2 * crypt32 cert functions tests
4 * Copyright 2005-2006 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
30 #include "wine/test.h"
32 static BOOL (WINAPI * pCryptVerifyCertificateSignatureEx)
33 (HCRYPTPROV, DWORD, DWORD, void *, DWORD, void *, DWORD, void *);
35 static BOOL (WINAPI * pCryptAcquireContextW)
36 (HCRYPTPROV *, LPCWSTR, LPCWSTR, DWORD, DWORD);
38 static void init_function_pointers(void)
40 HMODULE hCrypt32 = GetModuleHandleA("crypt32.dll");
41 HMODULE hAdvapi32 = GetModuleHandleA("advapi32.dll");
43 #define GET_PROC(dll, func) \
44 p ## func = (void *)GetProcAddress(dll, #func); \
46 trace("GetProcAddress(%s) failed\n", #func);
48 GET_PROC(hCrypt32, CryptVerifyCertificateSignatureEx)
50 GET_PROC(hAdvapi32, CryptAcquireContextW)
55 static BYTE subjectName[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
56 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
58 static BYTE serialNum[] = { 1 };
59 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
60 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
61 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
62 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
63 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
64 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
65 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
66 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
67 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
68 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
69 static BYTE bigCertHash[] = { 0x6e, 0x30, 0x90, 0x71, 0x5f, 0xd9, 0x23,
70 0x56, 0xeb, 0xae, 0x25, 0x40, 0xe6, 0x22, 0xda, 0x19, 0x26, 0x02, 0xa6, 0x08 };
72 static const BYTE bigCertWithDifferentSubject[] = { 0x30, 0x7a, 0x02, 0x01, 0x02,
73 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
74 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67,
75 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31,
76 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
77 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15,
78 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c,
79 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06,
80 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
81 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
83 static const BYTE bigCertWithDifferentIssuer[] = { 0x30, 0x7a, 0x02, 0x01,
84 0x01, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
85 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
86 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
87 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
88 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
89 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
90 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
91 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
92 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
95 static BYTE subjectName2[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
96 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61,
98 static const BYTE bigCert2[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
99 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
100 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
101 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
102 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
103 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
104 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20,
105 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
106 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
107 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
108 static const BYTE bigCert2WithDifferentSerial[] = { 0x30, 0x7a, 0x02, 0x01,
109 0x02, 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
110 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e,
111 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
112 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30,
113 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
114 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41,
115 0x6c, 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02,
116 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03,
117 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff,
119 static BYTE bigCert2Hash[] = { 0x4a, 0x7f, 0x32, 0x1f, 0xcf, 0x3b, 0xc0,
120 0x87, 0x48, 0x2b, 0xa1, 0x86, 0x54, 0x18, 0xe4, 0x3a, 0x0e, 0x53, 0x7e, 0x2b };
122 static const BYTE certWithUsage[] = { 0x30, 0x81, 0x93, 0x02, 0x01, 0x01, 0x30,
123 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
124 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00,
125 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
126 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
127 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31,
128 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61,
129 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00,
130 0x03, 0x01, 0x00, 0xa3, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x1d,
131 0x25, 0x01, 0x01, 0xff, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01,
132 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
133 0x03, 0x02, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
135 static void testAddCert(void)
138 HCERTSTORE collection;
139 PCCERT_CONTEXT context;
140 PCCERT_CONTEXT copyContext;
143 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
144 CERT_STORE_CREATE_NEW_FLAG, NULL);
145 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
149 /* Weird--bad add disposition leads to an access violation in Windows.
151 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
152 sizeof(bigCert), 0, NULL);
153 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
154 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
155 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
156 bigCert, sizeof(bigCert), 0, NULL);
157 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
158 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
160 /* Weird--can add a cert to the NULL store (does this have special
164 ret = CertAddEncodedCertificateToStore(0, X509_ASN_ENCODING, bigCert,
165 sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
166 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
169 CertFreeCertificateContext(context);
171 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
172 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
173 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
175 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
176 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
177 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
179 /* This has the same name as bigCert, so finding isn't done by name */
180 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
181 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, &context);
182 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
184 ok(context != NULL, "Expected a context\n");
187 CRYPT_DATA_BLOB hash = { sizeof(bigCert2Hash), bigCert2Hash };
189 /* Duplicate (AddRef) the context so we can still use it after
190 * deleting it from the store.
192 CertDuplicateCertificateContext(context);
193 CertDeleteCertificateFromStore(context);
194 /* Set the same hash as bigCert2, and try to readd it */
195 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID,
197 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
199 ret = CertAddCertificateContextToStore(store, context,
200 CERT_STORE_ADD_NEW, NULL);
201 /* The failure is a bit odd (CRYPT_E_ASN1_BADTAG), so just check
204 ok(!ret, "Expected failure\n");
205 CertFreeCertificateContext(context);
207 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
209 ok(context != NULL, "Expected a context\n");
212 /* Try to readd bigCert2 to the store */
213 ret = CertAddCertificateContextToStore(store, context,
214 CERT_STORE_ADD_NEW, NULL);
215 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
216 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
217 CertFreeCertificateContext(context);
220 /* Adding a cert with the same issuer name and serial number (but
221 * different subject) as an existing cert succeeds.
224 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
225 bigCert2WithDifferentSerial, sizeof(bigCert2WithDifferentSerial),
226 CERT_STORE_ADD_NEW, &context);
227 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
230 CertDeleteCertificateFromStore(context);
232 /* Adding a cert with the same subject name and serial number (but
233 * different issuer) as an existing cert succeeds.
236 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
237 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject),
238 CERT_STORE_ADD_NEW, &context);
239 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
242 CertDeleteCertificateFromStore(context);
244 /* Adding a cert with the same issuer name and serial number (but
245 * different otherwise) as an existing cert succeeds.
248 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
249 bigCertWithDifferentIssuer, sizeof(bigCertWithDifferentIssuer),
250 CERT_STORE_ADD_NEW, &context);
251 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
254 CertDeleteCertificateFromStore(context);
256 collection = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
257 CERT_STORE_CREATE_NEW_FLAG, NULL);
258 ok(collection != NULL, "CertOpenStore failed: %08x\n", GetLastError());
261 /* Add store to the collection, but disable updates */
262 CertAddStoreToCollection(collection, store, 0, 0);
264 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert2,
266 ok(context != NULL, "Expected a context\n");
269 /* Try to readd bigCert2 to the collection */
270 ret = CertAddCertificateContextToStore(collection, context,
271 CERT_STORE_ADD_NEW, NULL);
272 ok(!ret && GetLastError() == CRYPT_E_EXISTS,
273 "Expected CRYPT_E_EXISTS, got %08x\n", GetLastError());
274 /* Replacing an existing certificate context is allowed, even
275 * though updates to the collection aren't..
277 ret = CertAddCertificateContextToStore(collection, context,
278 CERT_STORE_ADD_REPLACE_EXISTING, NULL);
279 ok(ret, "CertAddCertificateContextToStore failed: %08x\n",
281 /* use the existing certificate and ask for a copy of the context*/
283 ret = CertAddCertificateContextToStore(collection, context,
284 CERT_STORE_ADD_USE_EXISTING, ©Context);
285 ok(ret, "CertAddCertificateContextToStore failed: %08x\n",
287 ok(copyContext != NULL, "Expected on output a non NULL copyContext\n");
289 CertFreeCertificateContext(copyContext);
290 /* but adding a new certificate isn't allowed. */
291 ret = CertAddCertificateContextToStore(collection, context,
292 CERT_STORE_ADD_ALWAYS, NULL);
293 ok(!ret && GetLastError() == E_ACCESSDENIED,
294 "Expected E_ACCESSDENIED, got %08x\n", GetLastError());
295 CertFreeCertificateContext(context);
298 CertCloseStore(collection, 0);
301 CertCloseStore(store, 0);
304 static void checkHash(const BYTE *data, DWORD dataLen, ALG_ID algID,
305 PCCERT_CONTEXT context, DWORD propID)
307 BYTE hash[20] = { 0 }, hashProperty[20];
310 DWORD dwSizeWithNull;
312 memset(hash, 0, sizeof(hash));
313 memset(hashProperty, 0, sizeof(hashProperty));
315 ret = CryptHashCertificate(0, algID, 0, data, dataLen, hash, &size);
316 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
317 ret = CertGetCertificateContextProperty(context, propID, NULL,
319 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
321 ret = CertGetCertificateContextProperty(context, propID, hashProperty,
323 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
325 ok(!memcmp(hash, hashProperty, size), "Unexpected hash for property %d\n",
327 ok(size == dwSizeWithNull, "Unexpected length of hash for property: received %d instead of %d\n",
328 dwSizeWithNull,size);
331 static WCHAR cspNameW[] = { 'W','i','n','e','C','r','y','p','t','T','e','m','p',0 };
332 static const BYTE v1CertWithPubKey[] = {
333 0x30,0x81,0x95,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
334 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
335 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
336 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
337 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
338 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
339 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
340 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
341 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
342 0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
344 static const BYTE v1CertWithSubjectKeyId[] = {
345 0x30,0x7b,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
346 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
347 0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
348 0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
349 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
350 0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
351 0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x17,0x30,0x15,0x30,
352 0x13,0x06,0x03,0x55,0x1d,0x0e,0x04,0x0c,0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,
353 0x4c,0x61,0x6e,0x67,0x00 };
354 static const BYTE subjectKeyId[] = {
355 0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
357 static void testCertProperties(void)
359 PCCERT_CONTEXT context = CertCreateCertificateContext(X509_ASN_ENCODING,
360 bigCert, sizeof(bigCert));
361 DWORD propID, numProps, access, size;
363 BYTE hash[20] = { 0 }, hashProperty[20];
364 CRYPT_DATA_BLOB blob;
365 CERT_KEY_CONTEXT keyContext;
367 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
373 propID = CertEnumCertificateContextProperties(NULL, 0);
379 propID = CertEnumCertificateContextProperties(context, propID);
382 } while (propID != 0);
383 ok(numProps == 0, "Expected 0 properties, got %d\n", numProps);
385 /* Tests with a NULL cert context. Prop ID 0 fails.. */
386 ret = CertSetCertificateContextProperty(NULL, 0, 0, NULL);
387 ok(!ret && GetLastError() == E_INVALIDARG,
388 "Expected E_INVALIDARG, got %08x\n", GetLastError());
389 /* while this just crashes.
390 ret = CertSetCertificateContextProperty(NULL,
391 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
394 ret = CertSetCertificateContextProperty(context, 0, 0, NULL);
395 ok(!ret && GetLastError() == E_INVALIDARG,
396 "Expected E_INVALIDARG, got %08x\n", GetLastError());
397 /* Can't set the cert property directly, this crashes.
398 ret = CertSetCertificateContextProperty(context,
399 CERT_CERT_PROP_ID, 0, bigCert2);
403 ret = CertGetCertificateContextProperty(context,
404 CERT_ACCESS_STATE_PROP_ID, 0, NULL);
405 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
407 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
412 ret = CertGetCertificateContextProperty(context,
413 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
414 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
415 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
416 /* And, an implicit property */
417 size = sizeof(access);
418 ret = CertGetCertificateContextProperty(context,
419 CERT_ACCESS_STATE_PROP_ID, &access, &size);
420 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
422 ok(!(access & CERT_ACCESS_STATE_WRITE_PERSIST_FLAG),
423 "Didn't expect a persisted cert\n");
424 /* Trying to set this "read only" property crashes.
425 access |= CERT_ACCESS_STATE_WRITE_PERSIST_FLAG;
426 ret = CertSetCertificateContextProperty(context,
427 CERT_ACCESS_STATE_PROP_ID, 0, &access);
430 /* Can I set the hash to an invalid hash? */
432 blob.cbData = sizeof(hash);
433 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
435 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
437 size = sizeof(hashProperty);
438 ret = CertGetCertificateContextProperty(context, CERT_HASH_PROP_ID,
439 hashProperty, &size);
440 ok(!memcmp(hashProperty, hash, sizeof(hash)), "Unexpected hash\n");
441 /* Delete the (bogus) hash, and get the real one */
442 ret = CertSetCertificateContextProperty(context, CERT_HASH_PROP_ID, 0,
444 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
446 checkHash(bigCert, sizeof(bigCert), CALG_SHA1, context,
449 /* Now that the hash property is set, we should get one property when
455 propID = CertEnumCertificateContextProperties(context, propID);
458 } while (propID != 0);
459 ok(numProps == 1, "Expected 1 properties, got %d\n", numProps);
461 /* Check a few other implicit properties */
462 checkHash(bigCert, sizeof(bigCert), CALG_MD5, context,
463 CERT_MD5_HASH_PROP_ID);
465 context->pCertInfo->Subject.pbData,
466 context->pCertInfo->Subject.cbData,
467 CALG_MD5, context, CERT_SUBJECT_NAME_MD5_HASH_PROP_ID);
469 context->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
470 context->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData,
471 CALG_MD5, context, CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID);
473 /* Test key contexts and handles and such */
475 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
477 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
478 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
479 size = sizeof(CERT_KEY_CONTEXT);
480 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
482 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
483 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
484 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
486 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
487 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
488 /* Key context with an invalid size */
489 keyContext.cbSize = 0;
490 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
492 ok(!ret && GetLastError() == E_INVALIDARG,
493 "Expected E_INVALIDARG, got %08x\n", GetLastError());
494 size = sizeof(keyContext);
495 ret = CertGetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
497 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
498 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
499 keyContext.cbSize = sizeof(keyContext);
500 keyContext.hCryptProv = 0;
501 keyContext.dwKeySpec = AT_SIGNATURE;
502 ret = CertSetCertificateContextProperty(context, CERT_KEY_CONTEXT_PROP_ID,
504 ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
505 /* Now that that's set, the key prov handle property is also gettable.
