git.oblomov.eu Git - wine/blob - dlls/cryptnet/tests/cryptnet.c

   1 /*
   2  * Unit test suite for cryptnet.dll
   3  *
   4  * Copyright 2007 Juan Lang
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2.1 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  19  */
  20 #include <stdarg.h>
  21 #include <stdio.h>
  22 #define NONAMELESSUNION
  23 #include <windef.h>
  24 #include <winbase.h>
  25 #include <winerror.h>
  26 #include <wincrypt.h>
  27 #include "wine/test.h"
  28
  29 static const BYTE bigCert[] = {
  30 0x30,0x78,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x14,0x31,0x12,0x30,0x10,
  31 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
  32 0x67,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,
  33 0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
  34 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
  35 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,
  36 0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
  37 0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
  38 0x01,0x01};
  39 static const BYTE certWithIssuingDistPoint[] = {
  40 0x30,0x81,0x99,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,
  41 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x14,0x31,0x12,
  42 0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,
  43 0x61,0x6e,0x67,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
  44 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
  45 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,
  46 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
  47 0x67,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x27,0x30,0x25,0x30,
  48 0x23,0x06,0x03,0x55,0x1d,0x1c,0x01,0x01,0xff,0x04,0x19,0x30,0x17,0xa0,0x15,
  49 0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,
  50 0x68,0x71,0x2e,0x6f,0x72,0x67, };
  51 static const BYTE certWithCRLDistPoint[] = {
  52 0x30,0x81,0x9b,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,
  53 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x14,0x31,0x12,
  54 0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,
  55 0x61,0x6e,0x67,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
  56 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
  57 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,
  58 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
  59 0x67,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x29,0x30,0x27,0x30,
  60 0x25,0x06,0x03,0x55,0x1d,0x1f,0x01,0x01,0xff,0x04,0x1b,0x30,0x19,0x30,0x17,
  61 0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,
  62 0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67, };
  63
  64 static void compareUrlArray(const CRYPT_URL_ARRAY *expected,
  65  const CRYPT_URL_ARRAY *got)
  66 {
  67     ok(expected->cUrl == got->cUrl, "Expected %d URLs, got %d\n",
  68      expected->cUrl, got->cUrl);
  69     if (expected->cUrl == got->cUrl)
  70     {
  71         DWORD i;
  72
  73         for (i = 0; i < got->cUrl; i++)
  74             ok(!lstrcmpiW(expected->rgwszUrl[i], got->rgwszUrl[i]),
  75              "%d: unexpected URL\n", i);
  76     }
  77 }
  78
  79 static WCHAR url[] =
  80  { 'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',0 };
  81
  82 static void test_getObjectUrl(void)
  83 {
  84     BOOL ret;
  85     DWORD urlArraySize = 0, infoSize = 0;
  86     PCCERT_CONTEXT cert;
  87
  88     SetLastError(0xdeadbeef);
  89     ret = CryptGetObjectUrl(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL);
  90     ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
  91      "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
  92     /* Crash
  93     ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, NULL, 0, NULL, NULL,
  94      NULL, NULL, NULL);
  95     ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, NULL, 0, NULL, NULL,
  96      NULL, &infoSize, NULL);
  97     ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, NULL, 0, NULL,
  98      &urlArraySize, NULL, &infoSize, NULL);
  99      */
 100     /* A cert with no CRL dist point extension fails.. */
 101     cert = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
 102      sizeof(bigCert));
 103     SetLastError(0xdeadbeef);
 104     ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert, 0, NULL,
