2 * crypt32 cert functions tests
4 * Copyright 2005-2006 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
30 #include "wine/test.h"
32 static BOOL (WINAPI *pCertAddStoreToCollection)(HCERTSTORE,HCERTSTORE,DWORD,DWORD);
33 static PCCERT_CONTEXT (WINAPI *pCertCreateSelfSignCertificate)(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE,PCERT_NAME_BLOB,DWORD,PCRYPT_KEY_PROV_INFO,PCRYPT_ALGORITHM_IDENTIFIER,PSYSTEMTIME,PSYSTEMTIME,PCERT_EXTENSIONS);
34 static BOOL (WINAPI *pCertGetValidUsages)(DWORD,PCCERT_CONTEXT*,int*,LPSTR*,DWORD*);
35 static BOOL (WINAPI *pCryptAcquireCertificatePrivateKey)(PCCERT_CONTEXT,DWORD,void*,HCRYPTPROV_OR_NCRYPT_KEY_HANDLE*,DWORD*,BOOL*);
36 static BOOL (WINAPI *pCryptEncodeObjectEx)(DWORD,LPCSTR,const void*,DWORD,PCRYPT_ENCODE_PARA,void*,DWORD*);
37 static BOOL (WINAPI * pCryptVerifyCertificateSignatureEx)
38 (HCRYPTPROV, DWORD, DWORD, void *, DWORD, void *, DWORD, void *);
40 static BOOL (WINAPI * pCryptAcquireContextA)
41 (HCRYPTPROV *, LPCSTR, LPCSTR, DWORD, DWORD);
43 static void init_function_pointers(void)
45 HMODULE hCrypt32 = GetModuleHandleA("crypt32.dll");
46 HMODULE hAdvapi32 = GetModuleHandleA("advapi32.dll");
48 #define GET_PROC(dll, func) \
49 p ## func = (void *)GetProcAddress(dll, #func); \
51 trace("GetProcAddress(%s) failed\n", #func);
53 GET_PROC(hCrypt32, CertAddStoreToCollection)
54 GET_PROC(hCrypt32, CertCreateSelfSignCertificate)
55 GET_PROC(hCrypt32, CertGetValidUsages)
56 GET_PROC(hCrypt32, CryptAcquireCertificatePrivateKey)
57 GET_PROC(hCrypt32, CryptEncodeObjectEx)
58 GET_PROC(hCrypt32, CryptVerifyCertificateSignatureEx)
60 GET_PROC(hAdvapi32, CryptAcquireContextA)
65 static BYTE subjectName[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
66 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
68 static BYTE serialNum[] = { 1 };
69 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
70 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
71 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
72 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
73 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
74 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
75 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
76 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
77 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
78 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
79 static BYTE bigCertHash[] = { 0x6e, 0x30, 0x90, 0x71, 0x5f, 0xd9, 0x23,
80 0x56, 0xeb, 0xae, 0x25, 0x40, 0xe6, 0x22, 0xda, 0x19, 0x26, 0x02, 0xa6, 0x08 };
82 static const BYTE bigCertWithDifferentSubject[] = { 0x30, 0x7a, 0x02, 0x01, 0x02,
83 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
84 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67,
85 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31,
86 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
87 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15,
88 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c,
89 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06,
90 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
91 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
93 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
94 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
95 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
96 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
97 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
98 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
99 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
100 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
101 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
102 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
105 static BYTE subjectName2[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
106 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61,
108 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
109 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
110 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
111 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
112 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
113 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
114 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
115 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
116 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
117 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
118 static const BYTE bigCert2WithDifferentSerial[] = { 0x30, 0x7a, 0x02, 0x01,
119 0x02, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
120 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
121 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
122 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
123 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
124 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41,
125 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
126 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
127 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
129 static BYTE bigCert2Hash[] = { 0x4a, 0x7f, 0x32, 0x1f, 0xcf, 0x3b, 0xc0,
130 0x87, 0x48, 0x2b, 0xa1, 0x86, 0x54, 0x18, 0xe4, 0x3a, 0x0e, 0x53, 0x7e, 0x2b };
132 static const BYTE certWithUsage[] = { 0x30, 0x81, 0x93, 0x02, 0x01, 0x01, 0x30,
133 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
134 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00,
135 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
136 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
137 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31,
138 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61,
139 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00,
140 0x03, 0x01, 0x00, 0xa3, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x1d,
141 0x25, 0x01, 0x01, 0xff, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01,
142 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
143 0x03, 0x02, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
145 static void testAddCert(void)
148 HCERTSTORE collection;
149 PCCERT_CONTEXT context;
150 PCCERT_CONTEXT copyContext;
153 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
154 CERT_STORE_CREATE_NEW_FLAG, NULL);
155 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
159 /* Weird--bad add disposition leads to an access violation in Windows.
160 * Both tests crash on some win9x boxes.
164 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
165 sizeof(bigCert), 0, NULL);
166 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
167 GetLastError() == E_INVALIDARG),
168 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n",
170 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
171 bigCert, sizeof(bigCert), 0, NULL);
172 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
173 GetLastError() == E_INVALIDARG),
174 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n",
178 /* Weird--can add a cert to the NULL store (does this have special
182 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
183 sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
184 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
185 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
187 CertFreeCertificateContext(context);
188 if (!ret && GetLastError() == OSS_DATA_ERROR)
190 skip("bigCert can't be decoded, skipping tests\n");
194 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
195 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
196 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
198 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
199 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
200 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
202 /* This has the same name as bigCert, so finding isn't done by name */
203 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
204 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, &context);
205 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
207 ok(context != NULL, "Expected a context\n");
210 CRYPT_DATA_BLOB hash = { sizeof(bigCert2Hash), bigCert2Hash };
212 /* Duplicate (AddRef) the context so we can still use it after
213 * deleting it from the store.
215 CertDuplicateCertificateContext(context);
216 CertDeleteCertificateFromStore(context);
217 /* Set the same hash as bigCert2, and try to readd it */
218 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID,
220 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
222 ret = CertAddCertificateContextToStore(store, context,
223 CERT_STORE_ADD_NEW, NULL);
224 /* The failure is a bit odd (CRYPT_E_ASN1_BADTAG), so just check
227 ok(!ret, "Expected failure\n");
228 CertFreeCertificateContext(context);
230 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
232 ok(context != NULL, "Expected a context\n");
235 /* Try to readd bigCert2 to the store */
236 ret = CertAddCertificateContextToStore(store, context,
237 CERT_STORE_ADD_NEW, NULL);
238 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
239 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
240 CertFreeCertificateContext(context);
243 /* Adding a cert with the same issuer name and serial number (but
244 * different subject) as an existing cert succeeds.
247 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
248 bigCert2WithDifferentSerial, sizeof(bigCert2WithDifferentSerial),
249 CERT_STORE_ADD_NEW, &context);
250 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
253 CertDeleteCertificateFromStore(context);
255 /* Adding a cert with the same subject name and serial number (but
256 * different issuer) as an existing cert succeeds.
259 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
260 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject),
261 CERT_STORE_ADD_NEW, &context);
262 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
265 CertDeleteCertificateFromStore(context);
267 /* Adding a cert with the same issuer name and serial number (but
268 * different otherwise) as an existing cert succeeds.
271 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
272 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer),
273 CERT_STORE_ADD_NEW, &context);
274 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
277 CertDeleteCertificateFromStore(context);
279 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
280 CERT_STORE_CREATE_NEW_FLAG, NULL);
281 ok(collection != NULL, "CertOpenStore failed: %08x\n", GetLastError());
282 if (collection && pCertAddStoreToCollection)
284 /* Add store to the collection, but disable updates */
285 pCertAddStoreToCollection(collection, store, 0, 0);
287 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
289 ok(context != NULL, "Expected a context\n");
292 /* Try to readd bigCert2 to the collection */
293 ret = CertAddCertificateContextToStore(collection, context,
294 CERT_STORE_ADD_NEW, NULL);
295 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
296 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
297 /* Replacing an existing certificate context is allowed, even
298 * though updates to the collection aren't..
300 ret = CertAddCertificateContextToStore(collection, context,
301 CERT_STORE_ADD_REPLACE_EXISTING, NULL);
302 ok(ret, "CertAddCertificateContextToStore failed: %08x\n",
304 /* use the existing certificate and ask for a copy of the context*/
306 ret = CertAddCertificateContextToStore(collection, context,
307 CERT_STORE_ADD_USE_EXISTING, ©Context);
308 ok(ret, "CertAddCertificateContextToStore failed: %08x\n",
310 ok(copyContext != NULL, "Expected on output a non NULL copyContext\n");
312 CertFreeCertificateContext(copyContext);
313 /* but adding a new certificate isn't allowed. */
314 ret = CertAddCertificateContextToStore(collection, context,
315 CERT_STORE_ADD_ALWAYS, NULL);
316 ok(!ret && GetLastError() == E_ACCESSDENIED,
317 "Expected E_ACCESSDENIED, got %08x\n", GetLastError());
318 CertFreeCertificateContext(context);
321 CertCloseStore(collection, 0);
324 CertCloseStore(store, 0);
327 static void checkHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
328 PCCERT_CONTEXT context, DWORD propID)
330 BYTE hash[20] = { 0 }, hashProperty[20];
333 DWORD dwSizeWithNull;
335 memset(hash, 0, sizeof(hash));
336 memset(hashProperty, 0, sizeof(hashProperty));
338 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
339 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
340 ret = CertGetCertificateContextProperty(context, propID, NULL,
342 ok(ret, "algID %08x, propID %d: CertGetCertificateContextProperty failed: %08x\n",
343 algID, propID, GetLastError());
344 ret = CertGetCertificateContextProperty(context, propID, hashProperty,
346 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
348 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
350 ok(size == dwSizeWithNull, "Unexpected length of hash for property: received %d instead of %d\n",
351 dwSizeWithNull,size);
354 static CHAR cspNameA[] = "WineCryptTemp";
355 static WCHAR cspNameW[] = { 'W','i','n','e','C','r','y','p','t','T','e','m','p',0 };
356 static const BYTE v1CertWithPubKey[] = {
357 0x30,0x81,0x95,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
358 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
359 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
360 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
361 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
362 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
363 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
364 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
365 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
366 0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
368 static const BYTE v1CertWithSubjectKeyId[] = {
369 0x30,0x7b,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
370 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
371 0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
372 0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
373 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
374 0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
375 0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x17,0x30,0x15,0x30,
376 0x13,0x06,0x03,0x55,0x1d,0x0e,0x04,0x0c,0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,
377 0x4c,0x61,0x6e,0x67,0x00 };
378 static const BYTE subjectKeyId[] = {
379 0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
380 static const BYTE selfSignedCert[] = {
381 0x30, 0x82, 0x01, 0x1f, 0x30, 0x81, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
382 0x10, 0xeb, 0x0d, 0x57, 0x2a, 0x9c, 0x09, 0xba, 0xa4, 0x4a, 0xb7, 0x25, 0x49,
383 0xd9, 0x3e, 0xb5, 0x73, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d,
384 0x05, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
385 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30,
386 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x32, 0x39, 0x30, 0x35, 0x30, 0x30,
387 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x32, 0x39, 0x31, 0x31,
388 0x30, 0x30, 0x34, 0x36, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
389 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e,
390 0x67, 0x00, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
391 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
392 0x00, 0xe2, 0x54, 0x3a, 0xa7, 0x83, 0xb1, 0x27, 0x14, 0x3e, 0x59, 0xbb, 0xb4,
393 0x53, 0xe6, 0x1f, 0xe7, 0x5d, 0xf1, 0x21, 0x68, 0xad, 0x85, 0x53, 0xdb, 0x6b,
394 0x1e, 0xeb, 0x65, 0x97, 0x03, 0x86, 0x60, 0xde, 0xf3, 0x6c, 0x38, 0x75, 0xe0,
395 0x4c, 0x61, 0xbb, 0xbc, 0x62, 0x17, 0xa9, 0xcd, 0x79, 0x3f, 0x21, 0x4e, 0x96,
396 0xcb, 0x0e, 0xdc, 0x61, 0x94, 0x30, 0x18, 0x10, 0x6b, 0xd0, 0x1c, 0x10, 0x79,
397 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
398 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x25, 0x90, 0x53, 0x34, 0xd9, 0x56, 0x41,
399 0x5e, 0xdb, 0x7e, 0x01, 0x36, 0xec, 0x27, 0x61, 0x5e, 0xb7, 0x4d, 0x90, 0x66,
400 0xa2, 0xe1, 0x9d, 0x58, 0x76, 0xd4, 0x9c, 0xba, 0x2c, 0x84, 0xc6, 0x83, 0x7a,
401 0x22, 0x0d, 0x03, 0x69, 0x32, 0x1a, 0x6d, 0xcb, 0x0c, 0x15, 0xb3, 0x6b, 0xc7,
402 0x0a, 0x8c, 0xb4, 0x5c, 0x34, 0x78, 0xe0, 0x3c, 0x9c, 0xe9, 0xf3, 0x30, 0x9f,
403 0xa8, 0x76, 0x57, 0x92, 0x36 };
404 static const BYTE selfSignedSignatureHash[] = { 0x07,0x5a,0x3e,0xfd,0x0d,0xf6,
405 0x88,0xeb,0x00,0x64,0xbd,0xc9,0xd6,0xea,0x0a,0x7c,0xcc,0x24,0xdb,0x5d };
407 static void testCertProperties(void)
409 PCCERT_CONTEXT context = CertCreateCertificateContext(X509_ASN_ENCODING,
410 bigCert, sizeof(bigCert));
411 DWORD propID, numProps, access, size;
413 BYTE hash[20] = { 0 }, hashProperty[20];
414 CRYPT_DATA_BLOB blob;
415 CERT_KEY_CONTEXT keyContext;
417 ok(context != NULL || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
418 "CertCreateCertificateContext failed: %08x\n", GetLastError());
423 propID = CertEnumCertificateContextProperties(NULL, 0);
429 propID = CertEnumCertificateContextProperties(context, propID);
432 } while (propID != 0);
433 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
435 /* Tests with a NULL cert context. Prop ID 0 fails.. */
436 ret = CertSetCertificateContextProperty(NULL, 0, 0, NULL);
437 ok(!ret && GetLastError() == E_INVALIDARG,
438 "Expected E_INVALIDARG, got %08x\n", GetLastError());
439 /* while this just crashes.
440 ret = CertSetCertificateContextProperty(NULL,
441 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
444 ret = CertSetCertificateContextProperty(context, 0, 0, NULL);
445 ok(!ret && GetLastError() == E_INVALIDARG,
446 "Expected E_INVALIDARG, got %08x\n", GetLastError());
447 /* Can't set the cert property directly, this crashes.
448 ret = CertSetCertificateContextProperty(context,
449 CERT_CERT_PROP_ID, 0, bigCert2);
453 ret = CertGetCertificateContextProperty(context,
454 CERT_ACCESS_STATE_PROP_ID, 0, NULL);
455 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
457 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
462 ret = CertGetCertificateContextProperty(context,
463 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
464 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
465 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
466 /* And, an implicit property */
467 size = sizeof(access);
468 ret = CertGetCertificateContextProperty(context,
469 CERT_ACCESS_STATE_PROP_ID, &access, &size);
470 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
472 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
473 "Didn't expect a persisted cert\n");
474 /* Trying to set this "read only" property crashes.
475 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
476 ret = CertSetCertificateContextProperty(context,
477 CERT_ACCESS_STATE_PROP_ID, 0, &access);
480 /* Can I set the hash to an invalid hash? */
482 blob.cbData = sizeof(hash);
483 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
485 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
487 size = sizeof(hashProperty);
488 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
489 hashProperty, &size);
490 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
492 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
493 /* Delete the (bogus) hash, and get the real one */
494 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
496 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
498 checkHash(bigCert, sizeof(bigCert), CALG_SHA1, context,
501 /* Now that the hash property is set, we should get one property when
507 propID = CertEnumCertificateContextProperties(context, propID);
510 } while (propID != 0);
511 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
513 /* Check a few other implicit properties */
514 checkHash(bigCert, sizeof(bigCert), CALG_MD5, context,
515 CERT_MD5_HASH_PROP_ID);
517 /* Getting the signature hash fails with this bogus certificate */
519 ret = CertGetCertificateContextProperty(context,
520 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
522 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
523 GetLastError() == CRYPT_E_NOT_FOUND ||
524 GetLastError() == OSS_DATA_ERROR), /* win9x */
525 "Expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
527 /* Test key contexts and handles and such */
529 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
531 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
532 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
533 size = sizeof(CERT_KEY_CONTEXT);
534 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
536 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
537 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
538 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
540 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
541 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
542 /* Key context with an invalid size */
543 keyContext.cbSize = 0;
544 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
546 ok(!ret && GetLastError() == E_INVALIDARG,
547 "Expected E_INVALIDARG, got %08x\n", GetLastError());
548 size = sizeof(keyContext);
549 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
551 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
552 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
553 keyContext.cbSize = sizeof(keyContext);
554 keyContext.hCryptProv = 0;
555 keyContext.dwKeySpec = AT_SIGNATURE;
556 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
558 ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
559 /* Now that that's set, the key prov handle property is also gettable.