507 size = sizeof(DWORD);
508 ret = CertGetCertificateContextProperty(context,
509 CERT_KEY_PROV_HANDLE_PROP_ID, &keyContext.hCryptProv, &size);
510 ok(ret, "Expected to get the CERT_KEY_PROV_HANDLE_PROP_ID, got %08x\n",
512 /* Remove the key prov handle property.. */
513 ret = CertSetCertificateContextProperty(context,
514 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
515 ok(ret, "CertSetCertificateContextProperty failed: %08x\n",
517 /* and the key context's CSP is set to NULL. */
518 size = sizeof(keyContext);
519 ret = CertGetCertificateContextProperty(context,
520 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
521 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
523 ok(keyContext.hCryptProv == 0, "Expected no hCryptProv\n");
525 /* According to MSDN the subject key id can be stored as a property,
526 * as a subject key extension, or as the SHA1 hash of the public key,
527 * but this cert has none of them:
529 ret = CertGetCertificateContextProperty(context,
530 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
531 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
532 "Expected ERROR_INVALID_DATA, got %08x\n", GetLastError());
533 CertFreeCertificateContext(context);
534 /* This cert does have a public key, but its subject key identifier still
535 * isn't available: */
536 context = CertCreateCertificateContext(X509_ASN_ENCODING,
537 v1CertWithPubKey, sizeof(v1CertWithPubKey));
538 ret = CertGetCertificateContextProperty(context,
539 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
540 ok(!ret && GetLastError() == ERROR_INVALID_DATA,
541 "Expected ERROR_INVALID_DATA, got %08x\n", GetLastError());
542 CertFreeCertificateContext(context);
543 /* This cert with a subject key extension can have its key identifier
544 * property retrieved:
546 context = CertCreateCertificateContext(X509_ASN_ENCODING,
547 v1CertWithSubjectKeyId, sizeof(v1CertWithSubjectKeyId));
548 ret = CertGetCertificateContextProperty(context,
549 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
550 ok(ret, "CertGetCertificateContextProperty failed: %08x\n", GetLastError());
553 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size);
557 ret = CertGetCertificateContextProperty(context,
558 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
559 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
561 ok(!memcmp(buf, subjectKeyId, size), "Unexpected subject key id\n");
562 HeapFree(GetProcessHeap(), 0, buf);
565 CertFreeCertificateContext(context);
568 static void testDupCert(void)
571 PCCERT_CONTEXT context, dupContext;
574 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
575 CERT_STORE_CREATE_NEW_FLAG, NULL);
576 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
580 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
581 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, &context);
582 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
584 ok(context != NULL, "Expected a valid cert context\n");
587 ok(context->cbCertEncoded == sizeof(bigCert),
588 "Wrong cert size %d\n", context->cbCertEncoded);
589 ok(!memcmp(context->pbCertEncoded, bigCert, sizeof(bigCert)),
590 "Unexpected encoded cert in context\n");
591 ok(context->hCertStore == store, "Unexpected store\n");
593 dupContext = CertDuplicateCertificateContext(context);
594 ok(dupContext != NULL, "Expected valid duplicate\n");
595 /* Not only is it a duplicate, it's identical: the address is the
598 ok(dupContext == context, "Expected identical context addresses\n");
599 CertFreeCertificateContext(dupContext);
600 CertFreeCertificateContext(context);
602 CertCloseStore(store, 0);
605 static BYTE subjectName3[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
606 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x52, 0x6f, 0x62, 0x20, 0x20, 0x4c, 0x61,
608 static const BYTE iTunesCert0[] = {
609 0x30,0x82,0x03,0xc4,0x30,0x82,0x03,0x2d,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
610 0x47,0xbf,0x19,0x95,0xdf,0x8d,0x52,0x46,0x43,0xf7,0xdb,0x6d,0x48,0x0d,0x31,
611 0xa4,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
612 0x00,0x30,0x81,0x8b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
613 0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,
614 0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x14,0x30,0x12,0x06,
615 0x03,0x55,0x04,0x07,0x13,0x0b,0x44,0x75,0x72,0x62,0x61,0x6e,0x76,0x69,0x6c,
616 0x6c,0x65,0x31,0x0f,0x30,0x0d,0x06,0x03,0x55,0x04,0x0a,0x13,0x06,0x54,0x68,
617 0x61,0x77,0x74,0x65,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0b,0x13,0x14,
618 0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
619 0x61,0x74,0x69,0x6f,0x6e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x03,0x13,
620 0x16,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
621 0x6d,0x70,0x69,0x6e,0x67,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x33,0x31,
622 0x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x33,0x31,
623 0x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x53,0x31,0x0b,0x30,
624 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,
625 0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
626 0x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,
627 0x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,0x6d,0x65,0x20,
628 0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,0x76,0x69,0x63,
629 0x65,0x73,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,
630 0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,
631 0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0xca,0xb2,0xa4,0xcc,0xcd,0x20,
632 0xaf,0x0a,0x7d,0x89,0xac,0x87,0x75,0xf0,0xb4,0x4e,0xf1,0xdf,0xc1,0x0f,0xbf,
633 0x67,0x61,0xbd,0xa3,0x64,0x1c,0xda,0xbb,0xf9,0xca,0x33,0xab,0x84,0x30,0x89,
634 0x58,0x7e,0x8c,0xdb,0x6b,0xdd,0x36,0x9e,0x0f,0xbf,0xd1,0xec,0x78,0xf2,0x77,
635 0xa6,0x7e,0x6f,0x3c,0xbf,0x93,0xaf,0x0d,0xba,0x68,0xf4,0x6c,0x94,0xca,0xbd,
636 0x52,0x2d,0xab,0x48,0x3d,0xf5,0xb6,0xd5,0x5d,0x5f,0x1b,0x02,0x9f,0xfa,0x2f,
637 0x6b,0x1e,0xa4,0xf7,0xa3,0x9a,0xa6,0x1a,0xc8,0x02,0xe1,0x7f,0x4c,0x52,0xe3,
638 0x0e,0x60,0xec,0x40,0x1c,0x7e,0xb9,0x0d,0xde,0x3f,0xc7,0xb4,0xdf,0x87,0xbd,
639 0x5f,0x7a,0x6a,0x31,0x2e,0x03,0x99,0x81,0x13,0xa8,0x47,0x20,0xce,0x31,0x73,
640 0x0d,0x57,0x2d,0xcd,0x78,0x34,0x33,0x95,0x12,0x99,0x12,0xb9,0xde,0x68,0x2f,
641 0xaa,0xe6,0xe3,0xc2,0x8a,0x8c,0x2a,0xc3,0x8b,0x21,0x87,0x66,0xbd,0x83,0x58,
642 0x57,0x6f,0x75,0xbf,0x3c,0xaa,0x26,0x87,0x5d,0xca,0x10,0x15,0x3c,0x9f,0x84,
643 0xea,0x54,0xc1,0x0a,0x6e,0xc4,0xfe,0xc5,0x4a,0xdd,0xb9,0x07,0x11,0x97,0x22,
644 0x7c,0xdb,0x3e,0x27,0xd1,0x1e,0x78,0xec,0x9f,0x31,0xc9,0xf1,0xe6,0x22,0x19,
645 0xdb,0xc4,0xb3,0x47,0x43,0x9a,0x1a,0x5f,0xa0,0x1e,0x90,0xe4,0x5e,0xf5,0xee,
646 0x7c,0xf1,0x7d,0xab,0x62,0x01,0x8f,0xf5,0x4d,0x0b,0xde,0xd0,0x22,0x56,0xa8,
647 0x95,0xcd,0xae,0x88,0x76,0xae,0xee,0xba,0x0d,0xf3,0xe4,0x4d,0xd9,0xa0,0xfb,
648 0x68,0xa0,0xae,0x14,0x3b,0xb3,0x87,0xc1,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,
649 0x81,0xdb,0x30,0x81,0xd8,0x30,0x34,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
650 0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
651 0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,
652 0x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,
653 0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,
654 0xff,0x02,0x01,0x00,0x30,0x41,0x06,0x03,0x55,0x1d,0x1f,0x04,0x3a,0x30,0x38,
655 0x30,0x36,0xa0,0x34,0xa0,0x32,0x86,0x30,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
656 0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,
657 0x6d,0x2f,0x54,0x68,0x61,0x77,0x74,0x65,0x54,0x69,0x6d,0x65,0x73,0x74,0x61,
658 0x6d,0x70,0x69,0x6e,0x67,0x43,0x41,0x2e,0x63,0x72,0x6c,0x30,0x13,0x06,0x03,
659 0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,
660 0x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,
661 0x02,0x01,0x06,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,0x04,0x1d,0x30,0x1b,0xa4,
662 0x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x13,0x0c,0x54,
663 0x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,0x33,0x30,0x0d,0x06,0x09,
664 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,
665 0x4a,0x6b,0xf9,0xea,0x58,0xc2,0x44,0x1c,0x31,0x89,0x79,0x99,0x2b,0x96,0xbf,
666 0x82,0xac,0x01,0xd6,0x1c,0x4c,0xcd,0xb0,0x8a,0x58,0x6e,0xdf,0x08,0x29,0xa3,
667 0x5e,0xc8,0xca,0x93,0x13,0xe7,0x04,0x52,0x0d,0xef,0x47,0x27,0x2f,0x00,0x38,
668 0xb0,0xe4,0xc9,0x93,0x4e,0x9a,0xd4,0x22,0x62,0x15,0xf7,0x3f,0x37,0x21,0x4f,
669 0x70,0x31,0x80,0xf1,0x8b,0x38,0x87,0xb3,0xe8,0xe8,0x97,0x00,0xfe,0xcf,0x55,
670 0x96,0x4e,0x24,0xd2,0xa9,0x27,0x4e,0x7a,0xae,0xb7,0x61,0x41,0xf3,0x2a,0xce,
671 0xe7,0xc9,0xd9,0x5e,0xdd,0xbb,0x2b,0x85,0x3e,0xb5,0x9d,0xb5,0xd9,0xe1,0x57,
672 0xff,0xbe,0xb4,0xc5,0x7e,0xf5,0xcf,0x0c,0x9e,0xf0,0x97,0xfe,0x2b,0xd3,0x3b,
673 0x52,0x1b,0x1b,0x38,0x27,0xf7,0x3f,0x4a };
674 static const BYTE iTunesCert1[] = {
675 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
676 0x0d,0xe9,0x2b,0xf0,0xd4,0xd8,0x29,0x88,0x18,0x32,0x05,0x09,0x5e,0x9a,0x76,
677 0x88,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
678 0x00,0x30,0x53,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
679 0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
680 0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2b,0x30,0x29,
681 0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
682 0x20,0x54,0x69,0x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,
683 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,
684 0x30,0x33,0x31,0x32,0x30,0x34,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
685 0x30,0x38,0x31,0x32,0x30,0x33,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x57,
686 0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
687 0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,
688 0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2f,0x30,0x2d,0x06,0x03,0x55,
689 0x04,0x03,0x13,0x26,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x69,
690 0x6d,0x65,0x20,0x53,0x74,0x61,0x6d,0x70,0x69,0x6e,0x67,0x20,0x53,0x65,0x72,
691 0x76,0x69,0x63,0x65,0x73,0x20,0x53,0x69,0x67,0x6e,0x65,0x72,0x30,0x82,0x01,
692 0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
693 0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,
694 0xb2,0x50,0x28,0x48,0xdd,0xd3,0x68,0x7a,0x84,0x18,0x44,0x66,0x75,0x5d,0x7e,
695 0xc4,0xb8,0x9f,0x63,0x26,0xff,0x3d,0x43,0x9c,0x7c,0x11,0x38,0x10,0x25,0x55,
696 0x73,0xd9,0x75,0x27,0x69,0xfd,0x4e,0xb9,0x20,0x5c,0xd3,0x0a,0xf9,0xa0,0x1b,
697 0x2a,0xed,0x55,0x56,0x21,0x61,0xd8,0x1e,0xdb,0xe4,0xbc,0x33,0x6b,0xc7,0xef,
698 0xdd,0xa3,0x37,0x65,0x8e,0x1b,0x93,0x0c,0xb6,0x53,0x1e,0x5c,0x7c,0x66,0x35,
699 0x5f,0x05,0x8a,0x45,0xfe,0x76,0x4e,0xdf,0x53,0x80,0xa2,0x81,0x20,0x9d,0xae,
700 0x88,0x5c,0xa2,0x08,0xf7,0xe5,0x30,0xf9,0xee,0x22,0x37,0x4c,0x42,0x0a,0xce,
701 0xdf,0xc6,0x1f,0xc4,0xd6,0x55,0xe9,0x81,0x3f,0xb5,0x52,0xa3,0x2c,0xaa,0x01,
702 0x7a,0xf2,0xa2,0xaa,0x8d,0x35,0xfe,0x9f,0xe6,0x5d,0x6a,0x05,0x9f,0x3d,0x6b,
703 0xe3,0xbf,0x96,0xc0,0xfe,0xcc,0x60,0xf9,0x40,0xe7,0x07,0xa0,0x44,0xeb,0x81,
704 0x51,0x6e,0xa5,0x2a,0xf2,0xb6,0x8a,0x10,0x28,0xed,0x8f,0xdc,0x06,0xa0,0x86,
705 0x50,0x9a,0x7b,0x4a,0x08,0x0d,0x30,0x1d,0xca,0x10,0x9e,0x6b,0xf7,0xe9,0x58,
706 0xae,0x04,0xa9,0x40,0x99,0xb2,0x28,0xe8,0x8f,0x16,0xac,0x3c,0xe3,0x53,0x6f,
707 0x4b,0xd3,0x35,0x9d,0xb5,0x6f,0x64,0x1d,0xb3,0x96,0x2c,0xbb,0x3d,0xe7,0x79,
708 0xeb,0x6d,0x7a,0xf9,0x16,0xe6,0x26,0xad,0xaf,0xef,0x99,0x53,0xb7,0x40,0x2c,
709 0x95,0xb8,0x79,0xaa,0xfe,0xd4,0x52,0xab,0x29,0x74,0x7e,0x42,0xec,0x39,0x1e,
710 0xa2,0x6a,0x16,0xe6,0x59,0xbb,0x24,0x68,0xd8,0x00,0x80,0x43,0x10,0x87,0x80,
711 0x6b,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xca,0x30,0x81,0xc7,0x30,0x34,0x06,
712 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,
713 0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,
714 0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
715 0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
716 0xff,0x04,0x02,0x30,0x00,0x30,0x33,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2c,0x30,
717 0x2a,0x30,0x28,0xa0,0x26,0xa0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3a,0x2f,
718 0x2f,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,
719 0x6f,0x6d,0x2f,0x74,0x73,0x73,0x2d,0x63,0x61,0x2e,0x63,0x72,0x6c,0x30,0x16,
720 0x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,
721 0x06,0x01,0x05,0x05,0x07,0x03,0x08,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
722 0x01,0xff,0x04,0x04,0x03,0x02,0x06,0xc0,0x30,0x24,0x06,0x03,0x55,0x1d,0x11,
723 0x04,0x1d,0x30,0x1b,0xa4,0x19,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,
724 0x04,0x03,0x13,0x0c,0x54,0x53,0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x35,
725 0x34,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
726 0x00,0x03,0x82,0x01,0x01,0x00,0x87,0x78,0x70,0xda,0x4e,0x52,0x01,0x20,0x5b,
727 0xe0,0x79,0xc9,0x82,0x30,0xc4,0xfd,0xb9,0x19,0x96,0xbd,0x91,0x00,0xc3,0xbd,
728 0xcd,0xcd,0xc6,0xf4,0x0e,0xd8,0xff,0xf9,0x4d,0xc0,0x33,0x62,0x30,0x11,0xc5,
729 0xf5,0x74,0x1b,0xd4,0x92,0xde,0x5f,0x9c,0x20,0x13,0xb1,0x7c,0x45,0xbe,0x50,
730 0xcd,0x83,0xe7,0x80,0x17,0x83,0xa7,0x27,0x93,0x67,0x13,0x46,0xfb,0xca,0xb8,
731 0x98,0x41,0x03,0xcc,0x9b,0x51,0x5b,0x05,0x8b,0x7f,0xa8,0x6f,0xf3,0x1b,0x50,
732 0x1b,0x24,0x2e,0xf2,0x69,0x8d,0x6c,0x22,0xf7,0xbb,0xca,0x16,0x95,0xed,0x0c,
733 0x74,0xc0,0x68,0x77,0xd9,0xeb,0x99,0x62,0x87,0xc1,0x73,0x90,0xf8,0x89,0x74,
734 0x7a,0x23,0xab,0xa3,0x98,0x7b,0x97,0xb1,0xf7,0x8f,0x29,0x71,0x4d,0x2e,0x75,
