Commit 192ed735 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Test that the end cert in a chain's store isn't implicitly searched for issuers.

parent 6aa03fc4
...@@ -1134,13 +1134,15 @@ typedef struct _CONST_BLOB_ARRAY ...@@ -1134,13 +1134,15 @@ typedef struct _CONST_BLOB_ARRAY
#define TODO_CHAIN 1 #define TODO_CHAIN 1
#define TODO_ERROR 2 #define TODO_ERROR 2
#define TODO_INFO 4 #define TODO_INFO 4
#define TODO_ELEMENTS 8
/* Gets a certificate chain built from a store containing all the certs in /* Gets a certificate chain built from a store containing all the certs in
* certArray, where the last certificate in the chain is expected to be the * certArray, where the last certificate in the chain is expected to be the
* end certificate (the one from which the chain is built.) * end certificate (the one from which the chain is built.)
*/ */
static PCCERT_CHAIN_CONTEXT getChain(const CONST_BLOB_ARRAY *certArray, static PCCERT_CHAIN_CONTEXT getChain(const CONST_BLOB_ARRAY *certArray,
DWORD flags, LPSYSTEMTIME checkTime, DWORD todo, DWORD testIndex) DWORD flags, BOOL includeStore, LPSYSTEMTIME checkTime, DWORD todo,
DWORD testIndex)
{ {
HCERTSTORE store; HCERTSTORE store;
PCCERT_CHAIN_CONTEXT chain = NULL; PCCERT_CHAIN_CONTEXT chain = NULL;
...@@ -1178,8 +1180,8 @@ static PCCERT_CHAIN_CONTEXT getChain(const CONST_BLOB_ARRAY *certArray, ...@@ -1178,8 +1180,8 @@ static PCCERT_CHAIN_CONTEXT getChain(const CONST_BLOB_ARRAY *certArray,
FILETIME fileTime; FILETIME fileTime;
SystemTimeToFileTime(checkTime, &fileTime); SystemTimeToFileTime(checkTime, &fileTime);
ret = CertGetCertificateChain(NULL, endCert, &fileTime, store, ret = CertGetCertificateChain(NULL, endCert, &fileTime,
&chainPara, flags, NULL, &chain); includeStore ? store : NULL, &chainPara, flags, NULL, &chain);
if (todo & TODO_CHAIN) if (todo & TODO_CHAIN)
todo_wine ok(ret, "Chain %d: CertGetCertificateChain failed: %08x\n", todo_wine ok(ret, "Chain %d: CertGetCertificateChain failed: %08x\n",
testIndex, GetLastError()); testIndex, GetLastError());
...@@ -1203,6 +1205,11 @@ static void checkSimpleChainStatus(const CERT_SIMPLE_CHAIN *simpleChain, ...@@ -1203,6 +1205,11 @@ static void checkSimpleChainStatus(const CERT_SIMPLE_CHAIN *simpleChain,
const SimpleChainStatusCheck *simpleChainStatus, const SimpleChainStatusCheck *simpleChainStatus,
const CERT_TRUST_STATUS *ignore, DWORD todo, DWORD testIndex, DWORD chainIndex) const CERT_TRUST_STATUS *ignore, DWORD todo, DWORD testIndex, DWORD chainIndex)
{ {
if (todo & TODO_ELEMENTS)
todo_wine ok(simpleChain->cElement == simpleChainStatus->cElement,
"Chain %d: expected %d elements, got %d\n", testIndex,
simpleChainStatus->cElement, simpleChain->cElement);
else
ok(simpleChain->cElement == simpleChainStatus->cElement, ok(simpleChain->cElement == simpleChainStatus->cElement,
"Chain %d: expected %d elements, got %d\n", testIndex, "Chain %d: expected %d elements, got %d\n", testIndex,
simpleChainStatus->cElement, simpleChain->cElement); simpleChainStatus->cElement, simpleChain->cElement);
...@@ -1558,6 +1565,27 @@ static ChainCheck chainCheck[] = { ...@@ -1558,6 +1565,27 @@ static ChainCheck chainCheck[] = {
TODO_INFO }, TODO_INFO },
}; };
static const CERT_TRUST_STATUS elementStatus8NoStore[] = {
{ CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
};
static const SimpleChainStatusCheck simpleStatus8NoStore[] = {
{ sizeof(elementStatus8NoStore) / sizeof(elementStatus8NoStore[0]),
elementStatus8NoStore },
};
static ChainCheck chainCheckNoStore[] = {
{ { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
1, selfSignedSimpleStatus },
TODO_ERROR | TODO_INFO },
{ { sizeof(chain8) / sizeof(chain8[0]), chain8 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_UNTRUSTED_ROOT |
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, simpleStatus8NoStore },
TODO_ELEMENTS | TODO_ERROR | TODO_INFO },
};
/* Wednesday, Oct 1, 2007 */ /* Wednesday, Oct 1, 2007 */
static SYSTEMTIME oct2007 = { 2007, 10, 1, 1, 0, 0, 0, 0 }; static SYSTEMTIME oct2007 = { 2007, 10, 1, 1, 0, 0, 0, 0 };
...@@ -1604,8 +1632,8 @@ static void testGetCertChain(void) ...@@ -1604,8 +1632,8 @@ static void testGetCertChain(void)
for (i = 0; i < sizeof(chainCheck) / sizeof(chainCheck[0]); i++) for (i = 0; i < sizeof(chainCheck) / sizeof(chainCheck[0]); i++)
{ {
chain = getChain(&chainCheck[i].certs, 0, &oct2007, chainCheck[i].todo, chain = getChain(&chainCheck[i].certs, 0, TRUE, &oct2007,
i); chainCheck[i].todo, i);
if (chain) if (chain)
{ {
checkChainStatus(chain, &chainCheck[i].status, chainCheck[i].todo, checkChainStatus(chain, &chainCheck[i].status, chainCheck[i].todo,
...@@ -1613,6 +1641,18 @@ static void testGetCertChain(void) ...@@ -1613,6 +1641,18 @@ static void testGetCertChain(void)
CertFreeCertificateChain(chain); CertFreeCertificateChain(chain);
} }
} }
for (i = 0; i < sizeof(chainCheckNoStore) / sizeof(chainCheckNoStore[0]);
i++)
{
chain = getChain(&chainCheckNoStore[i].certs, 0, FALSE, &oct2007,
chainCheckNoStore[i].todo, i);
if (chain)
{
checkChainStatus(chain, &chainCheckNoStore[i].status,
chainCheckNoStore[i].todo, i);
CertFreeCertificateChain(chain);
}
}
} }
START_TEST(chain) START_TEST(chain)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment