From e5c56b1798135b9914d1f448ea0deb7465d0b8ed Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Wed, 18 Nov 2009 14:01:53 -0800
Subject: [PATCH] crypt32: Correct tests for CertIsValidCRLForCertificate.

---
 dlls/crypt32/tests/crl.c | 55 +++++++++++++++++++++++++++++++---------
 1 file changed, 43 insertions(+), 12 deletions(-)

diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c
index d8d8bfcd092..bc6c862e8b6 100644
--- a/dlls/crypt32/tests/crl.c
+++ b/dlls/crypt32/tests/crl.c
@@ -229,13 +229,15 @@ static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
  0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
  0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
  0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
-static const BYTE v2CRLWithIssuingDistPoint[] = { 0x30,0x5c,0x02,0x01,0x01,
- 0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
- 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,
- 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,
- 0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
- 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06,
- 0x03,0x55,0x1d,0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
+static const BYTE v2CRLWithIssuingDistPoint[] = {
+0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
+0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
+0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
+0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
+0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
+0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
+0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
+0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
  0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
  0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
@@ -684,10 +686,24 @@ static void testCRLProperties(void)
     }
 }
 
+static const BYTE bigCertWithCRLDistPoints[] = {
+0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
+0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
+0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
+0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
+0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
+0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
+0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
+0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
+0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
+0x6f,0x72,0x67 };
+
 static void testIsValidCRLForCert(void)
 {
     BOOL ret;
-    PCCERT_CONTEXT cert1, cert2;
+    PCCERT_CONTEXT cert1, cert2, cert3;
     PCCRL_CONTEXT crl;
     HCERTSTORE store;
 
@@ -728,16 +744,30 @@ static void testIsValidCRLForCert(void)
 
     CertFreeCRLContext(crl);
 
-    /* Yet with a CRL_ISSUING_DIST_POINT in the CRL, I still can't get this
-     * to say the CRL is not valid for either cert.
+    /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
+     * cert doesn't have the same extension in it.
      */
     crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
      sizeof(v2CRLWithIssuingDistPoint));
     ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
 
+    todo_wine {
     ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
-    ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
+    ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
+     "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
     ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
+    ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
+     "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
+    }
+
+    /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
+     * a CRL_DIST_POINTS_INFO extension.
+     */
+    cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
+     bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
+    ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n",
+     GetLastError());
+    ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
     ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
 
     CertFreeCRLContext(crl);
@@ -755,7 +785,7 @@ static void testIsValidCRLForCert(void)
     CertFreeCRLContext(crl);
 
     /* One last test: a CRL in a different store than the cert is also valid
-     * for the cert, so CertIsValidCRLForCertificate must always return TRUE?
+     * for the cert.
      */
     store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
      CERT_STORE_CREATE_NEW_FLAG, NULL);
@@ -774,6 +804,7 @@ static void testIsValidCRLForCert(void)
 
     CertCloseStore(store, 0);
 
+    CertFreeCertificateContext(cert3);
     CertFreeCertificateContext(cert2);
     CertFreeCertificateContext(cert1);
 }