735 0x1b,0x48,0x41,0xda,0xf0,0xb5,0x0d,0x20,0x54,0xd6,0x77,0xa0,0x97,0x82,0x63,
736 0x69,0xfd,0x09,0xcf,0x8a,0xf0,0x75,0xbb,0x09,0x9b,0xd9,0xf9,0x11,0x55,0x26,
737 0x9a,0x61,0x32,0xbe,0x7a,0x02,0xb0,0x7b,0x86,0xbe,0xa2,0xc3,0x8b,0x22,0x2c,
738 0x78,0xd1,0x35,0x76,0xbc,0x92,0x73,0x5c,0xf9,0xb9,0xe6,0x4c,0x15,0x0a,0x23,
739 0xcc,0xe4,0xd2,0xd4,0x34,0x2e,0x49,0x40,0x15,0x3c,0x0f,0x60,0x7a,0x24,0xc6,
740 0xa5,0x66,0xef,0x96,0xcf,0x70,0xeb,0x3e,0xe7,0xf4,0x0d,0x7e,0xdc,0xd1,0x7c,
741 0xa3,0x76,0x71,0x69,0xc1,0x9c,0x4f,0x47,0x30,0x35,0x21,0xb1,0xa2,0xaf,0x1a,
742 0x62,0x3c,0x2b,0xd9,0x8e,0xaa,0x2a,0x07,0x7b,0xd8,0x18,0xb3,0x5c,0x7b,0xe2,
743 0x9d,0xa5,0x6f,0xfe,0x3c,0x89,0xad };
744 static const BYTE iTunesCert2[] = {
745 0x30,0x82,0x04,0xbf,0x30,0x82,0x04,0x28,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
746 0x41,0x91,0xa1,0x5a,0x39,0x78,0xdf,0xcf,0x49,0x65,0x66,0x38,0x1d,0x4c,0x75,
747 0xc2,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
748 0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
749 0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,
750 0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,
751 0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,
752 0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,
753 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,
754 0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x30,0x34,0x30,
755 0x37,0x31,0x36,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x34,0x30,
756 0x37,0x31,0x35,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,
757 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,
758 0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
759 0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,
760 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,
761 0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,
762 0x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,
763 0x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,
764 0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,
765 0x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,
766 0x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,
767 0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,0x69,
768 0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,0x20,0x43,0x41,0x30,0x82,
769 0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,
770 0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,
771 0x00,0xbe,0xbc,0xee,0xbc,0x7e,0xef,0x83,0xeb,0xe0,0x37,0x4f,0xfb,0x03,0x10,
772 0x38,0xbe,0x08,0xd2,0x8c,0x7d,0x9d,0xfa,0x92,0x7f,0x19,0x0c,0xc2,0x6b,0xee,
773 0x42,0x52,0x8c,0xde,0xd3,0x1c,0x48,0x13,0x25,0xea,0xc1,0x63,0x7a,0xf9,0x51,
774 0x65,0xee,0xd3,0xaa,0x3b,0xf5,0xf0,0x94,0x9c,0x2b,0xfb,0xf2,0x66,0xd4,0x24,
775 0xda,0xf7,0xf5,0x9f,0x6e,0x19,0x39,0x36,0xbc,0xd0,0xa3,0x76,0x08,0x1e,0x22,
776 0x27,0x24,0x6c,0x38,0x91,0x27,0xe2,0x84,0x49,0xae,0x1b,0x8a,0xa1,0xfd,0x25,
777 0x82,0x2c,0x10,0x30,0xe8,0x71,0xab,0x28,0xe8,0x77,0x4a,0x51,0xf1,0xec,0xcd,
778 0xf8,0xf0,0x54,0xd4,0x6f,0xc0,0xe3,0x6d,0x0a,0x8f,0xd9,0xd8,0x64,0x8d,0x63,
779 0xb2,0x2d,0x4e,0x27,0xf6,0x85,0x0e,0xfe,0x6d,0xe3,0x29,0x99,0xe2,0x85,0x47,
780 0x7c,0x2d,0x86,0x7f,0xe8,0x57,0x8f,0xad,0x67,0xc2,0x33,0x32,0x91,0x13,0x20,
781 0xfc,0xa9,0x23,0x14,0x9a,0x6d,0xc2,0x84,0x4b,0x76,0x68,0x04,0xd5,0x71,0x2c,
782 0x5d,0x21,0xfa,0x88,0x0d,0x26,0xfd,0x1f,0x2d,0x91,0x2b,0xe7,0x01,0x55,0x4d,
783 0xf2,0x6d,0x35,0x28,0x82,0xdf,0xd9,0x6b,0x5c,0xb6,0xd6,0xd9,0xaa,0x81,0xfd,
784 0x5f,0xcd,0x83,0xba,0x63,0x9d,0xd0,0x22,0xfc,0xa9,0x3b,0x42,0x69,0xb2,0x8e,
785 0x3a,0xb5,0xbc,0xb4,0x9e,0x0f,0x5e,0xc4,0xea,0x2c,0x82,0x8b,0x28,0xfd,0x53,
786 0x08,0x96,0xdd,0xb5,0x01,0x20,0xd1,0xf9,0xa5,0x18,0xe7,0xc0,0xee,0x51,0x70,
787 0x37,0xe1,0xb6,0x05,0x48,0x52,0x48,0x6f,0x38,0xea,0xc3,0xe8,0x6c,0x7b,0x44,
788 0x84,0xbb,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0xa0,0x30,0x82,0x01,0x9c,
789 0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,
790 0x01,0xff,0x02,0x01,0x00,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,
791 0x3b,0x30,0x39,0x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,
792 0x03,0x30,0x2a,0x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,
793 0x16,0x1c,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,
794 0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,
795 0x30,0x31,0x06,0x03,0x55,0x1d,0x1f,0x04,0x2a,0x30,0x28,0x30,0x26,0xa0,0x24,
796 0xa0,0x22,0x86,0x20,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x63,0x72,0x6c,0x2e,
797 0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x70,0x63,
798 0x61,0x33,0x2e,0x63,0x72,0x6c,0x30,0x1d,0x06,0x03,0x55,0x1d,0x25,0x04,0x16,
799 0x30,0x14,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2b,
800 0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
801 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60,0x86,0x48,
802 0x01,0x86,0xf8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x01,0x30,0x29,0x06,
803 0x03,0x55,0x1d,0x11,0x04,0x22,0x30,0x20,0xa4,0x1e,0x30,0x1c,0x31,0x1a,0x30,
804 0x18,0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6c,0x61,0x73,0x73,0x33,0x43,
805 0x41,0x32,0x30,0x34,0x38,0x2d,0x31,0x2d,0x34,0x33,0x30,0x1d,0x06,0x03,0x55,
806 0x1d,0x0e,0x04,0x16,0x04,0x14,0x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,
807 0x36,0x7c,0x68,0xcf,0x5b,0x78,0xa8,0xdf,0xb9,0xc5,0x37,0x30,0x81,0x80,0x06,
808 0x03,0x55,0x1d,0x23,0x04,0x79,0x30,0x77,0xa1,0x63,0xa4,0x61,0x30,0x5f,0x31,
809 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
810 0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
811 0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,
812 0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,
813 0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,
814 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,
815 0x72,0x69,0x74,0x79,0x82,0x10,0x70,0xba,0xe4,0x1d,0x10,0xd9,0x29,0x34,0xb6,
816 0x38,0xca,0x7b,0x03,0xcc,0xba,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
817 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xae,0x3a,0x17,0xb8,
818 0x4a,0x7b,0x55,0xfa,0x64,0x55,0xec,0x40,0xa4,0xed,0x49,0x41,0x90,0x99,0x9c,
819 0x89,0xbc,0xaf,0x2e,0x1d,0xca,0x78,0x23,0xf9,0x1c,0x19,0x0f,0x7f,0xeb,0x68,
820 0xbc,0x32,0xd9,0x88,0x38,0xde,0xdc,0x3f,0xd3,0x89,0xb4,0x3f,0xb1,0x82,0x96,
821 0xf1,0xa4,0x5a,0xba,0xed,0x2e,0x26,0xd3,0xde,0x7c,0x01,0x6e,0x00,0x0a,0x00,
822 0xa4,0x06,0x92,0x11,0x48,0x09,0x40,0xf9,0x1c,0x18,0x79,0x67,0x23,0x24,0xe0,
823 0xbb,0xd5,0xe1,0x50,0xae,0x1b,0xf5,0x0e,0xdd,0xe0,0x2e,0x81,0xcd,0x80,0xa3,
824 0x6c,0x52,0x4f,0x91,0x75,0x55,0x8a,0xba,0x22,0xf2,0xd2,0xea,0x41,0x75,0x88,
825 0x2f,0x63,0x55,0x7d,0x1e,0x54,0x5a,0x95,0x59,0xca,0xd9,0x34,0x81,0xc0,0x5f,
826 0x5e,0xf6,0x7a,0xb5 };
827 static const BYTE iTunesCert3[] = {
828 0x30,0x82,0x04,0xf1,0x30,0x82,0x03,0xd9,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
829 0x0f,0x1a,0xa0,0xe0,0x9b,0x9b,0x61,0xa6,0xb6,0xfe,0x40,0xd2,0xdf,0x6a,0xf6,
830 0x8d,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,
831 0x00,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
832 0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,
833 0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,
834 0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
835 0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,
836 0x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,0x32,0x54,0x65,0x72,0x6d,
837 0x73,0x20,0x6f,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,
838 0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,
839 0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,0x29,0x30,
840 0x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,0x13,0x25,0x56,0x65,0x72,
841 0x69,0x53,0x69,0x67,0x6e,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,
842 0x6f,0x64,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,
843 0x34,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x31,0x37,0x30,
844 0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x38,0x30,0x31,0x32,0x32,0x32,
845 0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,
846 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
847 0x08,0x13,0x0a,0x43,0x61,0x6c,0x69,0x66,0x6f,0x72,0x6e,0x69,0x61,0x31,0x12,
848 0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,
849 0x69,0x6e,0x6f,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0a,0x14,0x14,0x41,
850 0x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,0x74,0x65,0x72,0x2c,0x20,
851 0x49,0x6e,0x63,0x2e,0x31,0x3e,0x30,0x3c,0x06,0x03,0x55,0x04,0x0b,0x13,0x35,
852 0x44,0x69,0x67,0x69,0x74,0x61,0x6c,0x20,0x49,0x44,0x20,0x43,0x6c,0x61,0x73,
853 0x73,0x20,0x33,0x20,0x2d,0x20,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,
854 0x20,0x53,0x6f,0x66,0x74,0x77,0x61,0x72,0x65,0x20,0x56,0x61,0x6c,0x69,0x64,
855 0x61,0x74,0x69,0x6f,0x6e,0x20,0x76,0x32,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,
856 0x04,0x03,0x14,0x14,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x6f,0x6d,0x70,0x75,
857 0x74,0x65,0x72,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x30,0x81,0x9f,0x30,0x0d,0x06,
858 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
859 0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd3,0xab,0x3b,0x7f,0xec,0x48,0x84,
860 0xce,0xa8,0x1a,0x12,0xf3,0x3c,0x87,0xcb,0x24,0x58,0x96,0x02,0x87,0x66,0x49,
861 0xeb,0x89,0xee,0x79,0x44,0x70,0x8d,0xe7,0xd4,0x1f,0x30,0x92,0xc0,0x9c,0x35,
862 0x78,0xc0,0xaf,0x1c,0xb6,0x28,0xd3,0xe0,0xe0,0x9d,0xd3,0x49,0x76,0x73,0x57,
863 0x19,0x4d,0x8d,0x70,0x85,0x64,0x4d,0x1d,0xc6,0x02,0x3e,0xe5,0x2c,0x66,0x07,
864 0xd2,0x27,0x4b,0xd6,0xc8,0x3c,0x93,0xb6,0x15,0x0c,0xde,0x5b,0xd7,0x93,0xdd,
865 0xbe,0x85,0x62,0x34,0x17,0x8a,0x05,0x60,0xf0,0x8a,0x1c,0x5a,0x40,0x21,0x8d,
866 0x51,0x6c,0xb0,0x62,0xd8,0xb5,0xd4,0xf9,0xb1,0xd0,0x58,0x7a,0x7a,0x82,0x55,
867 0xb3,0xf9,0x53,0x71,0xde,0xd2,0xc9,0x37,0x8c,0xf6,0x5a,0x1f,0x2d,0xcd,0x7c,
868 0x67,0x02,0x03,0x01,0x00,0x01,0xa3,0x82,0x01,0x7f,0x30,0x82,0x01,0x7b,0x30,
869 0x09,0x06,0x03,0x55,0x1d,0x13,0x04,0x02,0x30,0x00,0x30,0x0e,0x06,0x03,0x55,
870 0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x40,0x06,0x03,
871 0x55,0x1d,0x1f,0x04,0x39,0x30,0x37,0x30,0x35,0xa0,0x33,0xa0,0x31,0x86,0x2f,
872 0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,
873 0x34,0x2d,0x63,0x72,0x6c,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,
874 0x63,0x6f,0x6d,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2e,0x63,
875 0x72,0x6c,0x30,0x44,0x06,0x03,0x55,0x1d,0x20,0x04,0x3d,0x30,0x3b,0x30,0x39,
876 0x06,0x0b,0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x30,0x2a,
877 0x30,0x28,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1c,0x68,
878 0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,
879 0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x30,0x13,0x06,
880 0x03,0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
881 0x07,0x03,0x03,0x30,0x75,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
882 0x04,0x69,0x30,0x67,0x30,0x24,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,
883 0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,
884 0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x30,0x3f,0x06,
885 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x33,0x68,0x74,0x74,0x70,
886 0x3a,0x2f,0x2f,0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,
887 0x61,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6e,0x2e,0x63,0x6f,0x6d,0x2f,
888 0x43,0x53,0x43,0x33,0x2d,0x32,0x30,0x30,0x34,0x2d,0x61,0x69,0x61,0x2e,0x63,
889 0x65,0x72,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,
890 0x08,0xf5,0x51,0xe8,0xfb,0xfe,0x3d,0x3d,0x64,0x36,0x7c,0x68,0xcf,0x5b,0x78,
891 0xa8,0xdf,0xb9,0xc5,0x37,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,
892 0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x04,0x10,0x30,0x16,0x06,0x0a,0x2b,0x06,
893 0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x1b,0x04,0x08,0x30,0x06,0x01,0x01,0x00,
894 0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
895 0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x6a,0xa6,0x06,0xd0,0x33,0x18,0x64,
896 0xe2,0x69,0x82,0xee,0x6e,0x36,0x9e,0x9d,0x9a,0x0e,0x18,0xa8,0xac,0x9d,0x10,
897 0xed,0x01,0x3c,0xb9,0x61,0x04,0x62,0xf3,0x85,0x8f,0xcc,0x4f,0x2c,0x66,0x35,
898 0x54,0x25,0x45,0x8d,0x95,0x1c,0xd2,0x33,0xbe,0x2e,0xdd,0x7f,0x74,0xaf,0x03,
899 0x7b,0x86,0x63,0xb0,0xc9,0xe6,0xbd,0xc7,0x8e,0xde,0x03,0x18,0x98,0x82,0xc3,
900 0xbb,0xf8,0x15,0x99,0x1a,0xa9,0xdd,0xb9,0x5d,0xb9,0xbd,0x53,0x95,0x25,0x76,
901 0xfb,0x5c,0x53,0x90,0xea,0x01,0x0a,0xa0,0xb1,0xbf,0x09,0x1b,0x97,0x8f,0x40,
902 0xfa,0x85,0x12,0x74,0x01,0xdb,0xf6,0xdb,0x09,0xd6,0x5f,0x4f,0xd7,0x17,0xb4,
903 0xbf,0x9e,0x2f,0x86,0x52,0x5d,0x70,0x24,0x52,0x32,0x1e,0xa5,0x1d,0x39,0x8b,
904 0x66,0xf6,0xba,0x9b,0x69,0x8e,0x12,0x60,0xdb,0xb6,0xcf,0xe6,0x0d,0xd6,0x1c,
905 0x8f,0xd4,0x5b,0x4b,0x00,0xde,0x21,0x93,0xfb,0x6e,0xc7,0x3d,0xb4,0x66,0x0d,
906 0x29,0x0c,0x4e,0xe9,0x3f,0x94,0xd6,0xd6,0xdc,0xec,0xf8,0x53,0x3b,0x62,0xd5,
907 0x97,0x50,0x53,0x84,0x17,0xfe,0xe2,0xed,0x4c,0x23,0x0a,0x49,0xce,0x5b,0xe9,
908 0x70,0x31,0xc1,0x04,0x02,0x02,0x6c,0xb8,0x52,0xcd,0xc7,0x4e,0x70,0xb4,0x13,
909 0xd7,0xe0,0x92,0xba,0x44,0x1a,0x10,0x4c,0x6e,0x45,0xc6,0x86,0x04,0xc6,0x64,
910 0xd3,0x9c,0x6e,0xc1,0x9c,0xac,0x74,0x3d,0x77,0x06,0x5e,0x28,0x28,0x5c,0xf5,
911 0xe0,0x9c,0x19,0xd8,0xba,0x74,0x81,0x2d,0x67,0x77,0x93,0x8d,0xbf,0xd2,0x52,
912 0x00,0xe6,0xa5,0x38,0x4e,0x2e,0x73,0x66,0x7a };
913 static BYTE iTunesIssuer[] = {
914 0x30,0x81,0xb4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
