootCert, context);
661 if (context)
663 PCRL_ENTRY entry;
665 count++;
666 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
667 entry)
668 revoked_count++;
670 } while (context);
671 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
672 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
673 revoked_count);
674 count = revoked_count = 0;
675 do {
676 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
677 CRL_FIND_ISSUED_BY, endCert, context);
678 if (context)
680 PCRL_ENTRY entry;
682 count++;
683 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
684 entry)
685 revoked_count++;
687 } while (context);
688 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
689 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
690 revoked_count);
691 count = revoked_count = 0;
692 do {
693 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
694 CRL_FIND_ISSUED_BY, rootCert, context);
695 if (context)
697 PCRL_ENTRY entry;
699 count++;
700 if (pCertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
701 entry)
702 revoked_count++;
704 } while (context);
705 ok(count == 0 || broken(count == 1 /* Win9x */),
706 "expected 0 matching CRLs, got %d\n", count);
707 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
708 revoked_count);
709 count = revoked_count = 0;
710 do {
711 context = pCertFindCRLInStore(store, 0,
712 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
713 context);
714 if (context)
716 PCRL_ENTRY entry;
718 count++;
719 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
720 entry)
721 revoked_count++;
723 } while (context);
724 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
725 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
726 revoked_count);
727 count = revoked_count = 0;
728 do {
729 context = pCertFindCRLInStore(store, 0,
730 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
731 context);
732 if (context)
734 PCRL_ENTRY entry;
736 count++;
737 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
738 entry)
739 revoked_count++;
741 } while (context);
742 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
743 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
744 revoked_count);
745 CertFreeCertificateContext(rootCert);
746 CertFreeCertificateContext(endCert);
748 CertCloseStore(store, 0);
751 static void testGetCRLFromStore(void)
753 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
754 CERT_STORE_CREATE_NEW_FLAG, NULL);
755 PCCRL_CONTEXT context;
756 PCCERT_CONTEXT cert;
757 DWORD flags;
758 BOOL ret;
760 if (!store) return;
762 /* Crash
763 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
764 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
767 /* Bogus flags */
768 flags = 0xffffffff;
769 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
770 ok(!context && GetLastError() == E_INVALIDARG,
771 "Expected E_INVALIDARG, got %08x\n", GetLastError());
773 /* Test an empty store */
774 flags = 0;
775 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
776 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
777 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
779 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
780 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
781 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
783 /* NULL matches any CRL */
784 flags = 0;
785 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
786 ok(context != NULL, "Expected a context\n");
787 CertFreeCRLContext(context);
789 /* This cert's issuer isn't in */
790 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
791 sizeof(bigCert2));
792 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
793 GetLastError());
794 context = CertGetCRLFromStore(store, cert, NULL, &flags);
795 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
796 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
797 CertFreeCertificateContext(cert);
799 /* But this one is */
800 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
801 sizeof(bigCert));
802 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
803 GetLastError());
804 context = CertGetCRLFromStore(store, cert, NULL, &flags);
805 ok(context != NULL, "Expected a context\n");
806 CertFreeCRLContext(context);
807 CertFreeCertificateContext(cert);
809 CertCloseStore(store, 0);
812 static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
813 PCCRL_CONTEXT context, DWORD propID)
815 BYTE hash[20] = { 0 }, hashProperty[20];
816 BOOL ret;
817 DWORD size;
819 memset(hash, 0, sizeof(hash));
820 memset(hashProperty, 0, sizeof(hashProperty));
821 size = sizeof(hash);
822 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
823 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
824 ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
825 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
826 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
827 propID);
830 static void testCRLProperties(void)
832 PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING,
833 CRL, sizeof(CRL));
835 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
836 if (context)
838 DWORD propID, numProps, access, size;
839 BOOL ret;
840 BYTE hash[20] = { 0 }, hashProperty[20];
841 CRYPT_DATA_BLOB blob;
843 /* This crashes
844 propID = CertEnumCRLContextProperties(NULL, 0);
847 propID = 0;
848 numProps = 0;
849 do {
850 propID = CertEnumCRLContextProperties(context, propID);
851 if (propID)
852 numProps++;
853 } while (propID != 0);
854 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
856 /* Tests with a NULL cert context. Prop ID 0 fails.. */
857 ret = CertSetCRLContextProperty(NULL, 0, 0, NULL);
858 ok(!ret && GetLastError() == E_INVALIDARG,
859 "Expected E_INVALIDARG, got %08x\n", GetLastError());
860 /* while this just crashes.
