encode.c 356 KB
Newer Older
1
/*
2
 * Unit test suite for crypt32.dll's CryptEncodeObjectEx/CryptDecodeObjectEx
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
 *
 * Copyright 2005 Juan Lang
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
18
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 20 21 22 23 24 25 26 27 28
 */
#include <stdio.h>
#include <stdarg.h>
#include <windef.h>
#include <winbase.h>
#include <winerror.h>
#include <wincrypt.h>

#include "wine/test.h"

29 30 31 32

static BOOL (WINAPI *pCryptDecodeObjectEx)(DWORD,LPCSTR,const BYTE*,DWORD,DWORD,PCRYPT_DECODE_PARA,void*,DWORD*);
static BOOL (WINAPI *pCryptEncodeObjectEx)(DWORD,LPCSTR,const void*,DWORD,PCRYPT_ENCODE_PARA,void*,DWORD*);

33 34 35
struct encodedInt
{
    int val;
36
    const BYTE *encoded;
37 38
};

Juan Lang's avatar
Juan Lang committed
39 40 41 42 43 44 45
static const BYTE bin1[] = {0x02,0x01,0x01};
static const BYTE bin2[] = {0x02,0x01,0x7f};
static const BYTE bin3[] = {0x02,0x02,0x00,0x80};
static const BYTE bin4[] = {0x02,0x02,0x01,0x00};
static const BYTE bin5[] = {0x02,0x01,0x80};
static const BYTE bin6[] = {0x02,0x02,0xff,0x7f};
static const BYTE bin7[] = {0x02,0x04,0xba,0xdd,0xf0,0x0d};
Mike McCormack's avatar
Mike McCormack committed
46

47
static const struct encodedInt ints[] = {
Mike McCormack's avatar
Mike McCormack committed
48 49 50 51 52 53 54
 { 1,          bin1 },
 { 127,        bin2 },
 { 128,        bin3 },
 { 256,        bin4 },
 { -128,       bin5 },
 { -129,       bin6 },
 { 0xbaddf00d, bin7 },
55 56
};

57 58
struct encodedBigInt
{
59 60 61
    const BYTE *val;
    const BYTE *encoded;
    const BYTE *decoded;
62 63
};

Mike McCormack's avatar
Mike McCormack committed
64 65 66 67 68 69 70 71
static const BYTE bin8[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
static const BYTE bin9[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
static const BYTE bin10[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};

static const BYTE bin11[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
static const BYTE bin12[] = {0x02,0x09,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
static const BYTE bin13[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0};

72
static const struct encodedBigInt bigInts[] = {
Mike McCormack's avatar
Mike McCormack committed
73 74
 { bin8, bin9, bin10 },
 { bin11, bin12, bin13 },
75 76
};

Mike McCormack's avatar
Mike McCormack committed
77 78 79 80 81
static const BYTE bin14[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
static const BYTE bin15[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
static const BYTE bin16[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
static const BYTE bin17[] = {0x02,0x0c,0x00,0xff,0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};

82 83
/* Decoded is the same as original, so don't bother storing a separate copy */
static const struct encodedBigInt bigUInts[] = {
Mike McCormack's avatar
Mike McCormack committed
84 85
 { bin14, bin15, NULL },
 { bin16, bin17, NULL },
86 87
};

88
static void test_encodeInt(DWORD dwEncoding)
89 90 91 92
{
    DWORD bufSize = 0;
    int i;
    BOOL ret;
93 94
    CRYPT_INTEGER_BLOB blob;
    BYTE *buf = NULL;
95 96

    /* CryptEncodeObjectEx with NULL bufSize crashes..
97
    ret = pCryptEncodeObjectEx(3, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
98 99 100
     NULL);
     */
    /* check bogus encoding */
101
    ret = pCryptEncodeObjectEx(0, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
102 103
     &bufSize);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
104
     "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
105 106 107 108 109 110 111 112 113 114
    if (0)
    {
        /* check with NULL integer buffer.  Windows XP incorrectly returns an
         * NTSTATUS (crashes on win9x).
         */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, NULL, NULL,
         &bufSize);
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
115 116
    for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
    {
117
        /* encode as normal integer */
118
        ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val, 0,
119
         NULL, NULL, &bufSize);
120
        ok(ret, "Expected success, got %d\n", GetLastError());
121
        ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val,
Mike McCormack's avatar
Mike McCormack committed
122
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
123
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
124
        if (ret)
125 126 127
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
128 129
            ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], ints[i].encoded[1]);
130 131 132 133
            ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
             "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
            LocalFree(buf);
        }
134 135 136
        /* encode as multibyte integer */
        blob.cbData = sizeof(ints[i].val);
        blob.pbData = (BYTE *)&ints[i].val;
137
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
138
         0, NULL, NULL, &bufSize);
139
        ok(ret, "Expected success, got %d\n", GetLastError());
140
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
Mike McCormack's avatar
Mike McCormack committed
141
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
142
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
143
        if (ret)
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
            ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], ints[i].encoded[1]);
            ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
             "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
            LocalFree(buf);
        }
    }
    /* encode a couple bigger ints, just to show it's little-endian and leading
     * sign bytes are dropped
     */
    for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
    {
Mike McCormack's avatar
Mike McCormack committed
159
        blob.cbData = strlen((const char*)bigInts[i].val);
160
        blob.pbData = (BYTE *)bigInts[i].val;
161
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
162
         0, NULL, NULL, &bufSize);
163
        ok(ret, "Expected success, got %d\n", GetLastError());
164
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
Mike McCormack's avatar
Mike McCormack committed
165
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
166
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
167
        if (ret)
168 169 170 171 172 173 174 175 176 177
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
            ok(buf[1] == bigInts[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], bigInts[i].encoded[1]);
            ok(!memcmp(buf + 1, bigInts[i].encoded + 1,
             bigInts[i].encoded[1] + 1),
             "Encoded value didn't match expected\n");
            LocalFree(buf);
        }
178
    }
179 180 181
    /* and, encode some uints */
    for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
    {
Mike McCormack's avatar
Mike McCormack committed
182 183
        blob.cbData = strlen((const char*)bigUInts[i].val);
        blob.pbData = (BYTE*)bigUInts[i].val;
184
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
185
         0, NULL, NULL, &bufSize);
186
        ok(ret, "Expected success, got %d\n", GetLastError());
187
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
Mike McCormack's avatar
Mike McCormack committed
188
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
189
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
190
        if (ret)
191 192 193 194 195 196 197 198 199 200 201
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
            ok(buf[1] == bigUInts[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], bigUInts[i].encoded[1]);
            ok(!memcmp(buf + 1, bigUInts[i].encoded + 1,
             bigUInts[i].encoded[1] + 1),
             "Encoded value didn't match expected\n");
            LocalFree(buf);
        }
    }
202 203
}

204
static void test_decodeInt(DWORD dwEncoding)
205
{
Mike McCormack's avatar
Mike McCormack committed
206 207
    static const BYTE bigInt[] = { 2, 5, 0xff, 0xfe, 0xff, 0xfe, 0xff };
    static const BYTE testStr[] = { 0x16, 4, 't', 'e', 's', 't' };
208
    static const BYTE longForm[] = { 2, 0x81, 0x01, 0x01 };
209
    static const BYTE bigBogus[] = { 0x02, 0x84, 0x01, 0xff, 0xff, 0xf9 };
210
    static const BYTE extraBytes[] = { 2, 1, 1, 0, 0, 0, 0 };
211 212 213 214 215 216
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    int i;
    BOOL ret;

    /* CryptDecodeObjectEx with NULL bufSize crashes..
217
    ret = pCryptDecodeObjectEx(3, X509_INTEGER, &ints[0].encoded,
218 219 220
     ints[0].encoded[1] + 2, 0, NULL, NULL, NULL);
     */
    /* check bogus encoding */
221
    ret = pCryptDecodeObjectEx(3, X509_INTEGER, (BYTE *)&ints[0].encoded,
222 223
     ints[0].encoded[1] + 2, 0, NULL, NULL, &bufSize);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
224
     "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
225
    /* check with NULL integer buffer */
226
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, 0, NULL, NULL,
227
     &bufSize);
228 229 230
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == OSS_BAD_ARG /* Win9x */),
     "Expected CRYPT_E_ASN1_EOD or OSS_BAD_ARG, got %08x\n", GetLastError());
231
    /* check with a valid, but too large, integer */
232
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, bigInt, bigInt[1] + 2,
233
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
234 235
    ok((!ret && GetLastError() == CRYPT_E_ASN1_LARGE) ||
     broken(ret) /* Win9x */,
236
     "Expected CRYPT_E_ASN1_LARGE, got %d\n", GetLastError());
237
    /* check with a DER-encoded string */
238
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, testStr, testStr[1] + 2,
239
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
240 241 242 243
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_PDU_MISMATCH /* Win9x */ ),
     "Expected CRYPT_E_ASN1_BADTAG or OSS_PDU_MISMATCH, got %08x\n",
     GetLastError());
244 245
    for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
    {
246 247
        /* When the output buffer is NULL, this always succeeds */
        SetLastError(0xdeadbeef);
248
        ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER,
249
         ints[i].encoded, ints[i].encoded[1] + 2, 0, NULL, NULL,
250
         &bufSize);
251
        ok(ret && GetLastError() == NOERROR,
252
         "Expected success and NOERROR, got %d\n", GetLastError());
253
        ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER,
254
         ints[i].encoded, ints[i].encoded[1] + 2,
255
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
256 257
        ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
        ok(bufSize == sizeof(int), "Wrong size %d\n", bufSize);
258
        ok(buf != NULL, "Expected allocated buffer\n");
259
        if (ret)
260 261 262 263 264 265
        {
            ok(!memcmp(buf, &ints[i].val, bufSize), "Expected %d, got %d\n",
             ints[i].val, *(int *)buf);
            LocalFree(buf);
        }
    }
266 267
    for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
    {
268
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
269
         bigInts[i].encoded, bigInts[i].encoded[1] + 2, 0, NULL, NULL,
270 271
         &bufSize);
        ok(ret && GetLastError() == NOERROR,
272
         "Expected success and NOERROR, got %d\n", GetLastError());
273
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
274
         bigInts[i].encoded, bigInts[i].encoded[1] + 2,
275
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
276 277
        ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
        ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB), "Wrong size %d\n", bufSize);
278
        ok(buf != NULL, "Expected allocated buffer\n");
279
        if (ret)
280 281 282
        {
            CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;

Mike McCormack's avatar
Mike McCormack committed
283
            ok(blob->cbData == strlen((const char*)bigInts[i].decoded),
284
             "Expected len %d, got %d\n", lstrlenA((const char*)bigInts[i].decoded),
285 286 287 288 289 290
             blob->cbData);
            ok(!memcmp(blob->pbData, bigInts[i].decoded, blob->cbData),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
291 292
    for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
    {
293
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
294
         bigUInts[i].encoded, bigUInts[i].encoded[1] + 2, 0, NULL, NULL,
295 296
         &bufSize);
        ok(ret && GetLastError() == NOERROR,
297
         "Expected success and NOERROR, got %d\n", GetLastError());
298
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
299
         bigUInts[i].encoded, bigUInts[i].encoded[1] + 2,
300
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
301 302
        ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
        ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB), "Wrong size %d\n", bufSize);
303
        ok(buf != NULL, "Expected allocated buffer\n");
304
        if (ret)
305 306 307
        {
            CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;

Mike McCormack's avatar
Mike McCormack committed
308
            ok(blob->cbData == strlen((const char*)bigUInts[i].val),
309
             "Expected len %d, got %d\n", lstrlenA((const char*)bigUInts[i].val),
310 311 312 313 314 315
             blob->cbData);
            ok(!memcmp(blob->pbData, bigUInts[i].val, blob->cbData),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
316
    /* Decode the value 1 with long-form length */
317
    ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, longForm,
318
     sizeof(longForm), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
319
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
320
    if (ret)
321 322 323 324
    {
        ok(*(int *)buf == 1, "Expected 1, got %d\n", *(int *)buf);
        LocalFree(buf);
    }
325
    /* check with extra bytes at the end */
326
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, extraBytes,
327
     sizeof(extraBytes), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
328
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
329
    if (ret)
330 331 332 333
    {
        ok(*(int *)buf == 1, "Expected 1, got %d\n", *(int *)buf);
        LocalFree(buf);
    }
334 335
    /* Try to decode some bogus large items */
    /* The buffer size is smaller than the encoded length, so this should fail
336 337 338 339
     * with CRYPT_E_ASN1_EOD if it's being decoded.
     * Under XP it fails with CRYPT_E_ASN1_LARGE, which means there's a limit
     * on the size decoded, but in ME it fails with CRYPT_E_ASN1_EOD or crashes.
     * So this test unfortunately isn't useful.
340
    ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, tooBig,
341
     0x7fffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
342
    ok(!ret && GetLastError() == CRYPT_E_ASN1_LARGE,
343
     "Expected CRYPT_E_ASN1_LARGE, got %08x\n", GetLastError());
344
     */
345 346 347
    /* This will try to decode the buffer and overflow it, check that it's
     * caught.
     */
348 349 350
    if (0)
    {
    /* a large buffer isn't guaranteed to crash, it depends on memory allocation order */
351
    ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, bigBogus,
352
     0x01ffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
353
    ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
354
     "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
355
    }
356 357
}

Juan Lang's avatar
Juan Lang committed
358 359
static const BYTE bin18[] = {0x0a,0x01,0x01};
static const BYTE bin19[] = {0x0a,0x05,0x00,0xff,0xff,0xff,0x80};
Mike McCormack's avatar
Mike McCormack committed
360

361 362 363 364
/* These are always encoded unsigned, and aren't constrained to be any
 * particular value
 */
static const struct encodedInt enums[] = {
Mike McCormack's avatar
Mike McCormack committed
365 366
 { 1,    bin18 },
 { -128, bin19 },
367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386
};

/* X509_CRL_REASON_CODE is also an enumerated type, but it's #defined to
 * X509_ENUMERATED.
 */
static const LPCSTR enumeratedTypes[] = { X509_ENUMERATED,
 szOID_CRL_REASON_CODE };

static void test_encodeEnumerated(DWORD dwEncoding)
{
    DWORD i, j;

    for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
    {
        for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
        {
            BOOL ret;
            BYTE *buf = NULL;
            DWORD bufSize = 0;

387
            ret = pCryptEncodeObjectEx(dwEncoding, enumeratedTypes[i],
388
             &enums[j].val, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf,
389
             &bufSize);
390
            ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
391
            if (ret)
392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419
            {
                ok(buf[0] == 0xa,
                 "Got unexpected type %d for enumerated (expected 0xa)\n",
                 buf[0]);
                ok(buf[1] == enums[j].encoded[1],
                 "Got length %d, expected %d\n", buf[1], enums[j].encoded[1]);
                ok(!memcmp(buf + 1, enums[j].encoded + 1,
                 enums[j].encoded[1] + 1),
                 "Encoded value of 0x%08x didn't match expected\n",
                 enums[j].val);
                LocalFree(buf);
            }
        }
    }
}

static void test_decodeEnumerated(DWORD dwEncoding)
{
    DWORD i, j;

    for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
    {
        for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
        {
            BOOL ret;
            DWORD bufSize = sizeof(int);
            int val;

420
            ret = pCryptDecodeObjectEx(dwEncoding, enumeratedTypes[i],
421
             enums[j].encoded, enums[j].encoded[1] + 2, 0, NULL,
422
             &val, &bufSize);
423
            ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
424
            ok(bufSize == sizeof(int),
425
             "Got unexpected size %d for enumerated\n", bufSize);
426 427 428 429
            ok(val == enums[j].val, "Unexpected value %d, expected %d\n",
             val, enums[j].val);
        }
    }
430 431
}

432 433 434
struct encodedFiletime
{
    SYSTEMTIME sysTime;
435
    const BYTE *encodedTime;
436 437
};

438
static void testTimeEncoding(DWORD dwEncoding, LPCSTR structType,
439 440 441 442 443 444 445 446
 const struct encodedFiletime *time)
{
    FILETIME ft = { 0 };
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;

    ret = SystemTimeToFileTime(&time->sysTime, &ft);
447
    ok(ret, "SystemTimeToFileTime failed: %d\n", GetLastError());
448
    ret = pCryptEncodeObjectEx(dwEncoding, structType, &ft,
449
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
450 451 452
    /* years other than 1950-2050 are not allowed for encodings other than
     * X509_CHOICE_OF_TIME.
     */
453
    if (structType == X509_CHOICE_OF_TIME ||
454 455
     (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
    {
456
        ok(ret, "CryptEncodeObjectEx failed: %d (0x%08x)\n", GetLastError(),
457 458
         GetLastError());
        ok(buf != NULL, "Expected an allocated buffer\n");
459
        if (ret)
460 461 462 463
        {
            ok(buf[0] == time->encodedTime[0],
             "Expected type 0x%02x, got 0x%02x\n", time->encodedTime[0],
             buf[0]);
464
            ok(buf[1] == time->encodedTime[1], "Expected %d bytes, got %d\n",
465 466 467 468 469 470 471
             time->encodedTime[1], bufSize);
            ok(!memcmp(time->encodedTime + 2, buf + 2, time->encodedTime[1]),
             "Got unexpected value for time encoding\n");
            LocalFree(buf);
        }
    }
    else
472 473
        ok((!ret && GetLastError() == CRYPT_E_BAD_ENCODE) ||
         broken(GetLastError() == ERROR_SUCCESS),
474
         "Expected CRYPT_E_BAD_ENCODE, got 0x%08x\n", GetLastError());
475 476
}

477 478
static const char *printSystemTime(const SYSTEMTIME *st)
{
479
    static char buf[25];
480 481 482 483 484 485 486 487

    sprintf(buf, "%02d-%02d-%04d %02d:%02d:%02d.%03d", st->wMonth, st->wDay,
     st->wYear, st->wHour, st->wMinute, st->wSecond, st->wMilliseconds);
    return buf;
}

static const char *printFileTime(const FILETIME *ft)
{
488
    static char buf[25];
489 490 491 492 493 494 495 496
    SYSTEMTIME st;

    FileTimeToSystemTime(ft, &st);
    sprintf(buf, "%02d-%02d-%04d %02d:%02d:%02d.%03d", st.wMonth, st.wDay,
     st.wYear, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
    return buf;
}

497 498 499 500 501
static void compareTime(const SYSTEMTIME *expected, const FILETIME *got)
{
    SYSTEMTIME st;

    FileTimeToSystemTime(got, &st);
502
    ok((expected->wYear == st.wYear &&
503 504 505 506 507
     expected->wMonth == st.wMonth &&
     expected->wDay == st.wDay &&
     expected->wHour == st.wHour &&
     expected->wMinute == st.wMinute &&
     expected->wSecond == st.wSecond &&
508 509 510 511 512 513 514 515
     abs(expected->wMilliseconds - st.wMilliseconds) <= 1) ||
     /* Some Windows systems only seem to be accurate in their time decoding to
      * within about an hour.
      */
     broken(expected->wYear == st.wYear &&
     expected->wMonth == st.wMonth &&
     expected->wDay == st.wDay &&
     abs(expected->wHour - st.wHour) <= 1),
516 517 518 519
     "Got unexpected value for time decoding:\nexpected %s, got %s\n",
     printSystemTime(expected), printFileTime(got));
}

520
static void testTimeDecoding(DWORD dwEncoding, LPCSTR structType,
521 522
 const struct encodedFiletime *time)
{
523 524
    FILETIME ft = { 0 };
    DWORD size = sizeof(ft);
525 526
    BOOL ret;

527
    ret = pCryptDecodeObjectEx(dwEncoding, structType, time->encodedTime,
528
     time->encodedTime[1] + 2, 0, NULL, &ft, &size);
529 530 531
    /* years other than 1950-2050 are not allowed for encodings other than
     * X509_CHOICE_OF_TIME.
     */
532
    if (structType == X509_CHOICE_OF_TIME ||
533 534
     (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
    {
535 536
        ok(ret || broken(GetLastError() == OSS_DATA_ERROR),
         "CryptDecodeObjectEx failed: %d (0x%08x)\n", GetLastError(),
537
         GetLastError());
538 539
        if (ret)
            compareTime(&time->sysTime, &ft);
540 541
    }
    else
542 543 544 545
        ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
         GetLastError() == OSS_PDU_MISMATCH /* Win9x */ ),
         "Expected CRYPT_E_ASN1_BADTAG or OSS_PDU_MISMATCH, got %08x\n",
         GetLastError());
546 547
}

Mike McCormack's avatar
Mike McCormack committed
548
static const BYTE bin20[] = {
Juan Lang's avatar
Juan Lang committed
549
    0x17,0x0d,'0','5','0','6','0','6','1','6','1','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
550
static const BYTE bin21[] = {
Juan Lang's avatar
Juan Lang committed
551
    0x18,0x0f,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
552
static const BYTE bin22[] = {
Juan Lang's avatar
Juan Lang committed
553
    0x18,0x0f,'2','1','4','5','0','6','0','6','1','6','1','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
554

555
static const struct encodedFiletime times[] = {
Mike McCormack's avatar
Mike McCormack committed
556 557 558
 { { 2005, 6, 1, 6, 16, 10, 0, 0 }, bin20 },
 { { 1945, 6, 1, 6, 16, 10, 0, 0 }, bin21 },
 { { 2145, 6, 1, 6, 16, 10, 0, 0 }, bin22 },
559 560
};

561
static void test_encodeFiletime(DWORD dwEncoding)
562 563 564 565 566
{
    DWORD i;

    for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
    {
567 568 569
        testTimeEncoding(dwEncoding, X509_CHOICE_OF_TIME, &times[i]);
        testTimeEncoding(dwEncoding, PKCS_UTC_TIME, &times[i]);
        testTimeEncoding(dwEncoding, szOID_RSA_signingTime, &times[i]);
570 571 572
    }
}

Mike McCormack's avatar
Mike McCormack committed
573
static const BYTE bin23[] = {
Juan Lang's avatar
Juan Lang committed
574
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
575
static const BYTE bin24[] = {
Juan Lang's avatar
Juan Lang committed
576
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','9','9','9','Z'};
Mike McCormack's avatar
Mike McCormack committed
577
static const BYTE bin25[] = {
Juan Lang's avatar
Juan Lang committed
578
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','+','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
579
static const BYTE bin26[] = {
Juan Lang's avatar
Juan Lang committed
580
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
581
static const BYTE bin27[] = {
Juan Lang's avatar
Juan Lang committed
582
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','1','5'};
Mike McCormack's avatar
Mike McCormack committed
583
static const BYTE bin28[] = {
Juan Lang's avatar
Juan Lang committed
584
    0x18,0x0a,'2','1','4','5','0','6','0','6','1','6'};
Mike McCormack's avatar
Mike McCormack committed
585
static const BYTE bin29[] = {
Juan Lang's avatar
Juan Lang committed
586
    0x17,0x0a,'4','5','0','6','0','6','1','6','1','0'};
Mike McCormack's avatar
Mike McCormack committed
587
static const BYTE bin30[] = {
Juan Lang's avatar
Juan Lang committed
588
    0x17,0x0b,'4','5','0','6','0','6','1','6','1','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
589
static const BYTE bin31[] = {
Juan Lang's avatar
Juan Lang committed
590
    0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','+','0','1'};
Mike McCormack's avatar
Mike McCormack committed
591
static const BYTE bin32[] = {
Juan Lang's avatar
Juan Lang committed
592
    0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','-','0','1'};
Mike McCormack's avatar
Mike McCormack committed
593
static const BYTE bin33[] = {
Juan Lang's avatar
Juan Lang committed
594
    0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','+','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
595
static const BYTE bin34[] = {
Juan Lang's avatar
Juan Lang committed
596
    0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','-','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
597
static const BYTE bin35[] = {
Juan Lang's avatar
Juan Lang committed
598
    0x17,0x08, '4','5','0','6','0','6','1','6'};
Mike McCormack's avatar
Mike McCormack committed
599
static const BYTE bin36[] = {
Juan Lang's avatar
Juan Lang committed
600
    0x18,0x0f, 'a','a','a','a','a','a','a','a','a','a','a','a','a','a','Z'};
Mike McCormack's avatar
Mike McCormack committed
601
static const BYTE bin37[] = {
Juan Lang's avatar
Juan Lang committed
602
    0x18,0x04, '2','1','4','5'};
Mike McCormack's avatar
Mike McCormack committed
603
static const BYTE bin38[] = {
Juan Lang's avatar
Juan Lang committed
604
    0x18,0x08, '2','1','4','5','0','6','0','6'};
Mike McCormack's avatar
Mike McCormack committed
605

606
static void test_decodeFiletime(DWORD dwEncoding)
607 608
{
    static const struct encodedFiletime otherTimes[] = {
Mike McCormack's avatar
Mike McCormack committed
609 610 611 612 613 614 615 616 617 618 619 620
     { { 1945, 6, 1, 6, 16, 10, 0, 0 },   bin23 },
     { { 1945, 6, 1, 6, 16, 10, 0, 999 }, bin24 },
     { { 1945, 6, 1, 6, 17, 10, 0, 0 },   bin25 },
     { { 1945, 6, 1, 6, 15, 10, 0, 0 },   bin26 },
     { { 1945, 6, 1, 6, 14, 55, 0, 0 },   bin27 },
     { { 2145, 6, 1, 6, 16,  0, 0, 0 },   bin28 },
     { { 2045, 6, 1, 6, 16, 10, 0, 0 },   bin29 },
     { { 2045, 6, 1, 6, 16, 10, 0, 0 },   bin30 },
     { { 2045, 6, 1, 6, 17, 10, 0, 0 },   bin31 },
     { { 2045, 6, 1, 6, 15, 10, 0, 0 },   bin32 },
     { { 2045, 6, 1, 6, 17, 10, 0, 0 },   bin33 },
     { { 2045, 6, 1, 6, 15, 10, 0, 0 },   bin34 },
621 622 623 624
    };
    /* An oddball case that succeeds in Windows, but doesn't seem correct
     { { 2145, 6, 1, 2, 11, 31, 0, 0 },   "\x18" "\x13" "21450606161000-9999" },
     */
Mike McCormack's avatar
Mike McCormack committed
625
    static const unsigned char *bogusTimes[] = {
626 627 628
     /* oddly, this succeeds on Windows, with year 2765
     "\x18" "\x0f" "21r50606161000Z",
      */
Mike McCormack's avatar
Mike McCormack committed
629 630 631 632
     bin35,
     bin36,
     bin37,
     bin38,
633
    };
634 635 636
    DWORD i, size;
    FILETIME ft1 = { 0 }, ft2 = { 0 };
    BOOL ret;
637

638 639
    /* Check bogus length with non-NULL buffer */
    ret = SystemTimeToFileTime(&times[0].sysTime, &ft1);
640
    ok(ret, "SystemTimeToFileTime failed: %d\n", GetLastError());
641
    size = 1;
642
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
643 644
     times[0].encodedTime, times[0].encodedTime[1] + 2, 0, NULL, &ft2, &size);
    ok(!ret && GetLastError() == ERROR_MORE_DATA,
645
     "Expected ERROR_MORE_DATA, got %d\n", GetLastError());
646
    /* Normal tests */
647 648
    for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
    {
649 650 651
        testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, &times[i]);
        testTimeDecoding(dwEncoding, PKCS_UTC_TIME, &times[i]);
        testTimeDecoding(dwEncoding, szOID_RSA_signingTime, &times[i]);
652 653 654
    }
    for (i = 0; i < sizeof(otherTimes) / sizeof(otherTimes[0]); i++)
    {
655 656 657
        testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, &otherTimes[i]);
        testTimeDecoding(dwEncoding, PKCS_UTC_TIME, &otherTimes[i]);
        testTimeDecoding(dwEncoding, szOID_RSA_signingTime, &otherTimes[i]);
658 659 660
    }
    for (i = 0; i < sizeof(bogusTimes) / sizeof(bogusTimes[0]); i++)
    {
661
        size = sizeof(ft1);
662
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
663
         bogusTimes[i], bogusTimes[i][1] + 2, 0, NULL, &ft1, &size);
664 665 666
        ok((!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
                     GetLastError() == OSS_DATA_ERROR /* Win9x */)) ||
           broken(ret), /* Win9x and NT4 for bin38 */
667 668
         "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
         GetLastError());
669 670 671
    }
}

672 673 674
static const char commonName[] = "Juan Lang";
static const char surName[] = "Lang";

675
static const BYTE emptySequence[] = { 0x30, 0 };
676
static const BYTE emptyRDNs[] = { 0x30, 0x02, 0x31, 0 };
Mike McCormack's avatar
Mike McCormack committed
677 678 679 680
static const BYTE twoRDNs[] = {
    0x30,0x23,0x31,0x21,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,
    0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
    0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0};
681 682 683 684 685 686
static const BYTE encodedTwoRDNs[] = {
0x30,0x2e,0x31,0x2c,0x30,0x2a,0x06,0x03,0x55,0x04,0x03,0x30,0x23,0x31,0x21,
0x30,0x0c,0x06,0x03,0x55,0x04,0x04,0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,
};
687

688 689 690 691 692 693 694 695 696 697 698 699 700 701
static const BYTE us[] = { 0x55, 0x53 };
static const BYTE minnesota[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x73, 0x6f,
 0x74, 0x61 };
static const BYTE minneapolis[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, 0x70,
 0x6f, 0x6c, 0x69, 0x73 };
static const BYTE codeweavers[] = { 0x43, 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61,
 0x76, 0x65, 0x72, 0x73 };
static const BYTE wine[] = { 0x57, 0x69, 0x6e, 0x65, 0x20, 0x44, 0x65, 0x76,
 0x65, 0x6c, 0x6f, 0x70, 0x6d, 0x65, 0x6e, 0x74 };
static const BYTE localhostAttr[] = { 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
 0x73, 0x74 };
static const BYTE aric[] = { 0x61, 0x72, 0x69, 0x63, 0x40, 0x63, 0x6f, 0x64,
 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63, 0x6f, 0x6d };

702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728
#define RDNA(arr)   oid_ ## arr, CERT_RDN_PRINTABLE_STRING, { sizeof(arr), (LPBYTE)arr }
#define RDNIA5(arr) oid_ ## arr, CERT_RDN_IA5_STRING,       { sizeof(arr), (LPBYTE)arr }

static CHAR oid_us[]            = "2.5.4.6",
            oid_minnesota[]     = "2.5.4.8",
            oid_minneapolis[]   = "2.5.4.7",
            oid_codeweavers[]   = "2.5.4.10",
            oid_wine[]          = "2.5.4.11",
            oid_localhostAttr[] = "2.5.4.3",
            oid_aric[]          = "1.2.840.113549.1.9.1";
static CERT_RDN_ATTR rdnAttrs[] = { { RDNA(us) },
                                    { RDNA(minnesota) },
                                    { RDNA(minneapolis) },
                                    { RDNA(codeweavers) },
                                    { RDNA(wine) },
                                    { RDNA(localhostAttr) },
                                    { RDNIA5(aric) } };
static CERT_RDN_ATTR decodedRdnAttrs[] = { { RDNA(us) },
                                           { RDNA(localhostAttr) },
                                           { RDNA(minnesota) },
                                           { RDNA(minneapolis) },
                                           { RDNA(codeweavers) },
                                           { RDNA(wine) },
                                           { RDNIA5(aric) } };

#undef RDNIA5
#undef RDNA
729 730 731 732 733 734 735 736 737 738 739 740 741 742

static const BYTE encodedRDNAttrs[] = {
0x30,0x81,0x96,0x31,0x81,0x93,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
0x53,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x6c,0x6f,0x63,0x61,0x6c,0x68,
0x6f,0x73,0x74,0x30,0x10,0x06,0x03,0x55,0x04,0x08,0x13,0x09,0x4d,0x69,0x6e,0x6e,
0x65,0x73,0x6f,0x74,0x61,0x30,0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0b,0x4d,0x69,
0x6e,0x6e,0x65,0x61,0x70,0x6f,0x6c,0x69,0x73,0x30,0x12,0x06,0x03,0x55,0x04,0x0a,
0x13,0x0b,0x43,0x6f,0x64,0x65,0x57,0x65,0x61,0x76,0x65,0x72,0x73,0x30,0x17,0x06,
0x03,0x55,0x04,0x0b,0x13,0x10,0x57,0x69,0x6e,0x65,0x20,0x44,0x65,0x76,0x65,0x6c,
0x6f,0x70,0x6d,0x65,0x6e,0x74,0x30,0x21,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
0x01,0x09,0x01,0x16,0x14,0x61,0x72,0x69,0x63,0x40,0x63,0x6f,0x64,0x65,0x77,0x65,
0x61,0x76,0x65,0x72,0x73,0x2e,0x63,0x6f,0x6d
};

743 744 745 746 747
static void test_encodeName(DWORD dwEncoding)
{
    CERT_RDN_ATTR attrs[2];
    CERT_RDN rdn;
    CERT_NAME_INFO info;
748 749
    static CHAR oid_common_name[] = szOID_COMMON_NAME,
                oid_sur_name[]    = szOID_SUR_NAME;
750
    BYTE *buf = NULL;
751
    DWORD size = 0;
752 753
    BOOL ret;

754 755 756 757
    if (0)
    {
        /* Test with NULL pvStructInfo (crashes on win9x) */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, NULL,
758
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
759 760 761
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
762 763 764
    /* Test with empty CERT_NAME_INFO */
    info.cRDN = 0;
    info.rgRDN = NULL;
765
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
766
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
767
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
768
    if (ret)
769
    {
770
        ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
771 772 773
         "Got unexpected encoding for empty name\n");
        LocalFree(buf);
    }
774 775 776 777 778
    if (0)
    {
        /* Test with bogus CERT_RDN (crashes on win9x) */
        info.cRDN = 1;
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
779
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
780 781 782
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
783 784 785 786 787
    /* Test with empty CERT_RDN */
    rdn.cRDNAttr = 0;
    rdn.rgRDNAttr = NULL;
    info.cRDN = 1;
    info.rgRDN = &rdn;
788
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
789
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
790
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
791
    if (ret)
792 793 794 795 796
    {
        ok(!memcmp(buf, emptyRDNs, sizeof(emptyRDNs)),
         "Got unexpected encoding for empty RDN array\n");
        LocalFree(buf);
    }
797 798 799 800 801 802
    if (0)
    {
        /* Test with bogus attr array (crashes on win9x) */
        rdn.cRDNAttr = 1;
        rdn.rgRDNAttr = NULL;
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
803
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
804 805 806
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
807 808 809 810
    /* oddly, a bogus OID is accepted by Windows XP; not testing.
    attrs[0].pszObjId = "bogus";
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = sizeof(commonName);
811
    attrs[0].Value.pbData = commonName;
812 813
    rdn.cRDNAttr = 1;
    rdn.rgRDNAttr = attrs;
814
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
815
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
816 817 818 819 820
    ok(!ret, "Expected failure, got success\n");
     */
    /* Check with two CERT_RDN_ATTRs.  Note DER encoding forces the order of
     * the encoded attributes to be swapped.
     */
821
    attrs[0].pszObjId = oid_common_name;
822 823 824
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = sizeof(commonName);
    attrs[0].Value.pbData = (BYTE *)commonName;
825
    attrs[1].pszObjId = oid_sur_name;
826 827 828 829 830
    attrs[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[1].Value.cbData = sizeof(surName);
    attrs[1].Value.pbData = (BYTE *)surName;
    rdn.cRDNAttr = 2;
    rdn.rgRDNAttr = attrs;
831
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
832
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
833
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
834
    if (ret)
835 836 837 838 839
    {
        ok(!memcmp(buf, twoRDNs, sizeof(twoRDNs)),
         "Got unexpected encoding for two RDN array\n");
        LocalFree(buf);
    }
840 841 842 843 844
    /* A name can be "encoded" with previously encoded RDN attrs. */
    attrs[0].dwValueType = CERT_RDN_ENCODED_BLOB;
    attrs[0].Value.pbData = (LPBYTE)twoRDNs;
    attrs[0].Value.cbData = sizeof(twoRDNs);
    rdn.cRDNAttr = 1;
845
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
846
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
847
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
848
    if (ret)
849
    {
850
        ok(size == sizeof(encodedTwoRDNs), "Unexpected size %d\n", size);
851 852 853 854
        ok(!memcmp(buf, encodedTwoRDNs, size),
         "Unexpected value for re-endoded two RDN array\n");
        LocalFree(buf);
    }
855 856 857
    /* CERT_RDN_ANY_TYPE is too vague for X509_NAMEs, check the return */
    rdn.cRDNAttr = 1;
    attrs[0].dwValueType = CERT_RDN_ANY_TYPE;
858
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
859
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
860
    ok(!ret && GetLastError() == E_INVALIDARG,
861
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
862 863
    /* Test a more complex name */
    rdn.cRDNAttr = sizeof(rdnAttrs) / sizeof(rdnAttrs[0]);
864
    rdn.rgRDNAttr = rdnAttrs;
865 866 867 868
    info.cRDN = 1;
    info.rgRDN = &rdn;
    buf = NULL;
    size = 0;
869
    ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, X509_NAME, &info,
870
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
871
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
872 873
    if (ret)
    {
874
        ok(size == sizeof(encodedRDNAttrs), "Wrong size %d\n", size);
875 876 877 878 879
        ok(!memcmp(buf, encodedRDNAttrs, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897
static WCHAR commonNameW[] = { 'J','u','a','n',' ','L','a','n','g',0 };
static WCHAR surNameW[] = { 'L','a','n','g',0 };

static const BYTE twoRDNsNoNull[] = {
 0x30,0x21,0x31,0x1f,0x30,0x0b,0x06,0x03,0x55,0x04,0x04,0x13,0x04,0x4c,0x61,
 0x6e,0x67,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,
 0x20,0x4c,0x61,0x6e,0x67 };
static const BYTE anyType[] = {
 0x30,0x2f,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x1e,0x24,0x23,0x30,
 0x21,0x31,0x0c,0x30,0x03,0x06,0x04,0x55,0x13,0x04,0x4c,0x05,0x6e,0x61,0x00,
 0x67,0x11,0x30,0x03,0x06,0x04,0x55,0x13,0x03,0x4a,0x0a,0x61,0x75,0x20,0x6e,
 0x61,0x4c,0x67,0x6e };

static void test_encodeUnicodeName(DWORD dwEncoding)
{
    CERT_RDN_ATTR attrs[2];
    CERT_RDN rdn;
    CERT_NAME_INFO info;
898 899
    static CHAR oid_common_name[] = szOID_COMMON_NAME,
                oid_sur_name[]    = szOID_SUR_NAME;
900 901 902 903
    BYTE *buf = NULL;
    DWORD size = 0;
    BOOL ret;

904 905 906 907
    if (0)
    {
        /* Test with NULL pvStructInfo (crashes on win9x) */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, NULL,
908
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
909 910 911
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
912 913 914
    /* Test with empty CERT_NAME_INFO */
    info.cRDN = 0;
    info.rgRDN = NULL;
915
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
916
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
917
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
918
    if (ret)
919 920 921 922 923 924 925 926
    {
        ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
         "Got unexpected encoding for empty name\n");
        LocalFree(buf);
    }
    /* Check with one CERT_RDN_ATTR, that has an invalid character for the
     * encoding (the NULL).
     */
927
    attrs[0].pszObjId = oid_common_name;
928 929 930 931 932 933 934
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = sizeof(commonNameW);
    attrs[0].Value.pbData = (BYTE *)commonNameW;
    rdn.cRDNAttr = 1;
    rdn.rgRDNAttr = attrs;
    info.cRDN = 1;
    info.rgRDN = &rdn;
935
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
936
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
937
    ok(!ret && GetLastError() == CRYPT_E_INVALID_PRINTABLE_STRING,
938 939
     "Expected CRYPT_E_INVALID_PRINTABLE_STRING, got %08x\n", GetLastError());
    ok(size == 9, "Unexpected error index %08x\n", size);
940 941 942
    /* Check with two NULL-terminated CERT_RDN_ATTRs.  Note DER encoding
     * forces the order of the encoded attributes to be swapped.
     */
943
    attrs[0].pszObjId = oid_common_name;
944 945 946
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = 0;
    attrs[0].Value.pbData = (BYTE *)commonNameW;
947
    attrs[1].pszObjId = oid_sur_name;
948 949 950 951 952 953 954
    attrs[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[1].Value.cbData = 0;
    attrs[1].Value.pbData = (BYTE *)surNameW;
    rdn.cRDNAttr = 2;
    rdn.rgRDNAttr = attrs;
    info.cRDN = 1;
    info.rgRDN = &rdn;
955
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
956
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
957
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
958
    if (ret)
959 960 961 962 963 964 965 966 967 968
    {
        ok(!memcmp(buf, twoRDNsNoNull, sizeof(twoRDNsNoNull)),
         "Got unexpected encoding for two RDN array\n");
        LocalFree(buf);
    }
    /* A name can be "encoded" with previously encoded RDN attrs. */
    attrs[0].dwValueType = CERT_RDN_ENCODED_BLOB;
    attrs[0].Value.pbData = (LPBYTE)twoRDNs;
    attrs[0].Value.cbData = sizeof(twoRDNs);
    rdn.cRDNAttr = 1;
969
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
970
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
971
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
972
    if (ret)
973
    {
974
        ok(size == sizeof(encodedTwoRDNs), "Unexpected size %d\n", size);
975 976 977 978 979 980 981
        ok(!memcmp(buf, encodedTwoRDNs, size),
         "Unexpected value for re-endoded two RDN array\n");
        LocalFree(buf);
    }
    /* Unicode names infer the type for CERT_RDN_ANY_TYPE */
    rdn.cRDNAttr = 1;
    attrs[0].dwValueType = CERT_RDN_ANY_TYPE;
982
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
983
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
984
    todo_wine ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
985
    if (ret)
986
    {
987
        ok(size == sizeof(anyType), "Unexpected size %d\n", size);
988 989 990 991 992
        ok(!memcmp(buf, anyType, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

993 994 995
static void compareNameValues(const CERT_NAME_VALUE *expected,
 const CERT_NAME_VALUE *got)
{
996 997 998 999 1000 1001 1002
    if (expected->dwValueType == CERT_RDN_UTF8_STRING &&
        got->dwValueType == CERT_RDN_ENCODED_BLOB)
    {
        win_skip("Can't handle CERT_RDN_UTF8_STRING\n");
        return;
    }

1003
    ok(got->dwValueType == expected->dwValueType,
1004
     "Expected string type %d, got %d\n", expected->dwValueType,
1005 1006
     got->dwValueType);
    ok(got->Value.cbData == expected->Value.cbData,
1007
     "String type %d: unexpected data size, got %d, expected %d\n",
1008
     expected->dwValueType, got->Value.cbData, expected->Value.cbData);
1009 1010
    if (got->Value.cbData && got->Value.pbData)
        ok(!memcmp(got->Value.pbData, expected->Value.pbData,
1011
         min(got->Value.cbData, expected->Value.cbData)),
1012
         "String type %d: unexpected value\n", expected->dwValueType);
1013 1014
}

1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028
static void compareRDNAttrs(const CERT_RDN_ATTR *expected,
 const CERT_RDN_ATTR *got)
{
    if (expected->pszObjId && strlen(expected->pszObjId))
    {
        ok(got->pszObjId != NULL, "Expected OID %s, got NULL\n",
         expected->pszObjId);
        if (got->pszObjId)
        {
            ok(!strcmp(got->pszObjId, expected->pszObjId),
             "Got unexpected OID %s, expected %s\n", got->pszObjId,
             expected->pszObjId);
        }
    }
1029 1030
    compareNameValues((const CERT_NAME_VALUE *)&expected->dwValueType,
     (const CERT_NAME_VALUE *)&got->dwValueType);
1031 1032 1033 1034 1035
}

static void compareRDNs(const CERT_RDN *expected, const CERT_RDN *got)
{
    ok(got->cRDNAttr == expected->cRDNAttr,
1036
     "Expected %d RDN attrs, got %d\n", expected->cRDNAttr, got->cRDNAttr);
1037 1038 1039 1040 1041 1042 1043
    if (got->cRDNAttr)
    {
        DWORD i;

        for (i = 0; i < got->cRDNAttr; i++)
            compareRDNAttrs(&expected->rgRDNAttr[i], &got->rgRDNAttr[i]);
    }
1044 1045 1046 1047 1048
}

static void compareNames(const CERT_NAME_INFO *expected,
 const CERT_NAME_INFO *got)
{
1049
    ok(got->cRDN == expected->cRDN, "Expected %d RDNs, got %d\n",
1050
     expected->cRDN, got->cRDN);
Juan Lang's avatar
Juan Lang committed
1051
    if (got->cRDN)
1052
    {
1053 1054 1055 1056
        DWORD i;

        for (i = 0; i < got->cRDN; i++)
            compareRDNs(&expected->rgRDN[i], &got->rgRDN[i]);
1057 1058 1059
    }
}

1060
static const BYTE emptyIndefiniteSequence[] = { 0x30,0x80,0x00,0x00 };
1061 1062 1063 1064 1065
static const BYTE twoRDNsExtraBytes[] = {
    0x30,0x23,0x31,0x21,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,
    0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
    0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0,0,0,0,0,0};

1066 1067 1068 1069 1070 1071 1072 1073 1074 1075
static void test_decodeName(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;
    CERT_RDN rdn;
    CERT_NAME_INFO info = { 1, &rdn };

    /* test empty name */
    bufSize = 0;
1076
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptySequence,
1077
     emptySequence[1] + 2,
1078
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1079
     &buf, &bufSize);
1080
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1081 1082 1083
    /* Interestingly, in Windows, if cRDN is 0, rgRGN may not be NULL.  My
     * decoder works the same way, so only test the count.
     */
1084
    if (ret)
1085
    {
1086
        ok(bufSize == sizeof(CERT_NAME_INFO), "Wrong bufSize %d\n", bufSize);
1087
        ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
1088
         "Expected 0 RDNs in empty info, got %d\n",
1089 1090 1091
         ((CERT_NAME_INFO *)buf)->cRDN);
        LocalFree(buf);
    }
1092
    /* test empty name with indefinite-length encoding */
1093
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptyIndefiniteSequence,
1094
     sizeof(emptyIndefiniteSequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
1095
     &buf, &bufSize);
1096 1097 1098 1099 1100 1101 1102 1103 1104
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(bufSize == sizeof(CERT_NAME_INFO), "Wrong bufSize %d\n", bufSize);
        ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
         "Expected 0 RDNs in empty info, got %d\n",
         ((CERT_NAME_INFO *)buf)->cRDN);
        LocalFree(buf);
    }
1105 1106
    /* test empty RDN */
    bufSize = 0;
1107
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptyRDNs,
1108 1109
     emptyRDNs[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1110
     &buf, &bufSize);
1111
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1112
    if (ret)
1113 1114 1115 1116 1117 1118 1119 1120 1121 1122
    {
        CERT_NAME_INFO *info = (CERT_NAME_INFO *)buf;

        ok(bufSize == sizeof(CERT_NAME_INFO) + sizeof(CERT_RDN) &&
         info->cRDN == 1 && info->rgRDN && info->rgRDN[0].cRDNAttr == 0,
         "Got unexpected value for empty RDN\n");
        LocalFree(buf);
    }
    /* test two RDN attrs */
    bufSize = 0;
1123
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, twoRDNs,
1124 1125
     twoRDNs[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1126
     &buf, &bufSize);
1127
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1128
    if (ret)
1129
    {
1130 1131 1132
        static CHAR oid_sur_name[]    = szOID_SUR_NAME,
                    oid_common_name[] = szOID_COMMON_NAME;

1133
        CERT_RDN_ATTR attrs[] = {
1134
         { oid_sur_name, CERT_RDN_PRINTABLE_STRING, { sizeof(surName),
1135
          (BYTE *)surName } },
1136
         { oid_common_name, CERT_RDN_PRINTABLE_STRING, { sizeof(commonName),
1137 1138 1139 1140 1141
          (BYTE *)commonName } },
        };

        rdn.cRDNAttr = sizeof(attrs) / sizeof(attrs[0]);
        rdn.rgRDNAttr = attrs;
Juan Lang's avatar
Juan Lang committed
1142
        compareNames(&info, (CERT_NAME_INFO *)buf);
1143 1144
        LocalFree(buf);
    }
1145 1146
    /* test that two RDN attrs with extra bytes succeeds */
    bufSize = 0;
1147
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, twoRDNsExtraBytes,
1148 1149
     sizeof(twoRDNsExtraBytes), 0, NULL, NULL, &bufSize);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1150 1151 1152
    /* And, a slightly more complicated name */
    buf = NULL;
    bufSize = 0;
1153
    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, encodedRDNAttrs,
1154
     sizeof(encodedRDNAttrs), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1155
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1156 1157 1158
    if (ret)
    {
        rdn.cRDNAttr = sizeof(decodedRdnAttrs) / sizeof(decodedRdnAttrs[0]);
1159
        rdn.rgRDNAttr = decodedRdnAttrs;
1160 1161 1162
        compareNames(&info, (CERT_NAME_INFO *)buf);
        LocalFree(buf);
    }
1163 1164
}

1165 1166 1167 1168 1169 1170 1171 1172 1173 1174
static void test_decodeUnicodeName(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;
    CERT_RDN rdn;
    CERT_NAME_INFO info = { 1, &rdn };

    /* test empty name */
    bufSize = 0;
1175
    ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, emptySequence,
1176 1177
     emptySequence[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1178
     &buf, &bufSize);
1179
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1180
    if (ret)
1181 1182
    {
        ok(bufSize == sizeof(CERT_NAME_INFO),
1183
         "Got wrong bufSize %d\n", bufSize);
1184
        ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
1185
         "Expected 0 RDNs in empty info, got %d\n",
1186 1187 1188 1189 1190
         ((CERT_NAME_INFO *)buf)->cRDN);
        LocalFree(buf);
    }
    /* test empty RDN */
    bufSize = 0;
1191
    ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, emptyRDNs,
1192 1193
     emptyRDNs[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1194
     &buf, &bufSize);
1195
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1196
    if (ret)
1197 1198 1199 1200 1201 1202 1203 1204 1205 1206
    {
        CERT_NAME_INFO *info = (CERT_NAME_INFO *)buf;

        ok(bufSize == sizeof(CERT_NAME_INFO) + sizeof(CERT_RDN) &&
         info->cRDN == 1 && info->rgRDN && info->rgRDN[0].cRDNAttr == 0,
         "Got unexpected value for empty RDN\n");
        LocalFree(buf);
    }
    /* test two RDN attrs */
    bufSize = 0;
1207
    ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, twoRDNsNoNull,
1208 1209
     sizeof(twoRDNsNoNull),
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1210
     &buf, &bufSize);
1211
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1212
    if (ret)
1213
    {
1214 1215 1216
        static CHAR oid_sur_name[]    = szOID_SUR_NAME,
                    oid_common_name[] = szOID_COMMON_NAME;

1217
        CERT_RDN_ATTR attrs[] = {
1218
         { oid_sur_name, CERT_RDN_PRINTABLE_STRING,
1219
         { lstrlenW(surNameW) * sizeof(WCHAR), (BYTE *)surNameW } },
1220
         { oid_common_name, CERT_RDN_PRINTABLE_STRING,
1221 1222 1223 1224 1225 1226 1227 1228 1229 1230
         { lstrlenW(commonNameW) * sizeof(WCHAR), (BYTE *)commonNameW } },
        };

        rdn.cRDNAttr = sizeof(attrs) / sizeof(attrs[0]);
        rdn.rgRDNAttr = attrs;
        compareNames(&info, (CERT_NAME_INFO *)buf);
        LocalFree(buf);
    }
}

1231 1232 1233 1234
struct EncodedNameValue
{
    CERT_NAME_VALUE value;
    const BYTE *encoded;
1235
    DWORD encodedSize;
1236 1237 1238 1239 1240 1241 1242 1243
};

static const char bogusIA5[] = "\x80";
static const char bogusPrintable[] = "~";
static const char bogusNumeric[] = "A";
static const BYTE bin42[] = { 0x16,0x02,0x80,0x00 };
static const BYTE bin43[] = { 0x13,0x02,0x7e,0x00 };
static const BYTE bin44[] = { 0x12,0x02,0x41,0x00 };
1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266
static BYTE octetCommonNameValue[] = {
 0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE numericCommonNameValue[] = {
 0x12,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE printableCommonNameValue[] = {
 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE t61CommonNameValue[] = {
 0x14,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE videotexCommonNameValue[] = {
 0x15,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE ia5CommonNameValue[] = {
 0x16,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE graphicCommonNameValue[] = {
 0x19,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE visibleCommonNameValue[] = {
 0x1a,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE generalCommonNameValue[] = {
 0x1b,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE bmpCommonNameValue[] = {
 0x1e,0x14,0x00,0x4a,0x00,0x75,0x00,0x61,0x00,0x6e,0x00,0x20,0x00,0x4c,0x00,
 0x61,0x00,0x6e,0x00,0x67,0x00,0x00 };
static BYTE utf8CommonNameValue[] = {
 0x0c,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1267 1268 1269
static char embedded_null[] = "foo\0com";
static BYTE ia5EmbeddedNull[] = {
 0x16,0x07,0x66,0x6f,0x6f,0x00,0x63,0x6f,0x6d };
1270

1271 1272 1273 1274 1275
static struct EncodedNameValue nameValues[] = {
 { { CERT_RDN_OCTET_STRING, { sizeof(commonName), (BYTE *)commonName } },
     octetCommonNameValue, sizeof(octetCommonNameValue) },
 { { CERT_RDN_NUMERIC_STRING, { sizeof(commonName), (BYTE *)commonName } },
     numericCommonNameValue, sizeof(numericCommonNameValue) },
1276
 { { CERT_RDN_PRINTABLE_STRING, { sizeof(commonName), (BYTE *)commonName } },
1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293
     printableCommonNameValue, sizeof(printableCommonNameValue) },
 { { CERT_RDN_T61_STRING, { sizeof(commonName), (BYTE *)commonName } },
     t61CommonNameValue, sizeof(t61CommonNameValue) },
 { { CERT_RDN_VIDEOTEX_STRING, { sizeof(commonName), (BYTE *)commonName } },
     videotexCommonNameValue, sizeof(videotexCommonNameValue) },
 { { CERT_RDN_IA5_STRING, { sizeof(commonName), (BYTE *)commonName } },
     ia5CommonNameValue, sizeof(ia5CommonNameValue) },
 { { CERT_RDN_GRAPHIC_STRING, { sizeof(commonName), (BYTE *)commonName } },
     graphicCommonNameValue, sizeof(graphicCommonNameValue) },
 { { CERT_RDN_VISIBLE_STRING, { sizeof(commonName), (BYTE *)commonName } },
     visibleCommonNameValue, sizeof(visibleCommonNameValue) },
 { { CERT_RDN_GENERAL_STRING, { sizeof(commonName), (BYTE *)commonName } },
     generalCommonNameValue, sizeof(generalCommonNameValue) },
 { { CERT_RDN_BMP_STRING, { sizeof(commonNameW), (BYTE *)commonNameW } },
     bmpCommonNameValue, sizeof(bmpCommonNameValue) },
 { { CERT_RDN_UTF8_STRING, { sizeof(commonNameW), (BYTE *)commonNameW } },
     utf8CommonNameValue, sizeof(utf8CommonNameValue) },
1294 1295 1296 1297
 /* The following tests succeed under Windows, but really should fail,
  * they contain characters that are illegal for the encoding.  I'm
  * including them to justify my lazy encoding.
  */
1298 1299
 { { CERT_RDN_IA5_STRING, { sizeof(bogusIA5), (BYTE *)bogusIA5 } }, bin42,
     sizeof(bin42) },
1300
 { { CERT_RDN_PRINTABLE_STRING, { sizeof(bogusPrintable),
1301
     (BYTE *)bogusPrintable } }, bin43, sizeof(bin43) },
1302
 { { CERT_RDN_NUMERIC_STRING, { sizeof(bogusNumeric), (BYTE *)bogusNumeric } },
1303
     bin44, sizeof(bin44) },
1304
};
1305 1306 1307 1308 1309 1310
/* This is kept separate, because the decoding doesn't return to the original
 * value.
 */
static struct EncodedNameValue embeddedNullNameValue = {
 { CERT_RDN_IA5_STRING, { sizeof(embedded_null) - 1, (BYTE *)embedded_null } },
   ia5EmbeddedNull, sizeof(ia5EmbeddedNull) };
1311 1312 1313 1314 1315 1316

static void test_encodeNameValue(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD size = 0, i;
    BOOL ret;
1317
    CERT_NAME_VALUE value = { 0, { 0, NULL } };
1318

1319 1320 1321
    value.dwValueType = CERT_RDN_ENCODED_BLOB;
    value.Value.pbData = printableCommonNameValue;
    value.Value.cbData = sizeof(printableCommonNameValue);
1322
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE, &value,
1323
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1324
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1325
    if (ret)
1326
    {
1327
        ok(size == sizeof(printableCommonNameValue), "Unexpected size %d\n",
1328 1329 1330 1331 1332
         size);
        ok(!memcmp(buf, printableCommonNameValue, size),
         "Unexpected encoding\n");
        LocalFree(buf);
    }
1333 1334
    for (i = 0; i < sizeof(nameValues) / sizeof(nameValues[0]); i++)
    {
1335
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE,
1336
         &nameValues[i].value, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1337 1338
        ok(ret || broken(GetLastError() == OSS_PDU_MISMATCH) /* NT4/Win9x */,
         "Type %d: CryptEncodeObjectEx failed: %08x\n",
1339
         nameValues[i].value.dwValueType, GetLastError());
1340
        if (ret)
1341
        {
1342
            ok(size == nameValues[i].encodedSize,
1343
             "Expected size %d, got %d\n", nameValues[i].encodedSize, size);
1344 1345 1346 1347 1348
            ok(!memcmp(buf, nameValues[i].encoded, size),
             "Got unexpected encoding\n");
            LocalFree(buf);
        }
    }
1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE,
     &embeddedNullNameValue.value, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret || broken(GetLastError() == OSS_PDU_MISMATCH) /* NT4/Win9x */,
     "Type %d: CryptEncodeObjectEx failed: %08x\n",
     embeddedNullNameValue.value.dwValueType, GetLastError());
    if (ret)
    {
        ok(size == embeddedNullNameValue.encodedSize,
         "Expected size %d, got %d\n", embeddedNullNameValue.encodedSize, size);
        ok(!memcmp(buf, embeddedNullNameValue.encoded, size),
         "Got unexpected encoding\n");
        LocalFree(buf);
    }
1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372
}

static void test_decodeNameValue(DWORD dwEncoding)
{
    int i;
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;

    for (i = 0; i < sizeof(nameValues) / sizeof(nameValues[0]); i++)
    {
1373
        ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_VALUE,
1374 1375
         nameValues[i].encoded, nameValues[i].encoded[1] + 2,
         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1376
         &buf, &bufSize);
1377
        ok(ret, "Value type %d: CryptDecodeObjectEx failed: %08x\n",
1378
         nameValues[i].value.dwValueType, GetLastError());
1379
        if (ret)
1380 1381 1382 1383 1384 1385
        {
            compareNameValues(&nameValues[i].value,
             (const CERT_NAME_VALUE *)buf);
            LocalFree(buf);
        }
    }
1386 1387 1388 1389
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_VALUE,
     embeddedNullNameValue.encoded, embeddedNullNameValue.encodedSize,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
     &buf, &bufSize);
1390 1391 1392
    /* Some Windows versions disallow name values with embedded NULLs, so
     * either success or failure is acceptable.
     */
1393 1394
    if (ret)
    {
1395
        CERT_NAME_VALUE rdnEncodedValue = { CERT_RDN_ENCODED_BLOB,
1396
         { sizeof(ia5EmbeddedNull), ia5EmbeddedNull } };
1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423
        CERT_NAME_VALUE embeddedNullValue = { CERT_RDN_IA5_STRING,
         { sizeof(embedded_null) - 1, (BYTE *)embedded_null } };
        const CERT_NAME_VALUE *got = (const CERT_NAME_VALUE *)buf,
         *expected = NULL;

        /* Some Windows versions decode name values with embedded NULLs,
         * others leave them encoded, even with the same version of crypt32.
         * Accept either.
         */
        ok(got->dwValueType == CERT_RDN_ENCODED_BLOB ||
         got->dwValueType == CERT_RDN_IA5_STRING,
         "Expected CERT_RDN_ENCODED_BLOB or CERT_RDN_IA5_STRING, got %d\n",
         got->dwValueType);
        if (got->dwValueType == CERT_RDN_ENCODED_BLOB)
            expected = &rdnEncodedValue;
        else if (got->dwValueType == CERT_RDN_IA5_STRING)
            expected = &embeddedNullValue;
        if (expected)
        {
            ok(got->Value.cbData == expected->Value.cbData,
             "String type %d: unexpected data size, got %d, expected %d\n",
             got->dwValueType, got->Value.cbData, expected->Value.cbData);
            if (got->Value.cbData && got->Value.pbData)
                ok(!memcmp(got->Value.pbData, expected->Value.pbData,
                 min(got->Value.cbData, expected->Value.cbData)),
                 "String type %d: unexpected value\n", expected->dwValueType);
        }
1424 1425
        LocalFree(buf);
    }
1426 1427
}

1428
static const BYTE emptyURL[] = { 0x30, 0x02, 0x86, 0x00 };
1429
static const BYTE emptyURLExtraBytes[] = { 0x30, 0x02, 0x86, 0x00, 0, 0, 0 };
1430 1431 1432 1433 1434
static const WCHAR url[] = { 'h','t','t','p',':','/','/','w','i','n','e',
 'h','q','.','o','r','g',0 };
static const BYTE encodedURL[] = { 0x30, 0x13, 0x86, 0x11, 0x68, 0x74,
 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e,
 0x6f, 0x72, 0x67 };
1435 1436
static const WCHAR nihongoURL[] = { 'h','t','t','p',':','/','/',0x226f,
 0x575b, 0 };
1437 1438 1439 1440 1441 1442
static const WCHAR dnsName[] = { 'w','i','n','e','h','q','.','o','r','g',0 };
static const BYTE encodedDnsName[] = { 0x30, 0x0c, 0x82, 0x0a, 0x77, 0x69,
 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE localhost[] = { 127, 0, 0, 1 };
static const BYTE encodedIPAddr[] = { 0x30, 0x06, 0x87, 0x04, 0x7f, 0x00, 0x00,
 0x01 };
1443 1444 1445 1446 1447 1448
static const unsigned char encodedCommonName[] = {
    0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,'J','u','a','n',' ','L','a','n','g',0};
static const BYTE encodedOidName[] = { 0x30,0x04,0x88,0x02,0x2a,0x03 };
static const BYTE encodedDirectoryName[] = {
0x30,0x19,0xa4,0x17,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1449 1450 1451 1452 1453 1454 1455 1456

static void test_encodeAltName(DWORD dwEncoding)
{
    CERT_ALT_NAME_INFO info = { 0 };
    CERT_ALT_NAME_ENTRY entry = { 0 };
    BYTE *buf = NULL;
    DWORD size = 0;
    BOOL ret;
1457
    char oid[] = "1.2.3";
1458 1459

    /* Test with empty info */
1460
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1461
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1462
    if (ret)
1463
    {
1464
        ok(size == sizeof(emptySequence), "Wrong size %d\n", size);
1465
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
1466 1467 1468 1469 1470
        LocalFree(buf);
    }
    /* Test with an empty entry */
    info.cAltEntry = 1;
    info.rgAltEntry = &entry;
1471
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1472
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1473
    ok(!ret && GetLastError() == E_INVALIDARG,
1474
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
1475 1476
    /* Test with an empty pointer */
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
1477
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1478
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1479
    if (ret)
1480
    {
1481
        ok(size == sizeof(emptyURL), "Wrong size %d\n", size);
1482 1483 1484 1485 1486
        ok(!memcmp(buf, emptyURL, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Test with a real URL */
    U(entry).pwszURL = (LPWSTR)url;
1487
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1488
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1489
    if (ret)
1490
    {
1491
        ok(size == sizeof(encodedURL), "Wrong size %d\n", size);
1492 1493 1494 1495
        ok(!memcmp(buf, encodedURL, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Now with the URL containing an invalid IA5 char */
1496
    U(entry).pwszURL = (LPWSTR)nihongoURL;
1497
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1498
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1499
    ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
1500
     "Expected CRYPT_E_INVALID_IA5_STRING, got %08x\n", GetLastError());
1501 1502
    /* The first invalid character is at index 7 */
    ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
1503
     "Expected invalid char at index 7, got %d\n",
1504
     GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
1505 1506
    /* Now with the URL missing a scheme */
    U(entry).pwszURL = (LPWSTR)dnsName;
1507
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1508
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1509
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1510
    if (ret)
1511 1512 1513 1514 1515 1516
    {
        /* This succeeds, but it shouldn't, so don't worry about conforming */
        LocalFree(buf);
    }
    /* Now with a DNS name */
    entry.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
1517
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1518
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1519
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1520
    if (ret)
1521
    {
1522
        ok(size == sizeof(encodedDnsName), "Wrong size %d\n", size);
1523 1524 1525 1526 1527 1528 1529
        ok(!memcmp(buf, encodedDnsName, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Test with an IP address */
    entry.dwAltNameChoice = CERT_ALT_NAME_IP_ADDRESS;
    U(entry).IPAddress.cbData = sizeof(localhost);
    U(entry).IPAddress.pbData = (LPBYTE)localhost;
1530
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1531
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1532
    if (ret)
1533
    {
1534
        ok(size == sizeof(encodedIPAddr), "Wrong size %d\n", size);
1535 1536 1537
        ok(!memcmp(buf, encodedIPAddr, size), "Unexpected value\n");
        LocalFree(buf);
    }
1538 1539 1540
    /* Test with OID */
    entry.dwAltNameChoice = CERT_ALT_NAME_REGISTERED_ID;
    U(entry).pszRegisteredID = oid;
1541
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1542
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1543
    if (ret)
1544 1545 1546 1547 1548 1549 1550 1551 1552
    {
        ok(size == sizeof(encodedOidName), "Wrong size %d\n", size);
        ok(!memcmp(buf, encodedOidName, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Test with directory name */
    entry.dwAltNameChoice = CERT_ALT_NAME_DIRECTORY_NAME;
    U(entry).DirectoryName.cbData = sizeof(encodedCommonName);
    U(entry).DirectoryName.pbData = (LPBYTE)encodedCommonName;
1553
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1554
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1555
    if (ret)
1556 1557 1558 1559 1560
    {
        ok(size == sizeof(encodedDirectoryName), "Wrong size %d\n", size);
        ok(!memcmp(buf, encodedDirectoryName, size), "Unexpected value\n");
        LocalFree(buf);
    }
1561 1562 1563 1564 1565 1566 1567 1568
}

static void test_decodeAltName(DWORD dwEncoding)
{
    static const BYTE unimplementedType[] = { 0x30, 0x06, 0x85, 0x04, 0x7f,
     0x00, 0x00, 0x01 };
    static const BYTE bogusType[] = { 0x30, 0x06, 0x89, 0x04, 0x7f, 0x00, 0x00,
     0x01 };
1569 1570 1571 1572 1573 1574
    static const BYTE dns_embedded_null[] = { 0x30,0x10,0x82,0x0e,0x66,0x6f,
     0x6f,0x2e,0x63,0x6f,0x6d,0x00,0x62,0x61,0x64,0x64,0x69,0x65 };
    static const BYTE dns_embedded_bell[] = { 0x30,0x10,0x82,0x0e,0x66,0x6f,
     0x6f,0x2e,0x63,0x6f,0x6d,0x07,0x62,0x61,0x64,0x64,0x69,0x65 };
    static const BYTE url_embedded_null[] = { 0x30,0x10,0x86,0x0e,0x66,0x6f,
     0x6f,0x2e,0x63,0x6f,0x6d,0x00,0x62,0x61,0x64,0x64,0x69,0x65 };
1575 1576 1577 1578 1579 1580
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    CERT_ALT_NAME_INFO *info;