 105      NULL, NULL, NULL, NULL);
 106     ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 107      "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 108     CertFreeCertificateContext(cert);
 109
 110     cert = CertCreateCertificateContext(X509_ASN_ENCODING,
 111      certWithIssuingDistPoint, sizeof(certWithIssuingDistPoint));
 112     if (cert)
 113     {
 114         /* This cert has no AIA extension, so expect this to fail */
 115         SetLastError(0xdeadbeef);
 116         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert, 0,
 117          NULL, NULL, NULL, NULL, NULL);
 118         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 119          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 120         SetLastError(0xdeadbeef);
 121         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert,
 122          CRYPT_GET_URL_FROM_PROPERTY, NULL, NULL, NULL, NULL, NULL);
 123         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 124          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 125         SetLastError(0xdeadbeef);
 126         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert,
 127          CRYPT_GET_URL_FROM_EXTENSION, NULL, NULL, NULL, NULL, NULL);
 128         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 129          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 130         /* It does have an issuing dist point extension, but that's not what
 131          * this is looking for (it wants a CRL dist points extension)
 132          */
 133         SetLastError(0xdeadbeef);
 134         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 135          (void *)cert, 0, NULL, NULL, NULL, NULL, NULL);
 136         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 137          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 138         SetLastError(0xdeadbeef);
 139         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 140          (void *)cert, CRYPT_GET_URL_FROM_PROPERTY, NULL, NULL, NULL, NULL,
 141          NULL);
 142         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 143          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 144         SetLastError(0xdeadbeef);
 145         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 146          (void *)cert, CRYPT_GET_URL_FROM_EXTENSION, NULL, NULL, NULL, NULL,
 147          NULL);
 148         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 149          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 150         CertFreeCertificateContext(cert);
 151     }
 152     cert = CertCreateCertificateContext(X509_ASN_ENCODING,
 153      certWithCRLDistPoint, sizeof(certWithCRLDistPoint));
 154     if (cert)
 155     {
 156         PCRYPT_URL_ARRAY urlArray;
 157
 158         /* This cert has no AIA extension, so expect this to fail */
 159         SetLastError(0xdeadbeef);
 160         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert, 0,
 161          NULL, NULL, NULL, NULL, NULL);
 162         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 163          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 164         SetLastError(0xdeadbeef);
 165         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert,
 166          CRYPT_GET_URL_FROM_PROPERTY, NULL, NULL, NULL, NULL, NULL);
 167         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 168          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 169         SetLastError(0xdeadbeef);
 170         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert,
 171          CRYPT_GET_URL_FROM_EXTENSION, NULL, NULL, NULL, NULL, NULL);
 172         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 173          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 174         /* It does have a CRL dist points extension */
 175         SetLastError(0xdeadbeef);
 176         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 177          (void *)cert, 0, NULL, NULL, NULL, NULL, NULL);
 178         ok(!ret && GetLastError() == E_INVALIDARG,
 179          "Expected E_INVALIDARG, got %08x\n", GetLastError());
 180         SetLastError(0xdeadbeef);
 181         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 182          (void *)cert, 0, NULL, NULL, NULL, &infoSize, NULL);