561 size = sizeof(keyContext.hCryptProv);
562 ret = CertGetCertificateContextProperty(context,
563 CERT_KEY_PROV_HANDLE_PROP_ID, &keyContext.hCryptProv, &size);
564 ok(ret, "Expected to get the CERT_KEY_PROV_HANDLE_PROP_ID, got %08x\n",
566 /* Remove the key prov handle property.. */
567 ret = CertSetCertificateContextProperty(context,
568 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
569 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
571 /* and the key context's CSP is set to NULL. */
572 size = sizeof(keyContext);
573 ret = CertGetCertificateContextProperty(context,
574 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
575 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
577 ok(keyContext.hCryptProv == 0, "Expected no hCryptProv\n");
579 /* According to MSDN the subject key id can be stored as a property,
580 * as a subject key extension, or as the SHA1 hash of the public key,
581 * but this cert has none of them:
583 ret = CertGetCertificateContextProperty(context,
584 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
585 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
586 "Expected ERROR_INVALID_DATA, got %08x\n", GetLastError());
587 CertFreeCertificateContext(context);
588 /* This cert does have a public key, but its subject key identifier still
589 * isn't available: */
590 context = CertCreateCertificateContext(X509_ASN_ENCODING,
591 v1CertWithPubKey, sizeof(v1CertWithPubKey));
592 ret = CertGetCertificateContextProperty(context,
593 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
594 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
595 "Expected ERROR_INVALID_DATA, got %08x\n", GetLastError());
596 CertFreeCertificateContext(context);
597 /* This cert with a subject key extension can have its key identifier
598 * property retrieved:
600 context = CertCreateCertificateContext(X509_ASN_ENCODING,
601 v1CertWithSubjectKeyId, sizeof(v1CertWithSubjectKeyId));
602 ret = CertGetCertificateContextProperty(context,
603 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
604 ok(ret, "CertGetCertificateContextProperty failed: %08x\n", GetLastError());
607 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size);
611 ret = CertGetCertificateContextProperty(context,
612 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
613 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
615 ok(!memcmp(buf, subjectKeyId, size), "Unexpected subject key id\n");
616 HeapFree(GetProcessHeap(), 0, buf);
619 CertFreeCertificateContext(context);
621 context = CertCreateCertificateContext(X509_ASN_ENCODING,
622 selfSignedCert, sizeof(selfSignedCert));
623 /* Getting the signature hash of a valid (self-signed) cert succeeds */
625 ret = CertGetCertificateContextProperty(context,
626 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
627 ok(ret, "CertGetCertificateContextProperty failed: %08x\n", GetLastError());
628 ok(size == sizeof(selfSignedSignatureHash), "unexpected size %d\n", size);
629 ret = CertGetCertificateContextProperty(context,
630 CERT_SIGNATURE_HASH_PROP_ID, hashProperty, &size);
632 ok(!memcmp(hashProperty, selfSignedSignatureHash, size),
633 "unexpected value\n");
634 CertFreeCertificateContext(context);
637 static void testCreateCert(void)
639 PCCERT_CONTEXT cert, enumCert;
643 SetLastError(0xdeadbeef);
644 cert = CertCreateCertificateContext(0, NULL, 0);
645 ok(!cert && GetLastError() == E_INVALIDARG,
646 "expected E_INVALIDARG, got %08x\n", GetLastError());
647 SetLastError(0xdeadbeef);
648 cert = CertCreateCertificateContext(0, selfSignedCert,
649 sizeof(selfSignedCert));
650 ok(!cert && GetLastError() == E_INVALIDARG,
651 "expected E_INVALIDARG, got %08x\n", GetLastError());
652 SetLastError(0xdeadbeef);
653 cert = CertCreateCertificateContext(X509_ASN_ENCODING, NULL, 0);
655 (GetLastError() == CRYPT_E_ASN1_EOD ||
656 broken(GetLastError() == OSS_MORE_INPUT /* NT4 */)),
657 "expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
659 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
660 selfSignedCert, sizeof(selfSignedCert));
661 ok(cert != NULL, "creating cert failed: %08x\n", GetLastError());
662 /* Even in-memory certs are expected to have a store associated with them */
664 ok(cert->hCertStore != NULL, "expected created cert to have a store\n");
665 /* The cert doesn't have the archived property set (which would imply it
666 * doesn't show up in enumerations.)
669 ret = CertGetCertificateContextProperty(cert, CERT_ARCHIVED_PROP_ID,
671 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
672 "expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
673 /* Strangely, enumerating the certs in the store finds none. */
676 while ((enumCert = CertEnumCertificatesInStore(cert->hCertStore, enumCert)))
678 ok(!count, "expected 0, got %d\n", count);
679 CertFreeCertificateContext(cert);
682 static void testDupCert(void)
685 PCCERT_CONTEXT context, dupContext;
688 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
689 CERT_STORE_CREATE_NEW_FLAG, NULL);
690 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
694 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
695 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
696 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
697 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
698 if (!ret && GetLastError() == OSS_DATA_ERROR)
700 skip("bigCert can't be decoded, skipping tests\n");
703 ok(context != NULL, "Expected a valid cert context\n");
706 ok(context->cbCertEncoded == sizeof(bigCert),
707 "Wrong cert size %d\n", context->cbCertEncoded);
708 ok(!memcmp(context->pbCertEncoded, bigCert, sizeof(bigCert)),
709 "Unexpected encoded cert in context\n");
710 ok(context->hCertStore == store, "Unexpected store\n");
712 dupContext = CertDuplicateCertificateContext(context);
713 ok(dupContext != NULL, "Expected valid duplicate\n");
714 /* Not only is it a duplicate, it's identical: the address is the
717 ok(dupContext == context, "Expected identical context addresses\n");
718 CertFreeCertificateContext(dupContext);
719 CertFreeCertificateContext(context);
721 CertCloseStore(store, 0);
723 SetLastError(0xdeadbeef);
724 context = CertDuplicateCertificateContext(NULL);
725 ok(context == NULL, "Expected context to be NULL\n");
728 static BYTE subjectName3[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
729 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x52, 0x6f, 0x62, 0x20, 0x20, 0x4c, 0x61,
731 static const BYTE iTunesCert0[] = {
732 0x30,0x82,0x03,0xc4,0x30,0x82,0x03,0x2d,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
733 0x47,0xbf,0x19,0x95,0xdf,0x8d,0x52,0x46,0x43,0xf7,0xdb,0x6d,0x48,0x0d,0x31,
734 0xa4,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
735 0x00,0x30,0x81,0x8b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
736 0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,
737 0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x14,0x30,0x12,0x06,
738 0x03,0x55,0x04,0x07,0x13,0x0b,0x44,0x75,0x72,0x62,0x61,0x6e,0x76,0x69,0x6c,
739 0x6c,0x65,0x31,0x0f,0x30,0x0d,0x06,0x03,0x55,0x04,0x0a,0x13,0x06,0x54,0x68,
740 0x61,0x77,0x74,0x65,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0b,0x13,0x14,
741 0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
742 0x61,0x74,0x69,0x6f,0x6e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x03,0x13,
743 0x16,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
744 0x6d,0x70,0x69,0x6e,0x67,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x33,0x31,
745 0x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x33,0x31,
746 0x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x53,0x31,0x0b,0x30,
747 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,
748 0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
749 0x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,
750 0x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,0x6d,0x65,0x20,
751 0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,0x76,0x69,0x63,
752 0x65,0x73,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,
753 0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,
754 0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0xca,0xb2,0xa4,0xcc,0xcd,0x20,
755 0xaf,0x0a,0x7d,0x89,0xac,0x87,0x75,0xf0,0xb4,0x4e,0xf1,0xdf,0xc1,0x0f,0xbf,
756 0x67,0x61,0xbd,0xa3,0x64,0x1c,0xda,0xbb,0xf9,0xca,0x33,0xab,0x84,0x30,0x89,
757 0x58,0x7e,0x8c,0xdb,0x6b,0xdd,0x36,0x9e,0x0f,0xbf,0xd1,0xec,0x78,0xf2,0x77,
758 0xa6,0x7e,0x6f,0x3c,0xbf,0x93,0xaf,0x0d,0xba,0x68,0xf4,0x6c,0x94,0xca,0xbd,
759 0x52,0x2d,0xab,0x48,0x3d,0xf5,0xb6,0xd5,0x5d,0x5f,0x1b,0x02,0x9f,0xfa,0x2f,
760 0x6b,0x1e,0xa4,0xf7,0xa3,0x9a,0xa6,0x1a,0xc8,0x02,0xe1,0x7f,0x4c,0x52,0xe3,
761 0x0e,0x60,0xec,0x40,0x1c,0x7e,0xb9,0x0d,0xde,0x3f,0xc7,0xb4,0xdf,0x87,0xbd,
762 0x5f,0x7a,0x6a,0x31,0x2e,0x03,0x99,0x81,0x13,0xa8,0x47,0x20,0xce,0x31,0x73,
763 0x0d,0x57,0x2d,0xcd,0x78,0x34,0x33,0x95,0x12,0x99,0x12,0xb9,0xde,0x68,0x2f,
764 0xaa,0xe6,0xe3,0xc2,0x8a,0x8c,0x2a,0xc3,0x8b,0x21,0x87,0x66,0xbd,0x83,0x58,
765 0x57,0x6f,0x75,0xbf,0x3c,0xaa,0x26,0x87,0x5d,0xca,0x10,0x15,0x3c,0x9f,0x84,
766 0xea,0x54,0xc1,0x0a,0x6e,0xc4,0xfe,0xc5,0x4a,0xdd,0xb9,0x07,0x11,0x97,0x22,
767 0x7c,0xdb,0x3e,0x27,0xd1,0x1e,0x78,0xec,0x9f,0x31,0xc9,0xf1,0xe6,0x22,0x19,
768 0xdb,0xc4,0xb3,0x47,0x43,0x9a,0x1a,0x5f,0xa0,0x1e,0x90,0xe4,0x5e,0xf5,0xee,
769 0x7c,0xf1,0x7d,0xab,0x62,0x01,0x8f,0xf5,0x4d,0x0b,0xde,0xd0,0x22,0x56,0xa8,
770 0x95,0xcd,0xae,0x88,0x76,0xae,0xee,0xba,0x0d,0xf3,0xe4,0x4d,0xd9,0xa0,0xfb,
771 0x68,0xa0,0xae,0x14,0x3b,0xb3,0x87,0xc1,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,
772 0x81,0xdb,0x30,0x81,0xd8,0x30,0x34,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
773 0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
774 0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,
775 0x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,
776 0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,
777 0xff,0x02,0x01,0x00,0x30,0x41,0x06,0x03,0x55,0x1d,0x1f,0x04,0x3a,0x30,0x38,
778 0x30,0x36,0xa0,0x34,0xa0,0x32,0x86,0x30,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
779 0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,
780 0x6d,0x2f,0x54,0x68,0x61,0x77,0x74,0x65,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
781 0x6d,0x70,0x69,0x6e,0x67,0x43,0x41,0x2e,0x63,0x72,0x6c,0x30,0x13,0x06,0x03,
782 0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
783 0x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,
784 0x02,0x01,0x06,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,0x04,0x1d,0x30,0x1b,0xa4,
785 0x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x13,0x0c,0x54,
786 0x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,0x33,0x30,0x0d,0x06,0x09,
787 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,
788 0x4a,0x6b,0xf9,0xea,0x58,0xc2,0x44,0x1c,0x31,0x89,0x79,0x99,0x2b,0x96,0xbf,
789 0x82,0xac,0x01,0xd6,0x1c,0x4c,0xcd,0xb0,0x8a,0x58,0x6e,0xdf,0x08,0x29,0xa3,
790 0x5e,0xc8,0xca,0x93,0x13,0xe7,0x04,0x52,0x0d,0xef,0x47,0x27,0x2f,0x00,0x38,
791 0xb0,0xe4,0xc9,0x93,0x4e,0x9a,0xd4,0x22,0x62,0x15,0xf7,0x3f,0x37,0x21,0x4f,
792 0x70,0x31,0x80,0xf1,0x8b,0x38,0x87,0xb3,0xe8,0xe8,0x97,0x00,0xfe,0xcf,0x55,
793 0x96,0x4e,0x24,0xd2,0xa9,0x27,0x4e,0x7a,0xae,0xb7,0x61,0x41,0xf3,0x2a,0xce,
794 0xe7,0xc9,0xd9,0x5e,0xdd,0xbb,0x2b,0x85,0x3e,0xb5,0x9d,0xb5,0xd9,0xe1,0x57,
795 0xff,0xbe,0xb4,0xc5,0x7e,0xf5,0xcf,0x0c,0x9e,0xf0,0x97,0xfe,0x2b,0xd3,0x3b,
796 0x52,0x1b,0x1b,0x38,0x27,0xf7,0x3f,0x4a };
797 static const BYTE iTunesCert1[] = {
798 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
799 0x0d,0xe9,0x2b,0xf0,0xd4,0xd8,0x29,0x88,0x18,0x32,0x05,0x09,0x5e,0x9a,0x76,
800 0x88,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
801 0x00,0x30,0x53,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
802 0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
803 0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,
804 0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
805 0x20,0x54,0x69,0x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,
806 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
807 0x30,0x33,0x31,0x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
808 0x30,0x38,0x31,0x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x57,
809 0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
810 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,
811 0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2f,0x30,0x2d,0x06,0x03,0x55,
812 0x04,0x03,0x13,0x26,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,
813 0x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,
814 0x76,0x69,0x63,0x65,0x73,0x20,0x53,0x69,0x67,0x6e,0x65,0x72,0x30,0x82,0x01,
815 0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
816 0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,
817 0xb2,0x50,0x28,0x48,0xdd,0xd3,0x68,0x7a,0x84,0x18,0x44,0x66,0x75,0x5d,0x7e,
818 0xc4,0xb8,0x9f,0x63,0x26,0xff,0x3d,0x43,0x9c,0x7c,0x11,0x38,0x10,0x25,0x55,
819 0x73,0xd9,0x75,0x27,0x69,0xfd,0x4e,0xb9,0x20,0x5c,0xd3,0x0a,0xf9,0xa0,0x1b,
820 0x2a,0xed,0x55,0x56,0x21,0x61,0xd8,0x1e,0xdb,0xe4,0xbc,0x33,0x6b,0xc7,0xef,
821 0xdd,0xa3,0x37,0x65,0x8e,0x1b,0x93,0x0c,0xb6,0x53,0x1e,0x5c,0x7c,0x66,0x35,
822 0x5f,0x05,0x8a,0x45,0xfe,0x76,0x4e,0xdf,0x53,0x80,0xa2,0x81,0x20,0x9d,0xae,
823 0x88,0x5c,0xa2,0x08,0xf7,0xe5,0x30,0xf9,0xee,0x22,0x37,0x4c,0x42,0x0a,0xce,
824 0xdf,0xc6,0x1f,0xc4,0xd6,0x55,0xe9,0x81,0x3f,0xb5,0x52,0xa3,0x2c,0xaa,0x01,
825 0x7a,0xf2,0xa2,0xaa,0x8d,0x35,0xfe,0x9f,0xe6,0x5d,0x6a,0x05,0x9f,0x3d,0x6b,
826 0xe3,0xbf,0x96,0xc0,0xfe,0xcc,0x60,0xf9,0x40,0xe7,0x07,0xa0,0x44,0xeb,0x81,
827 0x51,0x6e,0xa5,0x2a,0xf2,0xb6,0x8a,0x10,0x28,0xed,0x8f,0xdc,0x06,0xa0,0x86,
828 0x50,0x9a,0x7b,0x4a,0x08,0x0d,0x30,0x1d,0xca,0x10,0x9e,0x6b,0xf7,0xe9,0x58,
829 0xae,0x04,0xa9,0x40,0x99,0xb2,0x28,0xe8,0x8f,0x16,0xac,0x3c,0xe3,0x53,0x6f,
830 0x4b,0xd3,0x35,0x9d,0xb5,0x6f,0x64,0x1d,0xb3,0x96,0x2c,0xbb,0x3d,0xe7,0x79,
831 0xeb,0x6d,0x7a,0xf9,0x16,0xe6,0x26,0xad,0xaf,0xef,0x99,0x53,0xb7,0x40,0x2c,
832 0x95,0xb8,0x79,0xaa,0xfe,0xd4,0x52,0xab,0x29,0x74,0x7e,0x42,0xec,0x39,0x1e,
833 0xa2,0x6a,0x16,0xe6,0x59,0xbb,0x24,0x68,0xd8,0x00,0x80,0x43,0x10,0x87,0x80,
834 0x6b,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xca,0x30,0x81,0xc7,0x30,0x34,0x06,
835 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,
836 0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,
837 0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
838 0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
839 0xff,0x04,0x02,0x30,0x00,0x30,0x33,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2c,0x30,
840 0x2a,0x30,0x28,0xa0,0x26,0xa0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3a,0x2f,
841 0x2f,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,
842 0x6f,0x6d,0x2f,0x74,0x73,0x73,0x2d,0x63,0x61,0x2e,0x63,0x72,0x6c,0x30,0x16,
843 0x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,
844 0x06,0x01,0x05,0x05,0x07,0x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
845 0x01,0xff,0x04,0x04,0x03,0x02,0x06,0xc0,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,
846 0x04,0x1d,0x30,0x1b,0xa4,0x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,
847 0x04,0x03,0x13,0x0c,0x54,0x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,
848 0x34,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
849 0x00,0x03,0x82,0x01,0x01,0x00,0x87,0x78,0x70,0xda,0x4e,0x52,0x01,0x20,0x5b,
850 0xe0,0x79,0xc9,0x82,0x30,0xc4,0xfd,0xb9,0x19,0x96,0xbd,0x91,0x00,0xc3,0xbd,
851 0xcd,0xcd,0xc6,0xf4,0x0e,0xd8,0xff,0xf9,0x4d,0xc0,0x33,0x62,0x30,0x11,0xc5,
852 0xf5,0x74,0x1b,0xd4,0x92,0xde,0x5f,0x9c,0x20,0x13,0xb1,0x7c,0x45,0xbe,0x50,
853 0xcd,0x83,0xe7,0x80,0x17,0x83,0xa7,0x27,0x93,0x67,0x13,0x46,0xfb,0xca,0xb8,
854 0x98,0x41,0x03,0xcc,0x9b,0x51,0x5b,0x05,0x8b,0x7f,0xa8,0x6f,0xf3,0x1b,0x50,
855 0x1b,0x24,0x2e,0xf2,0x69,0x8d,0x6c,0x22,0xf7,0xbb,0xca,0x16,0x95,0xed,0x0c,
856 0x74,0xc0,0x68,0x77,0xd9,0xeb,0x99,0x62,0x87,0xc1,0x73,0x90,0xf8,0x89,0x74,
857 0x7a,0x23,0xab,0xa3,0x98,0x7b,0x97,0xb1,0xf7,0x8f,0x29,0x71,0x4d,0x2e,0x75,
858 0x1b,0x48,0x41,0xda,0xf0,0xb5,0x0d,0x20,0x54,0xd6,0x77,0xa0,0x97,0x82,0x63,
859 0x69,0xfd,0x09,0xcf,0x8a,0xf0,0x75,0xbb,0x09,0x9b,0xd9,0xf9,0x11,0x55,0x26,
860 0x9a,0x61,0x32,0xbe,0x7a,0x02,0xb0,0x7b,0x86,0xbe,0xa2,0xc3,0x8b,0x22,0x2c,
861 0x78,0xd1,0x35,0x76,0xbc,0x92,0x73,0x5c,0xf9,0xb9,0xe6,0x4c,0x15,0x0a,0x23,
862 0xcc,0xe4,0xd2,0xd4,0x34,0x2e,0x49,0x40,0x15,0x3c,0x0f,0x60,0x7a,0x24,0xc6,
863 0xa5,0x66,0xef,0x96,0xcf,0x70,0xeb,0x3e,0xe7,0xf4,0x0d,0x7e,0xdc,0xd1,0x7c,
864 0xa3,0x76,0x71,0x69,0xc1,0x9c,0x4f,0x47,0x30,0x35,0x21,0xb1,0xa2,0xaf,0x1a,
865 0x62,0x3c,0x2b,0xd9,0x8e,0xaa,0x2a,0x07,0x7b,0xd8,0x18,0xb3,0x5c,0x7b,0xe2,
866 0x9d,0xa5,0x6f,0xfe,0x3c,0x89,0xad };
867 static const BYTE iTunesCert2[] = {
868 0x30,0x82,0x04,0xbf,0x30,0x82,0x04,0x28,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
869 0x41,0x91,0xa1,0x5a,0x39,0x78,0xdf,0xcf,0x49,0x65,0x66,0x38,0x1d,0x4c,0x75,
870 0xc2,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
871 0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
872 0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
873 0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,
874 0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,
875 0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,
876 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,
877 0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x30,0x34,0x30,
878 0x37,0x31,0x36,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x34,0x30,
879 0x37,0x31,0x35,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,
880 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,
881 0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
882 0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,
883 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,
884 0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,
885 0x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,
886 0x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,
887 0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,
888 0x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,
889 0x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,
890 0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,0x69,
891 0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,0x20,0x43,0x41,0x30,0x82,
892 0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,
893 0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,
894 0x00,0xbe,0xbc,0xee,0xbc,0x7e,0xef,0x83,0xeb,0xe0,0x37,0x4f,0xfb,0x03,0x10,