    /* Test some bogus ones first */
1581
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1582
     unimplementedType, sizeof(unimplementedType), CRYPT_DECODE_ALLOC_FLAG,
1583
     NULL, &buf, &bufSize);
1584 1585 1586 1587
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_BADTAG or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
1588
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1589
     bogusType, sizeof(bogusType), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
1590
     &bufSize);
1591 1592 1593 1594
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
1595
    /* Now expected cases */
1596
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptySequence,
1597
     emptySequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1598
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1599
    if (ret)
1600 1601 1602
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1603
        ok(info->cAltEntry == 0, "Expected 0 entries, got %d\n",
1604 1605 1606
         info->cAltEntry);
        LocalFree(buf);
    }
1607
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptyURL,
1608
     emptyURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1609
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1610
    if (ret)
1611 1612 1613
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1614
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1615 1616
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1617
         "Expected CERT_ALT_NAME_URL, got %d\n",
1618 1619 1620 1621 1622
         info->rgAltEntry[0].dwAltNameChoice);
        ok(U(info->rgAltEntry[0]).pwszURL == NULL || !*U(info->rgAltEntry[0]).pwszURL,
         "Expected empty URL\n");
        LocalFree(buf);
    }
1623
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1624 1625
     emptyURLExtraBytes, sizeof(emptyURLExtraBytes), 0, NULL, NULL, &bufSize);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1626
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedURL,
1627
     encodedURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1628
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1629
    if (ret)
1630 1631 1632
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1633
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1634 1635
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1636
         "Expected CERT_ALT_NAME_URL, got %d\n",
1637 1638 1639 1640
         info->rgAltEntry[0].dwAltNameChoice);
        ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszURL, url), "Unexpected URL\n");
        LocalFree(buf);
    }
1641
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedDnsName,
1642
     encodedDnsName[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1643
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1644
    if (ret)
1645 1646 1647
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1648
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1649 1650
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME,
1651
         "Expected CERT_ALT_NAME_DNS_NAME, got %d\n",
1652 1653 1654 1655 1656
         info->rgAltEntry[0].dwAltNameChoice);
        ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszDNSName, dnsName),
         "Unexpected DNS name\n");
        LocalFree(buf);
    }
1657
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedIPAddr,
1658
     encodedIPAddr[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1659
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1660
    if (ret)
1661 1662 1663
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1664
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1665 1666
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS,
1667
         "Expected CERT_ALT_NAME_IP_ADDRESS, got %d\n",
1668 1669
         info->rgAltEntry[0].dwAltNameChoice);
        ok(U(info->rgAltEntry[0]).IPAddress.cbData == sizeof(localhost),
1670
         "Unexpected IP address length %d\n",
1671 1672 1673 1674 1675
          U(info->rgAltEntry[0]).IPAddress.cbData);
        ok(!memcmp(U(info->rgAltEntry[0]).IPAddress.pbData, localhost,
         sizeof(localhost)), "Unexpected IP address value\n");
        LocalFree(buf);
    }
1676
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedOidName,
1677
     sizeof(encodedOidName), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1678
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1679
    if (ret)
1680 1681 1682 1683 1684 1685 1686 1687
    {
        info = (CERT_ALT_NAME_INFO *)buf;

        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_REGISTERED_ID,
         "Expected CERT_ALT_NAME_REGISTERED_ID, got %d\n",
         info->rgAltEntry[0].dwAltNameChoice);
1688 1689
        ok(!strcmp(U(info->rgAltEntry[0]).pszRegisteredID, "1.2.3"),
           "Expected OID 1.2.3, got %s\n", U(info->rgAltEntry[0]).pszRegisteredID);
1690 1691
        LocalFree(buf);
    }
1692
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1693
     encodedDirectoryName, sizeof(encodedDirectoryName),
1694
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1695
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1696
    if (ret)
1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712
    {
        info = (CERT_ALT_NAME_INFO *)buf;

        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME,
         "Expected CERT_ALT_NAME_DIRECTORY_NAME, got %d\n",
         info->rgAltEntry[0].dwAltNameChoice);
        ok(U(info->rgAltEntry[0]).DirectoryName.cbData ==
         sizeof(encodedCommonName), "Unexpected directory name length %d\n",
          U(info->rgAltEntry[0]).DirectoryName.cbData);
        ok(!memcmp(U(info->rgAltEntry[0]).DirectoryName.pbData,
         encodedCommonName, sizeof(encodedCommonName)),
         "Unexpected directory name value\n");
        LocalFree(buf);
    }
1713 1714 1715 1716 1717
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
     dns_embedded_null, sizeof(dns_embedded_null), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &buf, &bufSize);
    /* Fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned about the
     * particular failure, just that it doesn't decode.
1718 1719
     * It succeeds on (broken) Windows versions that haven't addressed
     * embedded NULLs in alternate names.
1720
     */
1721
    ok(!ret || broken(ret), "expected failure\n");
1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742
    /* An embedded bell character is allowed, however. */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
     dns_embedded_bell, sizeof(dns_embedded_bell), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &buf, &bufSize);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        info = (CERT_ALT_NAME_INFO *)buf;

        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME,
         "Expected CERT_ALT_NAME_DNS_NAME, got %d\n",
         info->rgAltEntry[0].dwAltNameChoice);
        LocalFree(buf);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
     url_embedded_null, sizeof(dns_embedded_null), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &buf, &bufSize);
    /* Again, fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned
     * about the particular failure, just that it doesn't decode.
1743 1744
     * It succeeds on (broken) Windows versions that haven't addressed
     * embedded NULLs in alternate names.
1745
     */
1746
    ok(!ret || broken(ret), "expected failure\n");
1747 1748
}

1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824
struct UnicodeExpectedError
{
    DWORD   valueType;
    LPCWSTR str;
    DWORD   errorIndex;
    DWORD   error;
};

static const WCHAR oneW[] = { '1',0 };
static const WCHAR aW[] = { 'a',0 };
static const WCHAR quoteW[] = { '"', 0 };

static struct UnicodeExpectedError unicodeErrors[] = {
 { CERT_RDN_ANY_TYPE,         oneW,       0, CRYPT_E_NOT_CHAR_STRING },
 { CERT_RDN_ENCODED_BLOB,     oneW,       0, CRYPT_E_NOT_CHAR_STRING },
 { CERT_RDN_OCTET_STRING,     oneW,       0, CRYPT_E_NOT_CHAR_STRING },
 { CERT_RDN_NUMERIC_STRING,   aW,         0, CRYPT_E_INVALID_NUMERIC_STRING },
 { CERT_RDN_PRINTABLE_STRING, quoteW,     0, CRYPT_E_INVALID_PRINTABLE_STRING },
 { CERT_RDN_IA5_STRING,       nihongoURL, 7, CRYPT_E_INVALID_IA5_STRING },
};

struct UnicodeExpectedResult
{
    DWORD           valueType;
    LPCWSTR         str;
    CRYPT_DATA_BLOB encoded;
};

static BYTE oneNumeric[] = { 0x12, 0x01, 0x31 };
static BYTE onePrintable[] = { 0x13, 0x01, 0x31 };
static BYTE oneTeletex[] = { 0x14, 0x01, 0x31 };
static BYTE oneVideotex[] = { 0x15, 0x01, 0x31 };
static BYTE oneIA5[] = { 0x16, 0x01, 0x31 };
static BYTE oneGraphic[] = { 0x19, 0x01, 0x31 };
static BYTE oneVisible[] = { 0x1a, 0x01, 0x31 };
static BYTE oneUniversal[] = { 0x1c, 0x04, 0x00, 0x00, 0x00, 0x31 };
static BYTE oneGeneral[] = { 0x1b, 0x01, 0x31 };
static BYTE oneBMP[] = { 0x1e, 0x02, 0x00, 0x31 };
static BYTE oneUTF8[] = { 0x0c, 0x01, 0x31 };
static BYTE nihongoT61[] = { 0x14,0x09,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,
 0x5b };
static BYTE nihongoGeneral[] = { 0x1b,0x09,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
 0x6f,0x5b };
static BYTE nihongoBMP[] = { 0x1e,0x12,0x00,0x68,0x00,0x74,0x00,0x74,0x00,0x70,
 0x00,0x3a,0x00,0x2f,0x00,0x2f,0x22,0x6f,0x57,0x5b };
static BYTE nihongoUTF8[] = { 0x0c,0x0d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
 0xe2,0x89,0xaf,0xe5,0x9d,0x9b };

static struct UnicodeExpectedResult unicodeResults[] = {
 { CERT_RDN_NUMERIC_STRING,   oneW, { sizeof(oneNumeric), oneNumeric } },
 { CERT_RDN_PRINTABLE_STRING, oneW, { sizeof(onePrintable), onePrintable } },
 { CERT_RDN_TELETEX_STRING,   oneW, { sizeof(oneTeletex), oneTeletex } },
 { CERT_RDN_VIDEOTEX_STRING,  oneW, { sizeof(oneVideotex), oneVideotex } },
 { CERT_RDN_IA5_STRING,       oneW, { sizeof(oneIA5), oneIA5 } },
 { CERT_RDN_GRAPHIC_STRING,   oneW, { sizeof(oneGraphic), oneGraphic } },
 { CERT_RDN_VISIBLE_STRING,   oneW, { sizeof(oneVisible), oneVisible } },
 { CERT_RDN_UNIVERSAL_STRING, oneW, { sizeof(oneUniversal), oneUniversal } },
 { CERT_RDN_GENERAL_STRING,   oneW, { sizeof(oneGeneral), oneGeneral } },
 { CERT_RDN_BMP_STRING,       oneW, { sizeof(oneBMP), oneBMP } },
 { CERT_RDN_UTF8_STRING,      oneW, { sizeof(oneUTF8), oneUTF8 } },
 { CERT_RDN_BMP_STRING,     nihongoURL, { sizeof(nihongoBMP), nihongoBMP } },
 { CERT_RDN_UTF8_STRING,    nihongoURL, { sizeof(nihongoUTF8), nihongoUTF8 } },
};

static struct UnicodeExpectedResult unicodeWeirdness[] = {
 { CERT_RDN_TELETEX_STRING, nihongoURL, { sizeof(nihongoT61), nihongoT61 } },
 { CERT_RDN_GENERAL_STRING, nihongoURL, { sizeof(nihongoGeneral), nihongoGeneral } },
};

static void test_encodeUnicodeNameValue(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD size = 0, i;
    BOOL ret;
    CERT_NAME_VALUE value;

1825 1826 1827 1828
    if (0)
    {
        /* Crashes on win9x */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, NULL,
1829
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1830 1831 1832
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
1833 1834 1835 1836
    /* Have to have a string of some sort */
    value.dwValueType = 0; /* aka CERT_RDN_ANY_TYPE */
    value.Value.pbData = NULL;
    value.Value.cbData = 0;
1837
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1838
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1839
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1840
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1841
    value.dwValueType = CERT_RDN_ENCODED_BLOB;
1842
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1843
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1844
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1845
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1846 1847
    value.dwValueType = CERT_RDN_ANY_TYPE;
    value.Value.pbData = (LPBYTE)oneW;
1848
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1849
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1850
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1851
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1852
    value.Value.cbData = sizeof(oneW);
1853
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1854
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1855
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1856
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1857 1858 1859 1860
    /* An encoded string with specified length isn't good enough either */
    value.dwValueType = CERT_RDN_ENCODED_BLOB;
    value.Value.pbData = oneUniversal;
    value.Value.cbData = sizeof(oneUniversal);
1861
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1862
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1863
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1864
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1865 1866 1867 1868 1869 1870
    /* More failure checking */
    value.Value.cbData = 0;
    for (i = 0; i < sizeof(unicodeErrors) / sizeof(unicodeErrors[0]); i++)
    {
        value.Value.pbData = (LPBYTE)unicodeErrors[i].str;
        value.dwValueType = unicodeErrors[i].valueType;
1871
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1872
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1873
        ok(!ret && GetLastError() == unicodeErrors[i].error,
1874
         "Value type %d: expected %08x, got %08x\n", value.dwValueType,
1875 1876
         unicodeErrors[i].error, GetLastError());
        ok(size == unicodeErrors[i].errorIndex,
1877
         "Expected error index %d, got %d\n", unicodeErrors[i].errorIndex,
1878 1879 1880 1881 1882 1883 1884 1885
         size);
    }
    /* cbData can be zero if the string is NULL-terminated */
    value.Value.cbData = 0;
    for (i = 0; i < sizeof(unicodeResults) / sizeof(unicodeResults[0]); i++)
    {
        value.Value.pbData = (LPBYTE)unicodeResults[i].str;
        value.dwValueType = unicodeResults[i].valueType;
1886
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1887
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1888 1889
        ok(ret || broken(GetLastError() == OSS_PDU_MISMATCH /* Win9x */),
         "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1890
        if (ret)
1891 1892
        {
            ok(size == unicodeResults[i].encoded.cbData,
1893
             "Value type %d: expected size %d, got %d\n",
1894 1895
             value.dwValueType, unicodeResults[i].encoded.cbData, size);
            ok(!memcmp(unicodeResults[i].encoded.pbData, buf, size),
1896
             "Value type %d: unexpected value\n", value.dwValueType);
1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907
            LocalFree(buf);
        }
    }
    /* These "encode," but they do so by truncating each unicode character
     * rather than properly encoding it.  Kept separate from the proper results,
     * because the encoded forms won't decode to their original strings.
     */
    for (i = 0; i < sizeof(unicodeWeirdness) / sizeof(unicodeWeirdness[0]); i++)
    {
        value.Value.pbData = (LPBYTE)unicodeWeirdness[i].str;
        value.dwValueType = unicodeWeirdness[i].valueType;
1908
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1909
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1910
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1911
        if (ret)
1912 1913
        {
            ok(size == unicodeWeirdness[i].encoded.cbData,
1914
             "Value type %d: expected size %d, got %d\n",
1915 1916
             value.dwValueType, unicodeWeirdness[i].encoded.cbData, size);
            ok(!memcmp(unicodeWeirdness[i].encoded.pbData, buf, size),
1917
             "Value type %d: unexpected value\n", value.dwValueType);
1918 1919 1920 1921 1922
            LocalFree(buf);
        }
    }
}

1923 1924 1925 1926 1927 1928 1929
static inline int strncmpW( const WCHAR *str1, const WCHAR *str2, int n )
{
    if (n <= 0) return 0;
    while ((--n > 0) && *str1 && (*str1 == *str2)) { str1++; str2++; }
    return *str1 - *str2;
}

1930 1931 1932 1933 1934 1935 1936 1937 1938 1939
static void test_decodeUnicodeNameValue(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(unicodeResults) / sizeof(unicodeResults[0]); i++)
    {
        BYTE *buf = NULL;
        BOOL ret;
        DWORD size = 0;

1940
        ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE,
1941
         unicodeResults[i].encoded.pbData, unicodeResults[i].encoded.cbData,
1942
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
1943 1944
        ok(ret || broken(GetLastError() == CRYPT_E_NOT_CHAR_STRING /* Win9x */),
         "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1945 1946 1947 1948 1949
        if (ret && buf)
        {
            PCERT_NAME_VALUE value = (PCERT_NAME_VALUE)buf;

            ok(value->dwValueType == unicodeResults[i].valueType,
1950
             "Expected value type %d, got %d\n", unicodeResults[i].valueType,
1951
             value->dwValueType);
1952 1953
            ok(!strncmpW((LPWSTR)value->Value.pbData, unicodeResults[i].str,
             value->Value.cbData / sizeof(WCHAR)),
1954
             "Unexpected decoded value for index %d (value type %d)\n", i,
1955 1956 1957 1958 1959 1960
             unicodeResults[i].valueType);
            LocalFree(buf);
        }
    }
}

1961 1962
struct encodedOctets
{
1963 1964
    const BYTE *val;
    const BYTE *encoded;
1965 1966
};

Mike McCormack's avatar
Mike McCormack committed
1967 1968 1969 1970 1971 1972 1973 1974 1975
static const unsigned char bin46[] = { 'h','i',0 };
static const unsigned char bin47[] = { 0x04,0x02,'h','i',0 };
static const unsigned char bin48[] = {
     's','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
static const unsigned char bin49[] = {
     0x04,0x0f,'s','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
static const unsigned char bin50[] = { 0 };
static const unsigned char bin51[] = { 0x04,0x00,0 };

1976
static const struct encodedOctets octets[] = {
Mike McCormack's avatar
Mike McCormack committed
1977 1978 1979
    { bin46, bin47 },
    { bin48, bin49 },
    { bin50, bin51 },
1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992
};

static void test_encodeOctets(DWORD dwEncoding)
{
    CRYPT_DATA_BLOB blob;
    DWORD i;

    for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
    {
        BYTE *buf = NULL;
        BOOL ret;
        DWORD bufSize = 0;

Mike McCormack's avatar
Mike McCormack committed
1993 1994
        blob.cbData = strlen((const char*)octets[i].val);
        blob.pbData = (BYTE*)octets[i].val;
1995
        ret = pCryptEncodeObjectEx(dwEncoding, X509_OCTET_STRING, &blob,
1996
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1997
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
1998
        if (ret)
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
        {
            ok(buf[0] == 4,
             "Got unexpected type %d for octet string (expected 4)\n", buf[0]);
            ok(buf[1] == octets[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], octets[i].encoded[1]);
            ok(!memcmp(buf + 1, octets[i].encoded + 1,
             octets[i].encoded[1] + 1), "Got unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeOctets(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
    {
        BYTE *buf = NULL;
        BOOL ret;
        DWORD bufSize = 0;

2021
        ret = pCryptDecodeObjectEx(dwEncoding, X509_OCTET_STRING,
2022 2023
         octets[i].encoded, octets[i].encoded[1] + 2,
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2024
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2025
        ok(bufSize >= sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1],
2026
         "Expected size >= %d, got %d\n",
2027
           (int)sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1], bufSize);
2028
        ok(buf != NULL, "Expected allocated buffer\n");
2029
        if (ret)
2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045
        {
            CRYPT_DATA_BLOB *blob = (CRYPT_DATA_BLOB *)buf;

            if (blob->cbData)
                ok(!memcmp(blob->pbData, octets[i].val, blob->cbData),
                 "Unexpected value\n");
            LocalFree(buf);
        }
    }
}

static const BYTE bytesToEncode[] = { 0xff, 0xff };

struct encodedBits
{
    DWORD cUnusedBits;
2046
    const BYTE *encoded;
2047
    DWORD cbDecoded;
2048
    const BYTE *decoded;
2049 2050
};

Juan Lang's avatar
Juan Lang committed
2051 2052 2053 2054 2055 2056 2057
static const unsigned char bin52[] = { 0x03,0x03,0x00,0xff,0xff };
static const unsigned char bin53[] = { 0xff,0xff };
static const unsigned char bin54[] = { 0x03,0x03,0x01,0xff,0xfe };
static const unsigned char bin55[] = { 0xff,0xfe };
static const unsigned char bin56[] = { 0x03,0x02,0x01,0xfe };
static const unsigned char bin57[] = { 0xfe };
static const unsigned char bin58[] = { 0x03,0x01,0x00 };
Mike McCormack's avatar
Mike McCormack committed
2058

2059
static const struct encodedBits bits[] = {
2060
    /* normal test cases */
Mike McCormack's avatar
Mike McCormack committed
2061 2062
    { 0, bin52, 2, bin53 },
    { 1, bin54, 2, bin55 },
2063
    /* strange test case, showing cUnusedBits >= 8 is allowed */
Mike McCormack's avatar
Mike McCormack committed
2064
    { 9, bin56, 1, bin57 },
2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080
};

static void test_encodeBits(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
    {
        CRYPT_BIT_BLOB blob;
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

        blob.cbData = sizeof(bytesToEncode);
        blob.pbData = (BYTE *)bytesToEncode;
        blob.cUnusedBits = bits[i].cUnusedBits;
2081
        ret = pCryptEncodeObjectEx(dwEncoding, X509_BITS, &blob,
2082
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2083
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2084
        if (ret)
2085 2086
        {
            ok(bufSize == bits[i].encoded[1] + 2,
2087
             "%d: Got unexpected size %d, expected %d\n", i, bufSize,
2088 2089
             bits[i].encoded[1] + 2);
            ok(!memcmp(buf, bits[i].encoded, bits[i].encoded[1] + 2),
2090
             "%d: Unexpected value\n", i);
2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107
            LocalFree(buf);
        }
    }
}

static void test_decodeBits(DWORD dwEncoding)
{
    static const BYTE ber[] = "\x03\x02\x01\xff";
    static const BYTE berDecoded = 0xfe;
    DWORD i;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

    /* normal cases */
    for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
    {
2108
        ret = pCryptDecodeObjectEx(dwEncoding, X509_BITS, bits[i].encoded,
2109
         bits[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
2110
         &bufSize);
2111
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2112
        if (ret)
2113 2114 2115 2116
        {
            CRYPT_BIT_BLOB *blob;

            ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + bits[i].cbDecoded,
2117
               "Got unexpected size %d\n", bufSize);
2118 2119
            blob = (CRYPT_BIT_BLOB *)buf;
            ok(blob->cbData == bits[i].cbDecoded,
2120
             "Got unexpected length %d, expected %d\n", blob->cbData,
2121 2122 2123 2124 2125 2126 2127 2128 2129 2130
             bits[i].cbDecoded);
            if (blob->cbData && bits[i].cbDecoded)
                ok(!memcmp(blob->pbData, bits[i].decoded, bits[i].cbDecoded),
                 "Unexpected value\n");
            LocalFree(buf);
        }
    }
    /* special case: check that something that's valid in BER but not in DER
     * decodes successfully
     */
2131
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BITS, ber, ber[1] + 2,
2132
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2133
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2134
    if (ret)
2135 2136 2137 2138
    {
        CRYPT_BIT_BLOB *blob;

        ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + sizeof(berDecoded),
2139
           "Got unexpected size %d\n", bufSize);
2140 2141
        blob = (CRYPT_BIT_BLOB *)buf;
        ok(blob->cbData == sizeof(berDecoded),
2142
           "Got unexpected length %d\n", blob->cbData);
2143 2144 2145 2146 2147 2148
        if (blob->cbData)
            ok(*blob->pbData == berDecoded, "Unexpected value\n");
        LocalFree(buf);
    }
}

2149 2150 2151 2152 2153 2154
struct Constraints2
{
    CERT_BASIC_CONSTRAINTS2_INFO info;
    const BYTE *encoded;
};

Juan Lang's avatar
Juan Lang committed
2155 2156 2157 2158
static const unsigned char bin59[] = { 0x30,0x00 };
static const unsigned char bin60[] = { 0x30,0x03,0x01,0x01,0xff };
static const unsigned char bin61[] = { 0x30,0x03,0x02,0x01,0x00 };
static const unsigned char bin62[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2159 2160
static const struct Constraints2 constraints2[] = {
 /* empty constraints */
Mike McCormack's avatar
Mike McCormack committed
2161
 { { FALSE, FALSE, 0}, bin59 },
2162
 /* can be a CA */
Mike McCormack's avatar
Mike McCormack committed
2163
 { { TRUE,  FALSE, 0}, bin60 },
2164 2165 2166
 /* has path length constraints set (MSDN implies fCA needs to be TRUE as well,
  * but that's not the case
  */
Mike McCormack's avatar
Mike McCormack committed
2167
 { { FALSE, TRUE,  0}, bin61 },
2168
 /* can be a CA and has path length constraints set */
Mike McCormack's avatar
Mike McCormack committed
2169
 { { TRUE,  TRUE,  1}, bin62 },
2170 2171
};

2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182
static const BYTE emptyConstraint[] = { 0x30, 0x03, 0x03, 0x01, 0x00 };
static const BYTE encodedDomainName[] = { 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11,
 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16,
 0x03, 0x6f, 0x72, 0x67, 0x30, 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93,
 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };
static const BYTE constraintWithDomainName[] = { 0x30, 0x32, 0x03, 0x01, 0x00,
 0x30, 0x2d, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26,
 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x03, 0x6f, 0x72, 0x67, 0x30,
 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19,
 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };

2183 2184
static void test_encodeBasicConstraints(DWORD dwEncoding)
{
2185
    DWORD i, bufSize = 0;
2186
    CERT_BASIC_CONSTRAINTS_INFO info = { { 0 } };
2187 2188 2189 2190
    CERT_NAME_BLOB nameBlob = { sizeof(encodedDomainName),
     (LPBYTE)encodedDomainName };
    BOOL ret;
    BYTE *buf = NULL;
2191 2192 2193 2194