 183         ok(!ret && GetLastError() == E_INVALIDARG,
 184          "Expected E_INVALIDARG, got %08x\n", GetLastError());
 185         /* Can get it without specifying the location: */
 186         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 187          (void *)cert, 0, NULL, &urlArraySize, NULL, NULL, NULL);
 188         ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
 189         urlArray = HeapAlloc(GetProcessHeap(), 0, urlArraySize);
 190         if (urlArray)
 191         {
 192             ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 193              (void *)cert, 0, urlArray, &urlArraySize, NULL, NULL, NULL);
 194             ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
 195             if (ret)
 196             {
 197                 LPWSTR pUrl = url;
 198                 CRYPT_URL_ARRAY expectedUrl = { 1, &pUrl };
 199
 200                 compareUrlArray(&expectedUrl, urlArray);
 201             }
 202             HeapFree(GetProcessHeap(), 0, urlArray);
 203         }
 204         /* or by specifying it's an extension: */
 205         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 206          (void *)cert, CRYPT_GET_URL_FROM_EXTENSION, NULL, &urlArraySize, NULL,
 207          NULL, NULL);
 208         ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
 209         urlArray = HeapAlloc(GetProcessHeap(), 0, urlArraySize);
 210         if (urlArray)
 211         {
 212             ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 213              (void *)cert, CRYPT_GET_URL_FROM_EXTENSION, urlArray,
 214              &urlArraySize, NULL, NULL, NULL);
 215             ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError());
 216             if (ret)
 217             {
 218                 LPWSTR pUrl = url;
 219                 CRYPT_URL_ARRAY expectedUrl = { 1, &pUrl };
 220
 221                 compareUrlArray(&expectedUrl, urlArray);
 222             }
 223             HeapFree(GetProcessHeap(), 0, urlArray);
 224         }
 225         /* but it isn't contained in a property: */
 226         SetLastError(0xdeadbeef);
 227         ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
 228          (void *)cert, CRYPT_GET_URL_FROM_PROPERTY, NULL, &urlArraySize, NULL,
 229          NULL, NULL);
 230         ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
 231          "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
 232         CertFreeCertificateContext(cert);
 233     }
 234 }
 235
 236 static void make_tmp_file(LPSTR path)
 237 {
 238     static char curr[MAX_PATH] = { 0 };
 239     char temp[MAX_PATH];
 240     DWORD dwNumberOfBytesWritten;
 241     HANDLE hf;
 242
 243     if (!*curr)
 244         GetCurrentDirectoryA(MAX_PATH, curr);
 245     GetTempFileNameA(curr, "net", 0, temp);
 246     lstrcpyA(path, temp);
 247     hf = CreateFileA(path, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS,
 248      FILE_ATTRIBUTE_NORMAL, NULL);
 249     WriteFile(hf, certWithCRLDistPoint, sizeof(certWithCRLDistPoint),
 250      &dwNumberOfBytesWritten, NULL);
 251     CloseHandle(hf);
 252 }
 253
 254 static void test_retrieveObjectByUrl(void)
 255 {
 256     BOOL ret;
 257     char tmpfile[MAX_PATH * 2], *ptr, url[MAX_PATH + 8];
 258     CRYPT_BLOB_ARRAY *pBlobArray;
 259     PCCERT_CONTEXT cert;
 260     PCCRL_CONTEXT crl;
 261     HCERTSTORE store;
 262     CRYPT_RETRIEVE_AUX_INFO aux = { 0 };
 263     FILETIME ft = { 0 };
 264
 265     SetLastError(0xdeadbeef);
 266     ret = CryptRetrieveObjectByUrlA(NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL);
 267     ok(!ret && (GetLastError() == ERROR_INVALID_PARAMETER ||
 268                 GetLastError() == E_INVALIDARG),
 269        "got 0x%x/%u (expected ERROR_INVALID_PARAMETER or E_INVALIDARG)\n",
 270        GetLastError(), GetLastError());
 271
 272     make_tmp_file(tmpfile);
 273     ptr = strchr(tmpfile, ':');
 274     if (ptr)
 275         ptr += 2; /* skip colon and first slash */
 276     else
 277         ptr = tmpfile;
 278     snprintf(url, sizeof(url), "file:///%s", ptr);
 279     do {
 280         ptr = strchr(url, '\\');
 281         if (ptr)
 282             *ptr = '/';
 283     } while (ptr);
 284
 285     pBlobArray = (CRYPT_BLOB_ARRAY *)0xdeadbeef;
