From bcbf5dcee337d83540c188a6572974ead74219cd Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Tue, 7 Aug 2007 13:15:00 -0700
Subject: [PATCH] crypt32: Test and correct finding a subject certificate.

---
 dlls/crypt32/cert.c       |  8 +++++++-
 dlls/crypt32/tests/cert.c | 22 ++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 5e5bed864e5..ea1d261b16f 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -906,9 +906,15 @@ static BOOL compare_cert_by_subject_cert(PCCERT_CONTEXT pCertContext,
  DWORD dwType, DWORD dwFlags, const void *pvPara)
 {
     CERT_INFO *pCertInfo = (CERT_INFO *)pvPara;
+    BOOL ret;
 
-    return CertCompareCertificateName(pCertContext->dwCertEncodingType,
+    ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
      &pCertInfo->Issuer, &pCertContext->pCertInfo->Subject);
+    if (ret && pCertInfo->SerialNumber.cbData)
+        ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
+         &pCertInfo->SerialNumber);
+    TRACE("returning %d\n", ret);
+    return ret;
 }
 
 static BOOL compare_cert_by_cert_id(PCCERT_CONTEXT pCertContext, DWORD dwType,
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index ab668ae5bfe..af58b5f5c8f 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -604,6 +604,7 @@ static void testFindCert(void)
     BOOL ret;
     CERT_INFO certInfo = { 0 };
     CRYPT_HASH_BLOB blob;
+    BYTE otherSerialNumber[] = { 2 };
 
     store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
      CERT_STORE_CREATE_NEW_FLAG, NULL);
@@ -685,6 +686,27 @@ static void testFindCert(void)
          CERT_FIND_SUBJECT_CERT, &certInfo.Subject, context);
         ok(context == NULL, "Expected one cert only\n");
     }
+    /* The above search matched even though no serial number is set.  A
+     * non-matching serial number will not match.
+     */
+    certInfo.SerialNumber.pbData = otherSerialNumber;
+    certInfo.SerialNumber.cbData = sizeof(otherSerialNumber);
+    context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
+     CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
+    ok(context == NULL, "Expected no match\n");
+    /* A matching serial number will match. */
+    certInfo.SerialNumber.pbData = serialNum;
+    certInfo.SerialNumber.cbData = sizeof(serialNum);
+    context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
+     CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
+    ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
+     GetLastError());
+    if (context)
+    {
+        context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
+         CERT_FIND_SUBJECT_CERT, &certInfo.Subject, context);
+        ok(context == NULL, "Expected one cert only\n");
+    }
 
     /* The nice thing about hashes, they're unique */
     blob.pbData = bigCertHash;