861 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
862 NULL);
865 ret = CertSetCRLContextProperty(context, 0, 0, NULL);
866 ok(!ret && GetLastError() == E_INVALIDARG,
867 "Expected E_INVALIDARG, got %08x\n", GetLastError());
868 /* Can't set the cert property directly, this crashes.
869 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
872 /* These all crash.
873 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
874 NULL);
875 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
876 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
877 hashProperty, NULL);
879 /* A missing prop */
880 size = 0;
881 ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
882 NULL, &size);
883 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
884 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
885 /* And, an implicit property */
886 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
887 NULL, &size);
888 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
889 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
890 &access, &size);
891 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
892 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
893 "Didn't expect a persisted crl\n");
894 /* Trying to set this "read only" property crashes.
895 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
896 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
897 &access);
900 /* Can I set the hash to an invalid hash? */
901 blob.pbData = hash;
902 blob.cbData = sizeof(hash);
903 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob);
904 ok(ret, "CertSetCRLContextProperty failed: %08x\n",
905 GetLastError());
906 size = sizeof(hashProperty);
907 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
908 hashProperty, &size);
909 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
910 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
911 /* Delete the (bogus) hash, and get the real one */
912 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL);
913 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
914 checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID);
916 /* Now that the hash property is set, we should get one property when
917 * enumerating.
919 propID = 0;
920 numProps = 0;
921 do {
922 propID = CertEnumCRLContextProperties(context, propID);
923 if (propID)
924 numProps++;
925 } while (propID != 0);
926 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
928 /* Check a few other implicit properties */
929 checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
930 CERT_MD5_HASH_PROP_ID);
932 CertFreeCRLContext(context);
936 static const BYTE bigCertWithCRLDistPoints[] = {
937 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
938 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
939 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
940 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
941 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
942 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
943 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
944 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
945 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
946 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
947 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
948 0x6f,0x72,0x67 };
950 static void testIsValidCRLForCert(void)
952 BOOL ret;
953 PCCERT_CONTEXT cert1, cert2, cert3;
954 PCCRL_CONTEXT crl;
955 HCERTSTORE store;
957 if(!pCertIsValidCRLForCertificate) return;
959 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
960 sizeof(v1CRLWithIssuerAndEntry));
961 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
962 cert1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
963 sizeof(bigCert));
964 ok(cert1 != NULL, "CertCreateCertificateContext failed: %08x\n",
965 GetLastError());
967 /* Crash
968 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
969 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
972 /* Curiously, any CRL is valid for the NULL certificate */
973 ret = pCertIsValidCRLForCertificate(NULL, crl, 0, NULL);
974 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
976 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
977 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
978 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
980 cert2 = CertCreateCertificateContext(X509_ASN_ENCODING,
981 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
982 ok(cert2 != NULL, "CertCreateCertificateContext failed: %08x\n",
983 GetLastError());
985 /* Yet more curious: different issuers for these, yet the CRL is valid for
986 * that cert. According to MSDN, the relevant bit to check is whether the
987 * CRL has a CRL_ISSUING_DIST_POINT extension.
989 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
990 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
992 CertFreeCRLContext(crl);
994 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
995 * cert doesn't have the same extension in it.
997 crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
998 sizeof(v2CRLWithIssuingDistPoint));
999 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1001 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1002 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1003 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1004 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1005 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1006 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1008 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1009 * a CRL_DIST_POINTS_INFO extension.