 286     ret = CryptRetrieveObjectByUrlA(url, NULL, 0, 0, (void **)&pBlobArray,
 287      NULL, NULL, NULL, NULL);
 288     if (!ret)
 289     {
 290         /* File URL support was apparently removed in Vista/Windows 2008 */
 291         win_skip("File URLs not supported\n");
 292         return;
 293     }
 294     ok(ret, "CryptRetrieveObjectByUrlA failed: %d\n", GetLastError());
 295     ok(pBlobArray && pBlobArray != (CRYPT_BLOB_ARRAY *)0xdeadbeef,
 296      "Expected a valid pointer\n");
 297     if (pBlobArray && pBlobArray != (CRYPT_BLOB_ARRAY *)0xdeadbeef)
 298     {
 299         ok(pBlobArray->cBlob == 1, "Expected 1 blob, got %d\n",
 300          pBlobArray->cBlob);
 301         ok(pBlobArray->rgBlob[0].cbData == sizeof(certWithCRLDistPoint),
 302          "Unexpected size %d\n", pBlobArray->rgBlob[0].cbData);
 303         CryptMemFree(pBlobArray);
 304     }
 305     cert = (PCCERT_CONTEXT)0xdeadbeef;
 306     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CERTIFICATE, 0, 0,
 307      (void **)&cert, NULL, NULL, NULL, NULL);
 308     ok(cert && cert != (PCCERT_CONTEXT)0xdeadbeef, "Expected a cert\n");
 309     if (cert && cert != (PCCERT_CONTEXT)0xdeadbeef)
 310         CertFreeCertificateContext(cert);
 311     crl = (PCCRL_CONTEXT)0xdeadbeef;
 312     SetLastError(0xdeadbeef);
 313     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CRL, 0, 0, (void **)&crl,
 314      NULL, NULL, NULL, NULL);
 315     /* w2k3,XP, newer w2k: CRYPT_E_NO_MATCH, 95: OSS_DATA_ERROR */
 316     ok(!ret && (GetLastError() == CRYPT_E_NO_MATCH ||
 317                 GetLastError() == CRYPT_E_ASN1_BADTAG ||
 318                 GetLastError() == OSS_DATA_ERROR),
 319        "got 0x%x/%u (expected CRYPT_E_NO_MATCH or CRYPT_E_ASN1_BADTAG or "
 320        "OSS_DATA_ERROR)\n", GetLastError(), GetLastError());
 321
 322     /* only newer versions of cryptnet do the cleanup */
 323     if(!ret && GetLastError() != CRYPT_E_ASN1_BADTAG &&
 324                GetLastError() != OSS_DATA_ERROR) {
 325         ok(crl == NULL, "Expected CRL to be NULL\n");
 326     }
 327
 328     if (crl && crl != (PCCRL_CONTEXT)0xdeadbeef)
 329         CertFreeCRLContext(crl);
 330     store = (HCERTSTORE)0xdeadbeef;
 331     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CAPI2_ANY, 0, 0,
 332      &store, NULL, NULL, NULL, NULL);
 333     ok(ret, "CryptRetrieveObjectByUrlA failed: %d\n", GetLastError());
 334     if (store && store != (HCERTSTORE)0xdeadbeef)
 335     {
 336         DWORD certs = 0;
 337
 338         cert = NULL;
 339         do {
 340             cert = CertEnumCertificatesInStore(store, cert);
 341             if (cert)
 342                 certs++;
 343         } while (cert);
 344         ok(certs == 1, "Expected 1 cert, got %d\n", certs);
 345         CertCloseStore(store, 0);
 346     }
 347     /* Are file URLs cached? */
 348     cert = (PCCERT_CONTEXT)0xdeadbeef;
 349     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CERTIFICATE,
 350      CRYPT_CACHE_ONLY_RETRIEVAL, 0, (void **)&cert, NULL, NULL, NULL, NULL);
 351     ok(ret, "CryptRetrieveObjectByUrlA failed: %08x\n", GetLastError());
 352     if (cert && cert != (PCCERT_CONTEXT)0xdeadbeef)
 353         CertFreeCertificateContext(cert);
 354
 355     cert = (PCCERT_CONTEXT)0xdeadbeef;
 356     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CERTIFICATE, 0, 0,
 357      (void **)&cert, NULL, NULL, NULL, &aux);
 358     /* w2k: success, 9x: fail with E_INVALIDARG */
 359     ok(ret || (GetLastError() == E_INVALIDARG),
 360        "got %u with 0x%x/%u (expected '!=0' or '0' with E_INVALIDARG)\n",
 361        ret, GetLastError(), GetLastError());
 362     if (cert && cert != (PCCERT_CONTEXT)0xdeadbeef)
 363         CertFreeCertificateContext(cert);
 364
 365     cert = (PCCERT_CONTEXT)0xdeadbeef;
 366     aux.cbSize = sizeof(aux);
 367     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CERTIFICATE, 0, 0,
 368      (void **)&cert, NULL, NULL, NULL, &aux);
 369     /* w2k: success, 9x: fail with E_INVALIDARG */
 370     ok(ret || (GetLastError() == E_INVALIDARG),
 371        "got %u with 0x%x/%u (expected '!=0' or '0' with E_INVALIDARG)\n",
 372        ret, GetLastError(), GetLastError());
 373     if (!ret) {
 374         /* no more tests useful */
