2 * crypt32 CRL functions tests
4 * Copyright 2005-2006 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
30 #include "wine/test.h"
33 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
34 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
35 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
36 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
37 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
38 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
39 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
40 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
41 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
42 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
43 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
44 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
45 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
46 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
47 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
48 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
49 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
50 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
51 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
52 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
53 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
54 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
55 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
56 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
57 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
58 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
59 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
60 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
61 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
62 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
64 static const BYTE CRL[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
65 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
66 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
67 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
69 static const BYTE newerCRL[] = { 0x30, 0x2a, 0x30, 0x02, 0x06, 0x00, 0x30,
70 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
71 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x17, 0x0d, 0x30, 0x36,
72 0x30, 0x35, 0x31, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
73 static const BYTE signedCRL[] = { 0x30, 0x45, 0x30, 0x2c, 0x30, 0x02, 0x06,
74 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
75 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
76 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
77 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c,
78 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
80 static BOOL (WINAPI *pCertFindCertificateInCRL)(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
81 static PCCRL_CONTEXT (WINAPI *pCertFindCRLInStore)(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCRL_CONTEXT);
82 static BOOL (WINAPI *pCertIsValidCRLForCertificate)(PCCERT_CONTEXT, PCCRL_CONTEXT, DWORD, void*);
84 static void init_function_pointers(void)
86 HMODULE hdll = GetModuleHandleA("crypt32.dll");
87 pCertFindCertificateInCRL = (void*)GetProcAddress(hdll, "CertFindCertificateInCRL");
88 pCertFindCRLInStore = (void*)GetProcAddress(hdll, "CertFindCRLInStore");
89 pCertIsValidCRLForCertificate = (void*)GetProcAddress(hdll, "CertIsValidCRLForCertificate");
92 static void testCreateCRL(void)
94 PCCRL_CONTEXT context;
97 context = CertCreateCRLContext(0, NULL, 0);
98 ok(!context && GetLastError() == E_INVALIDARG,
99 "Expected E_INVALIDARG, got %08x\n", GetLastError());
100 context = CertCreateCRLContext(X509_ASN_ENCODING, NULL, 0);
101 GLE = GetLastError();
102 ok(!context && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
103 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
104 context = CertCreateCRLContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
105 ok(!context, "Expected failure\n");
106 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
107 sizeof(signedCRL) - 1);
108 ok(!context, "Expected failure\n");
109 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
111 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
113 CertFreeCRLContext(context);
114 context = CertCreateCRLContext(X509_ASN_ENCODING, CRL, sizeof(CRL));
115 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
117 CertFreeCRLContext(context);
120 static void testDupCRL(void)
122 PCCRL_CONTEXT context, dupContext;
124 context = CertDuplicateCRLContext(NULL);
125 ok(context == NULL, "expected NULL\n");
126 context = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL,
128 dupContext = CertDuplicateCRLContext(context);
129 ok(dupContext != NULL, "expected a context\n");
130 ok(dupContext == context, "expected identical context addresses\n");
131 CertFreeCRLContext(dupContext);
132 CertFreeCRLContext(context);
135 static void testAddCRL(void)
137 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
138 CERT_STORE_CREATE_NEW_FLAG, NULL);
139 PCCRL_CONTEXT context;
145 /* Bad CRL encoding type */
146 ret = CertAddEncodedCRLToStore(0, 0, NULL, 0, 0, NULL);
147 ok(!ret && GetLastError() == E_INVALIDARG,
148 "Expected E_INVALIDARG, got %08x\n", GetLastError());
149 ret = CertAddEncodedCRLToStore(store, 0, NULL, 0, 0, NULL);
150 ok(!ret && GetLastError() == E_INVALIDARG,
151 "Expected E_INVALIDARG, got %08x\n", GetLastError());
152 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL), 0, NULL);
153 ok(!ret && GetLastError() == E_INVALIDARG,
154 "Expected E_INVALIDARG, got %08x\n", GetLastError());
155 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL), 0,
157 ok(!ret && GetLastError() == E_INVALIDARG,
158 "Expected E_INVALIDARG, got %08x\n", GetLastError());
159 ret = CertAddEncodedCRLToStore(0, 0, signedCRL, sizeof(signedCRL),