    /* First test with the simpler info2 */
    for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
    {
2195
        ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2196
         &constraints2[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf,
2197
         &bufSize);
2198
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2199
        if (ret)
2200 2201
        {
            ok(bufSize == constraints2[i].encoded[1] + 2,
2202
             "Expected %d bytes, got %d\n", constraints2[i].encoded[1] + 2,
2203 2204 2205 2206 2207 2208
             bufSize);
            ok(!memcmp(buf, constraints2[i].encoded,
             constraints2[i].encoded[1] + 2), "Unexpected value\n");
            LocalFree(buf);
        }
    }
2209 2210 2211 2212
    /* Now test with more complex basic constraints */
    info.SubjectType.cbData = 0;
    info.fPathLenConstraint = FALSE;
    info.cSubtreesConstraint = 0;
2213
    ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
2214
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2215 2216
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2217
    if (ret)
2218
    {
2219
        ok(bufSize == sizeof(emptyConstraint), "Wrong size %d\n", bufSize);
2220 2221 2222 2223 2224 2225 2226 2227 2228
        ok(!memcmp(buf, emptyConstraint, sizeof(emptyConstraint)),
         "Unexpected value\n");
        LocalFree(buf);
    }
    /* None of the certs I examined had any subtree constraint, but I test one
     * anyway just in case.
     */
    info.cSubtreesConstraint = 1;
    info.rgSubtreesConstraint = &nameBlob;
2229
    ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
2230
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2231 2232
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2233
    if (ret)
2234
    {
2235
        ok(bufSize == sizeof(constraintWithDomainName), "Wrong size %d\n", bufSize);
2236 2237 2238 2239 2240
        ok(!memcmp(buf, constraintWithDomainName,
         sizeof(constraintWithDomainName)), "Unexpected value\n");
        LocalFree(buf);
    }
    /* FIXME: test encoding with subject type. */
2241 2242
}

Juan Lang's avatar
Juan Lang committed
2243
static const unsigned char bin63[] = { 0x30,0x06,0x01,0x01,0x01,0x02,0x01,0x01 };
Mike McCormack's avatar
Mike McCormack committed
2244

2245 2246
static void test_decodeBasicConstraints(DWORD dwEncoding)
{
Juan Lang's avatar
Juan Lang committed
2247 2248
    static const BYTE inverted[] = { 0x30, 0x06, 0x02, 0x01, 0x01, 0x01, 0x01,
     0xff };
Mike McCormack's avatar
Mike McCormack committed
2249
    static const struct Constraints2 badBool = { { TRUE, TRUE, 1 }, bin63 };
2250 2251 2252 2253 2254 2255 2256 2257
    DWORD i;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

    /* First test with simpler info2 */
    for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
    {
2258
        ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2259
         constraints2[i].encoded, constraints2[i].encoded[1] + 2,
2260
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2261
        ok(ret, "CryptDecodeObjectEx failed for item %d: %08x\n", i,
2262
         GetLastError());
2263
        if (ret)
2264 2265 2266 2267 2268
        {
            CERT_BASIC_CONSTRAINTS2_INFO *info =
             (CERT_BASIC_CONSTRAINTS2_INFO *)buf;

            ok(!memcmp(info, &constraints2[i].info, sizeof(*info)),
2269
             "Unexpected value for item %d\n", i);
2270 2271 2272 2273 2274
            LocalFree(buf);
        }
    }
    /* Check with the order of encoded elements inverted */
    buf = (PBYTE)1;
2275
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2276
     inverted, inverted[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
2277
     &bufSize);
2278 2279 2280 2281
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
2282 2283
    ok(!buf, "Expected buf to be set to NULL\n");
    /* Check with a non-DER bool */
2284
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2285
     badBool.encoded, badBool.encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2286
     &buf, &bufSize);
2287
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2288
    if (ret)
2289 2290 2291 2292 2293 2294 2295 2296
    {
        CERT_BASIC_CONSTRAINTS2_INFO *info =
         (CERT_BASIC_CONSTRAINTS2_INFO *)buf;

        ok(!memcmp(info, &badBool.info, sizeof(*info)), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Check with a non-basic constraints value */
2297
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2298 2299
     encodedCommonName, encodedCommonName[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2300 2301 2302 2303
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
2304
    /* Now check with the more complex CERT_BASIC_CONSTRAINTS_INFO */
2305
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
2306
     emptyConstraint, sizeof(emptyConstraint), CRYPT_DECODE_ALLOC_FLAG, NULL,
2307
     &buf, &bufSize);
2308
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2309
    if (ret)
2310 2311 2312 2313 2314 2315 2316 2317
    {
        CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;

        ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
        ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
        ok(info->cSubtreesConstraint == 0, "Expected no subtree constraints\n");
        LocalFree(buf);
    }
2318
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
2319
     constraintWithDomainName, sizeof(constraintWithDomainName),
2320
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2321
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2322
    if (ret)
2323 2324 2325 2326 2327 2328 2329 2330 2331
    {
        CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;

        ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
        ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
        ok(info->cSubtreesConstraint == 1, "Expected a subtree constraint\n");
        if (info->cSubtreesConstraint && info->rgSubtreesConstraint)
        {
            ok(info->rgSubtreesConstraint[0].cbData ==
2332
             sizeof(encodedDomainName), "Wrong size %d\n",
2333
             info->rgSubtreesConstraint[0].cbData);
2334 2335 2336 2337 2338
            ok(!memcmp(info->rgSubtreesConstraint[0].pbData, encodedDomainName,
             sizeof(encodedDomainName)), "Unexpected value\n");
        }
        LocalFree(buf);
    }
2339 2340
}

2341 2342 2343
/* These are terrible public keys of course, I'm just testing encoding */
static const BYTE modulus1[] = { 0,0,0,1,1,1,1,1 };
static const BYTE modulus2[] = { 1,1,1,1,1,0,0,0 };
2344 2345
static const BYTE modulus3[] = { 0x80,1,1,1,1,0,0,0 };
static const BYTE modulus4[] = { 1,1,1,1,1,0,0,0x80 };
Mike McCormack's avatar
Mike McCormack committed
2346 2347
static const BYTE mod1_encoded[] = { 0x30,0x0f,0x02,0x08,0x01,0x01,0x01,0x01,0x01,0x00,0x00,0x00,0x02,0x03,0x01,0x00,0x01 };
static const BYTE mod2_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
2348 2349
static const BYTE mod3_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x80,0x02,0x03,0x01,0x00,0x01 };
static const BYTE mod4_encoded[] = { 0x30,0x10,0x02,0x09,0x00,0x80,0x00,0x00,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
2350 2351 2352 2353 2354 2355 2356 2357 2358

struct EncodedRSAPubKey
{
    const BYTE *modulus;
    size_t modulusLen;
    const BYTE *encoded;
    size_t decodedModulusLen;
};

2359
static const struct EncodedRSAPubKey rsaPubKeys[] = {
Mike McCormack's avatar
Mike McCormack committed
2360 2361
    { modulus1, sizeof(modulus1), mod1_encoded, sizeof(modulus1) },
    { modulus2, sizeof(modulus2), mod2_encoded, 5 },
2362 2363
    { modulus3, sizeof(modulus3), mod3_encoded, 5 },
    { modulus4, sizeof(modulus4), mod4_encoded, 8 },
2364 2365 2366 2367 2368 2369 2370 2371 2372
};

static void test_encodeRsaPublicKey(DWORD dwEncoding)
{
    BYTE toEncode[sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + sizeof(modulus1)];
    BLOBHEADER *hdr = (BLOBHEADER *)toEncode;
    RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(toEncode + sizeof(BLOBHEADER));
    BOOL ret;
    BYTE *buf = NULL;
2373
    DWORD bufSize = 0, i;
2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385

    /* Try with a bogus blob type */
    hdr->bType = 2;
    hdr->bVersion = CUR_BLOB_VERSION;
    hdr->reserved = 0;
    hdr->aiKeyAlg = CALG_RSA_KEYX;
    rsaPubKey->magic = 0x31415352;
    rsaPubKey->bitlen = sizeof(modulus1) * 8;
    rsaPubKey->pubexp = 65537;
    memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY), modulus1,
     sizeof(modulus1));

2386
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2387
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2388
    ok(!ret && GetLastError() == E_INVALIDARG,
2389
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
2390 2391 2392
    /* Now with a bogus reserved field */
    hdr->bType = PUBLICKEYBLOB;
    hdr->reserved = 1;
2393
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2394
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2395
    if (ret)
2396 2397
    {
        ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2398
         "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2399 2400 2401 2402 2403 2404
        ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Now with a bogus blob version */
    hdr->reserved = 0;
    hdr->bVersion = 0;
2405
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2406
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2407
    if (ret)
2408 2409
    {
        ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2410
         "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2411 2412 2413 2414 2415 2416
        ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
        LocalFree(buf);
    }
    /* And with a bogus alg ID */
    hdr->bVersion = CUR_BLOB_VERSION;
    hdr->aiKeyAlg = CALG_DES;
2417
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2418
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2419
    if (ret)
2420 2421
    {
        ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2422
         "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2423 2424 2425
        ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
        LocalFree(buf);
    }
2426 2427
    /* Check a couple of RSA-related OIDs */
    hdr->aiKeyAlg = CALG_RSA_KEYX;
2428
    ret = pCryptEncodeObjectEx(dwEncoding, szOID_RSA_RSA,
2429
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2430
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2431
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2432
    ret = pCryptEncodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
2433
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2434
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2435
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2436
    /* Finally, all valid */
2437
    hdr->aiKeyAlg = CALG_RSA_KEYX;
2438
    for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
2439
    {
2440 2441
        memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
         rsaPubKeys[i].modulus, rsaPubKeys[i].modulusLen);
2442
        ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2443
         toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2444
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2445
        if (ret)
2446 2447
        {
            ok(bufSize == rsaPubKeys[i].encoded[1] + 2,
2448
             "Expected size %d, got %d\n", rsaPubKeys[i].encoded[1] + 2,
2449 2450 2451 2452 2453
             bufSize);
            ok(!memcmp(buf, rsaPubKeys[i].encoded, bufSize),
             "Unexpected value\n");
            LocalFree(buf);
        }
2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464
    }
}

static void test_decodeRsaPublicKey(DWORD dwEncoding)
{
    DWORD i;
    LPBYTE buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;

    /* Try with a bad length */
2465
    ret = pCryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2466
     rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1],
2467
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2468 2469 2470 2471
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == OSS_MORE_INPUT /* Win9x/NT4 */),
     "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n",
     GetLastError());
2472
    /* Try with a couple of RSA-related OIDs */
2473
    ret = pCryptDecodeObjectEx(dwEncoding, szOID_RSA_RSA,
2474
     rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
2475
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2476
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2477
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2478
    ret = pCryptDecodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
2479
     rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
2480
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2481
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2482
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2483 2484 2485 2486
    /* Now try success cases */
    for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
    {
        bufSize = 0;
2487
        ret = pCryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2488
         rsaPubKeys[i].encoded, rsaPubKeys[i].encoded[1] + 2,
2489
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2490
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2491
        if (ret)
2492 2493 2494 2495 2496 2497
        {
            BLOBHEADER *hdr = (BLOBHEADER *)buf;
            RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(buf + sizeof(BLOBHEADER));

            ok(bufSize >= sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
             rsaPubKeys[i].decodedModulusLen,
2498
             "Wrong size %d\n", bufSize);
2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509
            ok(hdr->bType == PUBLICKEYBLOB,
             "Expected type PUBLICKEYBLOB (%d), got %d\n", PUBLICKEYBLOB,
             hdr->bType);
            ok(hdr->bVersion == CUR_BLOB_VERSION,
             "Expected version CUR_BLOB_VERSION (%d), got %d\n",
             CUR_BLOB_VERSION, hdr->bVersion);
            ok(hdr->reserved == 0, "Expected reserved 0, got %d\n",
             hdr->reserved);
            ok(hdr->aiKeyAlg == CALG_RSA_KEYX,
             "Expected CALG_RSA_KEYX, got %08x\n", hdr->aiKeyAlg);
            ok(rsaPubKey->magic == 0x31415352,
2510
             "Expected magic RSA1, got %08x\n", rsaPubKey->magic);
2511
            ok(rsaPubKey->bitlen == rsaPubKeys[i].decodedModulusLen * 8,
2512 2513
             "Wrong bit len %d\n", rsaPubKey->bitlen);
            ok(rsaPubKey->pubexp == 65537, "Expected pubexp 65537, got %d\n",
2514 2515 2516 2517 2518 2519 2520 2521 2522
             rsaPubKey->pubexp);
            ok(!memcmp(buf + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
             rsaPubKeys[i].modulus, rsaPubKeys[i].decodedModulusLen),
             "Unexpected modulus\n");
            LocalFree(buf);
        }
    }
}

2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540
static const BYTE intSequence[] = { 0x30, 0x1b, 0x02, 0x01, 0x01, 0x02, 0x01,
 0x7f, 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02,
 0x02, 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };

static const BYTE mixedSequence[] = { 0x30, 0x27, 0x17, 0x0d, 0x30, 0x35, 0x30,
 0x36, 0x30, 0x36, 0x31, 0x36, 0x31, 0x30, 0x30, 0x30, 0x5a, 0x02, 0x01, 0x7f,
 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02, 0x02,
 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };

static void test_encodeSequenceOfAny(DWORD dwEncoding)
{
    CRYPT_DER_BLOB blobs[sizeof(ints) / sizeof(ints[0])];
    CRYPT_SEQUENCE_OF_ANY seq;
    DWORD i;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

2541
    /* Encode a homogeneous sequence */
2542 2543 2544
    for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
    {
        blobs[i].cbData = ints[i].encoded[1] + 2;
2545
        blobs[i].pbData = (BYTE *)ints[i].encoded;
2546 2547 2548 2549
    }
    seq.cValue = sizeof(ints) / sizeof(ints[0]);
    seq.rgValue = blobs;

2550
    ret = pCryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
2551
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2552
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2553
    if (ret)
2554
    {
2555
        ok(bufSize == sizeof(intSequence), "Wrong size %d\n", bufSize);
2556 2557 2558 2559 2560 2561 2562 2563
        ok(!memcmp(buf, intSequence, intSequence[1] + 2), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Change the type of the first element in the sequence, and give it
     * another go
     */
    blobs[0].cbData = times[0].encodedTime[1] + 2;
    blobs[0].pbData = (BYTE *)times[0].encodedTime;
2564
    ret = pCryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
2565
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2566
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2567
    if (ret)
2568
    {
2569
        ok(bufSize == sizeof(mixedSequence), "Wrong size %d\n", bufSize);
2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581
        ok(!memcmp(buf, mixedSequence, mixedSequence[1] + 2),
         "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeSequenceOfAny(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

2582
    ret = pCryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, intSequence,
2583
     intSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2584
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2585
    if (ret)
2586 2587 2588 2589 2590
    {
        CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;
        DWORD i;

        ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
2591
         "Wrong elements %d\n", seq->cValue);
2592 2593 2594
        for (i = 0; i < min(seq->cValue, sizeof(ints) / sizeof(ints[0])); i++)
        {
            ok(seq->rgValue[i].cbData == ints[i].encoded[1] + 2,
2595
             "Expected %d bytes, got %d\n", ints[i].encoded[1] + 2,
2596 2597 2598 2599 2600 2601
             seq->rgValue[i].cbData);
            ok(!memcmp(seq->rgValue[i].pbData, ints[i].encoded,
             ints[i].encoded[1] + 2), "Unexpected value\n");
        }
        LocalFree(buf);
    }
2602
    ret = pCryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, mixedSequence,
2603
     mixedSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
2604
     &bufSize);
2605
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2606
    if (ret)
2607 2608 2609 2610
    {
        CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;

        ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
2611
         "Wrong elements %d\n", seq->cValue);
2612 2613
        /* Just check the first element since it's all that changed */
        ok(seq->rgValue[0].cbData == times[0].encodedTime[1] + 2,
2614
         "Expected %d bytes, got %d\n", times[0].encodedTime[1] + 2,
2615 2616 2617 2618 2619 2620 2621
         seq->rgValue[0].cbData);
        ok(!memcmp(seq->rgValue[0].pbData, times[0].encodedTime,
         times[0].encodedTime[1] + 2), "Unexpected value\n");
        LocalFree(buf);
    }
}

2622 2623 2624 2625 2626 2627
struct encodedExtensions
{
    CERT_EXTENSIONS exts;
    const BYTE *encoded;
};

Mike McCormack's avatar
Mike McCormack committed
2628 2629
static BYTE crit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static BYTE noncrit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2630
static CHAR oid_basic_constraints2[] = szOID_BASIC_CONSTRAINTS2;
2631
static CERT_EXTENSION criticalExt =
2632
 { oid_basic_constraints2, TRUE, { 8, crit_ext_data } };
2633
static CERT_EXTENSION nonCriticalExt =
2634
 { oid_basic_constraints2, FALSE, { 8, noncrit_ext_data } };
2635 2636 2637
static CHAR oid_short[] = "1.1";
static CERT_EXTENSION extWithShortOid =
 { oid_short, FALSE, { 0, NULL } };
Mike McCormack's avatar
Mike McCormack committed
2638 2639 2640 2641 2642 2643

static const BYTE ext0[] = { 0x30,0x00 };
static const BYTE ext1[] = { 0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
                             0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE ext2[] = { 0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x04,
                             0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2644
static const BYTE ext3[] = { 0x30,0x07,0x30,0x05,0x06,0x01,0x29,0x04,0x00 };
2645 2646

static const struct encodedExtensions exts[] = {
Mike McCormack's avatar
Mike McCormack committed
2647 2648 2649
 { { 0, NULL }, ext0 },
 { { 1, &criticalExt }, ext1 },
 { { 1, &nonCriticalExt }, ext2 },
2650
 { { 1, &extWithShortOid }, ext3 }
2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662
};

static void test_encodeExtensions(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
    {
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

2663
        ret = pCryptEncodeObjectEx(dwEncoding, X509_EXTENSIONS, &exts[i].exts,
Mike McCormack's avatar
Mike McCormack committed
2664
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2665
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2666
        if (ret)
2667 2668
        {
            ok(bufSize == exts[i].encoded[1] + 2,
2669
             "Expected %d bytes, got %d\n", exts[i].encoded[1] + 2, bufSize);
2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686
            ok(!memcmp(buf, exts[i].encoded, exts[i].encoded[1] + 2),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeExtensions(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
    {
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

2687
        ret = pCryptDecodeObjectEx(dwEncoding, X509_EXTENSIONS,
2688
         exts[i].encoded, exts[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2689
         NULL, &buf, &bufSize);
2690
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2691
        if (ret)
2692 2693 2694 2695 2696
        {
            CERT_EXTENSIONS *ext = (CERT_EXTENSIONS *)buf;
            DWORD j;

            ok(ext->cExtension == exts[i].exts.cExtension,
2697
             "Expected %d extensions, see %d\n", exts[i].exts.cExtension,
2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712
             ext->cExtension);
            for (j = 0; j < min(ext->cExtension, exts[i].exts.cExtension); j++)
            {
                ok(!strcmp(ext->rgExtension[j].pszObjId,
                 exts[i].exts.rgExtension[j].pszObjId),
                 "Expected OID %s, got %s\n",
                 exts[i].exts.rgExtension[j].pszObjId,
                 ext->rgExtension[j].pszObjId);
                ok(!memcmp(ext->rgExtension[j].Value.pbData,
                 exts[i].exts.rgExtension[j].Value.pbData,
                 exts[i].exts.rgExtension[j].Value.cbData),
                 "Unexpected value\n");
            }
            LocalFree(buf);
        }
2713 2714 2715 2716 2717 2718 2719 2720
        ret = pCryptDecodeObjectEx(dwEncoding, X509_EXTENSIONS,
         exts[i].encoded, exts[i].encoded[1] + 2, 0, NULL, NULL, &bufSize);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, bufSize);
        if (buf)
        {
            ret = pCryptDecodeObjectEx(dwEncoding, X509_EXTENSIONS,
             exts[i].encoded, exts[i].encoded[1] + 2, 0, NULL, buf, &bufSize);
2721
            ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2722 2723
            HeapFree(GetProcessHeap(), 0, buf);
        }
2724 2725 2726
    }
}

2727 2728
/* MS encodes public key info with a NULL if the algorithm identifier's
 * parameters are empty.  However, when encoding an algorithm in a CERT_INFO,
2729 2730
 * it encodes them by omitting the algorithm parameters.  It accepts either
 * form for decoding.
2731
 */
2732 2733 2734 2735
struct encodedPublicKey
{
    CERT_PUBLIC_KEY_INFO info;
    const BYTE *encoded;
2736
    const BYTE *encodedNoNull;
2737 2738 2739 2740 2741 2742 2743
    CERT_PUBLIC_KEY_INFO decoded;
};

static const BYTE aKey[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
 0xe, 0xf };
static const BYTE params[] = { 0x02, 0x01, 0x01 };

Mike McCormack's avatar
Mike McCormack committed
2744
static const unsigned char bin64[] = {
Juan Lang's avatar
Juan Lang committed
2745
    0x30,0x0b,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2746
static const unsigned char bin65[] = {
Juan Lang's avatar
Juan Lang committed
2747
    0x30,0x09,0x30,0x04,0x06,0x02,0x2a,0x03,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2748
static const unsigned char bin66[] = {
Juan Lang's avatar
Juan Lang committed
2749
    0x30,0x0f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2750
static const unsigned char bin67[] = {
Juan Lang's avatar
Juan Lang committed
2751
    0x30,0x0d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2752 2753
static const unsigned char bin68[] = {
    0x30,0x1f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x11,0x00,0x00,0x01,
Juan Lang's avatar
Juan Lang committed
2754
    0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
Mike McCormack's avatar
Mike McCormack committed
2755 2756
static const unsigned char bin69[] = {
    0x30,0x1d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x11,0x00,0x00,0x01,
Juan Lang's avatar
Juan Lang committed
2757
    0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
Mike McCormack's avatar
Mike McCormack committed
2758 2759 2760
static const unsigned char bin70[] = {
    0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
    0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
Juan Lang's avatar
Juan Lang committed
2761
    0x0f};
Mike McCormack's avatar
Mike McCormack committed
2762 2763 2764
static const unsigned char bin71[] = {
    0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
    0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
Juan Lang's avatar
Juan Lang committed
2765 2766
    0x0f};
static unsigned char bin72[] = { 0x05,0x00};
Mike McCormack's avatar
Mike McCormack committed
2767

2768 2769 2770
static CHAR oid_bogus[] = "1.2.3",
            oid_rsa[]   = szOID_RSA;

2771 2772
static const struct encodedPublicKey pubKeys[] = {
 /* with a bogus OID */
2773
 { { { oid_bogus, { 0, NULL } }, { 0, NULL, 0 } },
Mike McCormack's avatar
Mike McCormack committed
2774
  bin64, bin65,
2775
  { { oid_bogus, { 2, bin72 } }, { 0, NULL, 0 } } },
2776
 /* some normal keys */
2777
 { { { oid_rsa, { 0, NULL } }, { 0, NULL, 0} },
Mike McCormack's avatar
Mike McCormack committed
2778
  bin66, bin67,
2779 2780
  { { oid_rsa, { 2, bin72 } }, { 0, NULL, 0 } } },
 { { { oid_rsa, { 0, NULL } }, { sizeof(aKey), (BYTE *)aKey, 0} },
Mike McCormack's avatar
Mike McCormack committed
2781
  bin68, bin69,
2782
  { { oid_rsa, { 2, bin72 } }, { sizeof(aKey), (BYTE *)aKey, 0} } },
2783
 /* with add'l parameters--note they must be DER-encoded */
2784
 { { { oid_rsa, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2785
  (BYTE *)aKey, 0 } },
Mike McCormack's avatar
Mike McCormack committed
2786
  bin70, bin71,
2787
  { { oid_rsa, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800
  (BYTE *)aKey, 0 } } },
};

static void test_encodePublicKeyInfo(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
    {
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