915 0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,
916 0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,
917 0x20,0x49,0x6e,0x63,0x2e,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,
918 0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
919 0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,
920 0x72,0x6b,0x31,0x3b,0x30,0x39,0x06,0x03,0x55,0x04,0x0b,0x13,
921 0x32,0x54,0x65,0x72,0x6d,0x73,0x20,0x6f,0x66,0x20,0x75,0x73,
922 0x65,0x20,0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,
923 0x2f,0x77,0x77,0x77,0x2e,0x76,0x65,0x72,0x69,0x73,0x69,0x67,
924 0x6e,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x70,0x61,0x20,0x28,0x63,
925 0x29,0x30,0x34,0x31,0x2e,0x30,0x2c,0x06,0x03,0x55,0x04,0x03,
926 0x13,0x25,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,
927 0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x43,0x6f,0x64,0x65,0x20,
928 0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x32,0x30,0x30,0x34,
930 static BYTE iTunesSerialNum[] = {
931 0x8d,0xf6,0x6a,0xdf,0xd2,0x40,0xfe,0xb6,0xa6,0x61,0x9b,0x9b,
932 0xe0,0xa0,0x1a,0x0f };
934 static void testFindCert(void)
937 PCCERT_CONTEXT context = NULL, subject;
939 CERT_INFO certInfo = { 0 };
940 CRYPT_HASH_BLOB blob;
941 BYTE otherSerialNumber[] = { 2 };
943 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
944 CERT_STORE_CREATE_NEW_FLAG, NULL);
945 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
949 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
950 bigCert, sizeof(bigCert), CERT_STORE_ADD_NEW, NULL);
951 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
953 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
954 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, NULL);
955 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
957 /* This has the same name as bigCert */
958 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
959 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
960 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
964 context = CertFindCertificateInStore(NULL, 0, 0, 0, NULL, NULL);
967 /* Check first cert's there, by issuer */
968 certInfo.Subject.pbData = subjectName;
969 certInfo.Subject.cbData = sizeof(subjectName);
970 certInfo.SerialNumber.pbData = serialNum;
971 certInfo.SerialNumber.cbData = sizeof(serialNum);
972 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
973 CERT_FIND_ISSUER_NAME, &certInfo.Subject, NULL);
974 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
978 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
979 CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
980 ok(context != NULL, "Expected more than one cert\n");
983 context = CertFindCertificateInStore(store, X509_ASN_ENCODING,
984 0, CERT_FIND_ISSUER_NAME, &certInfo.Subject, context);
985 ok(context == NULL, "Expected precisely two certs\n");
989 /* Check second cert's there as well, by subject name */
990 certInfo.Subject.pbData = subjectName2;
991 certInfo.Subject.cbData = sizeof(subjectName2);
992 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
993 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, NULL);
994 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
998 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
999 CERT_FIND_SUBJECT_NAME, &certInfo.Subject, context);
1000 ok(context == NULL, "Expected one cert only\n");
1003 /* Strange but true: searching for the subject cert requires you to set
1004 * the issuer, not the subject
1006 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1007 CERT_FIND_SUBJECT_CERT, &certInfo.Subject, NULL);
1008 ok(context == NULL, "Expected no certificate\n");
1009 certInfo.Subject.pbData = NULL;
1010 certInfo.Subject.cbData = 0;
1011 certInfo.Issuer.pbData = subjectName2;
1012 certInfo.Issuer.cbData = sizeof(subjectName2);
1013 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1014 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1015 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1019 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1020 CERT_FIND_SUBJECT_CERT, &certInfo.Subject, context);
1021 ok(context == NULL, "Expected one cert only\n");
1023 /* A non-matching serial number will not match. */
1024 certInfo.SerialNumber.pbData = otherSerialNumber;
1025 certInfo.SerialNumber.cbData = sizeof(otherSerialNumber);
1026 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1027 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1028 ok(context == NULL, "Expected no match\n");
1029 /* No serial number will not match */
1030 certInfo.SerialNumber.cbData = 0;
1031 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1032 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1033 ok(context == NULL, "Expected no match\n");
1034 /* A serial number still won't match if the name doesn't */
1035 certInfo.SerialNumber.pbData = serialNum;
1036 certInfo.SerialNumber.cbData = sizeof(serialNum);
1037 certInfo.Issuer.pbData = subjectName3;
1038 certInfo.Issuer.cbData = sizeof(subjectName3);
1039 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1040 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1041 ok(context == NULL, "Expected no match\n");
1043 /* The nice thing about hashes, they're unique */
1044 blob.pbData = bigCertHash;
1045 blob.cbData = sizeof(bigCertHash);
1046 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1047 CERT_FIND_SHA1_HASH, &blob, NULL);
1048 ok(context != NULL, "CertFindCertificateInStore failed: %08x\n",
1052 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1053 CERT_FIND_SHA1_HASH, &certInfo.Subject, context);
1054 ok(context == NULL, "Expected one cert only\n");
1057 CertCloseStore(store, 0);
1059 /* Another subject cert search, using iTunes's certs */
1060 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1061 CERT_STORE_CREATE_NEW_FLAG, NULL);
1062 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1063 iTunesCert0, sizeof(iTunesCert0), CERT_STORE_ADD_NEW, NULL);
1064 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1066 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1067 iTunesCert1, sizeof(iTunesCert1), CERT_STORE_ADD_NEW, NULL);
1068 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1070 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1071 iTunesCert2, sizeof(iTunesCert2), CERT_STORE_ADD_NEW, NULL);
1072 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1074 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1075 iTunesCert3, sizeof(iTunesCert3), CERT_STORE_ADD_NEW, &subject);
1076 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1079 /* The certInfo's issuer does not match any subject, but the serial
1080 * number does match a cert whose issuer matches certInfo's issuer.
1081 * This yields a match.
1083 certInfo.SerialNumber.cbData = sizeof(iTunesSerialNum);
1084 certInfo.SerialNumber.pbData = iTunesSerialNum;
1085 certInfo.Issuer.cbData = sizeof(iTunesIssuer);
1086 certInfo.Issuer.pbData = iTunesIssuer;
1087 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1088 CERT_FIND_SUBJECT_CERT, &certInfo, NULL);
1089 ok(context != NULL, "Expected a match\n");
1092 ret = CertCompareCertificateName(context->dwCertEncodingType,
1093 &certInfo.Issuer, &context->pCertInfo->Subject);
1094 ok(!ret, "Expected subject name not to match\n");
1095 ret = CertCompareCertificateName(context->dwCertEncodingType,
1096 &certInfo.Issuer, &context->pCertInfo->Issuer);
1097 ok(ret, "Expected issuer name to match\n");
1098 ret = CertCompareIntegerBlob(&certInfo.SerialNumber,
1099 &context->pCertInfo->SerialNumber);
1100 ok(ret, "Expected serial number to match\n");
1101 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1102 CERT_FIND_SUBJECT_CERT, &certInfo, context);
1103 ok(context == NULL, "Expected one cert only\n");
1106 context = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0,
1107 CERT_FIND_ISSUER_OF, subject, NULL);
1108 ok(context != NULL, "Expected an issuer\n");
1111 PCCERT_CONTEXT none = CertFindCertificateInStore(store,
1112 X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_OF, context, NULL);
1114 ok(!none, "Expected no parent of issuer\n");
1115 CertFreeCertificateContext(context);
1117 CertFreeCertificateContext(subject);
1118 CertCloseStore(store, 0);
1121 static void testGetSubjectCert(void)
1124 PCCERT_CONTEXT context1, context2;
1125 CERT_INFO info = { 0 };
1128 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1129 CERT_STORE_CREATE_NEW_FLAG, NULL);
1130 ok(store != NULL, "CertOpenStore failed: %d\n", GetLastError());
1134 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1135 bigCert, sizeof(bigCert), CERT_STORE_ADD_ALWAYS, NULL);
1136 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1138 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1139 bigCert2, sizeof(bigCert2), CERT_STORE_ADD_NEW, &context1);
1140 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1142 ok(context1 != NULL, "Expected a context\n");
1143 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1144 certWithUsage, sizeof(certWithUsage), CERT_STORE_ADD_NEW, NULL);
1145 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1148 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1150 ok(!context2 && GetLastError() == E_INVALIDARG,
1151 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1152 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1154 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1155 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1156 info.SerialNumber.cbData = sizeof(serialNum);
1157 info.SerialNumber.pbData = serialNum;
1158 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1160 ok(!context2 && GetLastError() == CRYPT_E_NOT_FOUND,
1161 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1162 info.Issuer.cbData = sizeof(subjectName2);
1163 info.Issuer.pbData = subjectName2;
1164 context2 = CertGetSubjectCertificateFromStore(store, X509_ASN_ENCODING,
1166 ok(context2 != NULL,
1167 "CertGetSubjectCertificateFromStore failed: %08x\n", GetLastError());
1168 /* Not only should this find a context, but it should be the same
1169 * (same address) as context1.
1171 ok(context1 == context2, "Expected identical context addresses\n");
1172 CertFreeCertificateContext(context2);
1174 CertFreeCertificateContext(context1);
1175 CertCloseStore(store, 0);
1178 /* This expires in 1970 or so */
1179 static const BYTE expiredCert[] = { 0x30, 0x82, 0x01, 0x33, 0x30, 0x81, 0xe2,
1180 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xc4, 0xd7, 0x7f, 0x0e, 0x6f, 0xa6,
1181 0x8c, 0xaa, 0x47, 0x47, 0x40, 0xe7, 0xb7, 0x0b, 0x4a, 0x7f, 0x30, 0x09, 0x06,
1182 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1183 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1184 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1185 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x36, 0x39, 0x30, 0x31, 0x30, 0x31, 0x30,
1186 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30,
1187 0x31, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30,
1188 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
1189 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
1190 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
1191 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
1192 0x00, 0xa1, 0xaf, 0x4a, 0xea, 0xa7, 0x83, 0x57, 0xc0, 0x37, 0x33, 0x7e, 0x29,
1193 0x5e, 0x0d, 0xfc, 0x44, 0x74, 0x3a, 0x1d, 0xc3, 0x1b, 0x1d, 0x96, 0xed, 0x4e,
1194 0xf4, 0x1b, 0x98, 0xec, 0x69, 0x1b, 0x04, 0xea, 0x25, 0xcf, 0xb3, 0x2a, 0xf5,
1195 0xd9, 0x22, 0xd9, 0x8d, 0x08, 0x39, 0x81, 0xc6, 0xe0, 0x4f, 0x12, 0x37, 0x2a,
1196 0x3f, 0x80, 0xa6, 0x6c, 0x67, 0x43, 0x3a, 0xdd, 0x95, 0x0c, 0xbb, 0x2f, 0x6b,
1197 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
1198 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x8f, 0xa2, 0x5b, 0xd6, 0xdf, 0x34, 0xd0,
1199 0xa2, 0xa7, 0x47, 0xf1, 0x13, 0x79, 0xd3, 0xf3, 0x39, 0xbd, 0x4e, 0x2b, 0xa3,
1200 0xf4, 0x63, 0x37, 0xac, 0x5a, 0x0c, 0x5e, 0x4d, 0x0d, 0x54, 0x87, 0x4f, 0x31,
1201 0xfb, 0xa0, 0xce, 0x8f, 0x9a, 0x2f, 0x4d, 0x48, 0xc6, 0x84, 0x8d, 0xf5, 0x70,
1202 0x74, 0x17, 0xa5, 0xf3, 0x66, 0x47, 0x06, 0xd6, 0x64, 0x45, 0xbc, 0x52, 0xef,
1203 0x49, 0xe5, 0xf9, 0x65, 0xf3 };
1205 /* This expires in 2036 or so */
1206 static const BYTE childOfExpired[] = { 0x30, 0x81, 0xcc, 0x30, 0x78, 0xa0,
1207 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
1208 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d,
1209 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63,
1210 0x40, 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e,
1211 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x35, 0x30, 0x35,
1212 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x36, 0x30, 0x35,
1213 0x30, 0x35, 0x31, 0x37, 0x31, 0x32, 0x34, 0x39, 0x5a, 0x30, 0x15, 0x31, 0x13,
1214 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e,
1215 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03,
1216 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1217 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x20, 0x3b, 0xdb, 0x4d, 0x67, 0x50,
1218 0xec, 0x73, 0x9d, 0xf9, 0x85, 0x5d, 0x18, 0xe9, 0xb4, 0x98, 0xe3, 0x31, 0xb7,
1219 0x03, 0x0b, 0xc0, 0x39, 0x93, 0x56, 0x81, 0x0a, 0xfc, 0x78, 0xa8, 0x29, 0x42,
1220 0x5f, 0x69, 0xfb, 0xbc, 0x5b, 0xf2, 0xa6, 0x2a, 0xbe, 0x91, 0x2c, 0xfc, 0x89,
1221 0x69, 0x15, 0x18, 0x58, 0xe5, 0x02, 0x75, 0xf7, 0x2a, 0xb6, 0xa9, 0xfb, 0x47,
1222 0x6a, 0x6e, 0x0a, 0x9b, 0xe9, 0xdc };
1226 * A chain with two issuers, only one of whose dates is valid.