160 CERT_STORE_ADD_ALWAYS, NULL);
161 ok(!ret && GetLastError() == E_INVALIDARG,
162 "Expected E_INVALIDARG, got %08x\n", GetLastError());
163 ret = CertAddEncodedCRLToStore(store, 0, signedCRL, sizeof(signedCRL),
164 CERT_STORE_ADD_ALWAYS, NULL);
165 ok(!ret && GetLastError() == E_INVALIDARG,
166 "Expected E_INVALIDARG, got %08x\n", GetLastError());
169 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, NULL, 0, 0, NULL);
170 GLE = GetLastError();
171 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
172 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
173 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, NULL, 0, 0, NULL);
174 GLE = GetLastError();
175 ok(!ret && (GLE == CRYPT_E_ASN1_EOD || GLE == OSS_MORE_INPUT),
176 "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n", GLE);
178 /* Weird--bad add disposition leads to an access violation in Windows.
179 * Both tests crash on some win9x boxes.
183 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
184 sizeof(signedCRL), 0, NULL);
185 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
186 GetLastError() == E_INVALIDARG /* Vista */),
187 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
188 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
189 sizeof(signedCRL), 0, NULL);
190 ok(!ret && (GetLastError() == STATUS_ACCESS_VIOLATION ||
191 GetLastError() == E_INVALIDARG /* Vista */),
192 "Expected STATUS_ACCESS_VIOLATION or E_INVALIDARG, got %08x\n", GetLastError());
195 /* Weird--can add a CRL to the NULL store (does this have special meaning?)
198 ret = CertAddEncodedCRLToStore(0, X509_ASN_ENCODING, signedCRL,
199 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, &context);
200 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
202 CertFreeCRLContext(context);
204 /* Normal cases: a "signed" CRL is okay.. */
205 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
206 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
207 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
208 /* and an unsigned one is too. */
209 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, CRL, sizeof(CRL),
210 CERT_STORE_ADD_ALWAYS, NULL);
211 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
213 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
214 sizeof(newerCRL), CERT_STORE_ADD_NEW, NULL);
215 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
216 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
218 /* This should replace (one of) the existing CRL(s). */
219 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, newerCRL,
220 sizeof(newerCRL), CERT_STORE_ADD_NEWER, NULL);
221 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
223 CertCloseStore(store, 0);
226 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
227 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
228 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
229 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
230 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
231 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
232 static const BYTE v2CRLWithIssuingDistPoint[] = {
233 0x30,0x70,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
234 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
235 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
236 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
237 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x27,
238 0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,
239 0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
240 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
241 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
242 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
243 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
244 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
245 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
246 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
247 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
248 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
249 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
250 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
251 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
252 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
253 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
254 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
255 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
256 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
257 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
258 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
259 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
260 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
261 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
262 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
263 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
264 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
265 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
266 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
267 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
268 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
269 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
270 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
271 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
272 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
273 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
274 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
276 static const BYTE verisignCommercialSoftPubCA[] = {
277 0x30,0x82,0x02,0x40,0x30,0x82,0x01,0xa9,0x02,0x10,0x03,0xc7,0x8f,0x37,0xdb,0x92,
278 0x28,0xdf,0x3c,0xbb,0x1a,0xad,0x82,0xfa,0x67,0x10,0x30,0x0d,0x06,0x09,0x2a,0x86,
279 0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