2801
        ret = pCryptEncodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2802
         &pubKeys[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf,
2803
         &bufSize);
2804 2805
        ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
         "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2806
        if (ret)
2807
        {
2808 2809
            ok(bufSize == pubKeys[i].encoded[1] + 2,
             "Expected %d bytes, got %d\n", pubKeys[i].encoded[1] + 2, bufSize);
2810 2811 2812
            if (bufSize == pubKeys[i].encoded[1] + 2)
                ok(!memcmp(buf, pubKeys[i].encoded, pubKeys[i].encoded[1] + 2),
                 "Unexpected value\n");
2813 2814 2815 2816 2817
            LocalFree(buf);
        }
    }
}

2818 2819 2820 2821 2822 2823 2824 2825
static void comparePublicKeyInfo(const CERT_PUBLIC_KEY_INFO *expected,
 const CERT_PUBLIC_KEY_INFO *got)
{
    ok(!strcmp(expected->Algorithm.pszObjId, got->Algorithm.pszObjId),
     "Expected OID %s, got %s\n", expected->Algorithm.pszObjId,
     got->Algorithm.pszObjId);
    ok(expected->Algorithm.Parameters.cbData ==
     got->Algorithm.Parameters.cbData,
2826
     "Expected parameters of %d bytes, got %d\n",
2827 2828 2829 2830 2831 2832
     expected->Algorithm.Parameters.cbData, got->Algorithm.Parameters.cbData);
    if (expected->Algorithm.Parameters.cbData)
        ok(!memcmp(expected->Algorithm.Parameters.pbData,
         got->Algorithm.Parameters.pbData, got->Algorithm.Parameters.cbData),
         "Unexpected algorithm parameters\n");
    ok(expected->PublicKey.cbData == got->PublicKey.cbData,
2833
     "Expected public key of %d bytes, got %d\n",
2834 2835 2836 2837 2838 2839
     expected->PublicKey.cbData, got->PublicKey.cbData);
    if (expected->PublicKey.cbData)
        ok(!memcmp(expected->PublicKey.pbData, got->PublicKey.pbData,
         got->PublicKey.cbData), "Unexpected public key value\n");
}

2840 2841
static void test_decodePublicKeyInfo(DWORD dwEncoding)
{
Juan Lang's avatar
Juan Lang committed
2842 2843 2844 2845
    static const BYTE bogusPubKeyInfo[] = { 0x30, 0x22, 0x30, 0x0d, 0x06, 0x06,
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x01, 0x01, 0x03,
     0x11, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
     0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
2846
    DWORD i;
2847 2848 2849
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;
2850 2851 2852

    for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
    {
2853
        /* The NULL form decodes to the decoded member */
2854
        ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2855
         pubKeys[i].encoded, pubKeys[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2856
         NULL, &buf, &bufSize);
2857
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2858
        if (ret)
2859
        {
2860 2861
            comparePublicKeyInfo(&pubKeys[i].decoded,
             (CERT_PUBLIC_KEY_INFO *)buf);
2862 2863
            LocalFree(buf);
        }
2864
        /* The non-NULL form decodes to the original */
2865
        ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2866
         pubKeys[i].encodedNoNull, pubKeys[i].encodedNoNull[1] + 2,
2867
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2868
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2869
        if (ret)
2870 2871 2872 2873 2874 2875
        {
            comparePublicKeyInfo(&pubKeys[i].info, (CERT_PUBLIC_KEY_INFO *)buf);
            LocalFree(buf);
        }
    }
    /* Test with bogus (not valid DER) parameters */
2876
    ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2877
     bogusPubKeyInfo, bogusPubKeyInfo[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2878
     NULL, &buf, &bufSize);
2879 2880 2881 2882
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
2883 2884
}

2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899
static const BYTE v1Cert[] = { 0x30, 0x33, 0x02, 0x00, 0x30, 0x02, 0x06, 0x00,
 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x07, 0x30,
 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
static const BYTE v2Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x01, 0x02,
 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
static const BYTE v3Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2900 2901 2902 2903 2904
static const BYTE v4Cert[] = {
0x30,0x38,0xa0,0x03,0x02,0x01,0x03,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,
0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
0x30,0x30,0x30,0x5a,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00 };
2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928
static const BYTE v1CertWithConstraints[] = { 0x30, 0x4b, 0x02, 0x00, 0x30,
 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
static const BYTE v1CertWithSerial[] = { 0x30, 0x4c, 0x02, 0x01, 0x01, 0x30,
 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951
static const BYTE v1CertWithPubKey[] = {
0x30,0x81,0x95,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
0x01,0x01 };
static const BYTE v1CertWithPubKeyNoNull[] = {
0x30,0x81,0x93,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x20,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,
0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2952 2953 2954 2955 2956 2957 2958 2959 2960 2961
static const BYTE v1CertWithSubjectKeyId[] = {
0x30,0x7b,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x17,0x30,0x15,0x30,
0x13,0x06,0x03,0x55,0x1d,0x0e,0x04,0x0c,0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,
0x4c,0x61,0x6e,0x67,0x00 };
2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990
static const BYTE v1CertWithIssuerUniqueId[] = {
0x30,0x38,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,
0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,
0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x81,0x02,0x00,0x01 };
static const BYTE v1CertWithSubjectIssuerSerialAndIssuerUniqueId[] = {
0x30,0x81,0x99,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x81,0x02,0x00,0x01,0xa3,0x16,0x30,
0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,
0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull[] = {
0x30,0x81,0x97,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x20,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x81,0x02,0x00,0x01,0xa3,0x16,0x30,0x14,0x30,
0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,
0xff,0x02,0x01,0x01 };
2991

2992 2993 2994 2995 2996 2997 2998 2999
static const BYTE serialNum[] = { 0x01 };

static void test_encodeCertToBeSigned(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CERT_INFO info = { 0 };
3000
    static char oid_rsa_rsa[] = szOID_RSA_RSA;
3001 3002
    static char oid_subject_key_identifier[] = szOID_SUBJECT_KEY_IDENTIFIER;
    CERT_EXTENSION ext;
3003

3004 3005 3006 3007
    if (0)
    {
        /* Test with NULL pvStructInfo (crashes on win9x) */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL,
3008
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3009 3010 3011
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
3012
    /* Test with a V1 cert */
3013
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3014
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3015 3016
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3017
    if (ret)
3018
    {
3019
        ok(size == v1Cert[1] + 2, "Expected size %d, got %d\n",
3020 3021 3022 3023 3024 3025
         v1Cert[1] + 2, size);
        ok(!memcmp(buf, v1Cert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test v2 cert */
    info.dwVersion = CERT_V2;
3026
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3027
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3028 3029
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3030
    if (ret)
3031
    {
3032
        ok(size == sizeof(v2Cert), "Wrong size %d\n", size);
3033 3034 3035 3036 3037
        ok(!memcmp(buf, v2Cert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test v3 cert */
    info.dwVersion = CERT_V3;
3038
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3039
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3040 3041
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3042
    if (ret)
3043
    {
3044
        ok(size == sizeof(v3Cert), "Wrong size %d\n", size);
3045 3046 3047
        ok(!memcmp(buf, v3Cert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3048 3049 3050 3051
    /* A v4 cert? */
    info.dwVersion = 3; /* Not a typo, CERT_V3 is 2 */
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3052
    if (ret)
3053 3054 3055 3056 3057
    {
        ok(size == sizeof(v4Cert), "Wrong size %d\n", size);
        ok(!memcmp(buf, v4Cert, size), "Unexpected value\n");
        LocalFree(buf);
    }
3058 3059 3060 3061 3062 3063
    /* see if a V1 cert can have basic constraints set (RFC3280 says no, but
     * API doesn't prevent it)
     */
    info.dwVersion = CERT_V1;
    info.cExtension = 1;
    info.rgExtension = &criticalExt;
3064
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3065
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3066 3067
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3068
    if (ret)
3069
    {
3070
        ok(size == sizeof(v1CertWithConstraints), "Wrong size %d\n", size);
3071 3072 3073 3074 3075 3076
        ok(!memcmp(buf, v1CertWithConstraints, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* test v1 cert with a serial number */
    info.SerialNumber.cbData = sizeof(serialNum);
    info.SerialNumber.pbData = (BYTE *)serialNum;
3077
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3078
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3079
    if (ret)
3080
    {
3081
        ok(size == sizeof(v1CertWithSerial), "Wrong size %d\n", size);
3082 3083 3084
        ok(!memcmp(buf, v1CertWithSerial, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3085 3086 3087 3088 3089 3090 3091
    /* Test v1 cert with an issuer name, serial number, and issuer unique id */
    info.dwVersion = CERT_V1;
    info.cExtension = 0;
    info.IssuerUniqueId.cbData = sizeof(serialNum);
    info.IssuerUniqueId.pbData = (BYTE *)serialNum;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3092 3093
    ok(ret || broken(GetLastError() == OSS_BAD_PTR /* Win98 */),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3094
    if (ret)
3095 3096 3097 3098 3099 3100
    {
        ok(size == sizeof(v1CertWithIssuerUniqueId), "Wrong size %d\n", size);
        ok(!memcmp(buf, v1CertWithIssuerUniqueId, size),
         "Got unexpected value\n");
        LocalFree(buf);
    }
3101
    /* Test v1 cert with an issuer name, a subject name, and a serial number */
3102 3103 3104 3105
    info.IssuerUniqueId.cbData = 0;
    info.IssuerUniqueId.pbData = NULL;
    info.cExtension = 1;
    info.rgExtension = &criticalExt;
3106 3107 3108 3109
    info.Issuer.cbData = sizeof(encodedCommonName);
    info.Issuer.pbData = (BYTE *)encodedCommonName;
    info.Subject.cbData = sizeof(encodedCommonName);
    info.Subject.pbData = (BYTE *)encodedCommonName;
3110
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3111
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3112
    if (ret)
3113
    {
3114
        ok(size == sizeof(bigCert), "Wrong size %d\n", size);
3115 3116 3117
        ok(!memcmp(buf, bigCert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3118 3119 3120 3121
    /* Add a public key */
    info.SubjectPublicKeyInfo.Algorithm.pszObjId = oid_rsa_rsa;
    info.SubjectPublicKeyInfo.PublicKey.cbData = sizeof(aKey);
    info.SubjectPublicKeyInfo.PublicKey.pbData = (LPBYTE)aKey;
3122
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3123
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3124
    if (ret)
3125 3126 3127 3128 3129 3130 3131 3132 3133 3134
    {
        ok(size == sizeof(v1CertWithPubKey) ||
         size == sizeof(v1CertWithPubKeyNoNull), "Wrong size %d\n", size);
        if (size == sizeof(v1CertWithPubKey))
            ok(!memcmp(buf, v1CertWithPubKey, size), "Got unexpected value\n");
        else if (size == sizeof(v1CertWithPubKeyNoNull))
            ok(!memcmp(buf, v1CertWithPubKeyNoNull, size),
             "Got unexpected value\n");
        LocalFree(buf);
    }
3135 3136 3137 3138 3139 3140
    /* Again add an issuer unique id */
    info.IssuerUniqueId.cbData = sizeof(serialNum);
    info.IssuerUniqueId.pbData = (BYTE *)serialNum;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3141
    if (ret)
3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155
    {
        ok(size == sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueId) ||
         size == sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull),
         "Wrong size %d\n", size);
        if (size == sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueId))
            ok(!memcmp(buf, v1CertWithSubjectIssuerSerialAndIssuerUniqueId,
             size), "unexpected value\n");
        else if (size ==
         sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull))
            ok(!memcmp(buf,
             v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull, size),
             "unexpected value\n");
        LocalFree(buf);
    }
3156
    /* Remove the public key, and add a subject key identifier extension */
3157 3158
    info.IssuerUniqueId.cbData = 0;
    info.IssuerUniqueId.pbData = NULL;
3159 3160 3161 3162 3163 3164
    info.SubjectPublicKeyInfo.Algorithm.pszObjId = NULL;
    info.SubjectPublicKeyInfo.PublicKey.cbData = 0;
    info.SubjectPublicKeyInfo.PublicKey.pbData = NULL;
    ext.pszObjId = oid_subject_key_identifier;
    ext.fCritical = FALSE;
    ext.Value.cbData = sizeof(octetCommonNameValue);
3165
    ext.Value.pbData = octetCommonNameValue;
3166 3167
    info.cExtension = 1;
    info.rgExtension = &ext;
3168
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3169
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3170
    if (ret)
3171 3172 3173 3174 3175
    {
        ok(size == sizeof(v1CertWithSubjectKeyId), "Wrong size %d\n", size);
        ok(!memcmp(buf, v1CertWithSubjectKeyId, size), "Unexpected value\n");
        LocalFree(buf);
    }
3176 3177 3178 3179
}

static void test_decodeCertToBeSigned(DWORD dwEncoding)
{
3180 3181
    static const BYTE *corruptCerts[] = { v1Cert, v2Cert, v3Cert, v4Cert,
     v1CertWithConstraints, v1CertWithSerial, v1CertWithIssuerUniqueId };
3182 3183 3184 3185 3186
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0, i;

    /* Test with NULL pbEncoded */
3187
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 0,
3188
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3189 3190 3191
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == OSS_BAD_ARG /* Win9x */),
     "Expected CRYPT_E_ASN1_EOD or OSS_BAD_ARG, got %08x\n", GetLastError());
3192 3193 3194 3195
    if (0)
    {
        /* Crashes on win9x */
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 1,
3196
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3197 3198 3199
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
3200 3201 3202
    /* The following certs all fail with CRYPT_E_ASN1_CORRUPT or
     * CRYPT_E_ASN1_BADTAG, because at a minimum a cert must have a non-zero
     * serial number, an issuer, a subject, and a public key.
3203 3204 3205
     */
    for (i = 0; i < sizeof(corruptCerts) / sizeof(corruptCerts[0]); i++)
    {
3206
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
3207
         corruptCerts[i], corruptCerts[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3208
         &buf, &size);
3209
        ok(!ret, "Expected failure\n");
3210
    }
3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249
    /* The following succeeds, even though v1 certs are not allowed to have
     * extensions.
     */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
     v1CertWithSubjectKeyId, sizeof(v1CertWithSubjectKeyId),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        CERT_INFO *info = (CERT_INFO *)buf;

        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
        ok(info->dwVersion == CERT_V1, "expected CERT_V1, got %d\n",
         info->dwVersion);
        ok(info->cExtension == 1, "expected 1 extension, got %d\n",
         info->cExtension);
        LocalFree(buf);
    }
    /* The following also succeeds, even though V1 certs are not allowed to
     * have issuer unique ids.
     */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
     v1CertWithSubjectIssuerSerialAndIssuerUniqueId,
     sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueId),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        CERT_INFO *info = (CERT_INFO *)buf;

        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
        ok(info->dwVersion == CERT_V1, "expected CERT_V1, got %d\n",
         info->dwVersion);
        ok(info->IssuerUniqueId.cbData == sizeof(serialNum),
         "unexpected issuer unique id size %d\n", info->IssuerUniqueId.cbData);
        ok(!memcmp(info->IssuerUniqueId.pbData, serialNum, sizeof(serialNum)),
         "unexpected issuer unique id value\n");
        LocalFree(buf);
    }
3250
    /* Now check with serial number, subject and issuer specified */
3251
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, bigCert,
3252
     sizeof(bigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3253
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3254
    if (ret)
3255 3256 3257
    {
        CERT_INFO *info = (CERT_INFO *)buf;

3258
        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
3259
        ok(info->SerialNumber.cbData == 1,
3260
         "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
3261 3262 3263 3264
        ok(*info->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *info->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
3265
         "Wrong size %d\n", info->Issuer.cbData);
3266 3267 3268
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        ok(info->Subject.cbData == sizeof(encodedCommonName),
3269
         "Wrong size %d\n", info->Subject.cbData);
3270 3271 3272
        ok(!memcmp(info->Subject.pbData, encodedCommonName,
         info->Subject.cbData), "Unexpected subject\n");
        LocalFree(buf);
3273
    }
3274
    /* Check again with pub key specified */
3275
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
3276
     v1CertWithPubKey, sizeof(v1CertWithPubKey), CRYPT_DECODE_ALLOC_FLAG, NULL,
3277
     &buf, &size);
3278
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3279
    if (ret)
3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305
    {
        CERT_INFO *info = (CERT_INFO *)buf;

        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
        ok(info->SerialNumber.cbData == 1,
         "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
        ok(*info->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *info->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
         "Wrong size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        ok(info->Subject.cbData == sizeof(encodedCommonName),
         "Wrong size %d\n", info->Subject.cbData);
        ok(!memcmp(info->Subject.pbData, encodedCommonName,
         info->Subject.cbData), "Unexpected subject\n");
        ok(!strcmp(info->SubjectPublicKeyInfo.Algorithm.pszObjId,
         szOID_RSA_RSA), "Expected szOID_RSA_RSA, got %s\n",
         info->SubjectPublicKeyInfo.Algorithm.pszObjId);
        ok(info->SubjectPublicKeyInfo.PublicKey.cbData == sizeof(aKey),
         "Wrong size %d\n", info->SubjectPublicKeyInfo.PublicKey.cbData);
        ok(!memcmp(info->SubjectPublicKeyInfo.PublicKey.pbData, aKey,
         sizeof(aKey)), "Unexpected public key\n");
        LocalFree(buf);
    }
3306 3307
}

3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330
static const BYTE hash[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
 0xe, 0xf };

static const BYTE signedBigCert[] = {
 0x30, 0x81, 0x93, 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06, 0x00, 0x30,
 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3,
 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 0x07,
 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };

static void test_encodeCert(DWORD dwEncoding)
{
    /* Note the SignatureAlgorithm must match that in the encoded cert.  Note
     * also that bigCert is a NULL-terminated string, so don't count its
     * last byte (otherwise the signed cert won't decode.)
     */
3331
    CERT_SIGNED_CONTENT_INFO info = { { sizeof(bigCert), (BYTE *)bigCert },
3332 3333 3334 3335 3336
     { NULL, { 0, NULL } }, { sizeof(hash), (BYTE *)hash, 0 } };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

3337
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT, &info,
3338
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
3339
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3340
    if (ret)
3341
    {
3342
        ok(bufSize == sizeof(signedBigCert), "Wrong size %d\n", bufSize);
3343 3344 3345 3346 3347 3348 3349 3350 3351 3352 3353
        ok(!memcmp(buf, signedBigCert, bufSize), "Unexpected cert\n");
        LocalFree(buf);
    }
}

static void test_decodeCert(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

3354
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT, signedBigCert,
3355
     sizeof(signedBigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3356
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3357
    if (ret)
3358 3359 3360
    {
        CERT_SIGNED_CONTENT_INFO *info = (CERT_SIGNED_CONTENT_INFO *)buf;

3361
        ok(info->ToBeSigned.cbData == sizeof(bigCert),
3362
         "Wrong cert size %d\n", info->ToBeSigned.cbData);
3363 3364 3365
        ok(!memcmp(info->ToBeSigned.pbData, bigCert, info->ToBeSigned.cbData),
         "Unexpected cert\n");
        ok(info->Signature.cbData == sizeof(hash),
3366
         "Wrong signature size %d\n", info->Signature.cbData);
3367 3368 3369 3370
        ok(!memcmp(info->Signature.pbData, hash, info->Signature.cbData),
         "Unexpected signature\n");
        LocalFree(buf);
    }
3371
    /* A signed cert decodes as a CERT_INFO too */
3372
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, signedBigCert,
3373
     sizeof(signedBigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3374
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3375
    if (ret)
3376 3377 3378
    {
        CERT_INFO *info = (CERT_INFO *)buf;

3379
        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
3380
        ok(info->SerialNumber.cbData == 1,
3381
         "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
3382 3383 3384 3385
        ok(*info->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *info->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
3386
         "Wrong size %d\n", info->Issuer.cbData);
3387 3388 3389
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        ok(info->Subject.cbData == sizeof(encodedCommonName),
3390
         "Wrong size %d\n", info->Subject.cbData);
3391 3392 3393 3394
        ok(!memcmp(info->Subject.pbData, encodedCommonName,
         info->Subject.cbData), "Unexpected subject\n");
        LocalFree(buf);
    }
3395 3396
}

3397 3398 3399 3400 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423
static const BYTE emptyDistPoint[] = { 0x30, 0x02, 0x30, 0x00 };
static const BYTE distPointWithUrl[] = { 0x30, 0x19, 0x30, 0x17, 0xa0, 0x15,
 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69,
 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE distPointWithReason[] = { 0x30, 0x06, 0x30, 0x04, 0x81, 0x02,
 0x00, 0x03 };
static const BYTE distPointWithIssuer[] = { 0x30, 0x17, 0x30, 0x15, 0xa2, 0x13,
 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65,
 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE distPointWithUrlAndIssuer[] = { 0x30, 0x2e, 0x30, 0x2c, 0xa0,
 0x15, 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67, 0xa2, 0x13, 0x86, 0x11,
 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71,
 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE crlReason = CRL_REASON_KEY_COMPROMISE |
 CRL_REASON_AFFILIATION_CHANGED;

static void test_encodeCRLDistPoints(DWORD dwEncoding)
{
    CRL_DIST_POINTS_INFO info = { 0 };
    CRL_DIST_POINT point = { { 0 } };
    CERT_ALT_NAME_ENTRY entry = { 0 };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

    /* Test with an empty info */
3424
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3425
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3426
    ok(!ret && GetLastError() == E_INVALIDARG,
3427
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
3428 3429 3430
    /* Test with one empty dist point */
    info.cDistPoint = 1;
    info.rgDistPoint = &point;
3431
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3432
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3433
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3434
    if (ret)
3435
    {
3436
        ok(size == sizeof(emptyDistPoint), "Wrong size %d\n", size);
3437 3438 3439 3440 3441 3442
        ok(!memcmp(buf, emptyDistPoint, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with an invalid name */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3443 3444 3445
    U(entry).pwszURL = (LPWSTR)nihongoURL;
    U(point.DistPointName).FullName.cAltEntry = 1;
    U(point.DistPointName).FullName.rgAltEntry = &entry;
3446
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3447
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3448
    ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
3449
     "Expected CRYPT_E_INVALID_IA5_STRING, got %08x\n", GetLastError());
3450 3451
    /* The first invalid character is at index 7 */
    ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
3452
     "Expected invalid char at index 7, got %d\n",
3453 3454
     GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
    /* A dist point with (just) a valid name */
3455
    U(entry).pwszURL = (LPWSTR)url;
3456
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3457
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3458
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3459
    if (ret)
3460
    {
3461
        ok(size == sizeof(distPointWithUrl), "Wrong size %d\n", size);
3462 3463 3464 3465 3466 3467 3468
        ok(!memcmp(buf, distPointWithUrl, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with (just) reason flags */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_NO_NAME;
    point.ReasonFlags.cbData = sizeof(crlReason);
    point.ReasonFlags.pbData = (LPBYTE)&crlReason;
3469
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3470
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3471
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3472
    if (ret)
3473
    {
3474
        ok(size == sizeof(distPointWithReason), "Wrong size %d\n", size);
3475 3476 3477 3478 3479 3480 3481
        ok(!memcmp(buf, distPointWithReason, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with just an issuer */
    point.ReasonFlags.cbData = 0;
    point.CRLIssuer.cAltEntry = 1;
    point.CRLIssuer.rgAltEntry = &entry;
3482
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3483
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3484
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3485
    if (ret)
3486
    {
3487
        ok(size == sizeof(distPointWithIssuer), "Wrong size %d\n", size);
3488 3489 3490 3491 3492
        ok(!memcmp(buf, distPointWithIssuer, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with both a name and an issuer */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3493
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3494
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3495
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3496
    if (ret)
3497 3498
    {
        ok(size == sizeof(distPointWithUrlAndIssuer),
3499
         "Wrong size %d\n", size);
3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513
        ok(!memcmp(buf, distPointWithUrlAndIssuer, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeCRLDistPoints(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    PCRL_DIST_POINTS_INFO info;
    PCRL_DIST_POINT point;
    PCERT_ALT_NAME_ENTRY entry;