895 0x38,0xbe,0x08,0xd2,0x8c,0x7d,0x9d,0xfa,0x92,0x7f,0x19,0x0c,0xc2,0x6b,0xee,
896 0x42,0x52,0x8c,0xde,0xd3,0x1c,0x48,0x13,0x25,0xea,0xc1,0x63,0x7a,0xf9,0x51,
897 0x65,0xee,0xd3,0xaa,0x3b,0xf5,0xf0,0x94,0x9c,0x2b,0xfb,0xf2,0x66,0xd4,0x24,
898 0xda,0xf7,0xf5,0x9f,0x6e,0x19,0x39,0x36,0xbc,0xd0,0xa3,0x76,0x08,0x1e,0x22,
899 0x27,0x24,0x6c,0x38,0x91,0x27,0xe2,0x84,0x49,0xae,0x1b,0x8a,0xa1,0xfd,0x25,
900 0x82,0x2c,0x10,0x30,0xe8,0x71,0xab,0x28,0xe8,0x77,0x4a,0x51,0xf1,0xec,0xcd,
901 0xf8,0xf0,0x54,0xd4,0x6f,0xc0,0xe3,0x6d,0x0a,0x8f,0xd9,0xd8,0x64,0x8d,0x63,
902 0xb2,0x2d,0x4e,0x27,0xf6,0x85,0x0e,0xfe,0x6d,0xe3,0x29,0x99,0xe2,0x85,0x47,
903 0x7c,0x2d,0x86,0x7f,0xe8,0x57,0x8f,0xad,0x67,0xc2,0x33,0x32,0x91,0x13,0x20,
904 0xfc,0xa9,0x23,0x14,0x9a,0x6d,0xc2,0x84,0x4b,0x76,0x68,0x04,0xd5,0x71,0x2c,
905 0x5d,0x21,0xfa,0x88,0x0d,0x26,0xfd,0x1f,0x2d,0x91,0x2b,0xe7,0x01,0x55,0x4d,
906 0xf2,0x6d,0x35,0x28,0x82,0xdf,0xd9,0x6b,0x5c,0xb6,0xd6,0xd9,0xaa,0x81,0xfd,
907 0x5f,0xcd,0x83,0xba,0x63,0x9d,0xd0,0x22,0xfc,0xa9,0x3b,0x42,0x69,0xb2,0x8e,
908 0x3a,0xb5,0xbc,0xb4,0x9e,0x0f,0x5e,0xc4,0xea,0x2c,0x82,0x8b,0x28,0xfd,0x53,
909 0x08,0x96,0xdd,0xb5,0x01,0x20,0xd1,0xf9,0xa5,0x18,0xe7,0xc0,0xee,0x51,0x70,
910 0x37,0xe1,0xb6,0x05,0x48,0x52,0x48,0x6f,0x38,0xea,0xc3,0xe8,0x6c,0x7b,0x44,
911 0x84,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0xa0,0x30,0x82,0x01,0x9c,
912 0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,
913 0x01,0xff,0x02,0x01,0x00,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,
914 0x3b,0x30,0x39,0x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,
915 0x03,0x30,0x2a,0x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,
916 0x16,0x1c,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,
917 0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,
918 0x30,0x31,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2a,0x30,0x28,0x30,0x26,0xa0,0x24,
919 0xa0,0x22,0x86,0x20,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x63,0x72,0x6c,0x2e,
920 0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x70,0x63,
921 0x61,0x33,0x2e,0x63,0x72,0x6c,0x30,0x1d,0x06,0x03,0x55,0x1d,0x25,0x04,0x16,
922 0x30,0x14,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2b,
923 0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
924 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60,0x86,0x48,
925 0x01,0x86,0xf8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x01,0x30,0x29,0x06,
926 0x03,0x55,0x1d,0x11,0x04,0x22,0x30,0x20,0xa4,0x1e,0x30,0x1c,0x31,0x1a,0x30,
927 0x18,0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6c,0x61,0x73,0x73,0x33,0x43,
928 0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x34,0x33,0x30,0x1d,0x06,0x03,0x55,
929 0x1d,0x0e,0x04,0x16,0x04,0x14,0x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,
930 0x36,0x7c,0x68,0xcf,0x5b,0x78,0xa8,0xdf,0xb9,0xc5,0x37,0x30,0x81,0x80,0x06,
931 0x03,0x55,0x1d,0x23,0x04,0x79,0x30,0x77,0xa1,0x63,0xa4,0x61,0x30,0x5f,0x31,
932 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
933 0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
934 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,
935 0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,
936 0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,
937 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,
938 0x72,0x69,0x74,0x79,0x82,0x10,0x70,0xba,0xe4,0x1d,0x10,0xd9,0x29,0x34,0xb6,
939 0x38,0xca,0x7b,0x03,0xcc,0xba,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
940 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xae,0x3a,0x17,0xb8,
941 0x4a,0x7b,0x55,0xfa,0x64,0x55,0xec,0x40,0xa4,0xed,0x49,0x41,0x90,0x99,0x9c,
942 0x89,0xbc,0xaf,0x2e,0x1d,0xca,0x78,0x23,0xf9,0x1c,0x19,0x0f,0x7f,0xeb,0x68,
943 0xbc,0x32,0xd9,0x88,0x38,0xde,0xdc,0x3f,0xd3,0x89,0xb4,0x3f,0xb1,0x82,0x96,
944 0xf1,0xa4,0x5a,0xba,0xed,0x2e,0x26,0xd3,0xde,0x7c,0x01,0x6e,0x00,0x0a,0x00,
945 0xa4,0x06,0x92,0x11,0x48,0x09,0x40,0xf9,0x1c,0x18,0x79,0x67,0x23,0x24,0xe0,
946 0xbb,0xd5,0xe1,0x50,0xae,0x1b,0xf5,0x0e,0xdd,0xe0,0x2e,0x81,0xcd,0x80,0xa3,
947 0x6c,0x52,0x4f,0x91,0x75,0x55,0x8a,0xba,0x22,0xf2,0xd2,0xea,0x41,0x75,0x88,
948 0x2f,0x63,0x55,0x7d,0x1e,0x54,0x5a,0x95,0x59,0xca,0xd9,0x34,0x81,0xc0,0x5f,
949 0x5e,0xf6,0x7a,0xb5 };
950 static const BYTE iTunesCert3[] = {
951 0x30,0x82,0x04,0xf1,0x30,0x82,0x03,0xd9,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
952 0x0f,0x1a,0xa0,0xe0,0x9b,0x9b,0x61,0xa6,0xb6,0xfe,0x40,0xd2,0xdf,0x6a,0xf6,
953 0x8d,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
954 0x00,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
955 0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,
956 0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,
957 0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
958 0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,
959 0x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,
960 0x73,0x20,0x6f,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,
961 0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
962 0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,
963 0x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,
964 0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,
965 0x6f,0x64,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,
966 0x34,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x31,0x37,0x30,
967 0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x38,0x30,0x31,0x32,0x32,0x32,
968 0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,
969 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
970 0x08,0x13,0x0a,0x43,0x61,0x6c,0x69,0x66,0x6f,0x72,0x6e,0x69,0x61,0x31,0x12,
971 0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,
972 0x69,0x6e,0x6f,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0a,0x14,0x14,0x41,
973 0x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,0x74,0x65,0x72,0x2c,0x20,
974 0x49,0x6e,0x63,0x2e,0x31,0x3e,0x30,0x3c,0x06,0x03,0x55,0x04,0x0b,0x13,0x35,
975 0x44,0x69,0x67,0x69,0x74,0x61,0x6c,0x20,0x49,0x44,0x20,0x43,0x6c,0x61,0x73,
976 0x73,0x20,0x33,0x20,0x2d,0x20,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,
977 0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x56,0x61,0x6c,0x69,0x64,
978 0x61,0x74,0x69,0x6f,0x6e,0x20,0x76,0x32,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,
979 0x04,0x03,0x14,0x14,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,
980 0x74,0x65,0x72,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x30,0x81,0x9f,0x30,0x0d,0x06,
981 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
982 0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd3,0xab,0x3b,0x7f,0xec,0x48,0x84,
983 0xce,0xa8,0x1a,0x12,0xf3,0x3c,0x87,0xcb,0x24,0x58,0x96,0x02,0x87,0x66,0x49,
984 0xeb,0x89,0xee,0x79,0x44,0x70,0x8d,0xe7,0xd4,0x1f,0x30,0x92,0xc0,0x9c,0x35,
985 0x78,0xc0,0xaf,0x1c,0xb6,0x28,0xd3,0xe0,0xe0,0x9d,0xd3,0x49,0x76,0x73,0x57,
986 0x19,0x4d,0x8d,0x70,0x85,0x64,0x4d,0x1d,0xc6,0x02,0x3e,0xe5,0x2c,0x66,0x07,
987 0xd2,0x27,0x4b,0xd6,0xc8,0x3c,0x93,0xb6,0x15,0x0c,0xde,0x5b,0xd7,0x93,0xdd,
988 0xbe,0x85,0x62,0x34,0x17,0x8a,0x05,0x60,0xf0,0x8a,0x1c,0x5a,0x40,0x21,0x8d,
989 0x51,0x6c,0xb0,0x62,0xd8,0xb5,0xd4,0xf9,0xb1,0xd0,0x58,0x7a,0x7a,0x82,0x55,
990 0xb3,0xf9,0x53,0x71,0xde,0xd2,0xc9,0x37,0x8c,0xf6,0x5a,0x1f,0x2d,0xcd,0x7c,
991 0x67,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0x7f,0x30,0x82,0x01,0x7b,0x30,
992 0x09,0x06,0x03,0x55,0x1d,0x13,0x04,0x02,0x30,0x00,0x30,0x0e,0x06,0x03,0x55,
993 0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x40,0x06,0x03,
994 0x55,0x1d,0x1f,0x04,0x39,0x30,0x37,0x30,0x35,0xa0,0x33,0xa0,0x31,0x86,0x2f,
995 0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,
996 0x34,0x2d,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,
997 0x63,0x6f,0x6d,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2e,0x63,
998 0x72,0x6c,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,0x3b,0x30,0x39,
999 0x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x30,0x2a,
1000 0x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1c,0x68,
1001 0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,
1002 0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x30,0x13,0x06,
1003 0x03,0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
1004 0x07,0x03,0x03,0x30,0x75,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
1005 0x04,0x69,0x30,0x67,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,
1006 0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,
1007 0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x3f,0x06,
1008 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x33,0x68,0x74,0x74,0x70,
1009 0x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,
1010 0x61,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,
1011 0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,0x61,0x2e,0x63,
1012 0x65,0x72,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,
1013 0x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,0x36,0x7c,0x68,0xcf,0x5b,0x78,
1014 0xa8,0xdf,0xb9,0xc5,0x37,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,
1015 0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x04,0x10,0x30,0x16,0x06,0x0a,0x2b,0x06,
1016 0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x1b,0x04,0x08,0x30,0x06,0x01,0x01,0x00,
1017 0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
1018 0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x6a,0xa6,0x06,0xd0,0x33,0x18,0x64,
1019 0xe2,0x69,0x82,0xee,0x6e,0x36,0x9e,0x9d,0x9a,0x0e,0x18,0xa8,0xac,0x9d,0x10,
1020 0xed,0x01,0x3c,0xb9,0x61,0x04,0x62,0xf3,0x85,0x8f,0xcc,0x4f,0x2c,0x66,0x35,
1021 0x54,0x25,0x45,0x8d,0x95,0x1c,0xd2,0x33,0xbe,0x2e,0xdd,0x7f,0x74,0xaf,0x03,
1022 0x7b,0x86,0x63,0xb0,0xc9,0xe6,0xbd,0xc7,0x8e,0xde,0x03,0x18,0x98,0x82,0xc3,
1023 0xbb,0xf8,0x15,0x99,0x1a,0xa9,0xdd,0xb9,0x5d,0xb9,0xbd,0x53,0x95,0x25,0x76,
1024 0xfb,0x5c,0x53,0x90,0xea,0x01,0x0a,0xa0,0xb1,0xbf,0x09,0x1b,0x97,0x8f,0x40,
1025 0xfa,0x85,0x12,0x74,0x01,0xdb,0xf6,0xdb,0x09,0xd6,0x5f,0x4f,0xd7,0x17,0xb4,
1026 0xbf,0x9e,0x2f,0x86,0x52,0x5d,0x70,0x24,0x52,0x32,0x1e,0xa5,0x1d,0x39,0x8b,
1027 0x66,0xf6,0xba,0x9b,0x69,0x8e,0x12,0x60,0xdb,0xb6,0xcf,0xe6,0x0d,0xd6,0x1c,
1028 0x8f,0xd4,0x5b,0x4b,0x00,0xde,0x21,0x93,0xfb,0x6e,0xc7,0x3d,0xb4,0x66,0x0d,
1029 0x29,0x0c,0x4e,0xe9,0x3f,0x94,0xd6,0xd6,0xdc,0xec,0xf8,0x53,0x3b,0x62,0xd5,
1030 0x97,0x50,0x53,0x84,0x17,0xfe,0xe2,0xed,0x4c,0x23,0x0a,0x49,0xce,0x5b,0xe9,
1031 0x70,0x31,0xc1,0x04,0x02,0x02,0x6c,0xb8,0x52,0xcd,0xc7,0x4e,0x70,0xb4,0x13,
1032 0xd7,0xe0,0x92,0xba,0x44,0x1a,0x10,0x4c,0x6e,0x45,0xc6,0x86,0x04,0xc6,0x64,
1033 0xd3,0x9c,0x6e,0xc1,0x9c,0xac,0x74,0x3d,0x77,0x06,0x5e,0x28,0x28,0x5c,0xf5,
1034 0xe0,0x9c,0x19,0xd8,0xba,0x74,0x81,0x2d,0x67,0x77,0x93,0x8d,0xbf,0xd2,0x52,
1035 0x00,0xe6,0xa5,0x38,0x4e,0x2e,0x73,0x66,0x7a };
1036 static BYTE iTunesIssuer[] = {
1037 0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
1038 0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,
1039 0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
1040 0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,
1041 0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
1042 0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,
1043 0x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,
1044 0x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,0x73,
1045 0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,
1046 0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,
1047 0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,
1048 0x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,
1049 0x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,
1050 0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,
1051 0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,
1053 static BYTE iTunesSerialNum[] = {
1054 0x8d,0xf6,0x6a,0xdf,0xd2,0x40,0xfe,0xb6,0xa6,0x61,0x9b,0x9b,
1055 0xe0,0xa0,0x1a,0x0f };
1057 static void testFindCert(void)
1060 PCCERT_CONTEXT context = NULL, subject;
1062 CERT_INFO certInfo = { 0 };
1063 CRYPT_HASH_BLOB blob;
1064 BYTE otherSerialNumber[] = { 2 };
1066 static const WCHAR juan[] = { 'j','u','a','n',0 };
1067 static const WCHAR lang[] = { 'L','A','N','G',0 };
1068 static const WCHAR malcolm[] = { 'm','a','l','c','o','l','m',0 };
1070 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1071 CERT_STORE_CREATE_NEW_FLAG, NULL);
1072 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
1076 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1077 bigCert, sizeof(bigCert), CERT_STORE_ADD_NEW, NULL);
1078 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
1079 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1080 if (!ret && GetLastError() == OSS_DATA_ERROR)
1082 skip("bigCert can't be decoded, skipping tests\n");
1085 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1086 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
1087 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1089 /* This has the same name as bigCert */
1090 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1091 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
1092 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1096 context = CertFindCertificateInStore(NULL, 0, 0, 0, NULL, NULL);
1099 /* Check first cert's there, by issuer */
1100 certInfo.Subject.pbData = subjectName;
1101 certInfo.Subject.cbData = sizeof(subjectName);
1102 certInfo.SerialNumber.pbData = serialNum;
1103 certInfo.SerialNumber.cbData = sizeof(serialNum);
1104 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1105 CERT_FIND_ISSUER_NAME, &certInfo.Subject, NULL);
1106 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1110 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1111 CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
1112 ok(context != NULL, "Expected more than one cert\n");
1115 context = CertFindCertificateInStore(store, X509_ASN_ENCODING,
1116 0, CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
1117 ok(context == NULL, "Expected precisely two certs\n");
1121 /* Check second cert's there as well, by subject name */
1122 certInfo.Subject.pbData = subjectName2;
1123 certInfo.Subject.cbData = sizeof(subjectName2);
1124 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1125 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, NULL);
1126 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1130 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1131 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, context);
1132 ok(context == NULL, "Expected one cert only\n");
1135 /* Strange but true: searching for the subject cert requires you to set
1136 * the issuer, not the subject
1138 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1139 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1140 ok(context == NULL, "Expected no certificate\n");
1141 certInfo.Subject.pbData = NULL;
1142 certInfo.Subject.cbData = 0;
1143 certInfo.Issuer.pbData = subjectName2;
1144 certInfo.Issuer.cbData = sizeof(subjectName2);
1145 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1146 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1147 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1151 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1152 CERT_FIND_SUBJECT_CERT, &certInfo, context);
1153 ok(context == NULL, "Expected one cert only\n");
1155 /* A non-matching serial number will not match. */
1156 certInfo.SerialNumber.pbData = otherSerialNumber;
1157 certInfo.SerialNumber.cbData = sizeof(otherSerialNumber);
1158 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1159 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1160 ok(context == NULL, "Expected no match\n");
1161 /* No serial number will not match */
1162 certInfo.SerialNumber.cbData = 0;
1163 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1164 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1165 ok(context == NULL, "Expected no match\n");
1166 /* A serial number still won't match if the name doesn't */
1167 certInfo.SerialNumber.pbData = serialNum;
1168 certInfo.SerialNumber.cbData = sizeof(serialNum);
1169 certInfo.Issuer.pbData = subjectName3;
1170 certInfo.Issuer.cbData = sizeof(subjectName3);
1171 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1172 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1173 ok(context == NULL, "Expected no match\n");
1175 /* The nice thing about hashes, they're unique */
1176 blob.pbData = bigCertHash;
1177 blob.cbData = sizeof(bigCertHash);
1178 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1179 CERT_FIND_SHA1_HASH, &blob, NULL);
1180 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1184 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1185 CERT_FIND_SHA1_HASH, &certInfo.Subject, context);
1186 ok(context == NULL, "Expected one cert only\n");
1189 /* Searching for NULL string matches any context. */
1193 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1194 CERT_FIND_ISSUER_STR, NULL, context);
1198 ok(count == 3, "expected 3 contexts\n");
1202 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1203 CERT_FIND_ISSUER_STR, juan, context);
1207 ok(count == 2, "expected 2 contexts\n");
1211 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1212 CERT_FIND_ISSUER_STR, lang, context);
1216 ok(count == 3, "expected 3 contexts\n");
1217 SetLastError(0xdeadbeef);
1218 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1219 CERT_FIND_ISSUER_STR, malcolm, NULL);
1220 ok(!context, "expected no certs\n");
1221 ok(GetLastError() == CRYPT_E_NOT_FOUND,
1222 "expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1224 CertCloseStore(store, 0);
1226 /* Another subject cert search, using iTunes's certs */
1227 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1228 CERT_STORE_CREATE_NEW_FLAG, NULL);
1229 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1230 iTunesCert0, sizeof(iTunesCert0), CERT_STORE_ADD_NEW, NULL);
1231 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1233 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1234 iTunesCert1, sizeof(iTunesCert1), CERT_STORE_ADD_NEW, NULL);
1235 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1237 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1238 iTunesCert2, sizeof(iTunesCert2), CERT_STORE_ADD_NEW, NULL);
1239 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1241 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1242 iTunesCert3, sizeof(iTunesCert3), CERT_STORE_ADD_NEW, &subject);
1243 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1246 /* The certInfo's issuer does not match any subject, but the serial
1247 * number does match a cert whose issuer matches certInfo's issuer.