280 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,0x17,
281 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
282 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x0b,
283 0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,0x6d,0x6d,0x65,
284 0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x50,
285 0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
286 0x39,0x36,0x30,0x34,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,
287 0x34,0x30,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x61,0x31,0x11,
288 0x30,0x0f,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,
289 0x74,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,
290 0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
291 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6f,
292 0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,
293 0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,0x43,0x41,0x30,
294 0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
295 0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc3,0xd3,0x69,0x65,
296 0x52,0x01,0x94,0x54,0xab,0x28,0xc6,0x62,0x18,0xb3,0x54,0x55,0xc5,0x44,0x87,0x45,
297 0x4a,0x3b,0xc2,0x7e,0xd8,0xd3,0xd7,0xc8,0x80,0x86,0x8d,0xd8,0x0c,0xf1,0x16,0x9c,
298 0xcc,0x6b,0xa9,0x29,0xb2,0x8f,0x76,0x73,0x92,0xc8,0xc5,0x62,0xa6,0x3c,0xed,0x1e,
299 0x05,0x75,0xf0,0x13,0x00,0x6c,0x14,0x4d,0xd4,0x98,0x90,0x07,0xbe,0x69,0x73,0x81,
300 0xb8,0x62,0x4e,0x31,0x1e,0xd1,0xfc,0xc9,0x0c,0xeb,0x7d,0x90,0xbf,0xae,0xb4,0x47,
301 0x51,0xec,0x6f,0xce,0x64,0x35,0x02,0xd6,0x7d,0x67,0x05,0x77,0xe2,0x8f,0xd9,0x51,
302 0xd7,0xfb,0x97,0x19,0xbc,0x3e,0xd7,0x77,0x81,0xc6,0x43,0xdd,0xf2,0xdd,0xdf,0xca,
303 0xa3,0x83,0x8b,0xcb,0x41,0xc1,0x3d,0x22,0x48,0x48,0xa6,0x19,0x02,0x03,0x01,0x00,
304 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,
305 0x03,0x81,0x81,0x00,0xb5,0xbc,0xb0,0x75,0x6a,0x89,0xa2,0x86,0xbd,0x64,0x78,0xc3,
306 0xa7,0x32,0x75,0x72,0x11,0xaa,0x26,0x02,0x17,0x60,0x30,0x4c,0xe3,0x48,0x34,0x19,
307 0xb9,0x52,0x4a,0x51,0x18,0x80,0xfe,0x53,0x2d,0x7b,0xd5,0x31,0x8c,0xc5,0x65,0x99,
308 0x41,0x41,0x2f,0xf2,0xae,0x63,0x7a,0xe8,0x73,0x99,0x15,0x90,0x1a,0x1f,0x7a,0x8b,
309 0x41,0xd0,0x8e,0x3a,0xd0,0xcd,0x38,0x34,0x44,0xd0,0x75,0xf8,0xea,0x71,0xc4,0x81,
310 0x19,0x38,0x17,0x35,0x4a,0xae,0xc5,0x3e,0x32,0xe6,0x21,0xb8,0x05,0xc0,0x93,0xe1,
311 0xc7,0x38,0x5c,0xd8,0xf7,0x93,0x38,0x64,0x90,0xed,0x54,0xce,0xca,0xd3,0xd3,0xd0,
312 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
315 static const BYTE rootWithKeySignAndCRLSign[] = {
316 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
317 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
318 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
319 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
320 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
321 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
322 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
323 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
324 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
325 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
326 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
327 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
328 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
329 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
330 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
331 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
332 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
333 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
334 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
335 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
336 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
337 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
338 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
339 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
340 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
341 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
342 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
343 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
344 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
345 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
346 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
347 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
349 static const BYTE eeCert[] = {
350 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
351 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
352 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
353 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
354 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
355 0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
356 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
357 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
358 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
359 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
360 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
361 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
362 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
363 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
364 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
365 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
366 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
367 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
368 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
369 0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
370 0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
371 0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
372 0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
373 0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
374 0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