1228 static const BYTE chain10_0[] = {
1229 0x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
1230 0x4a,0x30,0x3a,0x42,0xa2,0x5a,0xb3,0x93,0x4d,0x94,0x06,0xad,0x6d,0x1c,0x34,
1231 0xe6,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
1232 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
1233 0x30,0x1e,0x17,0x0d,0x30,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
1234 0x30,0x5a,0x17,0x0d,0x30,0x36,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
1235 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
1236 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
1237 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
1238 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
1239 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
1240 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
1241 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
1242 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
1243 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
1244 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
1245 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
1246 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
1247 0x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
1248 0x81,0x00,0x85,0x6e,0x35,0x2f,0x2c,0x51,0x4f,0xd6,0x2a,0xe4,0x9e,0xd0,0x4b,
1249 0xe6,0x90,0xfd,0xf7,0x20,0xad,0x76,0x3f,0x93,0xea,0x7f,0x0d,0x1f,0xb3,0x8e,
1250 0xfd,0xe0,0xe1,0xd6,0xd7,0x9c,0x7d,0x46,0x6b,0x15,0x5c,0xe6,0xc9,0x62,0x3b,
1251 0x70,0x4a,0x4b,0xb2,0x82,0xe3,0x55,0x0c,0xc4,0x90,0x44,0x06,0x6c,0x86,0x1c,
1252 0x6d,0x47,0x12,0xda,0x33,0x95,0x5d,0x98,0x43,0xcb,0x7c,0xfa,0x2b,0xee,0xc4,
1253 0x2d,0xc8,0x95,0x33,0x89,0x08,0x3f,0x9f,0x87,0xea,0x20,0x04,0xaf,0x58,0x4b,
1254 0x9d,0xc0,0x7c,0x0a,0x1b,0x05,0x31,0x3b,0xbb,0x13,0x58,0x2e,0x3f,0x61,0x6b,
1255 0x10,0xb4,0xeb,0xb9,0x1a,0x30,0xfd,0xea,0xca,0x29,0x99,0x5f,0x42,0x2b,0x00,
1256 0xb0,0x08,0xc3,0xf0,0xb6,0xd6,0x6b,0xf9,0x35,0x95 };
1257 static const BYTE chain10_1[] = {
1258 0x30,0x82,0x01,0x9b,0x30,0x82,0x01,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
1259 0xbf,0x99,0x4f,0x14,0x03,0x77,0x44,0xb8,0x49,0x02,0x70,0xa1,0xb8,0x9c,0xa7,
1260 0x24,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
1261 0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
1262 0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
1263 0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
1264 0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
1265 0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
1266 0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
1267 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
1268 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
1269 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
1270 0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
1271 0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
1272 0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
1273 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
1274 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
1275 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
1276 0x00,0x01,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,
1277 0x81,0x00,0xa8,0xec,0x8c,0x34,0xe7,0x2c,0xdf,0x75,0x87,0xc4,0xf7,0xda,0x71,
1278 0x72,0x29,0xb2,0x48,0xa8,0x2a,0xec,0x7b,0x7d,0x19,0xb9,0x5f,0x1d,0xd9,0x91,
1279 0x2b,0xc4,0x28,0x7e,0xd6,0xb5,0x91,0x69,0xa5,0x8a,0x1a,0x1f,0x97,0x98,0x46,
1280 0x9d,0xdf,0x12,0xf6,0x45,0x62,0xad,0x60,0xb6,0xba,0xb0,0xfd,0xf5,0x9f,0xc6,
1281 0x98,0x05,0x4f,0x4d,0x48,0xdc,0xee,0x69,0xbe,0xb8,0xc4,0xc4,0xd7,0x1b,0xb1,
1282 0x1f,0x64,0xd6,0x45,0xa7,0xdb,0xb3,0x87,0x63,0x0f,0x54,0xe1,0x3a,0x6b,0x57,
1283 0x36,0xd7,0x68,0x65,0xcf,0xda,0x57,0x8d,0xcd,0x84,0x75,0x47,0x26,0x2c,0xef,
1284 0x1e,0x8f,0xc7,0x3b,0xee,0x5d,0x03,0xa6,0xdf,0x3a,0x20,0xb2,0xcc,0xc9,0x09,
1285 0x2c,0xfe,0x2b,0x79,0xb0,0xca,0x2c,0x9a,0x81,0x6b };
1286 static const BYTE chain7_1[] = {
1287 0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
1288 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
1289 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
1290 0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,
1291 0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,
1292 0x35,0x39,0x35,0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
1293 0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
1294 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
1295 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
1296 0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
1297 0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
1298 0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
1299 0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
1300 0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
1301 0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
1302 0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
1303 0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
1304 0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
1305 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9f,0x69,0xfd,0x26,0xd5,0x4b,
1306 0xe0,0xab,0x12,0x21,0xb9,0xfc,0xf7,0xe0,0x0c,0x09,0x94,0xad,0x27,0xd7,0x9d,
1307 0xa3,0xcc,0x46,0x2a,0x25,0x9a,0x24,0xa7,0x31,0x58,0x78,0xf5,0xfc,0x30,0xe1,
1308 0x6d,0xfd,0x59,0xab,0xbe,0x69,0xa0,0xea,0xe3,0x7d,0x7a,0x7b,0xe5,0x85,0xeb,
1309 0x86,0x6a,0x84,0x3c,0x96,0x01,0x1a,0x70,0xa7,0xb8,0xcb,0xf2,0x11,0xe7,0x52,
1310 0x9c,0x58,0x2d,0xac,0x63,0xce,0x72,0x4b,0xad,0x62,0xa8,0x1d,0x75,0x96,0xe2,
1311 0x27,0xf5,0x6f,0xba,0x91,0xf8,0xf1,0xb0,0xbf,0x90,0x24,0x6d,0xba,0x5d,0xd7,
1312 0x39,0x63,0x3b,0x7c,0x04,0x5d,0x89,0x9d,0x1c,0xf2,0xf7,0xcc,0xdf,0x6e,0x8a,
1313 0x43,0xa9,0xdd,0x86,0x05,0xa2,0xf3,0x22,0x2d,0x1e,0x70,0xa1,0x59,0xd7,0xa5,
1316 static void testGetIssuerCert(void)
1319 PCCERT_CONTEXT parent, child, cert1, cert2;
1320 DWORD flags = 0xffffffff;
1321 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1322 CERT_STORE_CREATE_NEW_FLAG, NULL);
1324 ok(store != NULL, "CertOpenStore failed: %08x\n", GetLastError());
1326 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1327 expiredCert, sizeof(expiredCert), CERT_STORE_ADD_ALWAYS, NULL);
1328 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1331 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1332 childOfExpired, sizeof(childOfExpired), CERT_STORE_ADD_ALWAYS, &child);
1333 ok(ret, "CertAddEncodedCertificateToStore failed: %08x\n",
1337 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, NULL);
1338 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, NULL);
1340 parent = CertGetIssuerCertificateFromStore(NULL, NULL, NULL, &flags);
1341 ok(!parent && GetLastError() == E_INVALIDARG,
1342 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1343 parent = CertGetIssuerCertificateFromStore(store, NULL, NULL, &flags);
1344 ok(!parent && GetLastError() == E_INVALIDARG,
1345 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1346 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1347 ok(!parent && GetLastError() == E_INVALIDARG,
1348 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1349 /* Confusing: the caller cannot set either of the
1350 * CERT_STORE_NO_*_FLAGs, as these are not checks,
1353 flags = CERT_STORE_NO_CRL_FLAG | CERT_STORE_NO_ISSUER_FLAG;
1354 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1355 ok(!parent && GetLastError() == E_INVALIDARG,
1356 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1357 /* Perform no checks */
1359 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1360 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08x\n",
1363 CertFreeCertificateContext(parent);
1364 /* Check revocation and signature only */
1365 flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
1366 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1367 ok(parent != NULL, "CertGetIssuerCertificateFromStore failed: %08x\n",
1369 /* Confusing: CERT_STORE_REVOCATION_FLAG succeeds when there is no CRL by
1370 * setting CERT_STORE_NO_CRL_FLAG.
1372 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
1373 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08x\n",
1376 CertFreeCertificateContext(parent);
1377 /* Checking time validity is not productive, because while most Windows
1378 * versions return 0 (time valid) because the child is not expired,
1379 * Windows 2003 SP1 returns that it is expired. Thus the range of
1380 * possibilities is covered, and a test verifies nothing.
1383 CertFreeCertificateContext(child);
1384 CertCloseStore(store, 0);
1387 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1388 CERT_STORE_CREATE_NEW_FLAG, NULL);
1389 /* With only the child certificate, no issuer will be found */
1390 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1391 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1392 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1393 ok(parent == NULL, "Expected no issuer\n");
1394 /* Adding an issuer allows one (and only one) issuer to be found */
1395 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1396 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert1);
1397 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1398 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1399 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1400 ok(parent == NULL, "Expected only one issuer\n");
1401 /* Adding a second issuer allows two issuers to be found - and the second
1402 * issuer is found before the first, implying certs are added to the head
1405 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1406 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert2);
1407 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1408 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1409 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1410 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1411 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1412 ok(parent == NULL, "Expected no more than two issuers\n");
1413 CertFreeCertificateContext(child);
1414 CertFreeCertificateContext(cert1);
1415 CertFreeCertificateContext(cert2);
1416 CertCloseStore(store, 0);
1418 /* Repeat the test, reversing the order in which issuers are added,
1419 * to show it's order-dependent.
1421 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1422 CERT_STORE_CREATE_NEW_FLAG, NULL);
1423 /* With only the child certificate, no issuer will be found */
1424 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1425 chain7_1, sizeof(chain7_1), CERT_STORE_ADD_ALWAYS, &child);
1426 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1427 ok(parent == NULL, "Expected no issuer\n");
1428 /* Adding an issuer allows one (and only one) issuer to be found */
1429 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1430 chain10_0, sizeof(chain10_0), CERT_STORE_ADD_ALWAYS, &cert1);
1431 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1432 ok(parent == cert1, "Expected cert1 to be the issuer\n");
1433 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1434 ok(parent == NULL, "Expected only one issuer\n");
1435 /* Adding a second issuer allows two issuers to be found - and the second
1436 * issuer is found before the first, implying certs are added to the head
1439 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
1440 chain10_1, sizeof(chain10_1), CERT_STORE_ADD_ALWAYS, &cert2);
1441 parent = CertGetIssuerCertificateFromStore(store, child, NULL, &flags);
1442 ok(parent == cert2, "Expected cert2 to be the first issuer\n");
1443 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1444 ok(parent == cert1, "Expected cert1 to be the second issuer\n");
1445 parent = CertGetIssuerCertificateFromStore(store, child, parent, &flags);
1446 ok(parent == NULL, "Expected no more than two issuers\n");
1447 CertFreeCertificateContext(child);
1448 CertFreeCertificateContext(cert1);
1449 CertFreeCertificateContext(cert2);
1450 CertCloseStore(store, 0);
1453 static void testCryptHashCert(void)
1455 static const BYTE emptyHash[] = { 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b,
1456 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07,
1458 static const BYTE knownHash[] = { 0xae, 0x9d, 0xbf, 0x6d, 0xf5, 0x46, 0xee,
1459 0x8b, 0xc5, 0x7a, 0x13, 0xba, 0xc2, 0xb1, 0x04, 0xf2, 0xbf, 0x52, 0xa8,
1461 static const BYTE toHash[] = "abcdefghijklmnopqrstuvwxyz0123456789.,;!?:";
1464 DWORD hashLen = sizeof(hash);
1466 /* NULL buffer and nonzero length crashes
1467 ret = CryptHashCertificate(0, 0, 0, NULL, size, hash, &hashLen);
1468 empty hash length also crashes
1469 ret = CryptHashCertificate(0, 0, 0, buf, size, hash, NULL);
1471 /* Test empty hash */
1472 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), NULL,
1474 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1475 ok(hashLen == sizeof(hash), "Got unexpected size of hash %d\n", hashLen);
1476 /* Test with empty buffer */
1477 ret = CryptHashCertificate(0, 0, 0, NULL, 0, hash, &hashLen);
1478 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1479 ok(!memcmp(hash, emptyHash, sizeof(emptyHash)),
1480 "Unexpected hash of nothing\n");
1481 /* Test a known value */
1482 ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), hash,
1484 ok(ret, "CryptHashCertificate failed: %08x\n", GetLastError());
1485 ok(!memcmp(hash, knownHash, sizeof(knownHash)), "Unexpected hash\n");
1488 static void verifySig(HCRYPTPROV csp, const BYTE *toSign, size_t toSignLen,
1489 const BYTE *sig, unsigned int sigLen)
1492 BOOL ret = CryptCreateHash(csp, CALG_SHA1, 0, 0, &hash);
1494 ok(ret, "CryptCreateHash failed: %08x\n", GetLastError());
1498 DWORD mySigSize = sizeof(mySig);
1500 ret = CryptHashData(hash, toSign, toSignLen, 0);
1501 ok(ret, "CryptHashData failed: %08x\n", GetLastError());
1502 /* use the A variant so the test can run on Win9x */
1503 ret = CryptSignHashA(hash, AT_SIGNATURE, NULL, 0, mySig, &mySigSize);
1504 ok(ret, "CryptSignHash failed: %08x\n", GetLastError());
1507 ok(mySigSize == sigLen, "Expected sig length %d, got %d\n",
1509 ok(!memcmp(mySig, sig, sigLen), "Unexpected signature\n");
1511 CryptDestroyHash(hash);
1515 /* Tests signing the certificate described by toBeSigned with the CSP passed in,
1516 * using the algorithm with OID sigOID. The CSP is assumed to be empty, and a
1517 * keyset named AT_SIGNATURE will be added to it. The signing key will be
1518 * stored in *key, and the signature will be stored in sig. sigLen should be
1519 * at least 64 bytes.
1521 static void testSignCert(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1522 LPCSTR sigOID, HCRYPTKEY *key, BYTE *sig, DWORD *sigLen)
1526 CRYPT_ALGORITHM_IDENTIFIER algoID = { NULL, { 0, NULL } };
1529 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, NULL);
1530 ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, &size);
1531 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1532 NULL, NULL, NULL, &size);
1534 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1535 &algoID, NULL, NULL, &size);
1536 ok(!ret && GetLastError() == NTE_BAD_ALGID,
1537 "Expected NTE_BAD_ALGID, got %08x\n", GetLastError());
1538 algoID.pszObjId = (LPSTR)sigOID;
1539 ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
1540 &algoID, NULL, NULL, &size);
1541 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
1542 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
1543 ret = CryptSignCertificate(0, AT_SIGNATURE, 0, toBeSigned->pbData,
1544 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1545 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
1546 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
1548 /* No keys exist in the new CSP yet.. */
1549 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1550 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1551 ok(!ret && (GetLastError() == NTE_BAD_KEYSET || GetLastError() ==
1552 NTE_NO_KEY), "Expected NTE_BAD_KEYSET or NTE_NO_KEY, got %08x\n",
1554 ret = CryptGenKey(csp, AT_SIGNATURE, 0, key);
1555 ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
1558 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1559 toBeSigned->cbData, &algoID, NULL, NULL, &size);
1560 ok(ret, "CryptSignCertificate failed: %08x\n", GetLastError());
1561 ok(size <= *sigLen, "Expected size <= %d, got %d\n", *sigLen, size);
1564 ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
1565 toBeSigned->cbData, &algoID, NULL, sig, &size);
1566 ok(ret, "CryptSignCertificate failed: %08x\n", GetLastError());
1570 verifySig(csp, toBeSigned->pbData, toBeSigned->cbData, sig,
1577 static void testVerifyCertSig(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
1578 LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
1580 CERT_SIGNED_CONTENT_INFO info;
1585 if (!pCryptVerifyCertificateSignatureEx)
1587 skip("no CryptVerifyCertificateSignatureEx support\n");
1590 ret = pCryptVerifyCertificateSignatureEx(0, 0, 0, NULL, 0, NULL, 0, NULL);
1591 ok(!ret && GetLastError() == E_INVALIDARG,
1592 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1593 ret = pCryptVerifyCertificateSignatureEx(csp, 0, 0, NULL, 0, NULL, 0, NULL);
1594 ok(!ret && GetLastError() == E_INVALIDARG,
1595 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1596 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING, 0, NULL, 0,
1598 ok(!ret && GetLastError() == E_INVALIDARG,
1599 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1601 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1602 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, NULL, 0, NULL, 0, NULL);
1604 info.ToBeSigned.cbData = toBeSigned->cbData;
1605 info.ToBeSigned.pbData = toBeSigned->pbData;
1606 info.SignatureAlgorithm.pszObjId = (LPSTR)sigOID;
1607 info.SignatureAlgorithm.Parameters.cbData = 0;
1608 info.Signature.cbData = sigLen;
1609 info.Signature.pbData = (BYTE *)sig;
1610 info.Signature.cUnusedBits = 0;
1611 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT, &info,
1612 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&cert, &size);
1613 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1616 CRYPT_DATA_BLOB certBlob = { 0, NULL };
1617 PCERT_PUBLIC_KEY_INFO pubKeyInfo = NULL;
1619 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1620 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1621 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
1622 "Expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
1623 certBlob.cbData = 1;
1624 certBlob.pbData = (void *)0xdeadbeef;
1625 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1626 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1627 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
1628 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
1629 certBlob.cbData = size;
1630 certBlob.pbData = cert;
1631 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1632 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
1633 ok(!ret && GetLastError() == E_INVALIDARG,
1634 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1635 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1636 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1637 CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL, NULL, 0, NULL);
1638 ok(!ret && GetLastError() == E_INVALIDARG,
1639 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1641 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1642 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1643 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, NULL, 0, NULL);
1645 CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
1646 (LPSTR)sigOID, 0, NULL, NULL, &size);
1647 pubKeyInfo = HeapAlloc(GetProcessHeap(), 0, size);
1650 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
1651 X509_ASN_ENCODING, (LPSTR)sigOID, 0, NULL, pubKeyInfo, &size);
1652 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
1655 ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
1656 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
1657 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pubKeyInfo, 0, NULL);
1658 ok(ret, "CryptVerifyCertificateSignatureEx failed: %08x\n",
1661 HeapFree(GetProcessHeap(), 0, pubKeyInfo);
1667 static BYTE emptyCert[] = { 0x30, 0x00 };
1669 static void testCertSigs(void)
1672 CRYPT_DATA_BLOB toBeSigned = { sizeof(emptyCert), emptyCert };
1676 DWORD sigSize = sizeof(sig);
1678 /* Just in case a previous run failed, delete this thing */
1679 pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
1680 CRYPT_DELETEKEYSET);
1681 ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
1683 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
1685 testSignCert(csp, &toBeSigned, szOID_RSA_SHA1RSA, &key, sig, &sigSize);
1686 testVerifyCertSig(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, sigSize);
1688 CryptDestroyKey(key);
1689 CryptReleaseContext(csp, 0);
1690 ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
1691 CRYPT_DELETEKEYSET);
1694 static const BYTE md5SignedEmptyCert[] = {
1695 0x30,0x56,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
1696 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
1697 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
1698 0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
1699 0x0d,0x02,0x05,0x05,0x00,0x03,0x11,0x00,0xfb,0x0f,0x66,0x82,0x66,0xd9,0xe5,0xf8,
1700 0xd8,0xa2,0x55,0x2b,0xe1,0xa5,0xd9,0x04 };
1701 static const BYTE md5SignedEmptyCertNoNull[] = {
1702 0x30,0x54,0x30,0x33,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
1703 0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,
1704 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x07,
1705 0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,
1706 0x0d,0x02,0x05,0x03,0x11,0x00,0x04,0xd9,0xa5,0xe1,0x2b,0x55,0xa2,0xd8,0xf8,0xe5,
1707 0xd9,0x66,0x82,0x66,0x0f,0xfb };
1709 static void testSignAndEncodeCert(void)
1711 static char oid_rsa_md5rsa[] = szOID_RSA_MD5RSA;
1712 static char oid_rsa_md5[] = szOID_RSA_MD5;
1715 CRYPT_ALGORITHM_IDENTIFIER algID = { 0 };
1716 CERT_INFO info = { 0 };
1719 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
1721 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, NULL, NULL, NULL,
1724 ret = CryptSignAndEncodeCertificate(0, 0, 0, NULL, NULL, &algID, NULL, NULL,
1726 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1727 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1728 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING, NULL, NULL,
1729 &algID, NULL, NULL, &size);
1730 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1731 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1732 ret = CryptSignAndEncodeCertificate(0, 0, 0, X509_CERT_TO_BE_SIGNED, NULL,
1733 &algID, NULL, NULL, &size);
1734 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1735 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
1736 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1737 X509_CERT_TO_BE_SIGNED, NULL, &algID, NULL, NULL, &size);
1738 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
1739 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
1741 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1742 X509_CERT_TO_BE_SIGNED, &info, NULL, NULL, NULL, &size);
1744 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1745 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
1746 ok(!ret && GetLastError() == NTE_BAD_ALGID,
1747 "Expected NTE_BAD_ALGID, got %08x\n", GetLastError());
1748 algID.pszObjId = oid_rsa_md5rsa;
1749 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1750 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
1751 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
1752 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
1753 algID.pszObjId = oid_rsa_md5;
1754 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1755 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, NULL, &size);
1756 ok(ret, "CryptSignAndEncodeCertificate failed: %08x\n", GetLastError());
1759 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size);
1763 ret = CryptSignAndEncodeCertificate(0, 0, X509_ASN_ENCODING,
1764 X509_CERT_TO_BE_SIGNED, &info, &algID, NULL, buf, &size);
1765 ok(ret, "CryptSignAndEncodeCertificate failed: %08x\n",
1767 /* Tricky: because the NULL parameters may either be omitted or
1768 * included as an asn.1-encoded NULL (0x05,0x00), two different
1769 * values are allowed.