 375         DeleteFileA(tmpfile);
 376         skip("no usable CertificateContext\n");
 377         return;
 378     }
 379     CertFreeCertificateContext(cert);
 380
 381     aux.pLastSyncTime = &ft;
 382     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CERTIFICATE, 0, 0,
 383      (void **)&cert, NULL, NULL, NULL, &aux);
 384     ok(ret, "CryptRetrieveObjectByUrlA failed: %08x\n", GetLastError());
 385     CertFreeCertificateContext(cert);
 386     ok(ft.dwLowDateTime || ft.dwHighDateTime,
 387      "Expected last sync time to be set\n");
 388     DeleteFileA(tmpfile);
 389     /* Okay, after being deleted, are file URLs still cached? */
 390     SetLastError(0xdeadbeef);
 391     ret = CryptRetrieveObjectByUrlA(url, CONTEXT_OID_CERTIFICATE,
 392      CRYPT_CACHE_ONLY_RETRIEVAL, 0, (void **)&cert, NULL, NULL, NULL, NULL);
 393     ok(!ret && (GetLastError() == ERROR_FILE_NOT_FOUND ||
 394      GetLastError() == ERROR_PATH_NOT_FOUND),
 395      "Expected ERROR_FILE_NOT_FOUND or ERROR_PATH_NOT_FOUND, got %d\n",
 396      GetLastError());
 397 }
 398
 399 static const BYTE rootWithKeySignAndCRLSign[] = {
 400 0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
 401 0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
 402 0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
 403 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
 404 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
 405 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
 406 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
 407 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
 408 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
 409 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
 410 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
 411 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
 412 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
 413 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
 414 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
 415 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
 416 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
 417 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
 418 0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
 419 0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
 420 0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
 421 0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
 422 0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
 423 0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
 424 0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
 425 0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
 426 0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
 427 0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
 428 0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
 429 0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
 430 0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
 431 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
 432 0x2e,0x84,0xee };
 433 static const BYTE eeCert[] = {
 434 0x30,0x82,0x01,0xbb,0x30,0x82,0x01,0x24,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,
 435 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
 436 0x00,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,
 437 0x65,0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,
 438 0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,
 439 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,
 440 0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,
 441 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
 442 0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,
 443 0x33,0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,
 444 0xdc,0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,
 445 0x48,0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,
 446 0x47,0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,
 447 0x05,0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,
 448 0x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,
 449 0x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,
 450 0xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,
 451 0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x25,0x30,0x23,0x30,0x21,0x06,0x03,0x55,