375 0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
376 0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
378 static const BYTE rootSignedCRL[] = {
379 0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
380 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
381 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
382 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
383 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
384 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
385 0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
386 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
387 0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
388 0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
389 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
390 0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
391 0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
392 0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
393 0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
394 0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
395 0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
396 0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
397 0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
398 0x3d,0x74,0xd6,0x3b };
400 static void testFindCRL(void)
402 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
403 CERT_STORE_CREATE_NEW_FLAG, NULL);
404 PCCRL_CONTEXT context;
405 PCCERT_CONTEXT cert, endCert, rootCert;
406 CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
407 DWORD count, revoked_count;
411 if (!pCertFindCRLInStore || !pCertFindCertificateInCRL)
413 win_skip("CertFindCRLInStore or CertFindCertificateInCRL not available\n");
417 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
418 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
419 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
422 context = pCertFindCRLInStore(NULL, 0, 0, 0, NULL, NULL);
425 /* Find any context */
426 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ANY, NULL, NULL);
427 ok(context != NULL, "Expected a context\n");
429 CertFreeCRLContext(context);
430 /* Bogus flags are ignored */
431 context = pCertFindCRLInStore(store, 0, 1234, CRL_FIND_ANY, NULL, NULL);
432 ok(context != NULL, "Expected a context\n");
434 CertFreeCRLContext(context);
435 /* CRL encoding type is ignored too */
436 context = pCertFindCRLInStore(store, 1234, 0, CRL_FIND_ANY, NULL, NULL);
437 ok(context != NULL, "Expected a context\n");
439 CertFreeCRLContext(context);
441 /* This appears to match any cert */
442 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, NULL, NULL);
443 ok(context != NULL, "Expected a context\n");
445 CertFreeCRLContext(context);
447 /* Try to match an issuer that isn't in the store */
448 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
450 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
452 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
453 ok(context == NULL, "Expected no matching context\n");
454 CertFreeCertificateContext(cert);
456 /* Match an issuer that is in the store */
457 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
459 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
461 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY, cert, NULL);
462 ok(context != NULL, "Expected a context\n");
464 CertFreeCRLContext(context);
466 /* Try various find flags */
467 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_SIGNATURE_FLAG,
468 CRL_FIND_ISSUED_BY, cert, NULL);
469 ok(!context || broken(context != NULL /* Win9x */), "unexpected context\n");
470 /* The CRL doesn't have an AKI extension, so it matches any cert */
471 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
472 CRL_FIND_ISSUED_BY, cert, NULL);
473 ok(context != NULL, "Expected a context\n");
475 CertFreeCRLContext(context);
479 /* Crash or return NULL/STATUS_ACCESS_VIOLATION */
480 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR, NULL,
482 pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
483 &issuedForPara, NULL);
485 /* Test whether the cert matches the CRL in the store */
486 issuedForPara.pSubjectCert = cert;
487 issuedForPara.pIssuerCert = cert;
488 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
489 &issuedForPara, NULL);
490 ok(context != NULL || broken(!context /* Win9x, NT4 */),
491 "Expected a context\n");
494 ok(context->cbCrlEncoded == sizeof(signedCRL),
495 "unexpected CRL size %d\n", context->cbCrlEncoded);
496 ok(!memcmp(context->pbCrlEncoded, signedCRL, context->cbCrlEncoded),
497 "unexpected CRL data\n");
498 CertFreeCRLContext(context);
501 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
502 v1CRLWithIssuerAndEntry, sizeof(v1CRLWithIssuerAndEntry),
503 CERT_STORE_ADD_ALWAYS, NULL);
504 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
505 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
506 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
507 CERT_STORE_ADD_ALWAYS, NULL);
508 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
509 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
510 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
511 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
512 issuedForPara.pSubjectCert = cert;
513 issuedForPara.pIssuerCert = cert;
515 count = revoked_count = 0;
517 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
518 &issuedForPara, context);
524 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
529 /* signedCRL, v1CRLWithIssuerAndEntry, and v2CRLWithIssuingDistPoint all
530 * match cert's issuer, but verisignCRL does not, so the expected count
533 ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
534 "expected 3 matching CRLs, got %d\n", count);
535 /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
536 * entries, so the count of CRL entries that match cert is 2.