3514
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3515
     emptyDistPoint, emptyDistPoint[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3516
     &buf, &size);
3517
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3518 3519 3520 3521
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3522 3523
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3524 3525 3526
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice == CRL_DIST_POINT_NO_NAME,
3527
         "Expected CRL_DIST_POINT_NO_NAME, got %d\n",
3528 3529 3530 3531 3532
         point->DistPointName.dwDistPointNameChoice);
        ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
        ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
        LocalFree(buf);
    }
3533
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3534
     distPointWithUrl, distPointWithUrl[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3535
     &buf, &size);
3536
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3537 3538 3539 3540
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3541 3542
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3543 3544 3545 3546
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice ==
         CRL_DIST_POINT_FULL_NAME,
3547
         "Expected CRL_DIST_POINT_FULL_NAME, got %d\n",
3548
         point->DistPointName.dwDistPointNameChoice);
3549
        ok(U(point->DistPointName).FullName.cAltEntry == 1,
3550
         "Expected 1 name entry, got %d\n",
3551 3552
         U(point->DistPointName).FullName.cAltEntry);
        entry = U(point->DistPointName).FullName.rgAltEntry;
3553
        ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3554
         "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3555
        ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3556 3557 3558 3559
        ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
        ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
        LocalFree(buf);
    }
3560
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3561
     distPointWithReason, distPointWithReason[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
3562
     NULL, &buf, &size);
3563
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3564 3565 3566 3567
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3568 3569
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3570 3571 3572 3573
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice ==
         CRL_DIST_POINT_NO_NAME,
3574
         "Expected CRL_DIST_POINT_NO_NAME, got %d\n",
3575 3576 3577 3578 3579 3580 3581 3582
         point->DistPointName.dwDistPointNameChoice);
        ok(point->ReasonFlags.cbData == sizeof(crlReason),
         "Expected reason length\n");
        ok(!memcmp(point->ReasonFlags.pbData, &crlReason, sizeof(crlReason)),
         "Unexpected reason\n");
        ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
        LocalFree(buf);
    }
3583
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3584
     distPointWithUrlAndIssuer, distPointWithUrlAndIssuer[1] + 2,
3585
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3586
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3587 3588 3589 3590
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3591 3592
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3593 3594 3595 3596
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice ==
         CRL_DIST_POINT_FULL_NAME,
3597
         "Expected CRL_DIST_POINT_FULL_NAME, got %d\n",
3598
         point->DistPointName.dwDistPointNameChoice);
3599
        ok(U(point->DistPointName).FullName.cAltEntry == 1,
3600
         "Expected 1 name entry, got %d\n",
3601 3602
         U(point->DistPointName).FullName.cAltEntry);
        entry = U(point->DistPointName).FullName.rgAltEntry;
3603
        ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3604
         "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3605
        ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3606 3607
        ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
        ok(point->CRLIssuer.cAltEntry == 1,
3608
         "Expected 1 issuer entry, got %d\n", point->CRLIssuer.cAltEntry);
3609 3610
        entry = point->CRLIssuer.rgAltEntry;
        ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3611
         "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3612
        ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3613 3614
        LocalFree(buf);
    }
3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
     distPointWithUrlAndIssuer, distPointWithUrlAndIssuer[1] + 2, 0,
     NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
    if (buf)
    {
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
         distPointWithUrlAndIssuer, distPointWithUrlAndIssuer[1] + 2, 0,
         NULL, buf, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        HeapFree(GetProcessHeap(), 0, buf);
    }
3628 3629
}

3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643
static const BYTE badFlagsIDP[] = { 0x30,0x06,0x81,0x01,0xff,0x82,0x01,0xff };
static const BYTE emptyNameIDP[] = { 0x30,0x04,0xa0,0x02,0xa0,0x00 };
static const BYTE urlIDP[] = { 0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,
 0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,
 0x67 };

static void test_encodeCRLIssuingDistPoint(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRL_ISSUING_DIST_POINT point = { { 0 } };
    CERT_ALT_NAME_ENTRY entry;

3644
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, NULL,
3645
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3646 3647 3648 3649 3650
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_ISSUING_DIST_POINT encode support\n");
        return;
    }
3651
    ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
3652
     "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
3653
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3654
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3655
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3656
    if (ret)
3657
    {
3658
        ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
3659 3660 3661 3662 3663 3664
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* nonsensical flags */
    point.fOnlyContainsUserCerts = TRUE;
    point.fOnlyContainsCACerts = TRUE;
3665
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3666
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3667
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3668
    if (ret)
3669
    {
3670
        ok(size == sizeof(badFlagsIDP), "Unexpected size %d\n", size);
3671 3672 3673 3674 3675 3676
        ok(!memcmp(buf, badFlagsIDP, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* unimplemented name type */
    point.fOnlyContainsCACerts = point.fOnlyContainsUserCerts = FALSE;
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_ISSUER_RDN_NAME;
3677
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3678
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3679
    ok(!ret && GetLastError() == E_INVALIDARG,
3680
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
3681 3682
    /* empty name */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3683
    U(point.DistPointName).FullName.cAltEntry = 0;
3684
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3685
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3686
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3687
    if (ret)
3688
    {
3689
        ok(size == sizeof(emptyNameIDP), "Unexpected size %d\n", size);
3690 3691 3692 3693 3694
        ok(!memcmp(buf, emptyNameIDP, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* name with URL entry */
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3695 3696 3697
    U(entry).pwszURL = (LPWSTR)url;
    U(point.DistPointName).FullName.cAltEntry = 1;
    U(point.DistPointName).FullName.rgAltEntry = &entry;
3698
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3699
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3700
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3701
    if (ret)
3702
    {
3703
        ok(size == sizeof(urlIDP), "Unexpected size %d\n", size);
3704 3705 3706 3707 3708 3709 3710 3711 3712
        ok(!memcmp(buf, urlIDP, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void compareAltNameEntry(const CERT_ALT_NAME_ENTRY *expected,
 const CERT_ALT_NAME_ENTRY *got)
{
    ok(expected->dwAltNameChoice == got->dwAltNameChoice,
3713
     "Expected name choice %d, got %d\n", expected->dwAltNameChoice,
3714 3715 3716 3717 3718 3719 3720 3721 3722 3723
     got->dwAltNameChoice);
    if (expected->dwAltNameChoice == got->dwAltNameChoice)
    {
        switch (got->dwAltNameChoice)
        {
        case CERT_ALT_NAME_RFC822_NAME:
        case CERT_ALT_NAME_DNS_NAME:
        case CERT_ALT_NAME_EDI_PARTY_NAME:
        case CERT_ALT_NAME_URL:
        case CERT_ALT_NAME_REGISTERED_ID:
3724
            ok((!U(*expected).pwszURL && !U(*got).pwszURL) ||
3725 3726 3727 3728
             (!U(*expected).pwszURL && !lstrlenW(U(*got).pwszURL)) ||
             (!U(*got).pwszURL && !lstrlenW(U(*expected).pwszURL)) ||
             !lstrcmpW(U(*expected).pwszURL, U(*got).pwszURL),
             "Unexpected name\n");
3729 3730 3731 3732
            break;
        case CERT_ALT_NAME_X400_ADDRESS:
        case CERT_ALT_NAME_DIRECTORY_NAME:
        case CERT_ALT_NAME_IP_ADDRESS:
3733
            ok(U(*got).IPAddress.cbData == U(*expected).IPAddress.cbData,
3734
               "Unexpected IP address length %d\n", U(*got).IPAddress.cbData);
3735 3736
            ok(!memcmp(U(*got).IPAddress.pbData, U(*got).IPAddress.pbData,
                       U(*got).IPAddress.cbData), "Unexpected value\n");
3737 3738 3739 3740 3741 3742 3743 3744 3745 3746
            break;
        }
    }
}

static void compareAltNameInfo(const CERT_ALT_NAME_INFO *expected,
 const CERT_ALT_NAME_INFO *got)
{
    DWORD i;

3747
    ok(expected->cAltEntry == got->cAltEntry, "Expected %d entries, got %d\n",
3748 3749 3750 3751 3752 3753 3754 3755 3756
     expected->cAltEntry, got->cAltEntry);
    for (i = 0; i < min(expected->cAltEntry, got->cAltEntry); i++)
        compareAltNameEntry(&expected->rgAltEntry[i], &got->rgAltEntry[i]);
}

static void compareDistPointName(const CRL_DIST_POINT_NAME *expected,
 const CRL_DIST_POINT_NAME *got)
{
    ok(got->dwDistPointNameChoice == expected->dwDistPointNameChoice,
3757
     "Unexpected name choice %d\n", got->dwDistPointNameChoice);
3758
    if (got->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
3759
        compareAltNameInfo(&(U(*expected).FullName), &(U(*got).FullName));
3760 3761 3762 3763 3764 3765 3766 3767 3768 3769 3770 3771 3772 3773 3774 3775 3776 3777 3778 3779 3780 3781 3782
}

static void compareCRLIssuingDistPoints(const CRL_ISSUING_DIST_POINT *expected,
 const CRL_ISSUING_DIST_POINT *got)
{
    compareDistPointName(&expected->DistPointName, &got->DistPointName);
    ok(got->fOnlyContainsUserCerts == expected->fOnlyContainsUserCerts,
     "Unexpected fOnlyContainsUserCerts\n");
    ok(got->fOnlyContainsCACerts == expected->fOnlyContainsCACerts,
     "Unexpected fOnlyContainsCACerts\n");
    ok(got->OnlySomeReasonFlags.cbData == expected->OnlySomeReasonFlags.cbData,
     "Unexpected reason flags\n");
    ok(got->fIndirectCRL == expected->fIndirectCRL,
     "Unexpected fIndirectCRL\n");
}

static void test_decodeCRLIssuingDistPoint(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRL_ISSUING_DIST_POINT point = { { 0 } };

3783
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3784
     emptySequence, emptySequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3785
     &buf, &size);
3786 3787 3788 3789 3790
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_ISSUING_DIST_POINT decode support\n");
        return;
    }
3791
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3792 3793 3794 3795 3796
    if (ret)
    {
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
3797
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3798
     badFlagsIDP, badFlagsIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3799
     &buf, &size);
3800
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3801 3802 3803 3804 3805 3806
    if (ret)
    {
        point.fOnlyContainsUserCerts = point.fOnlyContainsCACerts = TRUE;
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
3807
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3808
     emptyNameIDP, emptyNameIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3809
     &buf, &size);
3810
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3811 3812 3813 3814
    if (ret)
    {
        point.fOnlyContainsCACerts = point.fOnlyContainsUserCerts = FALSE;
        point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3815
        U(point.DistPointName).FullName.cAltEntry = 0;
3816 3817 3818
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
3819
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3820
     urlIDP, urlIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3821
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3822 3823 3824 3825 3826
    if (ret)
    {
        CERT_ALT_NAME_ENTRY entry;

        entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3827 3828 3829
        U(entry).pwszURL = (LPWSTR)url;
        U(point.DistPointName).FullName.cAltEntry = 1;
        U(point.DistPointName).FullName.rgAltEntry = &entry;
3830 3831 3832 3833 3834
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
}

3835 3836 3837 3838 3839 3840 3841 3842 3843 3844 3845 3846 3847 3848 3849 3850 3851 3852 3853 3854 3855 3856 3857
static const BYTE v1CRL[] = { 0x30, 0x15, 0x30, 0x02, 0x06, 0x00, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a };
static const BYTE v2CRL[] = { 0x30, 0x18, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
 0x00, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x5a };
static const BYTE v1CRLWithIssuer[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x5a };
static const BYTE v1CRLWithIssuerAndEmptyEntry[] = { 0x30, 0x43, 0x30, 0x02,
 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18,
 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x30, 0x5a, 0x30, 0x15, 0x30, 0x13, 0x02, 0x00, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
3858 3859 3860 3861 3862 3863 3864 3865 3866 3867 3868 3869 3870 3871 3872 3873 3874 3875 3876 3877 3878
static const BYTE v1CRLWithEntryExt[] = { 0x30,0x5a,0x30,0x02,0x06,0x00,0x30,
 0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,
 0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x2c,0x30,0x2a,0x02,0x01,
 0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,
 0x30,0x30,0x5a,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,
 0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE v1CRLWithExt[] = { 0x30,0x5c,0x30,0x02,0x06,0x00,0x30,0x15,
 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
 0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,
 0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
 0x30,0x5a,0xa0,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
 0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE v2CRLWithExt[] = { 0x30,0x5c,0x02,0x01,0x01,0x30,0x02,0x06,
 0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,
 0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,
 0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,
 0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,
 0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,
 0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
3879 3880 3881 3882 3883 3884 3885 3886 3887 3888

static void test_encodeCRLToBeSigned(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRL_INFO info = { 0 };
    CRL_ENTRY entry = { { 0 }, { 0 }, 0, 0 };

    /* Test with a V1 CRL */
3889
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3890
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3891 3892
    ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3893
    if (ret)
3894
    {
3895
        ok(size == sizeof(v1CRL), "Wrong size %d\n", size);
3896 3897 3898 3899 3900
        ok(!memcmp(buf, v1CRL, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test v2 CRL */
    info.dwVersion = CRL_V2;
3901
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3902
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3903 3904
    ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3905
    if (ret)
3906
    {
3907
        ok(size == v2CRL[1] + 2, "Expected size %d, got %d\n",
3908 3909 3910 3911 3912 3913 3914 3915
         v2CRL[1] + 2, size);
        ok(!memcmp(buf, v2CRL, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* v1 CRL with a name */
    info.dwVersion = CRL_V1;
    info.Issuer.cbData = sizeof(encodedCommonName);
    info.Issuer.pbData = (BYTE *)encodedCommonName;
3916
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3917
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3918
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3919
    if (ret)
3920
    {
3921
        ok(size == sizeof(v1CRLWithIssuer), "Wrong size %d\n", size);
3922 3923 3924
        ok(!memcmp(buf, v1CRLWithIssuer, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3925 3926 3927 3928 3929
    if (0)
    {
        /* v1 CRL with a name and a NULL entry pointer (crashes on win9x) */
        info.cCRLEntry = 1;
        ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3930
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3931 3932 3933
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
3934
    /* now set an empty entry */
3935
    info.cCRLEntry = 1;
3936
    info.rgCRLEntry = &entry;
3937
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3938
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3939
    if (ret)
3940 3941
    {
        ok(size == sizeof(v1CRLWithIssuerAndEmptyEntry),
3942
         "Wrong size %d\n", size);
3943 3944 3945 3946 3947 3948 3949
        ok(!memcmp(buf, v1CRLWithIssuerAndEmptyEntry, size),
         "Got unexpected value\n");
        LocalFree(buf);
    }
    /* an entry with a serial number */
    entry.SerialNumber.cbData = sizeof(serialNum);
    entry.SerialNumber.pbData = (BYTE *)serialNum;
3950
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3951
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3952
    if (ret)
3953 3954
    {
        ok(size == sizeof(v1CRLWithIssuerAndEntry),
3955
         "Wrong size %d\n", size);
3956 3957 3958 3959
        ok(!memcmp(buf, v1CRLWithIssuerAndEntry, size),
         "Got unexpected value\n");
        LocalFree(buf);
    }
3960
    /* an entry with an extension */
3961 3962
    entry.cExtension = 1;
    entry.rgExtension = &criticalExt;
3963
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3964
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3965
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3966
    if (ret)
3967
    {
3968
        ok(size == sizeof(v1CRLWithEntryExt), "Wrong size %d\n", size);
3969 3970 3971 3972 3973 3974 3975
        ok(!memcmp(buf, v1CRLWithEntryExt, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* a CRL with an extension */
    entry.cExtension = 0;
    info.cExtension = 1;
    info.rgExtension = &criticalExt;
3976
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3977
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3978
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3979
    if (ret)
3980
    {
3981
        ok(size == sizeof(v1CRLWithExt), "Wrong size %d\n", size);
3982 3983 3984
        ok(!memcmp(buf, v1CRLWithExt, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3985 3986
    /* a v2 CRL with an extension, this time non-critical */
    info.dwVersion = CRL_V2;
3987
    info.rgExtension = &nonCriticalExt;
3988
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3989
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3990
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3991
    if (ret)
3992
    {
3993
        ok(size == sizeof(v2CRLWithExt), "Wrong size %d\n", size);
3994 3995 3996
        ok(!memcmp(buf, v2CRLWithExt, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3997 3998
}