1771 ok(size == sizeof(md5SignedEmptyCert) ||
1772 size == sizeof(md5SignedEmptyCertNoNull), "Unexpected size %d\n",
1774 if (size == sizeof(md5SignedEmptyCert))
1775 ok(!memcmp(buf, md5SignedEmptyCert, size),
1776 "Unexpected value\n");
1777 else if (size == sizeof(md5SignedEmptyCertNoNull))
1778 ok(!memcmp(buf, md5SignedEmptyCertNoNull, size),
1779 "Unexpected value\n");
1780 HeapFree(GetProcessHeap(), 0, buf);
1785 static void testCreateSelfSignCert(void)
1787 PCCERT_CONTEXT context;
1788 CERT_NAME_BLOB name = { sizeof(subjectName), subjectName };
1792 CRYPT_KEY_PROV_INFO info;
1795 context = CertCreateSelfSignCertificate(0, NULL, 0, NULL, NULL, NULL, NULL,
1797 * Calling this with no first parameter creates a new key container, which
1798 * lasts beyond the test, so I don't test that. Nb: the generated key
1800 context = CertCreateSelfSignCertificate(0, &name, 0, NULL, NULL, NULL, NULL,
1805 pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
1806 CRYPT_DELETEKEYSET);
1807 ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
1809 ok(ret, "CryptAcquireContext failed: %08x\n", GetLastError());
1811 context = CertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
1813 ok(!context && GetLastError() == NTE_NO_KEY,
1814 "Expected NTE_NO_KEY, got %08x\n", GetLastError());
1815 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
1816 ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
1819 context = CertCreateSelfSignCertificate(csp, &name, 0, NULL, NULL, NULL,
1821 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08x\n",
1826 PCRYPT_KEY_PROV_INFO info;
1828 /* The context must have a key provider info property */
1829 ret = CertGetCertificateContextProperty(context,
1830 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
1831 ok(ret && size, "Expected non-zero key provider info\n");
1834 info = HeapAlloc(GetProcessHeap(), 0, size);
1837 ret = CertGetCertificateContextProperty(context,
1838 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
1839 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
1843 /* Sanity-check the key provider */
1844 ok(!lstrcmpW(info->pwszContainerName, cspNameW),
1845 "Unexpected key container\n");
1846 ok(!lstrcmpW(info->pwszProvName, MS_DEF_PROV_W),
1847 "Unexpected provider\n");
1848 ok(info->dwKeySpec == AT_SIGNATURE,
1849 "Expected AT_SIGNATURE, got %d\n", info->dwKeySpec);
1851 HeapFree(GetProcessHeap(), 0, info);
1855 CertFreeCertificateContext(context);
1858 CryptDestroyKey(key);
1861 CryptReleaseContext(csp, 0);
1862 ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
1863 CRYPT_DELETEKEYSET);
1865 /* do the same test with AT_KEYEXCHANGE and key info*/
1866 memset(&info,0,sizeof(info));
1867 info.dwProvType = PROV_RSA_FULL;
1868 info.dwKeySpec = AT_KEYEXCHANGE;
1869 info.pwszProvName = (LPWSTR) MS_DEF_PROV_W;
1870 info.pwszContainerName = cspNameW;
1871 context = CertCreateSelfSignCertificate(0, &name, 0, &info, NULL, NULL,
1873 ok(context != NULL, "CertCreateSelfSignCertificate failed: %08x\n",
1878 PCRYPT_KEY_PROV_INFO info;
1880 /* The context must have a key provider info property */
1881 ret = CertGetCertificateContextProperty(context,
1882 CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
1883 ok(ret && size, "Expected non-zero key provider info\n");
1886 info = HeapAlloc(GetProcessHeap(), 0, size);
1889 ret = CertGetCertificateContextProperty(context,
1890 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
1891 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
1895 /* Sanity-check the key provider */
1896 ok(!lstrcmpW(info->pwszContainerName, cspNameW),
1897 "Unexpected key container\n");
1898 ok(!lstrcmpW(info->pwszProvName, MS_DEF_PROV_W),
1899 "Unexpected provider\n");
1900 ok(info->dwKeySpec == AT_KEYEXCHANGE,
1901 "Expected AT_KEYEXCHANGE, got %d\n", info->dwKeySpec);
1903 HeapFree(GetProcessHeap(), 0, info);
1907 CertFreeCertificateContext(context);
1910 pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
1911 CRYPT_DELETEKEYSET);
1914 static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
1915 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
1917 static void testKeyUsage(void)
1920 PCCERT_CONTEXT context;
1923 /* Test base cases */
1924 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, NULL);
1925 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
1926 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
1928 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
1929 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
1930 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
1932 ret = CertGetEnhancedKeyUsage(NULL, 0, NULL, &size);
1933 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
1934 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
1936 ret = CertSetEnhancedKeyUsage(NULL, NULL);
1937 usage.cUsageIdentifier = 0;
1938 ret = CertSetEnhancedKeyUsage(NULL, &usage);
1940 /* Test with a cert with no enhanced key usage extension */
1941 context = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
1943 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
1947 static const char oid[] = "1.2.3.4";
1948 BYTE buf[sizeof(CERT_ENHKEY_USAGE) + 2 * (sizeof(LPSTR) + sizeof(oid))];
1949 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
1951 ret = CertGetEnhancedKeyUsage(context, 0, NULL, NULL);
1952 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
1953 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
1955 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &size);
1958 /* Windows 2000, ME, or later: even though it succeeded, we expect
1959 * CRYPT_E_NOT_FOUND, which indicates there is no enhanced key
1960 * usage set for this cert (which implies it's valid for all uses.)
1962 ok(GetLastError() == CRYPT_E_NOT_FOUND,
1963 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1964 ok(size == sizeof(CERT_ENHKEY_USAGE), "Wrong size %d\n", size);
1965 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
1966 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
1967 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
1968 pUsage->cUsageIdentifier);
1972 /* Windows NT, 95, or 98: it fails, and the last error is
1973 * CRYPT_E_NOT_FOUND.
1975 ok(GetLastError() == CRYPT_E_NOT_FOUND,
1976 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
1978 /* I can add a usage identifier when no key usage has been set */
1979 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
1980 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
1983 ret = CertGetEnhancedKeyUsage(context,
1984 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
1985 ok(ret && GetLastError() == 0,
1986 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
1987 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %d\n",
1988 pUsage->cUsageIdentifier);
1989 if (pUsage->cUsageIdentifier)
1990 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
1991 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
1992 /* Now set an empty key usage */
1993 pUsage->cUsageIdentifier = 0;
1994 ret = CertSetEnhancedKeyUsage(context, pUsage);
1995 ok(ret, "CertSetEnhancedKeyUsage failed: %08x\n", GetLastError());
1996 /* Shouldn't find it in the cert */
1998 ret = CertGetEnhancedKeyUsage(context,
1999 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2000 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2001 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2002 /* Should find it as an extended property */
2003 ret = CertGetEnhancedKeyUsage(context,
2004 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2005 ok(ret && GetLastError() == 0,
2006 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2007 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2008 pUsage->cUsageIdentifier);
2009 /* Should find it as either */
2010 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2011 ok(ret && GetLastError() == 0,
2012 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2013 ok(pUsage->cUsageIdentifier == 0, "Expected 0 usages, got %d\n",
2014 pUsage->cUsageIdentifier);
2015 /* Add a usage identifier */
2016 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2017 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2020 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2021 ok(ret && GetLastError() == 0,
2022 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2023 ok(pUsage->cUsageIdentifier == 1, "Expected 1 identifier, got %d\n",
2024 pUsage->cUsageIdentifier);
2025 if (pUsage->cUsageIdentifier)
2026 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2027 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2028 /* Yep, I can re-add the same usage identifier */
2029 ret = CertAddEnhancedKeyUsageIdentifier(context, oid);
2030 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2033 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2034 ok(ret && GetLastError() == 0,
2035 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2036 ok(pUsage->cUsageIdentifier == 2, "Expected 2 identifiers, got %d\n",
2037 pUsage->cUsageIdentifier);
2038 if (pUsage->cUsageIdentifier)
2039 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], oid),
2040 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[0]);
2041 if (pUsage->cUsageIdentifier >= 2)
2042 ok(!strcmp(pUsage->rgpszUsageIdentifier[1], oid),
2043 "Expected %s, got %s\n", oid, pUsage->rgpszUsageIdentifier[1]);
2044 /* Now set a NULL extended property--this deletes the property. */
2045 ret = CertSetEnhancedKeyUsage(context, NULL);
2046 ok(ret, "CertSetEnhancedKeyUsage failed: %08x\n", GetLastError());
2047 SetLastError(0xbaadcafe);
2049 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2050 ok(GetLastError() == CRYPT_E_NOT_FOUND,
2051 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2053 CertFreeCertificateContext(context);
2055 /* Now test with a cert with an enhanced key usage extension */
2056 context = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2057 sizeof(certWithUsage));
2058 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
2063 DWORD bufSize = 0, i;
2065 /* The size may depend on what flags are used to query it, so I
2066 * realloc the buffer for each test.
2068 ret = CertGetEnhancedKeyUsage(context,
2069 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2070 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2071 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2074 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2076 /* Should find it in the cert */
2078 ret = CertGetEnhancedKeyUsage(context,
2079 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2080 ok(ret && GetLastError() == 0,
2081 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2082 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2083 pUsage->cUsageIdentifier);
2084 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2085 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2086 "Expected %s, got %s\n", keyUsages[i],
2087 pUsage->rgpszUsageIdentifier[i]);
2088 HeapFree(GetProcessHeap(), 0, buf);
2090 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2091 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2092 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2095 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2097 /* Should find it as either */
2099 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2100 /* In Windows, GetLastError returns CRYPT_E_NOT_FOUND not found
2101 * here, even though the return is successful and the usage id
2102 * count is positive. I don't enforce that here.
2105 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2106 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2107 pUsage->cUsageIdentifier);
2108 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2109 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2110 "Expected %s, got %s\n", keyUsages[i],
2111 pUsage->rgpszUsageIdentifier[i]);
2112 HeapFree(GetProcessHeap(), 0, buf);
2114 /* Shouldn't find it as an extended property */
2115 ret = CertGetEnhancedKeyUsage(context,
2116 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size);
2117 ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND,
2118 "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError());
2119 /* Adding a usage identifier overrides the cert's usage!? */
2120 ret = CertAddEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2121 ok(ret, "CertAddEnhancedKeyUsageIdentifier failed: %08x\n",
2123 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2124 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2125 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2128 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2130 /* Should find it as either */
2132 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2134 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2135 ok(pUsage->cUsageIdentifier == 1, "Expected 1 usage, got %d\n",
2136 pUsage->cUsageIdentifier);
2137 ok(!strcmp(pUsage->rgpszUsageIdentifier[0], szOID_RSA_RSA),
2138 "Expected %s, got %s\n", szOID_RSA_RSA,
2139 pUsage->rgpszUsageIdentifier[0]);
2140 HeapFree(GetProcessHeap(), 0, buf);
2142 /* But querying the cert directly returns its usage */
2143 ret = CertGetEnhancedKeyUsage(context,
2144 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &bufSize);
2145 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2146 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2149 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2152 ret = CertGetEnhancedKeyUsage(context,
2153 CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2155 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2156 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2157 pUsage->cUsageIdentifier);
2158 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2159 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2160 "Expected %s, got %s\n", keyUsages[i],
2161 pUsage->rgpszUsageIdentifier[i]);
2162 HeapFree(GetProcessHeap(), 0, buf);
2164 /* And removing the only usage identifier in the extended property
2165 * results in the cert's key usage being found.