538 ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
539 "expected 2 matching CRL entries, got %d\n", revoked_count);
541 CertFreeCertificateContext(cert);
543 /* Try again with a cert that doesn't match any CRLs in the store */
544 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
545 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
546 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
548 issuedForPara.pSubjectCert = cert;
549 issuedForPara.pIssuerCert = cert;
551 count = revoked_count = 0;
553 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
554 &issuedForPara, context);
560 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
565 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
566 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
568 CertFreeCertificateContext(cert);
570 /* Test again with a real certificate and CRL. The certificate wasn't
571 * revoked, but its issuer does have a CRL.
573 cert = CertCreateCertificateContext(X509_ASN_ENCODING,
574 verisignCommercialSoftPubCA, sizeof(verisignCommercialSoftPubCA));
575 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
577 issuedForPara.pIssuerCert = cert;
578 issuedForPara.pSubjectCert = cert;
580 count = revoked_count = 0;
582 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
583 &issuedForPara, context);
589 if (pCertFindCertificateInCRL(cert, context, 0, NULL, &entry) &&
594 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
595 "expected 1 matching CRLs, got %d\n", count);
596 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
598 CertFreeCertificateContext(cert);
600 CertCloseStore(store, 0);
602 /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
603 * eeCert) whose end certificate is in the CRL.
605 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
606 CERT_STORE_CREATE_NEW_FLAG, NULL);
607 /* Add a CRL for the end certificate */
608 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
609 rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
610 /* Add another CRL unrelated to the tested chain */
611 CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
612 verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
613 endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
614 eeCert, sizeof(eeCert));
615 rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
616 rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
617 issuedForPara.pSubjectCert = endCert;
618 issuedForPara.pIssuerCert = rootCert;
620 count = revoked_count = 0;
622 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
623 &issuedForPara, context);
629 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
634 ok(count == 1 || broken(count == 0 /* Win9x, NT4 */),
635 "expected 1 matching CRLs, got %d\n", count);
636 ok(revoked_count == 1 || broken(revoked_count == 0 /* Win9x, NT4 */),
637 "expected 1 matching CRL entries, got %d\n", revoked_count);
639 /* Test CRL_FIND_ISSUED_BY flags */
640 count = revoked_count = 0;
642 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
649 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
654 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
655 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
657 count = revoked_count = 0;
659 context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
666 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
671 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
672 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
674 count = revoked_count = 0;
676 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
677 CRL_FIND_ISSUED_BY, endCert, context);
683 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
688 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
689 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
691 count = revoked_count = 0;
693 context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
694 CRL_FIND_ISSUED_BY, rootCert, context);
700 if (pCertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
705 ok(count == 0 || broken(count == 1 /* Win9x */),
706 "expected 0 matching CRLs, got %d\n", count);
707 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
709 count = revoked_count = 0;
711 context = pCertFindCRLInStore(store, 0,
712 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
719 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
724 ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
725 ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
727 count = revoked_count = 0;
729 context = pCertFindCRLInStore(store, 0,
730 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