1011 cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
1012 bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
1013 ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n",
1014 GetLastError());
1015 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1016 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1018 CertFreeCRLContext(crl);
1020 /* And again, with a real CRL, the CRL is valid for all three certs. */
1021 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1022 sizeof(verisignCRL));
1023 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1025 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1026 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1027 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1028 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1029 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1030 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1032 CertFreeCRLContext(crl);
1034 /* One last test: a CRL in a different store than the cert is also valid
1035 * for the cert.
1037 store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
1038 CERT_STORE_CREATE_NEW_FLAG, NULL);
1039 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1041 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL,
1042 sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl);
1043 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1045 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1046 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1047 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1048 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1049 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1050 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1052 CertFreeCRLContext(crl);
1054 CertCloseStore(store, 0);
1056 CertFreeCertificateContext(cert3);
1057 CertFreeCertificateContext(cert2);
1058 CertFreeCertificateContext(cert1);
1061 static const BYTE crlWithDifferentIssuer[] = {
1062 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1063 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1064 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1065 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1066 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1068 static void testFindCertInCRL(void)
1070 BOOL ret;
1071 PCCERT_CONTEXT cert;
1072 PCCRL_CONTEXT crl;
1073 PCRL_ENTRY entry;
1075 if (!pCertFindCertificateInCRL)
1077 win_skip("CertFindCertificateInCRL() is not available\n");
1078 return;
1081 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1082 sizeof(bigCert));
1083 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
1084 GetLastError());
1086 /* Crash
1087 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1088 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1089 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1090 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1091 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1092 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1093 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1096 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1097 sizeof(verisignCRL));
1098 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1099 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1100 ok(entry == NULL, "Expected not to find an entry in CRL\n");
1101 CertFreeCRLContext(crl);
1103 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1104 sizeof(v1CRLWithIssuerAndEntry));
1105 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1106 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1107 ok(entry != NULL, "Expected to find an entry in CRL\n");
1108 CertFreeCRLContext(crl);
1110 /* Entry found even though CRL issuer doesn't match cert issuer */
1111 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1112 sizeof(crlWithDifferentIssuer));
1113 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1114 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1115 ok(entry != NULL, "Expected to find an entry in CRL\n");
1116 CertFreeCRLContext(crl);
1118 CertFreeCertificateContext(cert);
1121 static void testVerifyCRLRevocation(void)
1123 BOOL ret;
1124 PCCERT_CONTEXT cert;
1125 PCCRL_CONTEXT crl;
1127 ret = CertVerifyCRLRevocation(0, NULL, 0, NULL);
1128 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1129 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, NULL, 0, NULL);
1130 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1132 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1133 sizeof(bigCert));
1135 /* Check against no CRL */
1136 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1137 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1138 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 0, NULL);
1139 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1141 /* Check against CRL with entry for the cert */
1142 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1143 sizeof(v1CRLWithIssuerAndEntry));
1144 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1145 (PCRL_INFO *)&crl->pCrlInfo);
1146 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1147 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1148 (PCRL_INFO *)&crl->pCrlInfo);
1149 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1150 CertFreeCRLContext(crl);
1152 /* Check against CRL with different issuer and entry for the cert */
1153 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1154 sizeof(crlWithDifferentIssuer));
1155 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1156 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1157 (PCRL_INFO *)&crl->pCrlInfo);
1158 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1159 CertFreeCRLContext(crl);
1161 /* Check against CRL without entry for the cert */
1162 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1163 sizeof(verisignCRL));
1164 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1165 (PCRL_INFO *)&crl->pCrlInfo);
1166 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1167 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1168 (PCRL_INFO *)&crl->pCrlInfo);
1169 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1170 CertFreeCRLContext(crl);
1172 CertFreeCertificateContext(cert);
1175 START_TEST(crl)
1177 init_function_pointers();
1179 testCreateCRL();
1180 testDupCRL();
1181 testAddCRL();
1182 testFindCRL();
1183 testGetCRLFromStore();
1185 testCRLProperties();
1187 testIsValidCRLForCert();
1188 testFindCertInCRL();
1189 testVerifyCRLRevocation();