1248 * This yields a match.
1250 certInfo.SerialNumber.cbData = sizeof(iTunesSerialNum);
1251 certInfo.SerialNumber.pbData = iTunesSerialNum;
1252 certInfo.Issuer.cbData = sizeof(iTunesIssuer);
1253 certInfo.Issuer.pbData = iTunesIssuer;
1254 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1255 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1256 ok(context != NULL, "Expected a match\n");
1259 ret = CertCompareCertificateName(context->dwCertEncodingType,
1260 &certInfo.Issuer, &context->pCertInfo->Subject);
1261 ok(!ret, "Expected subject name not to match\n");
1262 ret = CertCompareCertificateName(context->dwCertEncodingType,
1263 &certInfo.Issuer, &context->pCertInfo->Issuer);
1264 ok(ret, "Expected issuer name to match\n");
1265 ret = CertCompareIntegerBlob(&certInfo.SerialNumber,
1266 &context->pCertInfo->SerialNumber);
1267 ok(ret, "Expected serial number to match\n");
1268 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1269 CERT_FIND_SUBJECT_CERT, &certInfo, context);
1270 ok(context == NULL, "Expected one cert only\n");
1273 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1274 CERT_FIND_ISSUER_OF, subject, NULL);
1275 ok(context != NULL, "Expected an issuer\n");
1278 PCCERT_CONTEXT none = CertFindCertificateInStore(store,
1279 X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_OF, context, NULL);
1281 ok(!none, "Expected no parent of issuer\n");
1282 CertFreeCertificateContext(context);
1284 CertFreeCertificateContext(subject);
1285 CertCloseStore(store, 0);
1288 static void testGetSubjectCert(void)
1291 PCCERT_CONTEXT context1, context2;
1292 CERT_INFO info = { 0 };
1295 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1296 CERT_STORE_CREATE_NEW_FLAG, NULL);
1297 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
1301 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1302 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1303 ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* win98 */),
1304 "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1305 if (!ret && GetLastError() == OSS_DATA_ERROR)
1307 skip("bigCert can't be decoded, skipping tests\n");
1310 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1311 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, &context1);
1312 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1314 ok(context1 != NULL, "Expected a context\n");
1315 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1316 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
1317 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1320 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1322 ok(!context2 && GetLastError() == E_INVALIDARG,
1323 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1324 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1326 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1327 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1328 info.SerialNumber.cbData = sizeof(serialNum);
1329 info.SerialNumber.pbData = serialNum;
1330 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1332 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1333 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1334 info.Issuer.cbData = sizeof(subjectName2);
1335 info.Issuer.pbData = subjectName2;
1336 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1338 ok(context2 != NULL,
1339 "CertGetSubjectCertificateFromStore failed: %08x\n", GetLastError());
1340 /* Not only should this find a context, but it should be the same
1341 * (same address) as context1.
1343 ok(context1 == context2, "Expected identical context addresses\n");
1344 CertFreeCertificateContext(context2);
1346 CertFreeCertificateContext(context1);
1347 CertCloseStore(store, 0);
1350 /* This expires in 1970 or so */
1351 static const BYTE expiredCert[] = { 0x30, 0x82, 0x01, 0x33, 0x30, 0x81, 0xe2,
1352 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xc4, 0xd7, 0x7f, 0x0e, 0x6f, 0xa6,
1353 0x8c, 0xaa, 0x47, 0x47, 0x40, 0xe7, 0xb7, 0x0b, 0x4a, 0x7f, 0x30, 0x09, 0x06,
1354 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1355 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1356 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1357 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x36, 0x39, 0x30, 0x31, 0x30, 0x31, 0x30,
1358 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30,
1359 0x31, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1360 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1361 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1362 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
1363 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
1364 0x00, 0xa1, 0xaf, 0x4a, 0xea, 0xa7, 0x83, 0x57, 0xc0, 0x37, 0x33, 0x7e, 0x29,
1365 0x5e, 0x0d, 0xfc, 0x44, 0x74, 0x3a, 0x1d, 0xc3, 0x1b, 0x1d, 0x96, 0xed, 0x4e,
1366 0xf4, 0x1b, 0x98, 0xec, 0x69, 0x1b, 0x04, 0xea, 0x25, 0xcf, 0xb3, 0x2a, 0xf5,
1367 0xd9, 0x22, 0xd9, 0x8d, 0x08, 0x39, 0x81, 0xc6, 0xe0, 0x4f, 0x12, 0x37, 0x2a,
1368 0x3f, 0x80, 0xa6, 0x6c, 0x67, 0x43, 0x3a, 0xdd, 0x95, 0x0c, 0xbb, 0x2f, 0x6b,
1369 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
1370 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x8f, 0xa2, 0x5b, 0xd6, 0xdf, 0x34, 0xd0,
1371 0xa2, 0xa7, 0x47, 0xf1, 0x13, 0x79, 0xd3, 0xf3, 0x39, 0xbd, 0x4e, 0x2b, 0xa3,
1372 0xf4, 0x63, 0x37, 0xac, 0x5a, 0x0c, 0x5e, 0x4d, 0x0d, 0x54, 0x87, 0x4f, 0x31,
1373 0xfb, 0xa0, 0xce, 0x8f, 0x9a, 0x2f, 0x4d, 0x48, 0xc6, 0x84, 0x8d, 0xf5, 0x70,
1374 0x74, 0x17, 0xa5, 0xf3, 0x66, 0x47, 0x06, 0xd6, 0x64, 0x45, 0xbc, 0x52, 0xef,
1375 0x49, 0xe5, 0xf9, 0x65, 0xf3 };
1377 /* This expires in 2036 or so */
1378 static const BYTE childOfExpired[] = { 0x30, 0x81, 0xcc, 0x30, 0x78, 0xa0,
1379 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
1380 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d,
1381 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63,
1382 0x40, 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e,
1383 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x35, 0x30, 0x35,
1384 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x36, 0x30, 0x35,
1385 0x30, 0x35, 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x30, 0x15, 0x31, 0x13,
1386 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e,
1387 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03,
1388 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1389 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x20, 0x3b, 0xdb, 0x4d, 0x67, 0x50,
1390 0xec, 0x73, 0x9d, 0xf9, 0x85, 0x5d, 0x18, 0xe9, 0xb4, 0x98, 0xe3, 0x31, 0xb7,
1391 0x03, 0x0b, 0xc0, 0x39, 0x93, 0x56, 0x81, 0x0a, 0xfc, 0x78, 0xa8, 0x29, 0x42,
1392 0x5f, 0x69, 0xfb, 0xbc, 0x5b, 0xf2, 0xa6, 0x2a, 0xbe, 0x91, 0x2c, 0xfc, 0x89,
1393 0x69, 0x15, 0x18, 0x58, 0xe5, 0x02, 0x75, 0xf7, 0x2a, 0xb6, 0xa9, 0xfb, 0x47,
1394 0x6a, 0x6e, 0x0a, 0x9b, 0xe9, 0xdc };
1398 * A chain with two issuers, only one of whose dates is valid.
1400 static const BYTE chain10_0[] = {
1401 0x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
1402 0x4a,0x30,0x3a,0x42,0xa2,0x5a,0xb3,0x93,0x4d,0x94,0x06,0xad,0x6d,0x1c,0x34,
1403 0xe6,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
1404 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
1405 0x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
1406 0x30,0x5a,0x17,0x0d,0x30,0x36,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
1407 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
1408 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
1409 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
1410 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
1411 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
1412 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
1413 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
1414 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
1415 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
1416 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
1417 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
1418 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
1419 0x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
1420 0x81,0x00,0x85,0x6e,0x35,0x2f,0x2c,0x51,0x4f,0xd6,0x2a,0xe4,0x9e,0xd0,0x4b,
1421 0xe6,0x90,0xfd,0xf7,0x20,0xad,0x76,0x3f,0x93,0xea,0x7f,0x0d,0x1f,0xb3,0x8e,
1422 0xfd,0xe0,0xe1,0xd6,0xd7,0x9c,0x7d,0x46,0x6b,0x15,0x5c,0xe6,0xc9,0x62,0x3b,
1423 0x70,0x4a,0x4b,0xb2,0x82,0xe3,0x55,0x0c,0xc4,0x90,0x44,0x06,0x6c,0x86,0x1c,
1424 0x6d,0x47,0x12,0xda,0x33,0x95,0x5d,0x98,0x43,0xcb,0x7c,0xfa,0x2b,0xee,0xc4,
1425 0x2d,0xc8,0x95,0x33,0x89,0x08,0x3f,0x9f,0x87,0xea,0x20,0x04,0xaf,0x58,0x4b,
1426 0x9d,0xc0,0x7c,0x0a,0x1b,0x05,0x31,0x3b,0xbb,0x13,0x58,0x2e,0x3f,0x61,0x6b,
1427 0x10,0xb4,0xeb,0xb9,0x1a,0x30,0xfd,0xea,0xca,0x29,0x99,0x5f,0x42,0x2b,0x00,
1428 0xb0,0x08,0xc3,0xf0,0xb6,0xd6,0x6b,0xf9,0x35,0x95 };
1429 static const BYTE chain10_1[] = {
1430 0x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
1431 0xbf,0x99,0x4f,0x14,0x03,0x77,0x44,0xb8,0x49,0x02,0x70,0xa1,0xb8,0x9c,0xa7,
1432 0x24,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
1433 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
1434 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
1435 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
1436 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
1437 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
1438 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
1439 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
1440 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
1441 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
1442 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
1443 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
1444 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
1445 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
1446 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
1447 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
1448 0x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
1449 0x81,0x00,0xa8,0xec,0x8c,0x34,0xe7,0x2c,0xdf,0x75,0x87,0xc4,0xf7,0xda,0x71,
1450 0x72,0x29,0xb2,0x48,0xa8,0x2a,0xec,0x7b,0x7d,0x19,0xb9,0x5f,0x1d,0xd9,0x91,
1451 0x2b,0xc4,0x28,0x7e,0xd6,0xb5,0x91,0x69,0xa5,0x8a,0x1a,0x1f,0x97,0x98,0x46,
1452 0x9d,0xdf,0x12,0xf6,0x45,0x62,0xad,0x60,0xb6,0xba,0xb0,0xfd,0xf5,0x9f,0xc6,
1453 0x98,0x05,0x4f,0x4d,0x48,0xdc,0xee,0x69,0xbe,0xb8,0xc4,0xc4,0xd7,0x1b,0xb1,
1454 0x1f,0x64,0xd6,0x45,0xa7,0xdb,0xb3,0x87,0x63,0x0f,0x54,0xe1,0x3a,0x6b,0x57,
1455 0x36,0xd7,0x68,0x65,0xcf,0xda,0x57,0x8d,0xcd,0x84,0x75,0x47,0x26,0x2c,0xef,
1456 0x1e,0x8f,0xc7,0x3b,0xee,0x5d,0x03,0xa6,0xdf,0x3a,0x20,0xb2,0xcc,0xc9,0x09,
1457 0x2c,0xfe,0x2b,0x79,0xb0,0xca,0x2c,0x9a,0x81,0x6b };
1458 static const BYTE chain7_1[] = {
1459 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
1460 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
1461 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
1462 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,
1463 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,
1464 0x35,0x39,0x35,0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
1465 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
1466 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
1467 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
1468 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
1469 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
1470 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
1471 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
1472 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
1473 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
1474 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
1475 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
1476 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
1477 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9f,0x69,0xfd,0x26,0xd5,0x4b,
1478 0xe0,0xab,0x12,0x21,0xb9,0xfc,0xf7,0xe0,0x0c,0x09,0x94,0xad,0x27,0xd7,0x9d,
1479 0xa3,0xcc,0x46,0x2a,0x25,0x9a,0x24,0xa7,0x31,0x58,0x78,0xf5,0xfc,0x30,0xe1,
1480 0x6d,0xfd,0x59,0xab,0xbe,0x69,0xa0,0xea,0xe3,0x7d,0x7a,0x7b,0xe5,0x85,0xeb,
1481 0x86,0x6a,0x84,0x3c,0x96,0x01,0x1a,0x70,0xa7,0xb8,0xcb,0xf2,0x11,0xe7,0x52,
1482 0x9c,0x58,0x2d,0xac,0x63,0xce,0x72,0x4b,0xad,0x62,0xa8,0x1d,0x75,0x96,0xe2,
1483 0x27,0xf5,0x6f,0xba,0x91,0xf8,0xf1,0xb0,0xbf,0x90,0x24,0x6d,0xba,0x5d,0xd7,
1484 0x39,0x63,0x3b,0x7c,0x04,0x5d,0x89,0x9d,0x1c,0xf2,0xf7,0xcc,0xdf,0x6e,0x8a,
1485 0x43,0xa9,0xdd,0x86,0x05,0xa2,0xf3,0x22,0x2d,0x1e,0x70,0xa1,0x59,0xd7,0xa5,
1488 static void testGetIssuerCert(void)
1491 PCCERT_CONTEXT parent, child, cert1, cert2;
1492 DWORD flags = 0xffffffff;
1493 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1494 CERT_STORE_CREATE_NEW_FLAG, NULL);
1496 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1498 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1499 expiredCert, sizeof(expiredCert), CERT_STORE_ADD_ALWAYS, NULL);
1500 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1503 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1504 childOfExpired, sizeof(childOfExpired), CERT_STORE_ADD_ALWAYS, &child);
1505 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1509 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, NULL);
1510 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, NULL);
1512 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, &flags);
1513 ok(!parent && GetLastError() == E_INVALIDARG,
1514 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1515 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, &flags);
1516 ok(!parent && GetLastError() == E_INVALIDARG,
1517 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1518 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1519 ok(!parent && GetLastError() == E_INVALIDARG,
1520 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1521 /* Confusing: the caller cannot set either of the
1522 * CERT_STORE_NO_*_FLAGs, as these are not checks,
1525 flags = CERT_STORE_NO_CRL_FLAG | CERT_STORE_NO_ISSUER_FLAG;
1526 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1527 ok(!parent && GetLastError() == E_INVALIDARG,
1528 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1529 /* Perform no checks */
1531 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1532 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08x\n",
1535 CertFreeCertificateContext(parent);
1536 /* Check revocation and signature only */
1537 flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
1538 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1539 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08x\n",
1541 /* Confusing: CERT_STORE_REVOCATION_FLAG succeeds when there is no CRL by
1542 * setting CERT_STORE_NO_CRL_FLAG.
1544 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
1545 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08x\n",
1548 CertFreeCertificateContext(parent);
1549 /* Checking time validity is not productive, because while most Windows
1550 * versions return 0 (time valid) because the child is not expired,
1551 * Windows 2003 SP1 returns that it is expired. Thus the range of
1552 * possibilities is covered, and a test verifies nothing.
1555 CertFreeCertificateContext(child);
1556 CertCloseStore(store, 0);
1559 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1560 CERT_STORE_CREATE_NEW_FLAG, NULL);
1561 /* With only the child certificate, no issuer will be found */
1562 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1563 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1564 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1565 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1566 ok(parent == NULL, "Expected no issuer\n");
1567 /* Adding an issuer allows one (and only one) issuer to be found */
1568 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1569 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert1);
1570 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1571 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1572 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1573 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1574 ok(parent == NULL, "Expected only one issuer\n");
1575 /* Adding a second issuer allows two issuers to be found - and the second
1576 * issuer is found before the first, implying certs are added to the head
1579 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1580 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert2);
1581 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1582 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1583 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1584 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1585 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1586 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1587 ok(parent == NULL, "Expected no more than two issuers\n");
1588 CertFreeCertificateContext(child);
1589 CertFreeCertificateContext(cert1);
1590 CertFreeCertificateContext(cert2);
1591 CertCloseStore(store, 0);
1593 /* Repeat the test, reversing the order in which issuers are added,
1594 * to show it's order-dependent.
1596 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1597 CERT_STORE_CREATE_NEW_FLAG, NULL);
1598 /* With only the child certificate, no issuer will be found */
1599 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1600 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1601 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1602 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1603 ok(parent == NULL, "Expected no issuer\n");
1604 /* Adding an issuer allows one (and only one) issuer to be found */
1605 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1606 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert1);
1607 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1608 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1609 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1610 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1611 ok(parent == NULL, "Expected only one issuer\n");
1612 /* Adding a second issuer allows two issuers to be found - and the second
1613 * issuer is found before the first, implying certs are added to the head
1616 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1617 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert2);
1618 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n", GetLastError());
1619 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1620 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1621 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1622 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1623 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1624 ok(parent == NULL, "Expected no more than two issuers\n");
1625 CertFreeCertificateContext(child);
1626 CertFreeCertificateContext(cert1);
1627 CertFreeCertificateContext(cert2);
1628 CertCloseStore(store, 0);
1631 static void testCryptHashCert(void)
1633 static const BYTE emptyHash[] = { 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b,
1634 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07,
1636 static const BYTE knownHash[] = { 0xae, 0x9d, 0xbf, 0x6d, 0xf5, 0x46, 0xee,
1637 0x8b, 0xc5, 0x7a, 0x13, 0xba, 0xc2, 0xb1, 0x04, 0xf2, 0xbf, 0x52, 0xa8,
1639 static const BYTE toHash[] = "abcdefghijklmnopqrstuvwxyz0123456789.,;!?:";
1642 DWORD hashLen = sizeof(hash);
1644 /* NULL buffer and nonzero length crashes
1645 ret = CryptHashCertificate(0, 0, 0, NULL, size, hash, &hashLen);
1646 empty hash length also crashes
1647 ret = CryptHashCertificate(0, 0, 0, buf, size, hash, NULL);
1649 /* Test empty hash */
1650 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), NULL,
1652 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1653 ok(hashLen == sizeof(hash), "Got unexpected size of hash %d\n", hashLen);
1654 /* Test with empty buffer */
1655 ret = CryptHashCertificate(0, 0, 0, NULL, 0, hash, &hashLen);
1656 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1657 ok(!memcmp(hash, emptyHash, sizeof(emptyHash)),
1658 "Unexpected hash of nothing\n");
1659 /* Test a known value */
1660 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), hash,
1662 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1663 ok(!memcmp(hash, knownHash, sizeof(knownHash)), "Unexpected hash\n");
1666 static void verifySig(HCRYPTPROV csp, const BYTE *toSign, size_t toSignLen,
1667 const BYTE *sig, unsigned int sigLen)
1670 BOOL ret = CryptCreateHash(csp, CALG_SHA1, 0, 0, &hash);
1672 ok(ret, "CryptCreateHash failed: %08x\n", GetLastError());
1676 DWORD mySigSize = sizeof(mySig);
1678 ret = CryptHashData(hash, toSign, toSignLen, 0);
1679 ok(ret, "CryptHashData failed: %08x\n", GetLastError());
1680 /* use the A variant so the test can run on Win9x */
1681 ret = CryptSignHashA(hash, AT_SIGNATURE, NULL, 0, mySig, &mySigSize);
1682 ok(ret, "CryptSignHash failed: %08x\n", GetLastError());
1685 ok(mySigSize == sigLen, "Expected sig length %d, got %d\n",
1687 ok(!memcmp(mySig, sig, sigLen), "Unexpected signature\n");
1689 CryptDestroyHash(hash);
1693 /* Tests signing the certificate described by toBeSigned with the CSP passed in,
1694 * using the algorithm with OID sigOID. The CSP is assumed to be empty, and a
1695 * keyset named AT_SIGNATURE will be added to it. The signature will be stored
1696 * in sig. sigLen should be at least 64 bytes.