 452 0x1d,0x23,0x04,0x1a,0x30,0x18,0x80,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,
 453 0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,
 454 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
 455 0x03,0x81,0x81,0x00,0x91,0xd2,0x78,0xe5,0xdc,0x10,0xa3,0x08,0x5e,0x20,0x85,
 456 0xec,0x57,0x09,0x83,0x68,0x45,0xbe,0x4c,0xab,0x09,0x7b,0xe9,0x8f,0x71,0x43,
 457 0x29,0x02,0x7e,0x26,0x55,0xc6,0xf1,0xfa,0xb2,0xbf,0x17,0x8f,0x37,0x30,0x57,
 458 0x75,0x63,0xce,0xb8,0x5f,0x7e,0x3f,0xfd,0xc2,0x7a,0xa0,0x61,0x5f,0x41,0x6c,
 459 0x94,0x6a,0xc3,0x04,0x0c,0xd7,0xcf,0x6f,0x4a,0x1e,0xdb,0x42,0xd2,0xa0,0x45,
 460 0xeb,0xd4,0x4d,0x3a,0x3d,0x98,0x05,0x03,0x61,0x87,0x81,0xae,0xe7,0x8a,0xfd,
 461 0x92,0x8c,0xb9,0xe1,0x48,0xf9,0xe2,0x0e,0x0f,0xef,0x72,0xe6,0x6e,0x7e,0x41,
 462 0xc2,0x8c,0x99,0xa9,0xbe,0x3a,0x01,0xa0,0x55,0x1d,0x65,0x7e,0x2a,0xb7,0x93,
 463 0xc5,0x09,0x7d,0x81,0x76,0xa8,0x50,0xff,0x48,0xe5,0xec,0x72 };
 464 static const BYTE rootSignedCRL[] = {
 465 0x30,0x82,0x01,0x21,0x30,0x81,0x8b,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
 466 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
 467 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
 468 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
 469 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
 470 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
 471 0x30,0x30,0x30,0x30,0x5a,0xa0,0x31,0x30,0x2f,0x30,0x0a,0x06,0x03,0x55,0x1d,
 472 0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x21,0x06,0x03,0x55,0x1d,0x23,0x04,0x1a,
 473 0x30,0x18,0x80,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,
 474 0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,
 475 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,
 476 0x66,0x62,0xcd,0xcf,0x5e,0x70,0xa5,0xf2,0x5b,0x39,0x86,0x5c,0x93,0x7b,0xd2,
 477 0xde,0x51,0x29,0x1e,0x87,0x0c,0xe1,0xae,0xfe,0xf6,0x34,0x64,0x5a,0xd7,0xa9,
 478 0x7c,0xa0,0x7b,0x98,0x2c,0x39,0x3a,0x43,0x2a,0xd8,0xe4,0x5c,0x4b,0x3d,0x99,
 479 0xbb,0x04,0x10,0xe8,0xe4,0xfa,0x26,0xf5,0x83,0x6f,0xf5,0x81,0x6a,0xf4,0x23,
 480 0xd0,0x68,0x52,0x2b,0x62,0x7c,0xe8,0xb1,0x69,0x21,0x99,0x80,0xd7,0x2d,0x16,
 481 0xd8,0x4f,0xf2,0xd9,0xac,0x99,0xf1,0xb5,0xbb,0xd0,0x5e,0xeb,0xa5,0x31,0x99,
 482 0x79,0xd2,0x81,0x24,0x8c,0x64,0xc6,0xa7,0x3d,0x2f,0x77,0xa2,0x08,0xad,0x00,
 483 0x8b,0x65,0xde,0x00,0x8b,0xd5,0x8e,0x29,0xb9,0xdf,0x9c,0x5c,0x57,0x76,0xe1,
 484 0x17,0x4c,0x47,0x4b,0xfa,0xf2,0xa4,0x38 };
 485
 486 BOOL (WINAPI *pCertVerifyRevocation)(DWORD, DWORD, DWORD, void **, DWORD,
 487  PCERT_REVOCATION_PARA, PCERT_REVOCATION_STATUS);
 488
 489 static void test_verifyRevocation(void)
 490 {
 491     HMODULE hCryptNet = GetModuleHandleA("cryptnet.dll");
 492     BOOL ret;
 493     CERT_REVOCATION_STATUS status = { sizeof(status), 0 };
 494     PCCERT_CONTEXT certs[2];
 495     CERT_REVOCATION_PARA revPara = { sizeof(revPara), 0 };
 496
 497     pCertVerifyRevocation = (void *)GetProcAddress(hCryptNet,
 498      "CertDllVerifyRevocation");
 499     if (!pCertVerifyRevocation)
 500     {
 501         win_skip("no CertDllVerifyRevocation\n");
 502         return;
 503     }
 504     if (0)
 505     {
 506         /* Crash */
 507         ret = pCertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL);
 508     }
 509     SetLastError(0xdeadbeef);
 510     ret = pCertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
 511     ok(!ret && GetLastError() == E_INVALIDARG,
 512      "expected E_INVALIDARG, got %08x\n", GetLastError());
 513     SetLastError(0xdeadbeef);
 514     ret = pCertVerifyRevocation(X509_ASN_ENCODING, 0, 0, NULL, 0, NULL,
 515      &status);
 516     ok(!ret && GetLastError() == E_INVALIDARG,
 517      "expected E_INVALIDARG, got %08x\n", GetLastError());
 518     SetLastError(0xdeadbeef);
 519     ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 0, NULL, 0,
 520      NULL, &status);
 521     ok(!ret && GetLastError() == E_INVALIDARG,
 522      "expected E_INVALIDARG, got %08x\n", GetLastError());
 523     certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
 524      sizeof(bigCert));
 525     SetLastError(0xdeadbeef);
 526     ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
 527      1, (void **)certs, 0, NULL, &status);
 528     ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