2167 ret = CertRemoveEnhancedKeyUsageIdentifier(context, szOID_RSA_RSA);
2168 ok(ret, "CertRemoveEnhancedKeyUsage failed: %08x\n", GetLastError());
2169 ret = CertGetEnhancedKeyUsage(context, 0, NULL, &bufSize);
2170 ok(ret, "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2171 buf = HeapAlloc(GetProcessHeap(), 0, bufSize);
2174 PCERT_ENHKEY_USAGE pUsage = (PCERT_ENHKEY_USAGE)buf;
2176 /* Should find it as either */
2178 ret = CertGetEnhancedKeyUsage(context, 0, pUsage, &size);
2180 "CertGetEnhancedKeyUsage failed: %08x\n", GetLastError());
2181 ok(pUsage->cUsageIdentifier == 3, "Expected 3 usages, got %d\n",
2182 pUsage->cUsageIdentifier);
2183 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2184 ok(!strcmp(pUsage->rgpszUsageIdentifier[i], keyUsages[i]),
2185 "Expected %s, got %s\n", keyUsages[i],
2186 pUsage->rgpszUsageIdentifier[i]);
2187 HeapFree(GetProcessHeap(), 0, buf);
2190 CertFreeCertificateContext(context);
2194 static const BYTE cert2WithUsage[] = {
2195 0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
2196 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
2197 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
2198 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
2199 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
2200 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
2201 0x67,0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x25,0x30,0x23,
2202 0x30,0x21,0x06,0x03,0x55,0x1d,0x25,0x01,0x01,0xff,0x04,0x17,0x30,0x15,0x06,
2203 0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x2a,0x86,0x48,0x86,
2204 0xf7,0x0d,0x01,0x01,0x01 };
2206 static void testGetValidUsages(void)
2208 static const LPCSTR expectedOIDs[] = {
2209 "1.3.6.1.5.5.7.3.3",
2210 "1.3.6.1.5.5.7.3.2",
2211 "1.2.840.113549.1.1.1",
2213 static const LPCSTR expectedOIDs2[] = {
2214 "1.3.6.1.5.5.7.3.2",
2215 "1.2.840.113549.1.1.1",
2221 PCCERT_CONTEXT contexts[3];
2224 ret = CertGetValidUsages(0, NULL, NULL, NULL, NULL);
2225 ret = CertGetValidUsages(0, NULL, NULL, NULL, &size);
2228 numOIDs = size = 0xdeadbeef;
2229 SetLastError(0xdeadbeef);
2230 ret = CertGetValidUsages(1, &contexts[0], &numOIDs, NULL, &size);
2231 ok(ret, "CertGetValidUsages failed: %d\n", GetLastError());
2232 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2233 ok(size == 0, "Expected size 0, got %d\n", size);
2234 contexts[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2236 contexts[1] = CertCreateCertificateContext(X509_ASN_ENCODING, certWithUsage,
2237 sizeof(certWithUsage));
2238 contexts[2] = CertCreateCertificateContext(X509_ASN_ENCODING,
2239 cert2WithUsage, sizeof(cert2WithUsage));
2240 numOIDs = size = 0xdeadbeef;
2241 ret = CertGetValidUsages(0, NULL, &numOIDs, NULL, &size);
2242 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2243 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2244 ok(size == 0, "Expected size 0, got %d\n", size);
2245 numOIDs = size = 0xdeadbeef;
2246 ret = CertGetValidUsages(1, contexts, &numOIDs, NULL, &size);
2247 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2248 ok(numOIDs == -1, "Expected -1, got %d\n", numOIDs);
2249 ok(size == 0, "Expected size 0, got %d\n", size);
2250 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, NULL, &size);
2251 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2252 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2253 ok(size, "Expected non-zero size\n");
2254 oids = HeapAlloc(GetProcessHeap(), 0, size);
2258 DWORD smallSize = 1;
2260 SetLastError(0xdeadbeef);
2261 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, oids, &smallSize);
2262 ok(!ret && GetLastError() == ERROR_MORE_DATA,
2263 "Expected ERROR_MORE_DATA, got %d\n", GetLastError());
2264 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2265 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2266 for (i = 0; i < numOIDs; i++)
2267 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2269 HeapFree(GetProcessHeap(), 0, oids);
2271 numOIDs = size = 0xdeadbeef;
2272 /* Oddly enough, this crashes when the number of contexts is not 1:
2273 ret = CertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2274 * but setting size to 0 allows it to succeed:
2277 ret = CertGetValidUsages(2, contexts, &numOIDs, NULL, &size);
2278 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2279 ok(numOIDs == 3, "Expected 3, got %d\n", numOIDs);
2280 ok(size, "Expected non-zero size\n");
2281 oids = HeapAlloc(GetProcessHeap(), 0, size);
2286 ret = CertGetValidUsages(1, &contexts[1], &numOIDs, oids, &size);
2287 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2288 for (i = 0; i < numOIDs; i++)
2289 ok(!lstrcmpA(oids[i], expectedOIDs[i]), "unexpected OID %s\n",
2291 HeapFree(GetProcessHeap(), 0, oids);
2293 numOIDs = 0xdeadbeef;
2295 ret = CertGetValidUsages(1, &contexts[2], &numOIDs, NULL, &size);
2296 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2297 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2298 ok(size, "Expected non-zero size\n");
2299 oids = HeapAlloc(GetProcessHeap(), 0, size);
2304 ret = CertGetValidUsages(1, &contexts[2], &numOIDs, oids, &size);
2305 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2306 for (i = 0; i < numOIDs; i++)
2307 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2309 HeapFree(GetProcessHeap(), 0, oids);
2311 numOIDs = 0xdeadbeef;
2313 ret = CertGetValidUsages(3, contexts, &numOIDs, NULL, &size);
2314 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2315 ok(numOIDs == 2, "Expected 2, got %d\n", numOIDs);
2316 ok(size, "Expected non-zero size\n");
2317 oids = HeapAlloc(GetProcessHeap(), 0, size);
2322 ret = CertGetValidUsages(3, contexts, &numOIDs, oids, &size);
2323 ok(ret, "CertGetValidUsages failed: %08x\n", GetLastError());
2324 for (i = 0; i < numOIDs; i++)
2325 ok(!lstrcmpA(oids[i], expectedOIDs2[i]), "unexpected OID %s\n",
2327 HeapFree(GetProcessHeap(), 0, oids);
2329 CertFreeCertificateContext(contexts[0]);
2330 CertFreeCertificateContext(contexts[1]);
2331 CertFreeCertificateContext(contexts[2]);
2334 static void testCompareCertName(void)
2336 static BYTE bogus[] = { 1, 2, 3, 4 };
2337 static BYTE bogusPrime[] = { 0, 1, 2, 3, 4 };
2338 static BYTE emptyPrime[] = { 0x30, 0x00, 0x01 };
2340 CERT_NAME_BLOB blob1, blob2;
2343 ret = CertCompareCertificateName(0, NULL, NULL);
2345 /* An empty name checks against itself.. */
2346 blob1.pbData = emptyCert;
2347 blob1.cbData = sizeof(emptyCert);
2348 ret = CertCompareCertificateName(0, &blob1, &blob1);
2349 ok(ret, "CertCompareCertificateName failed: %08x\n", GetLastError());
2350 /* It doesn't have to be a valid encoded name.. */
2351 blob1.pbData = bogus;
2352 blob1.cbData = sizeof(bogus);
2353 ret = CertCompareCertificateName(0, &blob1, &blob1);
2354 ok(ret, "CertCompareCertificateName failed: %08x\n", GetLastError());
2355 /* Leading zeroes matter.. */
2356 blob2.pbData = bogusPrime;
2357 blob2.cbData = sizeof(bogusPrime);
2358 ret = CertCompareCertificateName(0, &blob1, &blob2);
2359 ok(!ret, "Expected failure\n");
2360 /* As do trailing extra bytes. */
2361 blob2.pbData = emptyPrime;
2362 blob2.cbData = sizeof(emptyPrime);
2363 ret = CertCompareCertificateName(0, &blob1, &blob2);
2364 ok(!ret, "Expected failure\n");
2367 static BYTE int1[] = { 0x88, 0xff, 0xff, 0xff };
2368 static BYTE int2[] = { 0x88, 0xff };
2369 static BYTE int3[] = { 0x23, 0xff };
2370 static BYTE int4[] = { 0x7f, 0x00 };
2371 static BYTE int5[] = { 0x7f };
2372 static BYTE int6[] = { 0x80, 0x00, 0x00, 0x00 };
2373 static BYTE int7[] = { 0x80, 0x00 };
2375 static struct IntBlobTest
2377 CRYPT_INTEGER_BLOB blob1;
2378 CRYPT_INTEGER_BLOB blob2;
2381 { { sizeof(int1), int1 }, { sizeof(int2), int2 }, TRUE },
2382 { { sizeof(int3), int3 }, { sizeof(int3), int3 }, TRUE },
2383 { { sizeof(int4), int4 }, { sizeof(int5), int5 }, TRUE },
2384 { { sizeof(int6), int6 }, { sizeof(int7), int7 }, TRUE },
2385 { { sizeof(int1), int1 }, { sizeof(int7), int7 }, FALSE },
2388 static void testCompareIntegerBlob(void)
2393 for (i = 0; i < sizeof(intBlobs) / sizeof(intBlobs[0]); i++)
2395 ret = CertCompareIntegerBlob(&intBlobs[i].blob1, &intBlobs[i].blob2);
2396 ok(ret == intBlobs[i].areEqual,
2397 "%d: expected blobs %s compare\n", i, intBlobs[i].areEqual ?
2402 static void testComparePublicKeyInfo(void)
2405 CERT_PUBLIC_KEY_INFO info1 = { { 0 } }, info2 = { { 0 } };
2406 static CHAR oid_rsa_rsa[] = szOID_RSA_RSA;
2407 static CHAR oid_rsa_sha1rsa[] = szOID_RSA_SHA1RSA;
2408 static CHAR oid_x957_dsa[] = szOID_X957_DSA;
2409 static BYTE bits1[] = { 1, 0 };
2410 static BYTE bits2[] = { 0 };
2411 static BYTE bits3[] = { 1 };
2414 ret = CertComparePublicKeyInfo(0, NULL, NULL);
2416 /* Empty public keys compare */
2417 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2418 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2419 /* Different OIDs appear to compare */
2420 info1.Algorithm.pszObjId = oid_rsa_rsa;
2421 info2.Algorithm.pszObjId = oid_rsa_sha1rsa;
2422 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2423 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2424 info2.Algorithm.pszObjId = oid_x957_dsa;
2425 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2426 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2427 info1.PublicKey.cbData = sizeof(bits1);
2428 info1.PublicKey.pbData = bits1;
2429 info1.PublicKey.cUnusedBits = 0;
2430 info2.PublicKey.cbData = sizeof(bits1);
2431 info2.PublicKey.pbData = bits1;
2432 info2.PublicKey.cUnusedBits = 0;
2433 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2434 ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
2435 /* Even though they compare in their used bits, these do not compare */
2436 info1.PublicKey.cbData = sizeof(bits2);
2437 info1.PublicKey.pbData = bits2;
2438 info1.PublicKey.cUnusedBits = 0;
2439 info2.PublicKey.cbData = sizeof(bits3);
2440 info2.PublicKey.pbData = bits3;
2441 info2.PublicKey.cUnusedBits = 1;
2442 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2443 /* Simple (non-comparing) case */
2444 ok(!ret, "Expected keys not to compare\n");
2445 info2.PublicKey.cbData = sizeof(bits1);
2446 info2.PublicKey.pbData = bits1;
2447 info2.PublicKey.cUnusedBits = 0;
2448 ret = CertComparePublicKeyInfo(0, &info1, &info2);
2449 ok(!ret, "Expected keys not to compare\n");
2452 static void testHashPublicKeyInfo(void)
2455 CERT_PUBLIC_KEY_INFO info = { { 0 } };
2459 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, NULL);
2460 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, &info, NULL, NULL);
2462 ret = CryptHashPublicKeyInfo(0, 0, 0, 0, NULL, NULL, &len);
2463 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2464 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2465 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, NULL, NULL, &len);
2466 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2467 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
2468 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, NULL, &len);
2469 ok(ret, "CryptHashPublicKeyInfo failed: %08x\n", GetLastError());
2470 ok(len == 16, "Expected hash size 16, got %d\n", len);
2473 static const BYTE emptyHash[] = { 0xb8,0x51,0x3a,0x31,0x0e,0x9f,0x40,
2474 0x36,0x9c,0x92,0x45,0x1b,0x9d,0xc8,0xf9,0xf6 };
2477 ret = CryptHashPublicKeyInfo(0, 0, 0, X509_ASN_ENCODING, &info, buf,
2479 ok(ret, "CryptHashPublicKeyInfo failed: %08x\n", GetLastError());
2480 ok(!memcmp(buf, emptyHash, len), "Unexpected hash\n");
2484 static void testCompareCert(void)
2486 CERT_INFO info1 = { 0 }, info2 = { 0 };
2490 ret = CertCompareCertificate(X509_ASN_ENCODING, NULL, NULL);
2493 /* Certs with the same issuer and serial number are equal, even if they
2494 * differ in other respects (like subject).
2496 info1.SerialNumber.pbData = serialNum;
2497 info1.SerialNumber.cbData = sizeof(serialNum);
2498 info1.Issuer.pbData = subjectName;
2499 info1.Issuer.cbData = sizeof(subjectName);
2500 info1.Subject.pbData = subjectName2;
2501 info1.Subject.cbData = sizeof(subjectName2);
2502 info2.SerialNumber.pbData = serialNum;
2503 info2.SerialNumber.cbData = sizeof(serialNum);
2504 info2.Issuer.pbData = subjectName;
2505 info2.Issuer.cbData = sizeof(subjectName);
2506 info2.Subject.pbData = subjectName;
2507 info2.Subject.cbData = sizeof(subjectName);
2508 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
2509 ok(ret, "Expected certs to be equal\n");
2511 info2.Issuer.pbData = subjectName2;
2512 info2.Issuer.cbData = sizeof(subjectName2);
2513 ret = CertCompareCertificate(X509_ASN_ENCODING, &info1, &info2);
2514 ok(!ret, "Expected certs not to be equal\n");
2517 static void testVerifySubjectCert(void)
2521 PCCERT_CONTEXT context1, context2;
2524 ret = CertVerifySubjectCertificateContext(NULL, NULL, NULL);
2527 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
2528 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2530 flags = CERT_STORE_NO_CRL_FLAG;
2531 ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
2532 ok(!ret && GetLastError() == E_INVALIDARG,
2533 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2536 context1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
2538 ret = CertVerifySubjectCertificateContext(NULL, context1, &flags);
2539 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2541 ret = CertVerifySubjectCertificateContext(context1, NULL, &flags);
2542 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2544 ret = CertVerifySubjectCertificateContext(context1, context1, &flags);
2545 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2548 context2 = CertCreateCertificateContext(X509_ASN_ENCODING,
2549 bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject));
2550 SetLastError(0xdeadbeef);
2551 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
2552 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2554 flags = CERT_STORE_REVOCATION_FLAG;
2555 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
2556 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2558 ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
2559 "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08x\n",
2561 flags = CERT_STORE_SIGNATURE_FLAG;
2562 ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
2563 ok(ret, "CertVerifySubjectCertificateContext failed; %08x\n",
2565 ok(flags == CERT_STORE_SIGNATURE_FLAG,
2566 "Expected CERT_STORE_SIGNATURE_FLAG, got %08x\n", flags);
2567 CertFreeCertificateContext(context2);
2569 CertFreeCertificateContext(context1);
2572 static void testVerifyRevocation(void)
2575 CERT_REVOCATION_STATUS status = { 0 };
2576 PCCERT_CONTEXT cert = CertCreateCertificateContext(X509_ASN_ENCODING,
2577 bigCert, sizeof(bigCert));
2580 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL);
2582 SetLastError(0xdeadbeef);
2583 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
2584 ok(!ret && GetLastError() == E_INVALIDARG,
2585 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2586 status.cbSize = sizeof(status);
2587 ret = CertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
2588 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
2589 ret = CertVerifyRevocation(0, 2, 0, NULL, 0, NULL, &status);
2590 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
2591 ret = CertVerifyRevocation(2, 0, 0, NULL, 0, NULL, &status);