1698 static void testSignCert(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1699 LPCSTR sigOID, BYTE *sig, DWORD *sigLen)
1703 CRYPT_ALGORITHM_IDENTIFIER algoID = { NULL, { 0, NULL } };
1707 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, NULL);
1708 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, &size);
1709 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1710 NULL, NULL, NULL, &size);
1712 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1713 &algoID, NULL, NULL, &size);
1714 ok(!ret && GetLastError() == NTE_BAD_ALGID,
1715 "Expected NTE_BAD_ALGID, got %08x\n", GetLastError());
1716 algoID.pszObjId = (LPSTR)sigOID;
1717 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1718 &algoID, NULL, NULL, &size);
1720 (GetLastError() == ERROR_INVALID_PARAMETER || GetLastError() == NTE_BAD_ALGID),
1721 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08x\n",
1723 ret = CryptSignCertificate(0, AT_SIGNATURE, 0, toBeSigned->pbData,
1724 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1726 (GetLastError() == ERROR_INVALID_PARAMETER || GetLastError() == NTE_BAD_ALGID),
1727 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08x\n",
1730 /* No keys exist in the new CSP yet.. */
1731 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1732 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1733 ok(!ret && (GetLastError() == NTE_BAD_KEYSET || GetLastError() ==
1734 NTE_NO_KEY), "Expected NTE_BAD_KEYSET or NTE_NO_KEY, got %08x\n",
1736 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
1737 ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
1740 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1741 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1742 ok(ret, "CryptSignCertificate failed: %08x\n", GetLastError());
1743 ok(size <= *sigLen, "Expected size <= %d, got %d\n", *sigLen, size);
1746 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1747 toBeSigned->cbData, &algoID, NULL, sig, &size);
1748 ok(ret, "CryptSignCertificate failed: %08x\n", GetLastError());
1752 verifySig(csp, toBeSigned->pbData, toBeSigned->cbData, sig,
1756 CryptDestroyKey(key);
1760 static void testVerifyCertSig(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1761 LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
1763 CERT_SIGNED_CONTENT_INFO info;
1768 if (!pCryptEncodeObjectEx)
1770 win_skip("no CryptEncodeObjectEx support\n");
1773 ret = CryptVerifyCertificateSignature(0, 0, NULL, 0, NULL);
1774 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1775 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1776 ret = CryptVerifyCertificateSignature(csp, 0, NULL, 0, NULL);
1777 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1778 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1779 ret = CryptVerifyCertificateSignature(csp, X509_ASN_ENCODING, NULL, 0,
1781 ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
1782 GetLastError() == OSS_BAD_ARG),
1783 "Expected CRYPT_E_ASN1_EOD or OSS_BAD_ARG, got %08x\n", GetLastError());
1784 info.ToBeSigned.cbData = toBeSigned->cbData;
1785 info.ToBeSigned.pbData = toBeSigned->pbData;
1786 info.SignatureAlgorithm.pszObjId = (LPSTR)sigOID;
1787 info.SignatureAlgorithm.Parameters.cbData = 0;
1788 info.Signature.cbData = sigLen;
1789 info.Signature.pbData = (BYTE *)sig;
1790 info.Signature.cUnusedBits = 0;
1791 ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT, &info,
1792 CRYPT_ENCODE_ALLOC_FLAG, NULL, &cert, &size);
1793 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1796 PCERT_PUBLIC_KEY_INFO pubKeyInfo = NULL;
1801 /* Crashes prior to Vista */
1802 ret = CryptVerifyCertificateSignature(csp, X509_ASN_ENCODING,
1805 CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
1806 (LPSTR)sigOID, 0, NULL, NULL, &pubKeySize);
1807 pubKeyInfo = HeapAlloc(GetProcessHeap(), 0, pubKeySize);
1810 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
1811 X509_ASN_ENCODING, (LPSTR)sigOID, 0, NULL, pubKeyInfo,
1813 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
1816 ret = CryptVerifyCertificateSignature(csp, X509_ASN_ENCODING,
1817 cert, size, pubKeyInfo);
1818 ok(ret, "CryptVerifyCertificateSignature failed: %08x\n",
1821 HeapFree(GetProcessHeap(), 0, pubKeyInfo);
1827 static void testVerifyCertSigEx(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1828 LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
1830 CERT_SIGNED_CONTENT_INFO info;
1835 if (!pCryptVerifyCertificateSignatureEx)
1837 win_skip("no CryptVerifyCertificateSignatureEx support\n");
1840 if (!pCryptEncodeObjectEx)
1842 win_skip("no CryptEncodeObjectEx support\n");
1845 ret = pCryptVerifyCertificateSignatureEx(0, 0, 0, NULL, 0, NULL, 0, NULL);
1846 ok(!ret && GetLastError() == E_INVALIDARG,
1847 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1848 ret = pCryptVerifyCertificateSignatureEx(csp, 0, 0, NULL, 0, NULL, 0, NULL);
1849 ok(!ret && GetLastError() == E_INVALIDARG,
1850 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1851 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING, 0, NULL, 0,
1853 ok(!ret && GetLastError() == E_INVALIDARG,
1854 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1856 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1857 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, NULL, 0, NULL, 0, NULL);
1859 info.ToBeSigned.cbData = toBeSigned->cbData;
1860 info.ToBeSigned.pbData = toBeSigned->pbData;
1861 info.SignatureAlgorithm.pszObjId = (LPSTR)sigOID;
1862 info.SignatureAlgorithm.Parameters.cbData = 0;
1863 info.Signature.cbData = sigLen;
1864 info.Signature.pbData = (BYTE *)sig;
1865 info.Signature.cUnusedBits = 0;
1866 ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT, &info,
1867 CRYPT_ENCODE_ALLOC_FLAG, NULL, &cert, &size);
1868 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1871 CRYPT_DATA_BLOB certBlob = { 0, NULL };
1872 PCERT_PUBLIC_KEY_INFO pubKeyInfo = NULL;
1874 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1875 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1876 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
1877 "Expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
1878 certBlob.cbData = 1;
1879 certBlob.pbData = (void *)0xdeadbeef;
1880 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1881 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1882 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
1883 GetLastError() == CRYPT_E_ASN1_EOD /* Win9x */ ||
1884 GetLastError() == CRYPT_E_ASN1_BADTAG /* Win98 */),
1885 "Expected STATUS_ACCESS_VIOLATION, CRYPT_E_ASN1_EOD, OR CRYPT_E_ASN1_BADTAG, got %08x\n",
1888 certBlob.cbData = size;
1889 certBlob.pbData = cert;
1890 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1891 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1892 ok(!ret && GetLastError() == E_INVALIDARG,
1893 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1894 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1895 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1896 CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL, NULL, 0, NULL);
1897 ok(!ret && GetLastError() == E_INVALIDARG,
1898 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1900 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1901 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1902 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, NULL, 0, NULL);
1904 CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
1905 (LPSTR)sigOID, 0, NULL, NULL, &size);
1906 pubKeyInfo = HeapAlloc(GetProcessHeap(), 0, size);
1909 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
1910 X509_ASN_ENCODING, (LPSTR)sigOID, 0, NULL, pubKeyInfo, &size);
1911 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
1914 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1915 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1916 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pubKeyInfo, 0, NULL);
1917 ok(ret, "CryptVerifyCertificateSignatureEx failed: %08x\n",
1920 HeapFree(GetProcessHeap(), 0, pubKeyInfo);
1926 static BYTE emptyCert[] = { 0x30, 0x00 };
1928 static void testCertSigs(void)
1931 CRYPT_DATA_BLOB toBeSigned = { sizeof(emptyCert), emptyCert };
1934 DWORD sigSize = sizeof(sig);
1936 /* Just in case a previous run failed, delete this thing */
1937 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1938 CRYPT_DELETEKEYSET);
1939 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1941 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
1943 testSignCert(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, &sigSize);
1944 testVerifyCertSig(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, sigSize);
1945 testVerifyCertSigEx(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, sigSize);
1947 CryptReleaseContext(csp, 0);
1948 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
1949 CRYPT_DELETEKEYSET);
1950 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
1953 static const BYTE md5SignedEmptyCert[] = {
1954 0x30,0x56,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
1955 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
1956 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
1957 0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
1958 0x0d,0x02,0x05,0x05,0x00,0x03,0x11,0x00,0xfb,0x0f,0x66,0x82,0x66,0xd9,0xe5,0xf8,
1959 0xd8,0xa2,0x55,0x2b,0xe1,0xa5,0xd9,0x04 };
1960 static const BYTE md5SignedEmptyCertNoNull[] = {
1961 0x30,0x54,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
1962 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
1963 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
1964 0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
1965 0x0d,0x02,0x05,0x03,0x11,0x00,0x04,0xd9,0xa5,0xe1,0x2b,0x55,0xa2,0xd8,0xf8,0xe5,
1966 0xd9,0x66,0x82,0x66,0x0f,0xfb };
1968 static void testSignAndEncodeCert(void)
1970 static char oid_rsa_md5rsa[] = szOID_RSA_MD5RSA;
1971 static char oid_rsa_md5[] = szOID_RSA_MD5;
1974 CRYPT_ALGORITHM_IDENTIFIER algID = { 0 };
1975 CERT_INFO info = { 0 };
1978 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
1980 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
1983 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, &algID, NULL, NULL,
1985 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1986 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1987 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING, NULL, NULL,
1988 &algID, NULL, NULL, &size);
1989 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1990 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1991 ret = CryptSignAndEncodeCertificate(0, 0, 0, X509_CERT_TO_BE_SIGNED, NULL,
1992 &algID, NULL, NULL, &size);
1993 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1994 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1995 /* Crashes on some win9x boxes */
1998 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1999 X509_CERT_TO_BE_SIGNED, NULL, &algID, NULL, NULL, &size);
2000 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2001 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
2004 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2005 X509_CERT_TO_BE_SIGNED, &info, NULL, NULL, NULL, &size);
2007 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2008 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
2010 (GetLastError() == NTE_BAD_ALGID ||
2011 GetLastError() == OSS_BAD_PTR), /* win9x */
2012 "Expected NTE_BAD_ALGID, got %08x\n", GetLastError());
2013 algID.pszObjId = oid_rsa_md5rsa;
2014 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2015 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
2017 (GetLastError() == ERROR_INVALID_PARAMETER ||
2018 GetLastError() == NTE_BAD_ALGID ||
2019 GetLastError() == OSS_BAD_PTR), /* Win9x */
2020 "Expected ERROR_INVALID_PARAMETER or NTE_BAD_ALGID, got %08x\n",
2022 algID.pszObjId = oid_rsa_md5;
2023 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2024 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
2025 /* oid_rsa_md5 not present in some win2k */
2028 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size);
2032 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
2033 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, buf, &size);
2034 ok(ret, "CryptSignAndEncodeCertificate failed: %08x\n",
2036 /* Tricky: because the NULL parameters may either be omitted or
2037 * included as an asn.1-encoded NULL (0x05,0x00), two different
2038 * values are allowed.
2040 ok(size == sizeof(md5SignedEmptyCert) ||
2041 size == sizeof(md5SignedEmptyCertNoNull), "Unexpected size %d\n",
2043 if (size == sizeof(md5SignedEmptyCert))
2044 ok(!memcmp(buf, md5SignedEmptyCert, size),
2045 "Unexpected value\n");
2046 else if (size == sizeof(md5SignedEmptyCertNoNull))
2047 ok(!memcmp(buf, md5SignedEmptyCertNoNull, size),
2048 "Unexpected value\n");
2049 HeapFree(GetProcessHeap(), 0, buf);
2054 static void testCreateSelfSignCert(void)
2056 PCCERT_CONTEXT context;
2057 CERT_NAME_BLOB name = { sizeof(subjectName), subjectName };
2061 CRYPT_KEY_PROV_INFO info;
2063 if (!pCertCreateSelfSignCertificate)
2065 win_skip("CertCreateSelfSignCertificate() is not available\n");
2070 context = pCertCreateSelfSignCertificate(0, NULL, 0, NULL, NULL, NULL, NULL,
2072 * Calling this with no first parameter creates a new key container, which
2073 * lasts beyond the test, so I don't test that. Nb: the generated key
2075 context = pCertCreateSelfSignCertificate(0, &name, 0, NULL, NULL, NULL, NULL,
2080 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2081 CRYPT_DELETEKEYSET);
2082 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2084 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
2086 context = pCertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
2088 ok(!context && GetLastError() == NTE_NO_KEY,
2089 "Expected NTE_NO_KEY, got %08x\n", GetLastError());
2090 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
2091 ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
2094 context = pCertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
2096 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08x\n",
2101 PCRYPT_KEY_PROV_INFO info;
2103 /* The context must have a key provider info property */
2104 ret = CertGetCertificateContextProperty(context,
2105 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
2106 ok(ret && size, "Expected non-zero key provider info\n");
2109 info = HeapAlloc(GetProcessHeap(), 0, size);
2112 ret = CertGetCertificateContextProperty(context,
2113 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
2114 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
2118 /* Sanity-check the key provider */
2119 ok(!lstrcmpW(info->pwszContainerName, cspNameW),
2120 "Unexpected key container\n");
2121 ok(!lstrcmpW(info->pwszProvName, MS_DEF_PROV_W),
2122 "Unexpected provider\n");
2123 ok(info->dwKeySpec == AT_SIGNATURE,
2124 "Expected AT_SIGNATURE, got %d\n", info->dwKeySpec);
2126 HeapFree(GetProcessHeap(), 0, info);
2130 CertFreeCertificateContext(context);
2133 CryptDestroyKey(key);
2136 CryptReleaseContext(csp, 0);
2137 ret = pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2138 CRYPT_DELETEKEYSET);
2139 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
2142 /* do the same test with AT_KEYEXCHANGE and key info*/
2143 memset(&info,0,sizeof(info));
2144 info.dwProvType = PROV_RSA_FULL;
2145 info.dwKeySpec = AT_KEYEXCHANGE;
2146 info.pwszProvName = (LPWSTR) MS_DEF_PROV_W;
2147 info.pwszContainerName = cspNameW;
2148 context = pCertCreateSelfSignCertificate(0, &name, 0, &info, NULL, NULL,
2150 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08x\n",
2155 PCRYPT_KEY_PROV_INFO info;
2157 /* The context must have a key provider info property */
2158 ret = CertGetCertificateContextProperty(context,
2159 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
2160 ok(ret && size, "Expected non-zero key provider info\n");
2163 info = HeapAlloc(GetProcessHeap(), 0, size);
2166 ret = CertGetCertificateContextProperty(context,
2167 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
2168 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
2172 /* Sanity-check the key provider */
2173 ok(!lstrcmpW(info->pwszContainerName, cspNameW),
2174 "Unexpected key container\n");
2175 ok(!lstrcmpW(info->pwszProvName, MS_DEF_PROV_W),
2176 "Unexpected provider\n");
2177 ok(info->dwKeySpec == AT_KEYEXCHANGE,
2178 "Expected AT_KEYEXCHANGE, got %d\n", info->dwKeySpec);
2180 HeapFree(GetProcessHeap(), 0, info);
2184 CertFreeCertificateContext(context);
2187 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
2188 CRYPT_DELETEKEYSET);
2191 static void testIntendedKeyUsage(void)
2194 CERT_INFO info = { 0 };
2195 static char oid_key_usage[] = szOID_KEY_USAGE;
2196 /* A couple "key usages". Really they're just encoded bits which aren't
2197 * necessarily restricted to the defined key usage values.
2199 static BYTE usage1[] = { 0x03,0x03,0x00,0xff,0xff };
2200 static BYTE usage2[] = { 0x03,0x03,0x01,0xff,0xfe };
2201 static const BYTE expected_usage1[] = { 0xff,0xff,0x00,0x00 };
2202 static const BYTE expected_usage2[] = { 0xff,0xfe,0x00,0x00 };
2203 CERT_EXTENSION ext = { oid_key_usage, TRUE, { sizeof(usage1), usage1 } };
2204 BYTE usage_bytes[4];
2209 CertGetIntendedKeyUsage(0, NULL, NULL, 0);
2211 ret = CertGetIntendedKeyUsage(0, &info, NULL, 0);
2212 ok(!ret, "expected failure\n");
2213 ret = CertGetIntendedKeyUsage(0, &info, usage_bytes, sizeof(usage_bytes));
2214 ok(!ret, "expected failure\n");
2215 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, NULL, 0);
2216 ok(!ret, "expected failure\n");
2217 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
2218 sizeof(usage_bytes));
2219 ok(!ret, "expected failure\n");
2220 info.cExtension = 1;
2221 info.rgExtension = &ext;
2222 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, NULL, 0);
2223 ok(!ret, "expected failure\n");
2224 /* The unused bytes are filled with 0. */
2225 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
2226 sizeof(usage_bytes));
2227 ok(ret, "CertGetIntendedKeyUsage failed: %08x\n", GetLastError());
2228 ok(!memcmp(usage_bytes, expected_usage1, sizeof(expected_usage1)),
2229 "unexpected value\n");
2230 /* The usage bytes are copied in big-endian order. */
2231 ext.Value.cbData = sizeof(usage2);
2232 ext.Value.pbData = usage2;
2233 ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
2234 sizeof(usage_bytes));
2235 ok(ret, "CertGetIntendedKeyUsage failed: %08x\n", GetLastError());
2236 ok(!memcmp(usage_bytes, expected_usage2, sizeof(expected_usage2)),
2237 "unexpected value\n");
2240 static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
2241 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
2243 static void testKeyUsage(void)
2246 PCCERT_CONTEXT context;
2249 /* Test base cases */
2250 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, NULL);
2251 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2252 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2254 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
2255 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2256 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2258 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
2259 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2260 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2262 ret = CertSetEnhancedKeyUsage(NULL, NULL);
2263 usage.cUsageIdentifier = 0;
2264 ret = CertSetEnhancedKeyUsage(NULL, &usage);
2266 /* Test with a cert with no enhanced key usage extension */
2267 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2269 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
2273 static const char oid[] = "1.2.3.4";
2274 BYTE buf[sizeof(CERT_ENHKEY_USAGE) + 2 * (sizeof(LPSTR) + sizeof(oid))];
2275 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2277 ret = CertGetEnhancedKeyUsage(context, 0, NULL, NULL);
2278 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2279 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
2281 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &size);
2284 /* Windows 2000, ME, or later: even though it succeeded, we expect
2285 * CRYPT_E_NOT_FOUND, which indicates there is no enhanced key
2286 * usage set for this cert (which implies it's valid for all uses.)