 529      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
 530     ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
 531      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
 532     ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
 533     CertFreeCertificateContext(certs[0]);
 534     certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING,
 535      rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
 536     certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING,
 537      eeCert, sizeof(eeCert));
 538     /* The root cert itself can't be checked for revocation */
 539     SetLastError(0xdeadbeef);
 540     ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
 541      1, (void **)certs, 0, NULL, &status);
 542     ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
 543      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
 544     ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
 545      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
 546     ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
 547     /* Neither can the end cert */
 548     SetLastError(0xdeadbeef);
 549     ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
 550      1, (void **)&certs[1], 0, NULL, &status);
 551     ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
 552      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
 553     ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
 554      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
 555     ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
 556     /* Both certs together can't, either (they're not CRLs) */
 557     SetLastError(0xdeadbeef);
 558     ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
 559      2, (void **)certs, 0, NULL, &status);
 560     ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
 561      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
 562     ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
 563      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
 564     ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
 565     /* Now add a CRL to the hCrlStore */
 566     revPara.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
 567      CERT_STORE_CREATE_NEW_FLAG, NULL);
 568     CertAddEncodedCRLToStore(revPara.hCrlStore, X509_ASN_ENCODING,
 569      rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
 570     SetLastError(0xdeadbeef);
 571     ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
 572      2, (void **)certs, 0, &revPara, &status);
 573     ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
 574      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
 575     ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
 576      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
 577     ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
 578     /* Specifying CERT_VERIFY_REV_CHAIN_FLAG doesn't change things either */
 579     SetLastError(0xdeadbeef);
 580     ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
 581      2, (void **)certs, CERT_VERIFY_REV_CHAIN_FLAG, &revPara, &status);
 582     ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
 583      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
 584     ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
 585      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
 586     ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
 587     /* Again, specifying the issuer cert: no change */
 588     revPara.pIssuerCert = certs[0];
 589     SetLastError(0xdeadbeef);
 590     ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
 591      1, (void **)&certs[1], 0, &revPara, &status);
 592     ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
 593      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
 594     ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
 595      "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
 596     ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
 597     CertCloseStore(revPara.hCrlStore, 0);
 598     CertFreeCertificateContext(certs[1]);
 599     CertFreeCertificateContext(certs[0]);
 600 }
 601
 602 START_TEST(cryptnet)
 603 {
 604     test_getObjectUrl();
 605     test_retrieveObjectByUrl();
 606     test_verifyRevocation();
 607 }