2592 ok(ret, "CertVerifyRevocation failed: %08x\n", GetLastError());
2593 SetLastError(0xdeadbeef);
2594 ret = CertVerifyRevocation(0, 0, 1, (void **)&cert, 0, NULL, &status);
2595 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
2596 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError());
2597 SetLastError(0xdeadbeef);
2598 ret = CertVerifyRevocation(0, 2, 1, (void **)&cert, 0, NULL, &status);
2599 ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_DLL,
2600 "Expected CRYPT_E_NO_REVOCATION_DLL, got %08x\n", GetLastError());
2602 CertFreeCertificateContext(cert);
2605 static BYTE privKey[] = {
2606 0x07, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00,
2607 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x79, 0x10, 0x1c, 0xd0, 0x6b, 0x10,
2608 0x18, 0x30, 0x94, 0x61, 0xdc, 0x0e, 0xcb, 0x96, 0x4e, 0x21, 0x3f, 0x79, 0xcd,
2609 0xa9, 0x17, 0x62, 0xbc, 0xbb, 0x61, 0x4c, 0xe0, 0x75, 0x38, 0x6c, 0xf3, 0xde,
2610 0x60, 0x86, 0x03, 0x97, 0x65, 0xeb, 0x1e, 0x6b, 0xdb, 0x53, 0x85, 0xad, 0x68,
2611 0x21, 0xf1, 0x5d, 0xe7, 0x1f, 0xe6, 0x53, 0xb4, 0xbb, 0x59, 0x3e, 0x14, 0x27,
2612 0xb1, 0x83, 0xa7, 0x3a, 0x54, 0xe2, 0x8f, 0x65, 0x8e, 0x6a, 0x4a, 0xcf, 0x3b,
2613 0x1f, 0x65, 0xff, 0xfe, 0xf1, 0x31, 0x3a, 0x37, 0x7a, 0x8b, 0xcb, 0xc6, 0xd4,
2614 0x98, 0x50, 0x36, 0x67, 0xe4, 0xa1, 0xe8, 0x7e, 0x8a, 0xc5, 0x23, 0xf2, 0x77,
2615 0xf5, 0x37, 0x61, 0x49, 0x72, 0x59, 0xe8, 0x3d, 0xf7, 0x60, 0xb2, 0x77, 0xca,
2616 0x78, 0x54, 0x6d, 0x65, 0x9e, 0x03, 0x97, 0x1b, 0x61, 0xbd, 0x0c, 0xd8, 0x06,
2617 0x63, 0xe2, 0xc5, 0x48, 0xef, 0xb3, 0xe2, 0x6e, 0x98, 0x7d, 0xbd, 0x4e, 0x72,
2618 0x91, 0xdb, 0x31, 0x57, 0xe3, 0x65, 0x3a, 0x49, 0xca, 0xec, 0xd2, 0x02, 0x4e,
2619 0x22, 0x7e, 0x72, 0x8e, 0xf9, 0x79, 0x84, 0x82, 0xdf, 0x7b, 0x92, 0x2d, 0xaf,
2620 0xc9, 0xe4, 0x33, 0xef, 0x89, 0x5c, 0x66, 0x99, 0xd8, 0x80, 0x81, 0x47, 0x2b,
2621 0xb1, 0x66, 0x02, 0x84, 0x59, 0x7b, 0xc3, 0xbe, 0x98, 0x45, 0x4a, 0x3d, 0xdd,
2622 0xea, 0x2b, 0xdf, 0x4e, 0xb4, 0x24, 0x6b, 0xec, 0xe7, 0xd9, 0x0c, 0x45, 0xb8,
2623 0xbe, 0xca, 0x69, 0x37, 0x92, 0x4c, 0x38, 0x6b, 0x96, 0x6d, 0xcd, 0x86, 0x67,
2624 0x5c, 0xea, 0x54, 0x94, 0xa4, 0xca, 0xa4, 0x02, 0xa5, 0x21, 0x4d, 0xae, 0x40,
2625 0x8f, 0x9d, 0x51, 0x83, 0xf2, 0x3f, 0x33, 0xc1, 0x72, 0xb4, 0x1d, 0x94, 0x6e,
2626 0x7d, 0xe4, 0x27, 0x3f, 0xea, 0xff, 0xe5, 0x9b, 0xa7, 0x5e, 0x55, 0x8e, 0x0d,
2627 0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
2628 0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
2629 0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
2631 static const BYTE selfSignedCert[] = {
2632 0x30, 0x82, 0x01, 0x1f, 0x30, 0x81, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
2633 0x10, 0xeb, 0x0d, 0x57, 0x2a, 0x9c, 0x09, 0xba, 0xa4, 0x4a, 0xb7, 0x25, 0x49,
2634 0xd9, 0x3e, 0xb5, 0x73, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d,
2635 0x05, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
2636 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30,
2637 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x32, 0x39, 0x30, 0x35, 0x30, 0x30,
2638 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x32, 0x39, 0x31, 0x31,
2639 0x30, 0x30, 0x34, 0x36, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
2640 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e,
2641 0x67, 0x00, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
2642 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
2643 0x00, 0xe2, 0x54, 0x3a, 0xa7, 0x83, 0xb1, 0x27, 0x14, 0x3e, 0x59, 0xbb, 0xb4,
2644 0x53, 0xe6, 0x1f, 0xe7, 0x5d, 0xf1, 0x21, 0x68, 0xad, 0x85, 0x53, 0xdb, 0x6b,
2645 0x1e, 0xeb, 0x65, 0x97, 0x03, 0x86, 0x60, 0xde, 0xf3, 0x6c, 0x38, 0x75, 0xe0,
2646 0x4c, 0x61, 0xbb, 0xbc, 0x62, 0x17, 0xa9, 0xcd, 0x79, 0x3f, 0x21, 0x4e, 0x96,
2647 0xcb, 0x0e, 0xdc, 0x61, 0x94, 0x30, 0x18, 0x10, 0x6b, 0xd0, 0x1c, 0x10, 0x79,
2648 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
2649 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x25, 0x90, 0x53, 0x34, 0xd9, 0x56, 0x41,
2650 0x5e, 0xdb, 0x7e, 0x01, 0x36, 0xec, 0x27, 0x61, 0x5e, 0xb7, 0x4d, 0x90, 0x66,
2651 0xa2, 0xe1, 0x9d, 0x58, 0x76, 0xd4, 0x9c, 0xba, 0x2c, 0x84, 0xc6, 0x83, 0x7a,
2652 0x22, 0x0d, 0x03, 0x69, 0x32, 0x1a, 0x6d, 0xcb, 0x0c, 0x15, 0xb3, 0x6b, 0xc7,
2653 0x0a, 0x8c, 0xb4, 0x5c, 0x34, 0x78, 0xe0, 0x3c, 0x9c, 0xe9, 0xf3, 0x30, 0x9f,
2654 0xa8, 0x76, 0x57, 0x92, 0x36 };
2656 static const BYTE exportedPublicKeyBlob[] = {
2657 0x06,0x02,0x00,0x00,0x00,0xa4,0x00,0x00,0x52,0x53,0x41,0x31,0x00,0x02,0x00,0x00,
2658 0x01,0x00,0x01,0x00,0x79,0x10,0x1c,0xd0,0x6b,0x10,0x18,0x30,0x94,0x61,0xdc,0x0e,
2659 0xcb,0x96,0x4e,0x21,0x3f,0x79,0xcd,0xa9,0x17,0x62,0xbc,0xbb,0x61,0x4c,0xe0,0x75,
2660 0x38,0x6c,0xf3,0xde,0x60,0x86,0x03,0x97,0x65,0xeb,0x1e,0x6b,0xdb,0x53,0x85,0xad,
2661 0x68,0x21,0xf1,0x5d,0xe7,0x1f,0xe6,0x53,0xb4,0xbb,0x59,0x3e,0x14,0x27,0xb1,0x83,
2662 0xa7,0x3a,0x54,0xe2 };
2664 static const BYTE asnEncodedPublicKey[] = {
2665 0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,0x83,0xb1,0x27,0x14,0x3e,0x59,0xbb,
2666 0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,0x68,0xad,0x85,0x53,0xdb,0x6b,0x1e,0xeb,
2667 0x65,0x97,0x03,0x86,0x60,0xde,0xf3,0x6c,0x38,0x75,0xe0,0x4c,0x61,0xbb,0xbc,0x62,
2668 0x17,0xa9,0xcd,0x79,0x3f,0x21,0x4e,0x96,0xcb,0x0e,0xdc,0x61,0x94,0x30,0x18,0x10,
2669 0x6b,0xd0,0x1c,0x10,0x79,0x02,0x03,0x01,0x00,0x01 };
2671 static void testAcquireCertPrivateKey(void)
2674 PCCERT_CONTEXT cert;
2676 DWORD size, keySpec;
2678 CRYPT_KEY_PROV_INFO keyProvInfo;
2680 WCHAR ms_def_prov_w[MAX_PATH];
2682 lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
2684 keyProvInfo.pwszContainerName = cspNameW;
2685 keyProvInfo.pwszProvName = ms_def_prov_w;
2686 keyProvInfo.dwProvType = PROV_RSA_FULL;
2687 keyProvInfo.dwFlags = 0;
2688 keyProvInfo.cProvParam = 0;
2689 keyProvInfo.rgProvParam = NULL;
2690 keyProvInfo.dwKeySpec = AT_SIGNATURE;
2692 pCryptAcquireContextW(NULL, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
2693 CRYPT_DELETEKEYSET);
2695 cert = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
2696 sizeof(selfSignedCert));
2699 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL, NULL);
2700 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, NULL,
2702 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, NULL, &keySpec,
2704 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, NULL, NULL);
2705 ret = CryptAcquireCertificatePrivateKey(NULL, 0, NULL, &csp, &keySpec,
2707 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, NULL, NULL, NULL);
2710 /* Missing private key */
2711 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, NULL, NULL);
2712 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
2713 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
2714 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
2716 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
2717 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
2718 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
2720 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &csp, &keySpec,
2722 ok(!ret && GetLastError() == CRYPT_E_NO_KEY_PROPERTY,
2723 "Expected CRYPT_E_NO_KEY_PROPERTY, got %08x\n", GetLastError());
2725 pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
2727 ret = CryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
2728 ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
2733 CERT_KEY_CONTEXT keyContext;
2735 /* Don't cache provider */
2736 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
2737 &keySpec, &callerFree);
2738 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08x\n",
2740 ok(callerFree, "Expected callerFree to be TRUE\n");
2741 CryptReleaseContext(certCSP, 0);
2742 ret = CryptAcquireCertificatePrivateKey(cert, 0, NULL, &certCSP,
2744 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08x\n",
2746 CryptReleaseContext(certCSP, 0);
2748 /* Use the key prov info's caching (there shouldn't be any) */
2749 ret = CryptAcquireCertificatePrivateKey(cert,
2750 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
2752 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08x\n",
2754 ok(callerFree, "Expected callerFree to be TRUE\n");
2755 CryptReleaseContext(certCSP, 0);
2757 /* Cache it (and check that it's cached) */
2758 ret = CryptAcquireCertificatePrivateKey(cert,
2759 CRYPT_ACQUIRE_CACHE_FLAG, NULL, &certCSP, &keySpec, &callerFree);
2760 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08x\n",
2762 ok(!callerFree, "Expected callerFree to be FALSE\n");
2763 size = sizeof(keyContext);
2764 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
2765 &keyContext, &size);
2766 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
2769 /* Remove the cached provider */
2770 CryptReleaseContext(keyContext.hCryptProv, 0);
2771 CertSetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID, 0,
2773 /* Allow caching via the key prov info */
2774 keyProvInfo.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
2775 CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0,
2777 /* Now use the key prov info's caching */
2778 ret = CryptAcquireCertificatePrivateKey(cert,
2779 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, &certCSP, &keySpec,
2781 ok(ret, "CryptAcquireCertificatePrivateKey failed: %08x\n",
2783 ok(!callerFree, "Expected callerFree to be FALSE\n");
2784 size = sizeof(keyContext);
2785 ret = CertGetCertificateContextProperty(cert, CERT_KEY_CONTEXT_PROP_ID,
2786 &keyContext, &size);
2787 ok(ret, "CertGetCertificateContextProperty failed: %08x\n",
2789 CryptReleaseContext(certCSP, 0);
2791 CryptDestroyKey(key);
2794 /* Some sanity-checking on public key exporting */
2795 ret = CryptImportPublicKeyInfo(csp, X509_ASN_ENCODING,
2796 &cert->pCertInfo->SubjectPublicKeyInfo, &key);
2797 ok(ret, "CryptImportPublicKeyInfo failed: %08x\n", GetLastError());
2800 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, NULL, &size);
2801 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
2804 LPBYTE buf = HeapAlloc(GetProcessHeap(), 0, size), encodedKey;
2806 ret = CryptExportKey(key, 0, PUBLICKEYBLOB, 0, buf, &size);
2807 ok(ret, "CryptExportKey failed: %08x\n", GetLastError());
2808 ok(size == sizeof(exportedPublicKeyBlob), "Unexpected size %d\n",
2810 ok(!memcmp(buf, exportedPublicKeyBlob, size), "Unexpected value\n");
2811 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB,
2812 buf, CRYPT_ENCODE_ALLOC_FLAG, NULL, &encodedKey, &size);
2813 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2816 ok(size == sizeof(asnEncodedPublicKey), "Unexpected size %d\n",
2818 ok(!memcmp(encodedKey, asnEncodedPublicKey, size),
2819 "Unexpected value\n");
2820 LocalFree(encodedKey);
2822 HeapFree(GetProcessHeap(), 0, buf);
2824 CryptDestroyKey(key);
2826 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
2827 NULL, 0, NULL, NULL, &size);
2828 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
2831 PCERT_PUBLIC_KEY_INFO info = HeapAlloc(GetProcessHeap(), 0, size);
2833 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
2834 NULL, 0, NULL, info, &size);
2835 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
2838 ok(info->PublicKey.cbData == sizeof(asnEncodedPublicKey),
2839 "Unexpected size %d\n", info->PublicKey.cbData);
2840 ok(!memcmp(info->PublicKey.pbData, asnEncodedPublicKey,
2841 info->PublicKey.cbData), "Unexpected value\n");
2843 HeapFree(GetProcessHeap(), 0, info);
2846 CryptReleaseContext(csp, 0);
2847 pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
2848 CRYPT_DELETEKEYSET);
2850 CertFreeCertificateContext(cert);
2853 static void testGetPublicKeyLength(void)
2855 static char oid_rsa_rsa[] = szOID_RSA_RSA;
2856 static char oid_rsa_dh[] = szOID_RSA_DH;
2857 static char bogusOID[] = "1.2.3";
2859 CERT_PUBLIC_KEY_INFO info = { { 0 } };
2860 BYTE bogusKey[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
2861 BYTE key[] = { 0x30,0x0f,0x02,0x08,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
2862 0x02,0x03,0x01,0x00,0x01 };
2865 ret = CertGetPublicKeyLength(0, NULL);
2867 /* With an empty public key info */
2868 SetLastError(0xdeadbeef);
2869 ret = CertGetPublicKeyLength(0, &info);
2870 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
2871 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
2872 ret, GetLastError());
2873 SetLastError(0xdeadbeef);
2874 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
2875 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_EOD,
2876 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %d, %08x\n",
2877 ret, GetLastError());
2878 /* With a nearly-empty public key info */
2879 info.Algorithm.pszObjId = oid_rsa_rsa;
2880 SetLastError(0xdeadbeef);
2881 ret = CertGetPublicKeyLength(0, &info);
2882 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
2883 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
2884 ret, GetLastError());
2885 SetLastError(0xdeadbeef);
2886 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
2887 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_EOD,
2888 "Expected length 0 and CRYPT_E_ASN1_EOD, got length %d, %08x\n",
2889 ret, GetLastError());
2890 /* With a bogus key */
2891 info.PublicKey.cbData = sizeof(bogusKey);
2892 info.PublicKey.pbData = bogusKey;
2893 SetLastError(0xdeadbeef);
2894 ret = CertGetPublicKeyLength(0, &info);
2895 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
2896 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
2897 ret, GetLastError());
2898 SetLastError(0xdeadbeef);
2899 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
2900 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_BADTAG,
2901 "Expected length 0 and CRYPT_E_ASN1_BADTAGTAG, got length %d, %08x\n",
2902 ret, GetLastError());
2903 /* With a believable RSA key but a bogus OID */
2904 info.Algorithm.pszObjId = bogusOID;
2905 info.PublicKey.cbData = sizeof(key);
2906 info.PublicKey.pbData = key;
2907 SetLastError(0xdeadbeef);
2908 ret = CertGetPublicKeyLength(0, &info);
2909 ok(ret == 0 && GetLastError() == ERROR_FILE_NOT_FOUND,
2910 "Expected length 0 and ERROR_FILE_NOT_FOUND, got length %d, %08x\n",
2911 ret, GetLastError());
2912 SetLastError(0xdeadbeef);
2913 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
2914 ok(ret == 56, "Expected length 56, got %d\n", ret);
2915 /* An RSA key with the DH OID */
2916 info.Algorithm.pszObjId = oid_rsa_dh;
2917 SetLastError(0xdeadbeef);
2918 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
2919 ok(ret == 0 && GetLastError() == CRYPT_E_ASN1_BADTAG,
2920 "Expected length 0 and CRYPT_E_ASN1_BADTAG, got length %d, %08x\n",
2921 ret, GetLastError());
2922 /* With the RSA OID */
2923 info.Algorithm.pszObjId = oid_rsa_rsa;
2924 SetLastError(0xdeadbeef);
2925 ret = CertGetPublicKeyLength(X509_ASN_ENCODING, &info);
2926 ok(ret == 56, "Expected length 56, got %d\n", ret);
2931 init_function_pointers();
2934 testCertProperties();
2937 testGetSubjectCert();
2938 testGetIssuerCert();
2940 testCryptHashCert();
2942 testSignAndEncodeCert();
2943 testCreateSelfSignCert();
2945 testGetValidUsages();
2946 testCompareCertName();
2947 testCompareIntegerBlob();
2948 testComparePublicKeyInfo();
2949 testHashPublicKeyInfo();
2951 testVerifySubjectCert();
2952 testVerifyRevocation();
2953 testAcquireCertPrivateKey();
2954 testGetPublicKeyLength();
projects / wine / blob