2288 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2289 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2290 ok(size == sizeof(CERT_ENHKEY_USAGE), "Wrong size %d\n", size);
2291 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2292 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2293 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2294 pUsage->cUsageIdentifier);
2298 /* Windows NT, 95, or 98: it fails, and the last error is
2299 * CRYPT_E_NOT_FOUND.
2301 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2302 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2304 /* I can add a usage identifier when no key usage has been set */
2305 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2306 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2309 ret = CertGetEnhancedKeyUsage(context,
2310 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2311 ok(ret && GetLastError() == 0,
2312 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2313 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %d\n",
2314 pUsage->cUsageIdentifier);
2315 if (pUsage->cUsageIdentifier)
2316 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2317 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2318 /* Now set an empty key usage */
2319 pUsage->cUsageIdentifier = 0;
2320 ret = CertSetEnhancedKeyUsage(context, pUsage);
2321 ok(ret, "CertSetEnhancedKeyUsage failed: %08x\n", GetLastError());
2322 /* Shouldn't find it in the cert */
2324 ret = CertGetEnhancedKeyUsage(context,
2325 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2326 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2327 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2328 /* Should find it as an extended property */
2329 ret = CertGetEnhancedKeyUsage(context,
2330 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2331 ok(ret && GetLastError() == 0,
2332 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2333 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2334 pUsage->cUsageIdentifier);
2335 /* Should find it as either */
2336 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2337 ok(ret && GetLastError() == 0,
2338 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2339 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2340 pUsage->cUsageIdentifier);
2341 /* Add a usage identifier */
2342 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2343 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2346 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2347 ok(ret && GetLastError() == 0,
2348 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2349 ok(pUsage->cUsageIdentifier == 1, "Expected 1 identifier, got %d\n",
2350 pUsage->cUsageIdentifier);
2351 if (pUsage->cUsageIdentifier)
2352 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2353 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2354 /* Re-adding the same usage identifier succeeds, though it only adds
2355 * a duplicate usage identifier on versions prior to Vista
2357 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2358 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2361 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2362 ok(ret && GetLastError() == 0,
2363 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2364 ok(pUsage->cUsageIdentifier == 1 || pUsage->cUsageIdentifier == 2,
2365 "Expected 1 or 2 identifiers, got %d\n", pUsage->cUsageIdentifier);
2366 if (pUsage->cUsageIdentifier)
2367 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2368 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2369 if (pUsage->cUsageIdentifier >= 2)
2370 ok(!strcmp(pUsage->rgpszUsageIdentifier[1], oid),
2371 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[1]);
2372 /* Now set a NULL extended property--this deletes the property. */
2373 ret = CertSetEnhancedKeyUsage(context, NULL);
2374 ok(ret, "CertSetEnhancedKeyUsage failed: %08x\n", GetLastError());
2375 SetLastError(0xbaadcafe);
2377 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2378 ok(ret || broken(!ret && GetLastError() == CRYPT_E_NOT_FOUND /* NT4 */),
2379 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2380 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2381 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2383 CertFreeCertificateContext(context);
2385 /* Now test with a cert with an enhanced key usage extension */
2386 context = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2387 sizeof(certWithUsage));
2388 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
2393 DWORD bufSize = 0, i;
2395 /* The size may depend on what flags are used to query it, so I
2396 * realloc the buffer for each test.
2398 ret = CertGetEnhancedKeyUsage(context,
2399 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2400 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2401 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2404 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2406 /* Should find it in the cert */
2408 ret = CertGetEnhancedKeyUsage(context,
2409 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2410 ok(ret && GetLastError() == 0,
2411 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2412 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2413 pUsage->cUsageIdentifier);
2414 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2415 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2416 "Expected %s, got %s\n", keyUsages[i],
2417 pUsage->rgpszUsageIdentifier[i]);
2418 HeapFree(GetProcessHeap(), 0, buf);
2420 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2421 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2422 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2425 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2427 /* Should find it as either */
2429 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2430 /* In Windows, GetLastError returns CRYPT_E_NOT_FOUND not found
2431 * here, even though the return is successful and the usage id
2432 * count is positive. I don't enforce that here.
2435 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2436 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2437 pUsage->cUsageIdentifier);
2438 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2439 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2440 "Expected %s, got %s\n", keyUsages[i],
2441 pUsage->rgpszUsageIdentifier[i]);
2442 HeapFree(GetProcessHeap(), 0, buf);
2444 /* Shouldn't find it as an extended property */
2445 ret = CertGetEnhancedKeyUsage(context,
2446 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size);
2447 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2448 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2449 /* Adding a usage identifier overrides the cert's usage!? */
2450 ret = CertAddEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2451 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2453 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2454 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2455 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2458 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2460 /* Should find it as either */
2462 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2464 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2465 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %d\n",
2466 pUsage->cUsageIdentifier);
2467 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], szOID_RSA_RSA),
2468 "Expected %s, got %s\n", szOID_RSA_RSA,
2469 pUsage->rgpszUsageIdentifier[0]);
2470 HeapFree(GetProcessHeap(), 0, buf);
2472 /* But querying the cert directly returns its usage */
2473 ret = CertGetEnhancedKeyUsage(context,
2474 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2475 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2476 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2479 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2482 ret = CertGetEnhancedKeyUsage(context,
2483 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2485 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2486 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2487 pUsage->cUsageIdentifier);
2488 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2489 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2490 "Expected %s, got %s\n", keyUsages[i],
2491 pUsage->rgpszUsageIdentifier[i]);
2492 HeapFree(GetProcessHeap(), 0, buf);
2494 /* And removing the only usage identifier in the extended property
2495 * results in the cert's key usage being found.
2497 ret = CertRemoveEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2498 ok(ret, "CertRemoveEnhancedKeyUsage failed: %08x\n", GetLastError());
2499 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2500 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2501 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2504 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2506 /* Should find it as either */
2508 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2510 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2511 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2512 pUsage->cUsageIdentifier);
2513 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2514 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2515 "Expected %s, got %s\n", keyUsages[i],
2516 pUsage->rgpszUsageIdentifier[i]);
2517 HeapFree(GetProcessHeap(), 0, buf);
2520 CertFreeCertificateContext(context);
2524 static const BYTE cert2WithUsage[] = {
2525 0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
2526 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
2527 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
2528 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
2529 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
2530 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
2531 0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x25,0x30,0x23,
2532 0x30,0x21,0x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x17,0x30,0x15,0x06,
2533 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x2a,0x86,0x48,0x86,
2534 0xf7,0x0d,0x01,0x01,0x01 };
2536 static void testGetValidUsages(void)
2538 static const LPCSTR expectedOIDs[] = {
2539 "1.3.6.1.5.5.7.3.3",
2540 "1.3.6.1.5.5.7.3.2",
2541 "1.2.840.113549.1.1.1",
2543 static const LPCSTR expectedOIDs2[] = {
2544 "1.3.6.1.5.5.7.3.2",
2545 "1.2.840.113549.1.1.1",
2551 PCCERT_CONTEXT contexts[3];
2553 if (!pCertGetValidUsages)
2555 win_skip("CertGetValidUsages() is not available\n");
2560 ret = pCertGetValidUsages(0, NULL, NULL, NULL, NULL);
2561 ret = pCertGetValidUsages(0, NULL, NULL, NULL, &size);
2564 numOIDs = size = 0xdeadbeef;
2565 SetLastError(0xdeadbeef);
2566 ret = pCertGetValidUsages(1, &contexts[0], &numOIDs, NULL, &size);
2567 ok(ret, "CertGetValidUsages failed: %d\n", GetLastError());
2568 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2569 ok(size == 0, "Expected size 0, got %d\n", size);
2570 contexts[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2572 contexts[1] = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2573 sizeof(certWithUsage));
2574 contexts[2] = CertCreateCertificateContext(X509_ASN_ENCODING,
2575 cert2WithUsage, sizeof(cert2WithUsage));
2576 numOIDs = size = 0xdeadbeef;
2577 ret = pCertGetValidUsages(0, NULL, &numOIDs, NULL, &size);
2578 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2579 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2580 ok(size == 0, "Expected size 0, got %d\n", size);
2581 numOIDs = size = 0xdeadbeef;
2582 ret = pCertGetValidUsages(1, contexts, &numOIDs, NULL, &size);
2583 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2584 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2585 ok(size == 0, "Expected size 0, got %d\n", size);
2586 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, NULL, &size);
2587 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2588 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2589 ok(size, "Expected non-zero size\n");
2590 oids = HeapAlloc(GetProcessHeap(), 0, size);
2594 DWORD smallSize = 1;
2596 SetLastError(0xdeadbeef);
2597 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, oids, &smallSize);
2598 ok(!ret && GetLastError() == ERROR_MORE_DATA,
2599 "Expected ERROR_MORE_DATA, got %d\n", GetLastError());
2600 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2601 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2602 for (i = 0; i < numOIDs; i++)
2603 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2605 HeapFree(GetProcessHeap(), 0, oids);
2607 numOIDs = size = 0xdeadbeef;
2608 /* Oddly enough, this crashes when the number of contexts is not 1:
2609 ret = pCertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2610 * but setting size to 0 allows it to succeed:
2613 ret = pCertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2614 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2615 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2616 ok(size, "Expected non-zero size\n");
2617 oids = HeapAlloc(GetProcessHeap(), 0, size);
2622 ret = pCertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2623 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2624 for (i = 0; i < numOIDs; i++)
2625 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2627 HeapFree(GetProcessHeap(), 0, oids);
2629 numOIDs = 0xdeadbeef;
2631 ret = pCertGetValidUsages(1, &contexts[2], &numOIDs, NULL, &size);
2632 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2633 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2634 ok(size, "Expected non-zero size\n");
2635 oids = HeapAlloc(GetProcessHeap(), 0, size);
2640 ret = pCertGetValidUsages(1, &contexts[2], &numOIDs, oids, &size);
2641 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2642 for (i = 0; i < numOIDs; i++)
2643 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2645 HeapFree(GetProcessHeap(), 0, oids);
2647 numOIDs = 0xdeadbeef;
2649 ret = pCertGetValidUsages(3, contexts, &numOIDs, NULL, &size);
2650 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2651 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2652 ok(size, "Expected non-zero size\n");
2653 oids = HeapAlloc(GetProcessHeap(), 0, size);
2658 ret = pCertGetValidUsages(3, contexts, &numOIDs, oids, &size);
2659 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2660 for (i = 0; i < numOIDs; i++)
2661 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2663 HeapFree(GetProcessHeap(), 0, oids);
2665 CertFreeCertificateContext(contexts[0]);
2666 CertFreeCertificateContext(contexts[1]);
2667 CertFreeCertificateContext(contexts[2]);
2670 static BYTE cn[] = {
2671 0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,
2672 0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67 };
2673 static BYTE cnWithLeadingSpace[] = {
2674 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x20,0x4a,
2675 0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67 };
2676 static BYTE cnWithTrailingSpace[] = {
2677 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
2678 0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x20 };
2679 static BYTE cnWithIntermediateSpace[] = {
2680 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
2681 0x61,0x6e,0x20,0x20,0x4c,0x61,0x6e,0x67 };
2682 static BYTE cnThenO[] = {
2683 0x30,0x2d,0x31,0x2b,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,
2684 0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x17,0x06,0x03,0x55,0x04,0x0a,0x13,
2685 0x10,0x54,0x68,0x65,0x20,0x57,0x69,0x6e,0x65,0x20,0x50,0x72,0x6f,0x6a,0x65,
2687 static BYTE oThenCN[] = {
2688 0x30,0x2d,0x31,0x2b,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x4a,0x75,
2689 0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,
2690 0x10,0x54,0x68,0x65,0x20,0x57,0x69,0x6e,0x65,0x20,0x50,0x72,0x6f,0x6a,0x65,
2693 static void testCompareCertName(void)
2695 static BYTE bogus[] = { 1, 2, 3, 4 };
2696 static BYTE bogusPrime[] = { 0, 1, 2, 3, 4 };
2697 static BYTE emptyPrime[] = { 0x30, 0x00, 0x01 };
2699 CERT_NAME_BLOB blob1, blob2;
2702 ret = CertCompareCertificateName(0, NULL, NULL);
2704 /* An empty name checks against itself.. */
2705 blob1.pbData = emptyCert;
2706 blob1.cbData = sizeof(emptyCert);
2707 ret = CertCompareCertificateName(0, &blob1, &blob1);
2708 ok(ret, "CertCompareCertificateName failed: %08x\n", GetLastError());
2709 /* It doesn't have to be a valid encoded name.. */
2710 blob1.pbData = bogus;
2711 blob1.cbData = sizeof(bogus);
2712 ret = CertCompareCertificateName(0, &blob1, &blob1);
2713 ok(ret, "CertCompareCertificateName failed: %08x\n", GetLastError());
2714 /* Leading zeroes matter.. */
2715 blob2.pbData = bogusPrime;
2716 blob2.cbData = sizeof(bogusPrime);
2717 ret = CertCompareCertificateName(0, &blob1, &blob2);
2718 ok(!ret, "Expected failure\n");
2719 /* As do trailing extra bytes. */
2720 blob2.pbData = emptyPrime;
2721 blob2.cbData = sizeof(emptyPrime);
2722 ret = CertCompareCertificateName(0, &blob1, &blob2);
2723 ok(!ret, "Expected failure\n");
2724 /* Tests to show that CertCompareCertificateName doesn't decode the name
2725 * to remove spaces, or to do an order-independent comparison.
2727 /* Compare CN="Juan Lang" with CN=" Juan Lang" */
2729 blob1.cbData = sizeof(cn);
2730 blob2.pbData = cnWithLeadingSpace;
2731 blob2.cbData = sizeof(cnWithLeadingSpace);
2732 ret = CertCompareCertificateName(0, &blob1, &blob2);
2733 ok(!ret, "Expected failure\n");
2734 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
2735 ok(!ret, "Expected failure\n");
2736 /* Compare CN="Juan Lang" with CN="Juan Lang " */
2737 blob2.pbData = cnWithTrailingSpace;
2738 blob2.cbData = sizeof(cnWithTrailingSpace);
2739 ret = CertCompareCertificateName(0, &blob1, &blob2);
2740 ok(!ret, "Expected failure\n");
2741 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
2742 ok(!ret, "Expected failure\n");
2743 /* Compare CN="Juan Lang" with CN="Juan Lang" */
2744 blob2.pbData = cnWithIntermediateSpace;
2745 blob2.cbData = sizeof(cnWithIntermediateSpace);
2746 ret = CertCompareCertificateName(0, &blob1, &blob2);
2747 ok(!ret, "Expected failure\n");
2748 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
2749 ok(!ret, "Expected failure\n");
2750 /* Compare 'CN="Juan Lang", O="The Wine Project"' with
2751 * 'O="The Wine Project", CN="Juan Lang"'
2753 blob1.pbData = cnThenO;
2754 blob1.cbData = sizeof(cnThenO);
2755 blob2.pbData = oThenCN;
2756 blob2.cbData = sizeof(oThenCN);
2757 ret = CertCompareCertificateName(0, &blob1, &blob2);
2758 ok(!ret, "Expected failure\n");
2759 ret = CertCompareCertificateName(X509_ASN_ENCODING, &blob1, &blob2);
2760 ok(!ret, "Expected failure\n");
2763 static void testIsRDNAttrsInCertificateName(void)
2765 static char oid_1_2_3[] = "1.2.3";
2766 static char oid_common_name[] = szOID_COMMON_NAME;
2767 static char oid_organization[] = szOID_ORGANIZATION_NAME;
2768 static char juan[] = "Juan Lang";
2769 static char juan_with_leading_space[] = " Juan Lang";
2770 static char juan_with_intermediate_space[] = "Juan Lang";
2771 static char juan_with_trailing_space[] = "Juan Lang ";
2772 static char juan_lower_case[] = "juan lang";
2773 static WCHAR juanW[] = { 'J','u','a','n',' ','L','a','n','g',0 };
2774 static char the_wine_project[] = "The Wine Project";
2776 CERT_NAME_BLOB name;
2777 CERT_RDN_ATTR attr[2];
2778 CERT_RDN rdn = { 0, NULL };
2780 name.cbData = sizeof(cn);
2785 CertIsRDNAttrsInCertificateName(0, 0, NULL, NULL);
2786 CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, NULL);
2788 SetLastError(0xdeadbeef);
2789 ret = CertIsRDNAttrsInCertificateName(0, 0, &name, NULL);
2790 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2791 "expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2792 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2793 ok(ret, "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError());
2794 attr[0].pszObjId = oid_1_2_3;
2795 rdn.rgRDNAttr = attr;
2797 SetLastError(0xdeadbeef);
2798 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2799 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2800 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2801 attr[0].pszObjId = oid_common_name;
2802 attr[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
2803 attr[0].Value.cbData = strlen(juan);
2804 attr[0].Value.pbData = (BYTE *)juan;
2805 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2806 ok(ret, "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError());
2807 /* Again, spaces are not removed for name comparison. */
2808 attr[0].Value.cbData = strlen(juan_with_leading_space);
2809 attr[0].Value.pbData = (BYTE *)juan_with_leading_space;
2810 SetLastError(0xdeadbeef);
2811 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2812 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2813 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2814 attr[0].Value.cbData = strlen(juan_with_intermediate_space);
2815 attr[0].Value.pbData = (BYTE *)juan_with_intermediate_space;
2816 SetLastError(0xdeadbeef);
2817 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2818 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2819 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2820 attr[0].Value.cbData = strlen(juan_with_trailing_space);
2821 attr[0].Value.pbData = (BYTE *)juan_with_trailing_space;
2822 SetLastError(0xdeadbeef);
2823 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2824 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2825 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2826 /* The lower case name isn't matched unless a case insensitive match is
2829 attr[0].Value.cbData = strlen(juan_lower_case);
2830 attr[0].Value.pbData = (BYTE *)juan_lower_case;
2831 SetLastError(0xdeadbeef);
2832 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2833 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2834 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2835 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING,
2836 CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG, &name, &rdn);
2838 broken(!ret && GetLastError() == CRYPT_E_NO_MATCH), /* Older crypt32 */
2839 "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError());
2840 /* The values don't match unless they have the same RDN type */
2841 attr[0].dwValueType = CERT_RDN_UNICODE_STRING;
2842 attr[0].Value.cbData = lstrlenW(juanW) * sizeof(WCHAR);
2843 attr[0].Value.pbData = (BYTE *)juanW;
2844 SetLastError(0xdeadbeef);
2845 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2846 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2847 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2848 SetLastError(0xdeadbeef);
2849 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING,
2850 CERT_UNICODE_IS_RDN_ATTRS_FLAG, &name, &rdn);
2851 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2852 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2853 attr[0].dwValueType = CERT_RDN_IA5_STRING;
2854 attr[0].Value.cbData = strlen(juan);
2855 attr[0].Value.pbData = (BYTE *)juan;
2856 SetLastError(0xdeadbeef);
2857 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2858 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2859 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2860 /* All attributes must be present */
2861 attr[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
2862 attr[0].Value.cbData = strlen(juan);
2863 attr[0].Value.pbData = (BYTE *)juan;
2864 attr[1].pszObjId = oid_organization;
2865 attr[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
2866 attr[1].Value.cbData = strlen(the_wine_project);
2867 attr[1].Value.pbData = (BYTE *)the_wine_project;
2869 SetLastError(0xdeadbeef);
2870 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2871 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2872 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2873 /* Order also matters */
2874 name.pbData = cnThenO;
2875 name.cbData = sizeof(cnThenO);
2876 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2877 ok(ret, "CertIsRDNAttrsInCertificateName failed: %08x\n", GetLastError());
2878 name.pbData = oThenCN;
2879 name.cbData = sizeof(oThenCN);
2880 SetLastError(0xdeadbeef);
2881 ret = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, 0, &name, &rdn);
2882 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
2883 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
2886 static BYTE int1[] = { 0x88, 0xff, 0xff, 0xff };
2887 static BYTE int2[] = { 0x88, 0xff };
2888 static BYTE int3[] = { 0x23, 0xff };
2889 static BYTE int4[] = { 0x7f, 0x00 };
2890 static BYTE int5[] = { 0x7f };
2891 static BYTE int6[] = { 0x80, 0x00, 0x00, 0x00 };
2892 static BYTE int7[] = { 0x80, 0x00 };
2894 static struct IntBlobTest
2896 CRYPT_INTEGER_BLOB blob1;
2897 CRYPT_INTEGER_BLOB blob2;
2900 { { sizeof(int1), int1 }, { sizeof(int2), int2 }, TRUE },
2901 { { sizeof(int3), int3 }, { sizeof(int3), int3 }, TRUE },
2902 { { sizeof(int4), int4 }, { sizeof(int5), int5 }, TRUE },
2903 { { sizeof(int6), int6 }, { sizeof(int7), int7 }, TRUE },
2904 { { sizeof(int1), int1 }, { sizeof(int7), int7 }, FALSE },
2907 static void testCompareIntegerBlob(void)
2912 for (i = 0; i < sizeof(intBlobs) / sizeof(intBlobs[0]); i++)
2914 ret = CertCompareIntegerBlob(&intBlobs[i].blob1, &intBlobs[i].blob2);
2915 ok(ret == intBlobs[i].areEqual,
2916 "%d: expected blobs %s compare\n", i, intBlobs[i].areEqual ?