737 if (pCertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
742 ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
743 ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
745 CertFreeCertificateContext(rootCert);
746 CertFreeCertificateContext(endCert);
748 CertCloseStore(store, 0);
751 static void testGetCRLFromStore(void)
753 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
754 CERT_STORE_CREATE_NEW_FLAG, NULL);
755 PCCRL_CONTEXT context;
763 context = CertGetCRLFromStore(NULL, NULL, NULL, NULL);
764 context = CertGetCRLFromStore(store, NULL, NULL, NULL);
769 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
770 ok(!context && GetLastError() == E_INVALIDARG,
771 "Expected E_INVALIDARG, got %08x\n", GetLastError());
773 /* Test an empty store */
775 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
776 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
777 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
779 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, signedCRL,
780 sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
781 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
783 /* NULL matches any CRL */
785 context = CertGetCRLFromStore(store, NULL, NULL, &flags);
786 ok(context != NULL, "Expected a context\n");
787 CertFreeCRLContext(context);
789 /* This cert's issuer isn't in */
790 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
792 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
794 context = CertGetCRLFromStore(store, cert, NULL, &flags);
795 ok(context == NULL && GetLastError() == CRYPT_E_NOT_FOUND,
796 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
797 CertFreeCertificateContext(cert);
799 /* But this one is */
800 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
802 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
804 context = CertGetCRLFromStore(store, cert, NULL, &flags);
805 ok(context != NULL, "Expected a context\n");
806 CertFreeCRLContext(context);
807 CertFreeCertificateContext(cert);
809 CertCloseStore(store, 0);
812 static void checkCRLHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
813 PCCRL_CONTEXT context, DWORD propID)
815 BYTE hash[20] = { 0 }, hashProperty[20];
819 memset(hash, 0, sizeof(hash));
820 memset(hashProperty, 0, sizeof(hashProperty));
822 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
823 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
824 ret = CertGetCRLContextProperty(context, propID, hashProperty, &size);
825 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
826 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
830 static void testCRLProperties(void)
832 PCCRL_CONTEXT context = CertCreateCRLContext(X509_ASN_ENCODING,
835 ok(context != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
838 DWORD propID, numProps, access, size;
840 BYTE hash[20] = { 0 }, hashProperty[20];
841 CRYPT_DATA_BLOB blob;
844 propID = CertEnumCRLContextProperties(NULL, 0);
850 propID = CertEnumCRLContextProperties(context, propID);
853 } while (propID != 0);
854 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
856 /* Tests with a NULL cert context. Prop ID 0 fails.. */
857 ret = CertSetCRLContextProperty(NULL, 0, 0, NULL);
858 ok(!ret && GetLastError() == E_INVALIDARG,
859 "Expected E_INVALIDARG, got %08x\n", GetLastError());
860 /* while this just crashes.
861 ret = CertSetCRLContextProperty(NULL, CERT_KEY_PROV_HANDLE_PROP_ID, 0,
865 ret = CertSetCRLContextProperty(context, 0, 0, NULL);
866 ok(!ret && GetLastError() == E_INVALIDARG,
867 "Expected E_INVALIDARG, got %08x\n", GetLastError());
868 /* Can't set the cert property directly, this crashes.
869 ret = CertSetCRLContextProperty(context, CERT_CRL_PROP_ID, 0, CRL);
873 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
875 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID, NULL, NULL);
876 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
881 ret = CertGetCRLContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
883 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
884 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
885 /* And, an implicit property */
886 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
888 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
889 ret = CertGetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID,
891 ok(ret, "CertGetCRLContextProperty failed: %08x\n", GetLastError());
892 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
893 "Didn't expect a persisted crl\n");
894 /* Trying to set this "read only" property crashes.
