From b278155616d3147f6695b55b77345e70894a9624 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Wed, 18 Nov 2009 16:36:15 -0800 Subject: [PATCH] crypt32: Add more tests for CertFindCRLInStore. --- dlls/crypt32/tests/crl.c | 237 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 236 insertions(+), 1 deletion(-) diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c index 0eaf43a9086..d50d99638fa 100644 --- a/dlls/crypt32/tests/crl.c +++ b/dlls/crypt32/tests/crl.c @@ -312,13 +312,97 @@ static const BYTE verisignCommercialSoftPubCA[] = { 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71, 0x64,0x31,0x3c,0x3c }; +static const BYTE rootWithKeySignAndCRLSign[] = { +0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10, +0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca, +0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31, +0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31, +0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30, +0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35, +0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05, +0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, +0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, +0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82, +0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34, +0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7, +0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91, +0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5, +0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd, +0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c, +0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35, +0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01, +0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01, +0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01, +0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d, +0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0, +0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b, +0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d, +0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c, +0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c, +0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda, +0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7, +0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e, +0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4, +0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f, +0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a, +0x2e,0x84,0xee }; +static const BYTE eeCert[] = { +0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, +0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65, +0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30, +0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30, +0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04, +0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00, +0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33, +0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc, +0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48, +0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47, +0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05, +0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a, +0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85, +0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3, +0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3, +0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2, +0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3, +0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a, +0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41, +0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5, +0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8, +0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7, +0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92, +0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3, +0xef,0x9f }; +static const BYTE rootSignedCRL[] = { +0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30, +0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d, +0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, +0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14, +0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30, +0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d, +0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16, +0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98, +0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, +0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d, +0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45, +0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68, +0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b, +0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3, +0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c, +0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66, +0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a, +0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b, +0x3d,0x74,0xd6,0x3b }; static void testFindCRL(void) { HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); PCCRL_CONTEXT context; - PCCERT_CONTEXT cert; + PCCERT_CONTEXT cert, endCert, rootCert; CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL }; DWORD count, revoked_count; BOOL ret; @@ -511,6 +595,157 @@ static void testFindCRL(void) CertFreeCertificateContext(cert); CertCloseStore(store, 0); + + /* This test uses a synthesized chain (rootWithKeySignAndCRLSign -> + * eeCert) whose end certificate is in the CRL. + */ + store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + /* Add a CRL for the end certificate */ + CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, + rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL); + /* Add another CRL unrelated to the tested chain */ + CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, + verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL); + endCert = CertCreateCertificateContext(X509_ASN_ENCODING, + eeCert, sizeof(eeCert)); + rootCert = CertCreateCertificateContext(X509_ASN_ENCODING, + rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign)); + issuedForPara.pSubjectCert = endCert; + issuedForPara.pIssuerCert = rootCert; + context = NULL; + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, + &issuedForPara, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 1, "expected 1 matching CRLs, got %d\n", count); + ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n", + revoked_count); + + /* Test CRL_FIND_ISSUED_BY flags */ + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, + endCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + todo_wine { + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + } + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, + rootCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 1, "expected 1 matching CRLs, got %d\n", count); + ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG, + CRL_FIND_ISSUED_BY, endCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + todo_wine { + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + } + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG, + CRL_FIND_ISSUED_BY, rootCert, context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + todo_wine + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, + CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert, + context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 0, "expected 0 matching CRLs, got %d\n", count); + ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", + revoked_count); + count = revoked_count = 0; + do { + context = pCertFindCRLInStore(store, 0, + CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert, + context); + if (context) + { + PCRL_ENTRY entry; + + count++; + if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) && + entry) + revoked_count++; + } + } while (context); + ok(count == 1, "expected 1 matching CRLs, got %d\n", count); + ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n", + revoked_count); + CertFreeCertificateContext(rootCert); + CertFreeCertificateContext(endCert); + + CertCloseStore(store, 0); } static void testGetCRLFromStore(void)