2921 static void testComparePublicKeyInfo(void)
2924 CERT_PUBLIC_KEY_INFO info1 = { { 0 } }, info2 = { { 0 } };
2925 static CHAR oid_rsa_rsa[] = szOID_RSA_RSA;
2926 static CHAR oid_rsa_sha1rsa[] = szOID_RSA_SHA1RSA;
2927 static CHAR oid_x957_dsa[] = szOID_X957_DSA;
2928 static BYTE bits1[] = { 1, 0 };
2929 static BYTE bits2[] = { 0 };
2930 static BYTE bits3[] = { 1 };
2931 static BYTE bits4[] = { 0x30,8, 2,1,0x81, 2,3,1,0,1 };
2932 static BYTE bits5[] = { 0x30,9, 2,2,0,0x81, 2,3,1,0,1 };
2933 static BYTE bits6[] = { 0x30,9, 2,2,0,0x82, 2,3,1,0,1 };
2936 ret = CertComparePublicKeyInfo(0, NULL, NULL);
2938 /* Empty public keys compare */
2939 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2940 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2941 /* Different OIDs appear to compare */
2942 info1.Algorithm.pszObjId = oid_rsa_rsa;
2943 info2.Algorithm.pszObjId = oid_rsa_sha1rsa;
2944 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2945 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2946 info2.Algorithm.pszObjId = oid_x957_dsa;
2947 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2948 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2949 info1.PublicKey.cbData = sizeof(bits1);
2950 info1.PublicKey.pbData = bits1;
2951 info1.PublicKey.cUnusedBits = 0;
2952 info2.PublicKey.cbData = sizeof(bits1);
2953 info2.PublicKey.pbData = bits1;
2954 info2.PublicKey.cUnusedBits = 0;
2955 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2956 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2957 info2.Algorithm.pszObjId = oid_rsa_rsa;
2958 info1.PublicKey.cbData = sizeof(bits4);
2959 info1.PublicKey.pbData = bits4;
2960 info1.PublicKey.cUnusedBits = 0;
2961 info2.PublicKey.cbData = sizeof(bits5);
2962 info2.PublicKey.pbData = bits5;
2963 info2.PublicKey.cUnusedBits = 0;
2964 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2965 ok(!ret, "CertComparePublicKeyInfo: as raw binary: keys should be unequal\n");
2966 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
2968 broken(!ret), /* win9x */
2969 "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
2970 info1.PublicKey.cUnusedBits = 1;
2971 info2.PublicKey.cUnusedBits = 5;
2972 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
2974 broken(!ret), /* win9x */
2975 "CertComparePublicKeyInfo: ASN.1 encoding should ignore cUnusedBits\n");
2976 info1.PublicKey.cUnusedBits = 0;
2977 info2.PublicKey.cUnusedBits = 0;
2978 info1.PublicKey.cbData--; /* kill one byte, make ASN.1 encoded data invalid */
2979 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
2980 ok(!ret, "CertComparePublicKeyInfo: comparing bad ASN.1 encoded key should fail\n");
2981 /* Even though they compare in their used bits, these do not compare */
2982 info1.PublicKey.cbData = sizeof(bits2);
2983 info1.PublicKey.pbData = bits2;
2984 info1.PublicKey.cUnusedBits = 0;
2985 info2.PublicKey.cbData = sizeof(bits3);
2986 info2.PublicKey.pbData = bits3;
2987 info2.PublicKey.cUnusedBits = 1;
2988 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2989 /* Simple (non-comparing) case */
2990 ok(!ret, "Expected keys not to compare\n");
2991 info2.PublicKey.cbData = sizeof(bits1);
2992 info2.PublicKey.pbData = bits1;
2993 info2.PublicKey.cUnusedBits = 0;
2994 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2995 ok(!ret, "Expected keys not to compare\n");
2996 /* ASN.1 encoded non-comparing case */
2997 info1.PublicKey.cbData = sizeof(bits5);
2998 info1.PublicKey.pbData = bits5;
2999 info1.PublicKey.cUnusedBits = 0;
3000 info2.PublicKey.cbData = sizeof(bits6);
3001 info2.PublicKey.pbData = bits6;
3002 info2.PublicKey.cUnusedBits = 0;
3003 ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
3004 ok(!ret, "CertComparePublicKeyInfo: different keys should be unequal\n");
3007 static void testHashPublicKeyInfo(void)
3010 CERT_PUBLIC_KEY_INFO info = { { 0 } };
3014 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, NULL);
3015 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, &info, NULL, NULL);
3017 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, &len);
3018 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
3019 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
3020 /* Crashes on some win9x boxes */
3023 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, NULL, NULL, &len);
3024 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
3025 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
3027 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, NULL, &len);
3029 broken(!ret), /* win9x */
3030 "CryptHashPublicKeyInfo failed: %08x\n", GetLastError());
3033 ok(len == 16, "Expected hash size 16, got %d\n", len);
3036 static const BYTE emptyHash[] = { 0xb8,0x51,0x3a,0x31,0x0e,0x9f,0x40,
3037 0x36,0x9c,0x92,0x45,0x1b,0x9d,0xc8,0xf9,0xf6 };
3040 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, buf,
3042 ok(ret, "CryptHashPublicKeyInfo failed: %08x\n", GetLastError());
3043 ok(!memcmp(buf, emptyHash, len), "Unexpected hash\n");
3048 static const BYTE md5SignedEmptyCertHash[] = { 0xfb,0x0f,0x66,0x82,0x66,0xd9,
3049 0xe5,0xf8,0xd8,0xa2,0x55,0x2b,0xe1,0xa5,0xd9,0x04 };
3051 static void testHashToBeSigned(void)
3060 CryptHashToBeSigned(0, 0, NULL, 0, NULL, NULL);
3062 SetLastError(0xdeadbeef);
3063 ret = CryptHashToBeSigned(0, 0, NULL, 0, NULL, &size);
3064 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
3065 "expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
3066 SetLastError(0xdeadbeef);
3067 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, NULL, 0, NULL, &size);
3069 (GetLastError() == CRYPT_E_ASN1_EOD ||
3070 GetLastError() == OSS_BAD_ARG), /* win9x */
3071 "expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
3072 /* Can't sign anything: has to be asn.1 encoded, at least */
3073 SetLastError(0xdeadbeef);
3074 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, int1, sizeof(int1),
3077 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
3078 GetLastError() == OSS_MORE_INPUT), /* win9x */
3079 "expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
3080 /* Can't be empty, either */
3081 SetLastError(0xdeadbeef);
3082 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, emptyCert,
3083 sizeof(emptyCert), NULL, &size);
3085 (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
3086 GetLastError() == OSS_DATA_ERROR), /* win9x */
3087 "expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
3088 /* Signing a cert works */
3089 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, md5SignedEmptyCert,
3090 sizeof(md5SignedEmptyCert), NULL, &size);
3092 broken(!ret), /* win9x */
3093 "CryptHashToBeSigned failed: %08x\n", GetLastError());
3096 ok(size == sizeof(md5SignedEmptyCertHash), "unexpected size %d\n", size);
3099 ret = CryptHashToBeSigned(0, X509_ASN_ENCODING, md5SignedEmptyCert,
3100 sizeof(md5SignedEmptyCert), hash, &size);
3101 ok(ret || broken(!ret && GetLastError() == NTE_BAD_ALGID) /* NT4 */,
3102 "CryptHashToBeSigned failed: %08x\n", GetLastError());
3104 ok(!memcmp(hash, md5SignedEmptyCertHash, size), "unexpected value\n");
3107 static void testCompareCert(void)
3109 CERT_INFO info1 = { 0 }, info2 = { 0 };
3114 CertCompareCertificate(X509_ASN_ENCODING, NULL, NULL);
3116 /* Certs with the same issuer and serial number are equal, even if they
3117 * differ in other respects (like subject).
3119 info1.SerialNumber.pbData = serialNum;
3120 info1.SerialNumber.cbData = sizeof(serialNum);
3121 info1.Issuer.pbData = subjectName;
3122 info1.Issuer.cbData = sizeof(subjectName);
3123 info1.Subject.pbData = subjectName2;
3124 info1.Subject.cbData = sizeof(subjectName2);
3125 info2.SerialNumber.pbData = serialNum;
3126 info2.SerialNumber.cbData = sizeof(serialNum);
3127 info2.Issuer.pbData = subjectName;
3128 info2.Issuer.cbData = sizeof(subjectName);
3129 info2.Subject.pbData = subjectName;
3130 info2.Subject.cbData = sizeof(subjectName);
3131 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
3132 ok(ret, "Expected certs to be equal\n");
3134 info2.Issuer.pbData = subjectName2;
3135 info2.Issuer.cbData = sizeof(subjectName2);
3136 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
3137 ok(!ret, "Expected certs not to be equal\n");
3140 static void testVerifySubjectCert(void)
3144 PCCERT_CONTEXT context1, context2;
3147 ret = CertVerifySubjectCertificateContext(NULL, NULL, NULL);
3150 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
3151 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
3153 flags = CERT_STORE_NO_CRL_FLAG;
3154 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
3155 ok(!ret && GetLastError() == E_INVALIDARG,
3156 "Expected E_INVALIDARG, got %08x\n", GetLastError());
3159 context1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
3161 ret = CertVerifySubjectCertificateContext(NULL, context1, &flags);
3162 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
3164 ret = CertVerifySubjectCertificateContext(context1, NULL, &flags);
3165 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
3167 ret = CertVerifySubjectCertificateContext(context1, context1, &flags);
3168 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
3171 context2 = CertCreateCertificateContext(X509_ASN_ENCODING,
3172 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject));
3173 SetLastError(0xdeadbeef);
3174 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
3175 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
3177 flags = CERT_STORE_REVOCATION_FLAG;
3178 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
3179 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
3181 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
3182 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08x\n",
3184 flags = CERT_STORE_SIGNATURE_FLAG;
3185 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
3186 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
3188 ok(flags == CERT_STORE_SIGNATURE_FLAG,
3189 "Expected CERT_STORE_SIGNATURE_FLAG, got %08x\n", flags);
3190 CertFreeCertificateContext(context2);
3192 CertFreeCertificateContext(context1);
3195 static const BYTE rootWithKeySignAndCRLSign[] = {
3196 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
3197 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
3198 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
3199 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
3200 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
3201 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
3202 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
3203 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
3204 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
3205 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
3206 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
3207 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
3208 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
3209 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
3210 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
3211 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
3212 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
3213 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
3214 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
3215 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
3216 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
3217 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
3218 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
3219 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
3220 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
3221 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
3222 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
3223 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
3224 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
3225 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
3226 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
3227 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
3229 static const BYTE eeCert[] = {
3230 0x30,0x82,0x01,0xb9,0x30,0x82,0x01,0x22,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,
3231 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
3232 0x00,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,
3233 0x65,0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,
3234 0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,
3235 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,
3236 0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,
3237 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
3238 0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,
3239 0x33,0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,
3240 0xdc,0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,
3241 0x48,0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,
3242 0x47,0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,
3243 0x05,0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,
3244 0x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,
3245 0x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,
3246 0xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,
3247 0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x23,0x30,0x21,0x30,0x1f,0x06,0x03,0x55,
3248 0x1d,0x23,0x04,0x18,0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,
3249 0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,
3250 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,
3251 0x81,0x00,0x8a,0x49,0xa9,0x86,0x5e,0xc9,0x33,0x7e,0xfd,0xab,0x64,0x1f,0x6d,
3252 0x00,0xd7,0x9b,0xec,0xd1,0x5b,0x38,0xcc,0xd6,0xf3,0xf2,0xb4,0x75,0x70,0x00,
3253 0x82,0x9d,0x37,0x58,0xe1,0xcd,0x2c,0x61,0xb3,0x28,0xe7,0x8a,0x00,0xbe,0x6e,
3254 0xca,0xe8,0x55,0xd5,0xad,0x3a,0xea,0xaf,0x13,0x20,0x1c,0x44,0xfc,0xb4,0xf9,
3255 0x29,0x2b,0xdc,0x8a,0x2d,0x1b,0x27,0x9e,0xb9,0x3b,0x4a,0x71,0x9d,0x47,0x7d,
3256 0xf7,0x92,0x6b,0x21,0x7f,0xfa,0x88,0x79,0x94,0x33,0xf6,0xdd,0x92,0x04,0x92,
3257 0xd6,0x5e,0x0a,0x74,0xf2,0x85,0xa6,0xd5,0x3c,0x28,0xc0,0x89,0x5d,0xda,0xf3,
3258 0xa6,0x01,0xc2,0xe9,0xa3,0xc1,0xb7,0x21,0x08,0xba,0x18,0x07,0x45,0xeb,0x77,
3259 0x7d,0xcd,0xc6,0xe7,0x2a,0x7b,0x46,0xd2,0x3d,0xb5 };
3260 static const BYTE rootSignedCRL[] = {
3261 0x30,0x82,0x01,0x1f,0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
3262 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
3263 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
3264 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
3265 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
3266 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
3267 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x0a,0x06,0x03,0x55,0x1d,
3268 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,
3269 0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,
3270 0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,
3271 0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xa3,0xcf,
3272 0x17,0x5d,0x7a,0x08,0xab,0x11,0x1a,0xbd,0x5c,0xde,0x9a,0x22,0x92,0x38,0xe6,
3273 0x96,0xcc,0xb1,0xc5,0x42,0x86,0xa6,0xae,0xad,0xa3,0x1a,0x2b,0xa0,0xb0,0x65,
3274 0xaa,0x9c,0xd7,0x2d,0x44,0x8c,0xae,0x61,0xc7,0x30,0x17,0x89,0x84,0x3b,0x4a,
3275 0x8f,0x17,0x08,0x06,0x37,0x1c,0xf7,0x2d,0x4e,0x47,0x07,0x61,0x50,0xd9,0x06,
3276 0xd1,0x46,0xed,0x0a,0xbb,0xc3,0x9b,0x36,0x0b,0xa7,0x27,0x2f,0x2b,0x55,0xce,
3277 0x2a,0xa5,0x60,0xc6,0x53,0x28,0xe8,0xee,0xad,0x0e,0x2b,0xe8,0xd7,0x5f,0xc9,
3278 0xa5,0xed,0xf9,0x77,0xb0,0x3c,0x81,0xcf,0xcc,0x49,0xb2,0x1a,0xc3,0xfd,0x34,
3279 0xd5,0xbc,0xb0,0xd5,0xa5,0x9c,0x1b,0x72,0xc3,0x0f,0xa3,0xe3,0x3c,0xf0,0xc3,
3280 0x91,0xe8,0x93,0x4f,0xd4,0x2f };
3282 static void testVerifyRevocation(void)
3285 CERT_REVOCATION_STATUS status = { 0 };
3286 PCCERT_CONTEXT certs[2];
3287 CERT_REVOCATION_PARA revPara = { sizeof(revPara), 0 };
3290 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL);
3292 SetLastError(0xdeadbeef);
3293 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
3294 ok(!ret && GetLastError() == E_INVALIDARG,
3295 "Expected E_INVALIDARG, got %08x\n", GetLastError());
3296 status.cbSize = sizeof(status);
3297 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
3298 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
3299 ret = CertVerifyRevocation(0, 2, 0, NULL, 0, NULL, &status);
3300 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
3301 ret = CertVerifyRevocation(2, 0, 0, NULL, 0, NULL, &status);
3302 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
3303 certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
3305 SetLastError(0xdeadbeef);
3306 ret = CertVerifyRevocation(0, 0, 1, (void **)certs, 0, NULL, &status);
3307 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
3308 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError());
3309 SetLastError(0xdeadbeef);
3310 ret = CertVerifyRevocation(0, 2, 1, (void **)certs, 0, NULL, &status);
3311 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
3312 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError());
3314 CertFreeCertificateContext(certs[0]);
3316 certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING,
3317 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
3318 certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING,
3319 eeCert, sizeof(eeCert));
3320 /* The root cert itself can't be checked for revocation */
3321 SetLastError(0xdeadbeef);
3322 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3323 1, (void **)certs, 0, NULL, &status);
3324 if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
3326 win_skip("CERT_CONTEXT_REVOCATION_TYPE unsupported, skipping\n");
3329 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
3330 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
3331 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3332 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
3333 ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
3334 /* Neither can the end cert */
3335 SetLastError(0xdeadbeef);
3336 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3337 1, (void **)&certs[1], 0, NULL, &status);
3338 ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* Win9x */ ||
3339 GetLastError() == CRYPT_E_REVOCATION_OFFLINE),
3340 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n",
3342 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK /* Win9x */ ||
3343 status.dwError == CRYPT_E_REVOCATION_OFFLINE,
3344 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n",
3346 ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
3347 /* Both certs together can't, either (they're not CRLs) */
3348 SetLastError(0xdeadbeef);
3349 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3350 2, (void **)certs, 0, NULL, &status);
3351 ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK ||
3352 GetLastError() == CRYPT_E_REVOCATION_OFFLINE /* WinME */),
3353 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n",
3355 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK ||
3356 status.dwError == CRYPT_E_REVOCATION_OFFLINE /* WinME */,
3357 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n",
3359 ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
3360 ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
3361 /* Now add a CRL to the hCrlStore */
3362 revPara.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
3363 CERT_STORE_CREATE_NEW_FLAG, NULL);
3364 CertAddEncodedCRLToStore(revPara.hCrlStore, X509_ASN_ENCODING,
3365 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
3366 SetLastError(0xdeadbeef);
3367 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3368 2, (void **)certs, 0, &revPara, &status);
3369 ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK ||
3370 GetLastError() == CRYPT_E_REVOCATION_OFFLINE /* WinME */),
3371 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n",
3373 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK ||
3374 status.dwError == CRYPT_E_REVOCATION_OFFLINE /* WinME */,
3375 "expected CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_REVOCATION_OFFLINE, got %08x\n",
3377 ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
3378 /* Specifying CERT_VERIFY_REV_CHAIN_FLAG doesn't change things either */
3379 SetLastError(0xdeadbeef);
3380 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3381 2, (void **)certs, CERT_VERIFY_REV_CHAIN_FLAG, &revPara, &status);
3382 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
3383 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
3384 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
3385 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
3386 ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
3387 /* Again, specifying the issuer cert: no change */
3388 revPara.pIssuerCert = certs[0];
3389 SetLastError(0xdeadbeef);
3390 ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
3391 1, (void **)&certs[1], 0, &revPara, &status);
3392 /* Win2k thinks the cert is revoked, and it is, except the CRL is out of
3393 * date, hence the revocation status should be unknown.