895 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
896 ret = CertSetCRLContextProperty(context, CERT_ACCESS_STATE_PROP_ID, 0,
900 /* Can I set the hash to an invalid hash? */
902 blob.cbData = sizeof(hash);
903 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, &blob);
904 ok(ret, "CertSetCRLContextProperty failed: %08x\n",
906 size = sizeof(hashProperty);
907 ret = CertGetCRLContextProperty(context, CERT_HASH_PROP_ID,
908 hashProperty, &size);
909 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
910 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
911 /* Delete the (bogus) hash, and get the real one */
912 ret = CertSetCRLContextProperty(context, CERT_HASH_PROP_ID, 0, NULL);
913 ok(ret, "CertSetCRLContextProperty failed: %08x\n", GetLastError());
914 checkCRLHash(CRL, sizeof(CRL), CALG_SHA1, context, CERT_HASH_PROP_ID);
916 /* Now that the hash property is set, we should get one property when
922 propID = CertEnumCRLContextProperties(context, propID);
925 } while (propID != 0);
926 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
928 /* Check a few other implicit properties */
929 checkCRLHash(CRL, sizeof(CRL), CALG_MD5, context,
930 CERT_MD5_HASH_PROP_ID);
932 CertFreeCRLContext(context);
936 static const BYTE bigCertWithCRLDistPoints[] = {
937 0x30,0x81,0xa5,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
938 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
939 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
940 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
941 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
942 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
943 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
944 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
945 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x26,0x30,0x24,0x30,0x22,0x06,
946 0x03,0x55,0x1d,0x1f,0x04,0x1b,0x30,0x19,0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,
947 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
950 static void testIsValidCRLForCert(void)
953 PCCERT_CONTEXT cert1, cert2, cert3;
957 if(!pCertIsValidCRLForCertificate) return;
959 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
960 sizeof(v1CRLWithIssuerAndEntry));
961 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
962 cert1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
964 ok(cert1 != NULL, "CertCreateCertificateContext failed: %08x\n",
968 ret = CertIsValidCRLForCertificate(NULL, NULL, 0, NULL);
969 ret = CertIsValidCRLForCertificate(cert1, NULL, 0, NULL);
972 /* Curiously, any CRL is valid for the NULL certificate */
973 ret = pCertIsValidCRLForCertificate(NULL, crl, 0, NULL);
974 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
976 /* Same issuer for both cert and CRL, this CRL is valid for that cert */
977 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
978 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
980 cert2 = CertCreateCertificateContext(X509_ASN_ENCODING,
981 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer));
982 ok(cert2 != NULL, "CertCreateCertificateContext failed: %08x\n",
985 /* Yet more curious: different issuers for these, yet the CRL is valid for
986 * that cert. According to MSDN, the relevant bit to check is whether the
987 * CRL has a CRL_ISSUING_DIST_POINT extension.
989 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
990 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
992 CertFreeCRLContext(crl);
994 /* With a CRL_ISSUING_DIST_POINT in the CRL, it returns FALSE, since the
995 * cert doesn't have the same extension in it.
997 crl = CertCreateCRLContext(X509_ASN_ENCODING, v2CRLWithIssuingDistPoint,
998 sizeof(v2CRLWithIssuingDistPoint));
999 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1001 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1002 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1003 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1004 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1005 ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
1006 "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
1008 /* With a CRL_ISSUING_DIST_POINT in the CRL, it matches the cert containing
1009 * a CRL_DIST_POINTS_INFO extension.
1011 cert3 = CertCreateCertificateContext(X509_ASN_ENCODING,
1012 bigCertWithCRLDistPoints, sizeof(bigCertWithCRLDistPoints));
1013 ok(cert3 != NULL, "CertCreateCertificateContext failed: %08x\n",
1015 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1016 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1018 CertFreeCRLContext(crl);
1020 /* And again, with a real CRL, the CRL is valid for all three certs. */
1021 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1022 sizeof(verisignCRL));
1023 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1025 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1026 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1027 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1028 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1029 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1030 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1032 CertFreeCRLContext(crl);
1034 /* One last test: a CRL in a different store than the cert is also valid
1037 store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
1038 CERT_STORE_CREATE_NEW_FLAG, NULL);
1039 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1041 ret = CertAddEncodedCRLToStore(store, X509_ASN_ENCODING, verisignCRL,
1042 sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, &crl);
1043 ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
1045 ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
1046 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1047 ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
1048 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1049 ret = pCertIsValidCRLForCertificate(cert3, crl, 0, NULL);
1050 ok(ret, "CertIsValidCRLForCertificate failed: %08x\n", GetLastError());
1052 CertFreeCRLContext(crl);
1054 CertCloseStore(store, 0);
1056 CertFreeCertificateContext(cert3);
1057 CertFreeCertificateContext(cert2);
1058 CertFreeCertificateContext(cert1);
1061 static const BYTE crlWithDifferentIssuer[] = {
1062 0x30,0x47,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
1063 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x41,0x6c,0x65,0x78,0x20,0x4c,0x61,0x6e,
1064 0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
1065 0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,
1066 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a };
1068 static void testFindCertInCRL(void)
1071 PCCERT_CONTEXT cert;
1075 if (!pCertFindCertificateInCRL)
1077 win_skip("CertFindCertificateInCRL() is not available\n");
1081 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1083 ok(cert != NULL, "CertCreateCertificateContext failed: %08x\n",
1087 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, NULL);
1088 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, NULL);
1089 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, NULL);
1090 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, NULL);
1091 ret = pCertFindCertificateInCRL(NULL, NULL, 0, NULL, &entry);
1092 ret = pCertFindCertificateInCRL(NULL, crl, 0, NULL, &entry);
1093 ret = pCertFindCertificateInCRL(cert, NULL, 0, NULL, &entry);
1096 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1097 sizeof(verisignCRL));
1098 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1099 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1100 ok(entry == NULL, "Expected not to find an entry in CRL\n");
1101 CertFreeCRLContext(crl);
1103 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1104 sizeof(v1CRLWithIssuerAndEntry));
1105 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1106 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1107 ok(entry != NULL, "Expected to find an entry in CRL\n");
1108 CertFreeCRLContext(crl);
1110 /* Entry found even though CRL issuer doesn't match cert issuer */
1111 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1112 sizeof(crlWithDifferentIssuer));
1113 ret = pCertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1114 ok(ret, "CertFindCertificateInCRL failed: %08x\n", GetLastError());
1115 ok(entry != NULL, "Expected to find an entry in CRL\n");
1116 CertFreeCRLContext(crl);
1118 CertFreeCertificateContext(cert);
1121 static void testVerifyCRLRevocation(void)
1124 PCCERT_CONTEXT cert;
1127 ret = CertVerifyCRLRevocation(0, NULL, 0, NULL);
1128 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1129 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, NULL, 0, NULL);
1130 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1132 cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1135 /* Check against no CRL */
1136 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 0, NULL);
1137 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1138 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 0, NULL);
1139 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1141 /* Check against CRL with entry for the cert */
1142 crl = CertCreateCRLContext(X509_ASN_ENCODING, v1CRLWithIssuerAndEntry,
1143 sizeof(v1CRLWithIssuerAndEntry));
1144 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1145 (PCRL_INFO *)&crl->pCrlInfo);
1146 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1147 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1148 (PCRL_INFO *)&crl->pCrlInfo);
1149 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1150 CertFreeCRLContext(crl);
1152 /* Check against CRL with different issuer and entry for the cert */
1153 crl = CertCreateCRLContext(X509_ASN_ENCODING, crlWithDifferentIssuer,
1154 sizeof(crlWithDifferentIssuer));
1155 ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
1156 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1157 (PCRL_INFO *)&crl->pCrlInfo);
1158 ok(!ret, "CertVerifyCRLRevocation should have been revoked\n");
1159 CertFreeCRLContext(crl);
1161 /* Check against CRL without entry for the cert */
1162 crl = CertCreateCRLContext(X509_ASN_ENCODING, verisignCRL,
1163 sizeof(verisignCRL));
1164 ret = CertVerifyCRLRevocation(0, cert->pCertInfo, 1,
1165 (PCRL_INFO *)&crl->pCrlInfo);
1166 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1167 ret = CertVerifyCRLRevocation(X509_ASN_ENCODING, cert->pCertInfo, 1,
1168 (PCRL_INFO *)&crl->pCrlInfo);
1169 ok(ret, "CertVerifyCRLRevocation failed: %08x\n", GetLastError());
1170 CertFreeCRLContext(crl);
1172 CertFreeCertificateContext(cert);
1177 init_function_pointers();
1183 testGetCRLFromStore();
1185 testCRLProperties();
1187 testIsValidCRLForCert();
1188 testFindCertInCRL();
1189 testVerifyCRLRevocation();