3395 ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK ||
3396 broken(GetLastError() == CRYPT_E_REVOKED /* Win2k */)),
3397 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
3398 ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK ||
3399 broken(status.dwError == CRYPT_E_REVOKED /* Win2k */),
3400 "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
3401 ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
3402 CertCloseStore(revPara.hCrlStore, 0);
3403 CertFreeCertificateContext(certs[1]);
3404 CertFreeCertificateContext(certs[0]);
3407 static BYTE privKey[] = {
3408 0x07, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00,
3409 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x79, 0x10, 0x1c, 0xd0, 0x6b, 0x10,
3410 0x18, 0x30, 0x94, 0x61, 0xdc, 0x0e, 0xcb, 0x96, 0x4e, 0x21, 0x3f, 0x79, 0xcd,
3411 0xa9, 0x17, 0x62, 0xbc, 0xbb, 0x61, 0x4c, 0xe0, 0x75, 0x38, 0x6c, 0xf3, 0xde,
3412 0x60, 0x86, 0x03, 0x97, 0x65, 0xeb, 0x1e, 0x6b, 0xdb, 0x53, 0x85, 0xad, 0x68,
3413 0x21, 0xf1, 0x5d, 0xe7, 0x1f, 0xe6, 0x53, 0xb4, 0xbb, 0x59, 0x3e, 0x14, 0x27,
3414 0xb1, 0x83, 0xa7, 0x3a, 0x54, 0xe2, 0x8f, 0x65, 0x8e, 0x6a, 0x4a, 0xcf, 0x3b,
3415 0x1f, 0x65, 0xff, 0xfe, 0xf1, 0x31, 0x3a, 0x37, 0x7a, 0x8b, 0xcb, 0xc6, 0xd4,
3416 0x98, 0x50, 0x36, 0x67, 0xe4, 0xa1, 0xe8, 0x7e, 0x8a, 0xc5, 0x23, 0xf2, 0x77,
3417 0xf5, 0x37, 0x61, 0x49, 0x72, 0x59, 0xe8, 0x3d, 0xf7, 0x60, 0xb2, 0x77, 0xca,
3418 0x78, 0x54, 0x6d, 0x65, 0x9e, 0x03, 0x97, 0x1b, 0x61, 0xbd, 0x0c, 0xd8, 0x06,
3419 0x63, 0xe2, 0xc5, 0x48, 0xef, 0xb3, 0xe2, 0x6e, 0x98, 0x7d, 0xbd, 0x4e, 0x72,
3420 0x91, 0xdb, 0x31, 0x57, 0xe3, 0x65, 0x3a, 0x49, 0xca, 0xec, 0xd2, 0x02, 0x4e,
3421 0x22, 0x7e, 0x72, 0x8e, 0xf9, 0x79, 0x84, 0x82, 0xdf, 0x7b, 0x92, 0x2d, 0xaf,
3422 0xc9, 0xe4, 0x33, 0xef, 0x89, 0x5c, 0x66, 0x99, 0xd8, 0x80, 0x81, 0x47, 0x2b,
3423 0xb1, 0x66, 0x02, 0x84, 0x59, 0x7b, 0xc3, 0xbe, 0x98, 0x45, 0x4a, 0x3d, 0xdd,
3424 0xea, 0x2b, 0xdf, 0x4e, 0xb4, 0x24, 0x6b, 0xec, 0xe7, 0xd9, 0x0c, 0x45, 0xb8,
3425 0xbe, 0xca, 0x69, 0x37, 0x92, 0x4c, 0x38, 0x6b, 0x96, 0x6d, 0xcd, 0x86, 0x67,
3426 0x5c, 0xea, 0x54, 0x94, 0xa4, 0xca, 0xa4, 0x02, 0xa5, 0x21, 0x4d, 0xae, 0x40,
3427 0x8f, 0x9d, 0x51, 0x83, 0xf2, 0x3f, 0x33, 0xc1, 0x72, 0xb4, 0x1d, 0x94, 0x6e,
3428 0x7d, 0xe4, 0x27, 0x3f, 0xea, 0xff, 0xe5, 0x9b, 0xa7, 0x5e, 0x55, 0x8e, 0x0d,
3429 0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
3430 0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
3431 0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
3433 static const BYTE exportedPublicKeyBlob[] = {
3434 0x06,0x02,0x00,0x00,0x00,0xa4,0x00,0x00,0x52,0x53,0x41,0x31,0x00,0x02,0x00,0x00,
3435 0x01,0x00,0x01,0x00,0x79,0x10,0x1c,0xd0,0x6b,0x10,0x18,0x30,0x94,0x61,0xdc,0x0e,
3436 0xcb,0x96,0x4e,0x21,0x3f,0x79,0xcd,0xa9,0x17,0x62,0xbc,0xbb,0x61,0x4c,0xe0,0x75,
3437 0x38,0x6c,0xf3,0xde,0x60,0x86,0x03,0x97,0x65,0xeb,0x1e,0x6b,0xdb,0x53,0x85,0xad,
3438 0x68,0x21,0xf1,0x5d,0xe7,0x1f,0xe6,0x53,0xb4,0xbb,0x59,0x3e,0x14,0x27,0xb1,0x83,
3439 0xa7,0x3a,0x54,0xe2 };
3441 static const BYTE asnEncodedPublicKey[] = {
3442 0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,0x83,0xb1,0x27,0x14,0x3e,0x59,0xbb,
3443 0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,0x68,0xad,0x85,0x53,0xdb,0x6b,0x1e,0xeb,
3444 0x65,0x97,0x03,0x86,0x60,0xde,0xf3,0x6c,0x38,0x75,0xe0,0x4c,0x61,0xbb,0xbc,0x62,
3445 0x17,0xa9,0xcd,0x79,0x3f,0x21,0x4e,0x96,0xcb,0x0e,0xdc,0x61,0x94,0x30,0x18,0x10,
3446 0x6b,0xd0,0x1c,0x10,0x79,0x02,0x03,0x01,0x00,0x01 };
3448 static void testAcquireCertPrivateKey(void)
3451 PCCERT_CONTEXT cert;
3453 DWORD size, keySpec;
3455 CRYPT_KEY_PROV_INFO keyProvInfo;
3457 WCHAR ms_def_prov_w[MAX_PATH];
3459 if (!pCryptAcquireCertificatePrivateKey)
3461 win_skip("CryptAcquireCertificatePrivateKey() is not available\n");
3465 lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
3467 keyProvInfo.pwszContainerName = cspNameW;
3468 keyProvInfo.pwszProvName = ms_def_prov_w;
3469 keyProvInfo.dwProvType = PROV_RSA_FULL;
3470 keyProvInfo.dwFlags = 0;
3471 keyProvInfo.cProvParam = 0;
3472 keyProvInfo.rgProvParam = NULL;
3473 keyProvInfo.dwKeySpec = AT_SIGNATURE;
3475 pCryptAcquireContextA(NULL, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
3476 CRYPT_DELETEKEYSET);
3478 cert = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
3479 sizeof(selfSignedCert));
3482 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL, NULL);
3483 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL,
3485 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, &keySpec,
3487 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, NULL, NULL);
3488 ret = pCryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, &keySpec,
3490 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, NULL, NULL, NULL);
3493 /* Missing private key */
3494 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, NULL, NULL);
3495 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
3496 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
3497 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
3499 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
3500 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
3501 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
3503 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
3505 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
3506 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
3508 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
3510 ret = CryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
3511 ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
3516 CERT_KEY_CONTEXT keyContext;
3518 /* Don't cache provider */
3519 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
3520 &keySpec, &callerFree);
3522 broken(!ret), /* win95 */
3523 "CryptAcquireCertificatePrivateKey failed: %08x\n",
3527 ok(callerFree, "Expected callerFree to be TRUE\n");
3528 CryptReleaseContext(certCSP, 0);
3531 ret = pCryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
3534 broken(!ret), /* win95 */
3535 "CryptAcquireCertificatePrivateKey failed: %08x\n",
3537 CryptReleaseContext(certCSP, 0);
3539 /* Use the key prov info's caching (there shouldn't be any) */
3540 ret = pCryptAcquireCertificatePrivateKey(cert,
3541 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
3544 broken(!ret), /* win95 */
3545 "CryptAcquireCertificatePrivateKey failed: %08x\n",
3549 ok(callerFree, "Expected callerFree to be TRUE\n");
3550 CryptReleaseContext(certCSP, 0);
3553 /* Cache it (and check that it's cached) */
3554 ret = pCryptAcquireCertificatePrivateKey(cert,
3555 CRYPT_ACQUIRE_CACHE_FLAG, NULL, &certCSP, &keySpec, &callerFree);
3557 broken(!ret), /* win95 */
3558 "CryptAcquireCertificatePrivateKey failed: %08x\n",
3560 ok(!callerFree, "Expected callerFree to be FALSE\n");
3561 size = sizeof(keyContext);
3562 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
3563 &keyContext, &size);
3565 broken(!ret), /* win95 */
3566 "CertGetCertificateContextProperty failed: %08x\n",
3569 /* Remove the cached provider */
3570 CryptReleaseContext(keyContext.hCryptProv, 0);
3571 CertSetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID, 0,
3573 /* Allow caching via the key prov info */
3574 keyProvInfo.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
3575 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
3577 /* Now use the key prov info's caching */
3578 ret = pCryptAcquireCertificatePrivateKey(cert,
3579 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
3582 broken(!ret), /* win95 */
3583 "CryptAcquireCertificatePrivateKey failed: %08x\n",
3585 ok(!callerFree, "Expected callerFree to be FALSE\n");
3586 size = sizeof(keyContext);
3587 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
3588 &keyContext, &size);
3590 broken(!ret), /* win95 */
3591 "CertGetCertificateContextProperty failed: %08x\n",
3593 CryptReleaseContext(certCSP, 0);
3595 CryptDestroyKey(key);
3598 /* Some sanity-checking on public key exporting */
3599 ret = CryptImportPublicKeyInfo(csp, X509_ASN_ENCODING,
3600 &cert->pCertInfo->SubjectPublicKeyInfo, &key);
3601 ok(ret, "CryptImportPublicKeyInfo failed: %08x\n", GetLastError());
3604 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, NULL, &size);
3605 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
3608 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size), encodedKey;
3610 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, buf, &size);
3611 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
3612 ok(size == sizeof(exportedPublicKeyBlob), "Unexpected size %d\n",
3614 ok(!memcmp(buf, exportedPublicKeyBlob, size), "Unexpected value\n");
3615 ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB,
3616 buf, CRYPT_ENCODE_ALLOC_FLAG, NULL, &encodedKey, &size);
3617 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3620 ok(size == sizeof(asnEncodedPublicKey), "Unexpected size %d\n",
3622 ok(!memcmp(encodedKey, asnEncodedPublicKey, size),
3623 "Unexpected value\n");
3624 LocalFree(encodedKey);
3626 HeapFree(GetProcessHeap(), 0, buf);
3628 CryptDestroyKey(key);
3630 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
3631 NULL, 0, NULL, NULL, &size);
3632 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
3635 PCERT_PUBLIC_KEY_INFO info = HeapAlloc(GetProcessHeap(), 0, size);
3637 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
3638 NULL, 0, NULL, info, &size);
3639 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
3642 ok(info->PublicKey.cbData == sizeof(asnEncodedPublicKey),
3643 "Unexpected size %d\n", info->PublicKey.cbData);
3644 ok(!memcmp(info->PublicKey.pbData, asnEncodedPublicKey,
3645 info->PublicKey.cbData), "Unexpected value\n");
3647 HeapFree(GetProcessHeap(), 0, info);
3650 CryptReleaseContext(csp, 0);
3651 pCryptAcquireContextA(&csp, cspNameA, MS_DEF_PROV_A, PROV_RSA_FULL,
3652 CRYPT_DELETEKEYSET);
3654 CertFreeCertificateContext(cert);
3657 static void testGetPublicKeyLength(void)
3659 static char oid_rsa_rsa[] = szOID_RSA_RSA;
3660 static char oid_rsa_dh[] = szOID_RSA_DH;
3661 static char bogusOID[] = "1.2.3";
3663 CERT_PUBLIC_KEY_INFO info = { { 0 } };
3664 BYTE bogusKey[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
3665 BYTE key[] = { 0x30,0x0f,0x02,0x08,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
3666 0x02,0x03,0x01,0x00,0x01 };
3669 ret = CertGetPublicKeyLength(0, NULL);
3671 /* With an empty public key info */
3672 SetLastError(0xdeadbeef);
3673 ret = CertGetPublicKeyLength(0, &info);
3674 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3675 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3676 ret, GetLastError());
3677 SetLastError(0xdeadbeef);
3678 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3680 (GetLastError() == CRYPT_E_ASN1_EOD ||
3681 GetLastError() == OSS_BAD_ARG), /* win9x */
3682 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %d, %08x\n",
3683 ret, GetLastError());
3684 /* With a nearly-empty public key info */
3685 info.Algorithm.pszObjId = oid_rsa_rsa;
3686 SetLastError(0xdeadbeef);
3687 ret = CertGetPublicKeyLength(0, &info);
3688 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3689 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3690 ret, GetLastError());
3691 SetLastError(0xdeadbeef);
3692 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3694 (GetLastError() == CRYPT_E_ASN1_EOD ||
3695 GetLastError() == OSS_BAD_ARG), /* win9x */
3696 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %d, %08x\n",
3697 ret, GetLastError());
3698 /* With a bogus key */
3699 info.PublicKey.cbData = sizeof(bogusKey);
3700 info.PublicKey.pbData = bogusKey;
3701 SetLastError(0xdeadbeef);
3702 ret = CertGetPublicKeyLength(0, &info);
3703 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3704 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3705 ret, GetLastError());
3706 SetLastError(0xdeadbeef);
3707 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3709 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
3710 GetLastError() == OSS_PDU_MISMATCH), /* win9x */
3711 "Expected length 0 and CRYPT_E_ASN1_BADTAGTAG, got length %d, %08x\n",
3712 ret, GetLastError());
3713 /* With a believable RSA key but a bogus OID */
3714 info.Algorithm.pszObjId = bogusOID;
3715 info.PublicKey.cbData = sizeof(key);
3716 info.PublicKey.pbData = key;
3717 SetLastError(0xdeadbeef);
3718 ret = CertGetPublicKeyLength(0, &info);
3719 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
3720 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
3721 ret, GetLastError());
3722 SetLastError(0xdeadbeef);
3723 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3724 ok(ret == 56 || broken(ret == 0 && GetLastError() == NTE_BAD_LEN) /* Win7 */,
3725 "Expected length 56, got %d\n", ret);
3726 /* An RSA key with the DH OID */
3727 info.Algorithm.pszObjId = oid_rsa_dh;
3728 SetLastError(0xdeadbeef);
3729 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3731 (GetLastError() == CRYPT_E_ASN1_BADTAG ||
3732 GetLastError() == E_INVALIDARG), /* win9x */
3733 "Expected length 0 and CRYPT_E_ASN1_BADTAG, got length %d, %08x\n",
3734 ret, GetLastError());
3735 /* With the RSA OID */
3736 info.Algorithm.pszObjId = oid_rsa_rsa;
3737 SetLastError(0xdeadbeef);
3738 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
3739 ok(ret == 56 || broken(ret == 0 && GetLastError() == NTE_BAD_LEN) /* Win7 */,
3740 "Expected length 56, got %d\n", ret);
3741 /* With the RSA OID and a message encoding */
3742 info.Algorithm.pszObjId = oid_rsa_rsa;
3743 SetLastError(0xdeadbeef);
3744 ret = CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &info);
3745 ok(ret == 56 || broken(ret == 0 && GetLastError() == NTE_BAD_LEN) /* Win7 */,
3746 "Expected length 56, got %d\n", ret);
3751 init_function_pointers();
3754 testCertProperties();
3758 testGetSubjectCert();
3759 testGetIssuerCert();
3761 testCryptHashCert();
3763 testSignAndEncodeCert();
3764 testCreateSelfSignCert();
3765 testIntendedKeyUsage();
3767 testGetValidUsages();
3768 testCompareCertName();
3769 testCompareIntegerBlob();
3770 testComparePublicKeyInfo();
3771 testHashPublicKeyInfo();
3772 testHashToBeSigned();
3774 testVerifySubjectCert();
3775 testVerifyRevocation();
3776 testAcquireCertPrivateKey();
3777 testGetPublicKeyLength();
3778 testIsRDNAttrsInCertificateName();