3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 4011 4012 4013 4014 4015 4016 4017 4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 4031 4032 4033
static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
 0xcd };
4034 4035 4036 4037 4038 4039 4040 4041 4042 4043 4044 4045 4046 4047 4048 4049 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542
static const BYTE verisignCRLWithLotsOfEntries[] = {
0x30,0x82,0x1d,0xbd,0x30,0x82,0x1d,0x26,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,
0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,
0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,
0x6f,0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,
0x61,0x72,0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,
0x43,0x41,0x17,0x0d,0x30,0x34,0x30,0x33,0x33,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x17,0x0d,0x30,0x34,0x30,0x35,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
0x39,0x5a,0x30,0x82,0x1c,0x92,0x30,0x21,0x02,0x10,0x01,0x22,0xb8,0xb2,0xf3,
0x76,0x42,0xcc,0x48,0x71,0xb6,0x11,0xbf,0xd1,0xcf,0xda,0x17,0x0d,0x30,0x32,
0x30,0x34,0x31,0x35,0x31,0x35,0x34,0x30,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,
0x01,0x83,0x93,0xfb,0x96,0xde,0x1d,0x89,0x4e,0xc3,0x47,0x9c,0xe1,0x60,0x13,
0x63,0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x39,0x31,0x33,0x35,0x37,0x35,0x38,
0x5a,0x30,0x21,0x02,0x10,0x01,0xdc,0xdb,0x63,0xd4,0xc9,0x9f,0x31,0xb8,0x16,
0xf9,0x2c,0xf5,0xb1,0x08,0x8e,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x38,0x31,
0x37,0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x02,0x1a,0xa6,0xaf,0x94,
0x71,0xf0,0x07,0x6e,0xf1,0x17,0xe4,0xd4,0x17,0x82,0xdb,0x17,0x0d,0x30,0x32,
0x30,0x37,0x31,0x39,0x32,0x31,0x32,0x38,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,
0x02,0x4c,0xe8,0x9d,0xfd,0x5f,0x77,0x4d,0x4b,0xf5,0x79,0x8b,0xb1,0x08,0x67,
0xac,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x32,0x30,0x36,0x31,0x36,0x35,0x30,
0x5a,0x30,0x21,0x02,0x10,0x02,0x59,0xae,0x6c,0x4c,0x21,0xf1,0x59,0x49,0x87,
0xb0,0x95,0xf9,0x65,0xf3,0x20,0x17,0x0d,0x30,0x33,0x30,0x36,0x31,0x39,0x30,
0x38,0x30,0x34,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x03,0x3c,0x41,0x0e,0x2f,
0x42,0x5c,0x32,0x2c,0xb1,0x35,0xfe,0xe7,0x61,0x97,0xa5,0x17,0x0d,0x30,0x32,
0x30,0x34,0x32,0x34,0x31,0x39,0x34,0x37,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,
0x03,0x4e,0x68,0xfa,0x8b,0xb2,0x8e,0xb9,0x72,0xea,0x72,0xe5,0x3b,0x15,0xac,
0x8b,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x32,0x31,0x35,0x31,0x35,0x31,
0x5a,0x30,0x21,0x02,0x10,0x03,0xc9,0xa8,0xe3,0x48,0xb0,0x5f,0xcf,0x08,0xee,
0xb9,0x93,0xf9,0xe9,0xaf,0x0c,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x38,0x31,
0x33,0x34,0x39,0x32,0x32,0x5a,0x30,0x21,0x02,0x10,0x04,0x9b,0x23,0x6a,0x37,
0x5c,0x06,0x98,0x0a,0x31,0xc8,0x86,0xdc,0x3a,0x95,0xcc,0x17,0x0d,0x30,0x32,
0x31,0x30,0x30,0x31,0x32,0x32,0x31,0x30,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,
0x06,0x08,0xba,0xc7,0xac,0xf8,0x5a,0x7c,0xa1,0xf4,0x25,0x85,0xbb,0x4e,0x8c,
0x4f,0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x33,0x30,0x37,0x35,0x37,0x31,0x34,
0x5a,0x30,0x21,0x02,0x10,0x07,0x66,0x22,0x4a,0x4a,0x9d,0xff,0x6e,0xb5,0x11,
0x0b,0xa9,0x94,0xfc,0x68,0x20,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x32,0x30,
0x31,0x34,0x30,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x07,0x8f,0xa1,0x4d,0xb5,
0xfc,0x0c,0xc6,0x42,0x72,0x88,0x37,0x76,0x29,0x44,0x31,0x17,0x0d,0x30,0x32,
0x30,0x33,0x31,0x35,0x32,0x30,0x31,0x39,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,
0x07,0xb9,0xd9,0x42,0x19,0x81,0xc4,0xfd,0x49,0x4f,0x72,0xce,0xf2,0xf8,0x6d,
0x76,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x35,0x31,0x35,0x33,0x37,0x31,0x39,
0x5a,0x30,0x21,0x02,0x10,0x08,0x6e,0xf9,0x6c,0x7f,0xbf,0xbc,0xc8,0x86,0x70,
0x62,0x3f,0xe9,0xc4,0x2f,0x2b,0x17,0x0d,0x30,0x32,0x31,0x31,0x32,0x38,0x30,
0x30,0x32,0x38,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x09,0x08,0xe4,0xaa,0xf5,
0x2d,0x2b,0xc0,0x15,0x9e,0x00,0x8b,0x3f,0x97,0x93,0xf9,0x17,0x0d,0x30,0x33,
0x30,0x32,0x31,0x32,0x32,0x32,0x30,0x30,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,
0x09,0x13,0x0a,0x4f,0x0f,0x88,0xe5,0x50,0x05,0xc3,0x5f,0xf4,0xff,0x15,0x39,
0xdd,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,0x38,0x31,0x31,0x33,0x30,
0x5a,0x30,0x21,0x02,0x10,0x09,0x8d,0xdd,0x37,0xda,0xe7,0x84,0x03,0x9d,0x98,
0x96,0xf8,0x88,0x3a,0x55,0xca,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x32,
0x33,0x33,0x35,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x0a,0x35,0x0c,0xd7,0xf4,
0x53,0xe6,0xc1,0x4e,0xf2,0x2a,0xd3,0xce,0xf8,0x7c,0xe7,0x17,0x0d,0x30,0x32,
0x30,0x38,0x30,0x32,0x32,0x32,0x32,0x34,0x32,0x38,0x5a,0x30,0x21,0x02,0x10,
0x0b,0x9c,0xb8,0xf8,0xfb,0x35,0x38,0xf2,0x91,0xfd,0xa1,0xe9,0x69,0x4a,0xb1,
0x24,0x17,0x0d,0x30,0x33,0x30,0x34,0x30,0x38,0x30,0x31,0x30,0x32,0x32,0x32,
0x5a,0x30,0x21,0x02,0x10,0x0c,0x2f,0x7f,0x32,0x15,0xe0,0x2f,0x74,0xfa,0x05,
0x22,0x67,0xbc,0x8a,0x2d,0xd0,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x31,
0x39,0x30,0x37,0x35,0x34,0x5a,0x30,0x21,0x02,0x10,0x0c,0x32,0x5b,0x78,0x32,
0xc6,0x7c,0xd8,0xdd,0x25,0x91,0x22,0x4d,0x84,0x0a,0x94,0x17,0x0d,0x30,0x32,
0x30,0x33,0x31,0x38,0x31,0x32,0x33,0x39,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,
0x0d,0x76,0x36,0xb9,0x1c,0x72,0xb7,0x9d,0xdf,0xa5,0x35,0x82,0xc5,0xa8,0xf7,
0xbb,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x37,0x32,0x31,0x34,0x32,0x31,0x31,
0x5a,0x30,0x21,0x02,0x10,0x0f,0x28,0x79,0x98,0x56,0xb8,0xa5,0x5e,0xeb,0x79,
0x5f,0x1b,0xed,0x0b,0x86,0x76,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x33,0x30,
0x31,0x31,0x30,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x0f,0x80,0x3c,0x24,0xf4,
0x62,0x27,0x24,0xbe,0x6a,0x74,0x9c,0x18,0x8e,0x4b,0x3b,0x17,0x0d,0x30,0x32,
0x31,0x31,0x32,0x30,0x31,0x37,0x31,0x31,0x33,0x35,0x5a,0x30,0x21,0x02,0x10,
0x0f,0xf2,0xa7,0x8c,0x80,0x9c,0xbe,0x2f,0xc8,0xa9,0xeb,0xfe,0x94,0x86,0x5a,
0x5c,0x17,0x0d,0x30,0x32,0x30,0x36,0x32,0x30,0x31,0x39,0x35,0x38,0x34,0x35,
0x5a,0x30,0x21,0x02,0x10,0x10,0x45,0x13,0x35,0x45,0xf3,0xc6,0x02,0x8d,0x8d,
0x18,0xb1,0xc4,0x0a,0x7a,0x18,0x17,0x0d,0x30,0x32,0x30,0x34,0x32,0x36,0x31,
0x37,0x33,0x32,0x35,0x39,0x5a,0x30,0x21,0x02,0x10,0x10,0x79,0xb1,0x71,0x1b,
0x26,0x98,0x92,0x08,0x1e,0x3c,0xe4,0x8b,0x29,0x37,0xf9,0x17,0x0d,0x30,0x32,
0x30,0x33,0x32,0x38,0x31,0x36,0x33,0x32,0x35,0x35,0x5a,0x30,0x21,0x02,0x10,
0x11,0x38,0x80,0x77,0xcb,0x6b,0xe5,0xd6,0xa7,0xf2,0x99,0xa1,0xc8,0xe9,0x40,
0x25,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x39,0x31,0x32,0x32,0x34,0x31,0x37,
0x5a,0x30,0x21,0x02,0x10,0x11,0x7a,0xc3,0x82,0xfe,0x74,0x36,0x11,0x21,0xd6,
0x92,0x86,0x09,0xdf,0xe6,0xf3,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x39,0x31,
0x35,0x31,0x31,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x11,0xab,0x8e,0x21,0x28,
0x7f,0x6d,0xf2,0xc1,0xc8,0x40,0x3e,0xa5,0xde,0x98,0xd3,0x17,0x0d,0x30,0x32,
0x30,0x35,0x30,0x32,0x31,0x38,0x34,0x34,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,
0x12,0x3c,0x38,0xae,0x3f,0x64,0x53,0x3a,0xf7,0xbc,0x6c,0x27,0xe2,0x9c,0x65,
0x75,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x32,0x33,0x30,0x38,0x35,0x39,
0x5a,0x30,0x21,0x02,0x10,0x12,0x88,0xb6,0x6c,0x9b,0xcf,0xe7,0x50,0x92,0xd2,
0x87,0x63,0x8f,0xb7,0xa6,0xe3,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x32,0x32,
0x30,0x35,0x35,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x12,0x95,0x4e,0xb6,0x8f,
0x3a,0x19,0x6a,0x16,0x73,0x4f,0x6e,0x15,0xba,0xa5,0xe7,0x17,0x0d,0x30,0x32,
0x30,0x36,0x31,0x37,0x31,0x38,0x35,0x36,0x30,0x31,0x5a,0x30,0x21,0x02,0x10,
0x13,0x37,0x0b,0x41,0x8c,0x31,0x43,0x1c,0x27,0xaa,0xe1,0x83,0x0f,0x99,0x21,
0xcd,0x17,0x0d,0x30,0x32,0x30,0x37,0x32,0x32,0x31,0x32,0x31,0x37,0x31,0x36,
0x5a,0x30,0x21,0x02,0x10,0x14,0x7a,0x29,0x0a,0x09,0x38,0xf4,0x53,0x28,0x33,
0x6f,0x37,0x07,0x23,0x12,0x10,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x30,
0x32,0x30,0x30,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x15,0x04,0x81,0x1e,0xe2,
0x6f,0xf0,0xd8,0xdd,0x12,0x55,0x05,0x66,0x51,0x6e,0x1a,0x17,0x0d,0x30,0x32,
0x30,0x33,0x31,0x33,0x31,0x30,0x35,0x33,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,
0x15,0x30,0x0d,0x8a,0xbd,0x0e,0x89,0x0e,0x66,0x4f,0x49,0x93,0xa2,0x8f,0xbc,
0x2e,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x34,0x30,0x36,0x34,0x32,0x32,0x33,
0x5a,0x30,0x21,0x02,0x10,0x16,0xbe,0x64,0xd6,0x4f,0x90,0xf4,0xf7,0x2b,0xc8,
0xca,0x67,0x5c,0x82,0x13,0xe8,0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x36,0x31,
0x39,0x30,0x39,0x30,0x37,0x5a,0x30,0x21,0x02,0x10,0x18,0x51,0x9c,0xe4,0x48,
0x62,0x06,0xfe,0xb8,0x2d,0x93,0xb7,0xc9,0xc9,0x1b,0x4e,0x17,0x0d,0x30,0x32,
0x30,0x34,0x31,0x37,0x30,0x35,0x30,0x30,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,
0x19,0x82,0xdb,0x39,0x74,0x00,0x38,0x36,0x59,0xf6,0xcc,0xc1,0x23,0x8d,0x40,
0xe9,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,0x37,0x35,0x34,0x35,0x34,
0x5a,0x30,0x21,0x02,0x10,0x1b,0x51,0x90,0xf7,0x37,0x24,0x39,0x9c,0x92,0x54,
0xcd,0x42,0x46,0x37,0x99,0x6a,0x17,0x0d,0x30,0x31,0x30,0x31,0x33,0x30,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x21,0x02,0x10,0x1b,0xe4,0xb2,0xbb,0xb6,
0x74,0x5d,0x6b,0x8b,0x04,0xb6,0xa0,0x1b,0x35,0xeb,0x29,0x17,0x0d,0x30,0x32,
0x30,0x39,0x32,0x35,0x32,0x30,0x31,0x34,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,
0x1c,0x1d,0xd5,0x2a,0xf6,0xaa,0xfd,0xbb,0x47,0xc2,0x73,0x36,0xcf,0x53,0xbd,
0x81,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x31,0x39,0x30,0x33,0x34,0x32,
0x5a,0x30,0x21,0x02,0x10,0x1c,0xb0,0x5a,0x1f,0xfd,0xa6,0x98,0xf6,0x46,0xf9,
0x32,0x10,0x9e,0xef,0x52,0x8e,0x17,0x0d,0x30,0x32,0x30,0x36,0x32,0x37,0x31,
0x33,0x30,0x33,0x32,0x32,0x5a,0x30,0x21,0x02,0x10,0x1d,0x01,0xfc,0xa7,0xdd,
0xb4,0x0c,0x64,0xbd,0x65,0x45,0xe6,0xbf,0x1c,0x7e,0x90,0x17,0x0d,0x30,0x32,
0x30,0x32,0x32,0x31,0x30,0x34,0x32,0x30,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,
0x1e,0x4d,0xc9,0xc6,0x6e,0x57,0xda,0x8a,0x07,0x97,0x70,0xfa,0xee,0x9c,0xc5,
0x58,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x39,0x32,0x32,0x33,0x34,0x32,0x31,
0x5a,0x30,0x21,0x02,0x10,0x1e,0xbb,0x9b,0x28,0x61,0x50,0x7f,0x12,0x30,0xfb,
0x02,0xb5,0xe1,0xb0,0x7e,0x9d,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,
0x30,0x30,0x34,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x1f,0x5a,0x64,0xc9,0xa5,
0x51,0x8c,0xe2,0x2d,0x50,0x83,0xc2,0x4c,0x7c,0xe7,0x85,0x17,0x0d,0x30,0x32,
0x30,0x38,0x32,0x34,0x30,0x36,0x33,0x31,0x32,0x38,0x5a,0x30,0x21,0x02,0x10,
0x1f,0xc2,0x4e,0xd0,0xac,0x52,0xd3,0x39,0x18,0x6d,0xd0,0x0f,0x23,0xd7,0x45,
0x72,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x31,0x39,0x31,0x35,0x34,0x32,
0x5a,0x30,0x20,0x02,0x0f,0x24,0x60,0x7a,0x8e,0x0e,0x86,0xa4,0x88,0x68,0xaf,
0xd9,0x0c,0x6b,0xba,0xff,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x30,0x35,
0x31,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x20,0x41,0x73,0xbb,0x72,0x88,
0x6e,0x4b,0x1c,0xb6,0x70,0x02,0x67,0xaa,0x3b,0x3d,0x17,0x0d,0x30,0x32,0x30,
0x39,0x30,0x33,0x31,0x37,0x30,0x36,0x32,0x31,0x5a,0x30,0x21,0x02,0x10,0x20,
0x6e,0x0d,0xdc,0x8c,0xa4,0xac,0xf7,0x08,0x77,0x5c,0x80,0xf9,0xa3,0x68,0x92,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x32,0x30,0x35,0x37,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x21,0xe4,0x6b,0x98,0x47,0x91,0xe6,0x02,0xdf,0xb2,0x45,
0xbc,0x31,0x37,0xa0,0x7c,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x32,0x33,
0x32,0x33,0x31,0x33,0x5a,0x30,0x21,0x02,0x10,0x22,0x00,0x95,0x70,0x79,0xf9,
0x9c,0x34,0x91,0xbb,0x84,0xb9,0x91,0xde,0x22,0x55,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x33,0x30,0x36,0x35,0x39,0x33,0x39,0x5a,0x30,0x21,0x02,0x10,0x22,
0xf9,0x67,0x4f,0xcd,0x29,0xc6,0xdc,0xc8,0x22,0x6e,0xe9,0x0a,0xa1,0x48,0x5a,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x33,0x30,0x30,0x34,0x33,0x32,0x36,0x5a,
0x30,0x21,0x02,0x10,0x24,0xa3,0xa7,0xd0,0xb8,0x1d,0x1c,0xf7,0xe6,0x1f,0x6e,
0xba,0xc9,0x98,0x59,0xed,0x17,0x0d,0x30,0x33,0x30,0x37,0x32,0x34,0x32,0x30,
0x35,0x38,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x24,0xef,0x89,0xa1,0x30,0x4f,
0x51,0x63,0xfe,0xdb,0xdb,0x64,0x6e,0x4c,0x5a,0x81,0x17,0x0d,0x30,0x32,0x30,
0x37,0x30,0x33,0x30,0x39,0x32,0x31,0x31,0x37,0x5a,0x30,0x21,0x02,0x10,0x25,
0x08,0xe5,0xac,0xdd,0x6f,0x74,0x44,0x51,0x1a,0xf5,0xdb,0xf8,0xba,0x25,0xe0,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x39,0x30,0x34,0x31,0x36,0x32,0x32,0x5a,
0x30,0x21,0x02,0x10,0x25,0x81,0xe8,0x18,0x60,0x88,0xbc,0x1a,0xe9,0x14,0x84,
0xed,0xd4,0x62,0xf5,0x47,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x33,0x30,0x31,
0x35,0x37,0x31,0x39,0x5a,0x30,0x21,0x02,0x10,0x26,0xe5,0x5c,0xab,0x16,0xec,
0x61,0x38,0x49,0x2c,0xd2,0xb1,0x48,0x89,0xd5,0x47,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x33,0x31,0x38,0x30,0x30,0x33,0x38,0x5a,0x30,0x21,0x02,0x10,0x27,
0xbe,0xda,0x7f,0x4f,0x1f,0x6c,0x76,0x09,0xc0,0x9a,0xaf,0xd4,0x68,0xe2,0x16,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x30,0x31,0x38,0x33,0x32,0x33,0x30,0x5a,
0x30,0x21,0x02,0x10,0x28,0x89,0xd0,0xb3,0xb5,0xc4,0x56,0x36,0x9b,0x3e,0x81,
0x1a,0x21,0x56,0xaa,0x42,0x17,0x0d,0x30,0x32,0x31,0x31,0x30,0x34,0x31,0x31,
0x30,0x33,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x28,0xab,0x93,0x06,0xb1,0x1e,
0x05,0xe0,0xe1,0x25,0x75,0xc7,0x74,0xcb,0x55,0xa6,0x17,0x0d,0x30,0x33,0x30,
0x31,0x32,0x34,0x31,0x39,0x34,0x38,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x29,
0xe9,0x3b,0x44,0x8d,0xc3,0x4b,0x80,0x17,0xda,0xe4,0x1c,0x43,0x96,0x83,0x59,
0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x37,0x32,0x31,0x34,0x33,0x33,0x39,0x5a,
0x30,0x21,0x02,0x10,0x2a,0x08,0x64,0x2b,0x48,0xe2,0x17,0x89,0x6a,0x0c,0xf9,
0x7e,0x10,0x66,0x8f,0xe7,0x17,0x0d,0x30,0x32,0x30,0x38,0x31,0x39,0x31,0x38,
0x33,0x35,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x2a,0x44,0xee,0x91,0x5d,0xe3,
0xa5,0x2b,0x09,0xf3,0x56,0x59,0xe0,0x8f,0x25,0x22,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x31,0x31,0x39,0x33,0x31,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x2a,
0x8b,0x4e,0xa5,0xb6,0x06,0xc8,0x48,0x3b,0x0e,0x71,0x1e,0x6b,0xf4,0x16,0xc1,
0x17,0x0d,0x30,0x32,0x30,0x34,0x33,0x30,0x30,0x39,0x32,0x31,0x31,0x38,0x5a,
0x30,0x21,0x02,0x10,0x2b,0x03,0xfc,0x2f,0xc2,0x8e,0x38,0x29,0x6f,0xa1,0x0f,
0xe9,0x47,0x1b,0x35,0xd7,0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x34,0x32,0x30,
0x31,0x38,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x2c,0x48,0xf7,0xd6,0xd5,0x71,
0xc0,0xd1,0xbd,0x6a,0x00,0x65,0x1d,0x2d,0xa9,0xdd,0x17,0x0d,0x30,0x32,0x30,
0x33,0x30,0x36,0x31,0x37,0x32,0x30,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x2c,
0xbf,0x84,0x1d,0xe4,0x58,0x32,0x79,0x32,0x10,0x37,0xde,0xd7,0x94,0xff,0x85,
0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x31,0x39,0x30,0x32,0x32,0x35,0x5a,
0x30,0x21,0x02,0x10,0x2d,0x03,0x54,0x35,0x54,0x45,0x2c,0x6d,0x39,0xf0,0x1b,
0x74,0x68,0xde,0xcf,0x93,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x33,0x31,0x33,
0x32,0x33,0x33,0x37,0x5a,0x30,0x21,0x02,0x10,0x2d,0x24,0x94,0x34,0x19,0x92,
0xb1,0xf2,0x37,0x9d,0x6e,0xc5,0x35,0x93,0xdd,0xf0,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x35,0x31,0x37,0x31,0x37,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x2d,
0x47,0x24,0x61,0x87,0x91,0xba,0x2e,0xf2,0xf7,0x92,0x21,0xf3,0x1b,0x8b,0x1e,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x34,0x32,0x33,0x30,0x38,0x32,0x32,0x5a,
0x30,0x21,0x02,0x10,0x2d,0x84,0xc2,0xb1,0x01,0xa1,0x3a,0x6f,0xb0,0x30,0x13,
0x76,0x5a,0x69,0xec,0x41,0x17,0x0d,0x30,0x32,0x30,0x37,0x31,0x35,0x31,0x37,
0x32,0x39,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x2d,0xd5,0x26,0xc3,0xcd,0x01,
0xce,0xfd,0x67,0xb8,0x08,0xac,0x5a,0x70,0xc4,0x34,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x37,0x30,0x34,0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x2e,
0x2b,0x0a,0x94,0x4d,0xf1,0xa4,0x37,0xb7,0xa3,0x9b,0x4b,0x96,0x26,0xa8,0xe3,
0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x39,0x30,0x36,0x32,0x38,0x32,0x38,0x5a,
0x30,0x21,0x02,0x10,0x2e,0x31,0x30,0xc1,0x2e,0x16,0x31,0xd9,0x2b,0x0a,0x70,
0xca,0x3f,0x31,0x73,0x62,0x17,0x0d,0x30,0x33,0x30,0x31,0x32,0x39,0x30,0x31,
0x34,0x39,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x2e,0xbd,0x6d,0xdf,0xce,0x20,
0x6f,0xe7,0xa8,0xf4,0xf3,0x25,0x9c,0xc3,0xc1,0x12,0x17,0x0d,0x30,0x32,0x30,
0x39,0x32,0x30,0x31,0x33,0x35,0x34,0x34,0x32,0x5a,0x30,0x21,0x02,0x10,0x2f,
0x56,0x16,0x22,0xba,0x87,0xd5,0xfd,0xff,0xe6,0xb0,0xdd,0x3c,0x08,0x26,0x2c,
0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x33,0x31,0x37,0x35,0x33,0x31,0x31,0x5a,
0x30,0x21,0x02,0x10,0x30,0x3e,0x77,0x7b,0xec,0xcb,0x89,0x2c,0x15,0x55,0x7f,
0x20,0xf2,0x33,0xc1,0x1e,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x32,0x33,
0x35,0x30,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,0x30,0x59,0x6c,0xaa,0x5f,0xd3,
0xac,0x50,0x86,0x2c,0xc4,0xfa,0x3c,0x48,0x50,0xd1,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x31,0x30,0x34,0x31,0x39,0x33,0x35,0x5a,0x30,0x21,0x02,0x10,0x30,
0xce,0x9a,0xf1,0xfa,0x17,0xfa,0xf5,0x4c,0xbc,0x52,0x8a,0xf4,0x26,0x2b,0x7b,
0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x31,0x31,0x39,0x31,0x32,0x33,0x39,0x5a,
0x30,0x21,0x02,0x10,0x31,0x16,0x4a,0x6a,0x2e,0x6d,0x34,0x4d,0xd2,0x40,0xf0,
0x5f,0x47,0xe6,0x5b,0x47,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x32,0x31,0x37,
0x33,0x38,0x35,0x32,0x5a,0x30,0x21,0x02,0x10,0x31,0xdb,0x97,0x5b,0x06,0x63,
0x0b,0xd8,0xfe,0x06,0xb3,0xf5,0xf9,0x64,0x0a,0x59,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x32,0x31,0x35,0x35,0x39,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x32,
0xbc,0xeb,0x0c,0xca,0x65,0x06,0x3f,0xa4,0xd5,0x4a,0x56,0x46,0x7c,0x22,0x09,
0x17,0x0d,0x30,0x32,0x30,0x38,0x31,0x36,0x30,0x37,0x33,0x33,0x35,0x35,0x5a,
0x30,0x21,0x02,0x10,0x33,0x17,0xef,0xe1,0x89,0xec,0x11,0x25,0x15,0x8f,0x3b,
0x67,0x7a,0x64,0x0b,0x50,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x38,0x31,0x37,
0x30,0x33,0x34,0x36,0x5a,0x30,0x21,0x02,0x10,0x34,0x24,0xa0,0xd2,0x00,0x61,
0xeb,0xd3,0x9a,0xa7,0x2a,0x66,0xb4,0x82,0x23,0x77,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x35,0x32,0x32,0x34,0x33,0x33,0x39,0x5a,0x30,0x21,0x02,0x10,0x34,
0xa8,0x16,0x67,0xa5,0x1b,0xa3,0x31,0x11,0x5e,0x26,0xc8,0x3f,0x21,0x38,0xbe,
0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x31,0x32,0x31,0x31,0x36,0x32,0x31,0x5a,
0x30,0x21,0x02,0x10,0x36,0x3a,0xbe,0x05,0x55,0x52,0x93,0x4f,0x32,0x5f,0x30,
0x63,0xc0,0xd4,0x50,0xdf,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x31,
0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x37,0x19,0xcc,0xa5,0x9d,0x85,
0x05,0x56,0xe1,0x63,0x42,0x4b,0x0d,0x3c,0xbf,0xd6,0x17,0x0d,0x30,0x33,0x30,
0x31,0x30,0x38,0x31,0x38,0x35,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x37,
0x2f,0xfd,0x2b,0xec,0x4d,0x94,0x35,0x51,0xf4,0x07,0x2a,0xf5,0x0b,0x97,0xc4,
0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x31,0x39,0x31,0x38,0x30,0x31,0x5a,
0x30,0x21,0x02,0x10,0x37,0x83,0xf5,0x1e,0x7e,0xf4,0x5f,0xad,0x1f,0x0c,0x55,
0x86,0x30,0x02,0x54,0xc1,0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x38,0x32,0x30,
0x30,0x33,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x38,0x32,0x3e,0x50,0x2b,0x36,
0x93,0x01,0x32,0x0a,0x59,0x8c,0xce,0xad,0xa0,0xeb,0x17,0x0d,0x30,0x32,0x30,
0x34,0x33,0x30,0x32,0x31,0x32,0x34,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x3a,
0x62,0xd8,0x64,0xd3,0x85,0xd5,0x61,0x1d,0x9d,0x3f,0x61,0x25,0xe9,0x3a,0x1d,
0x17,0x0d,0x30,0x32,0x30,0x36,0x31,0x37,0x31,0x35,0x31,0x39,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x3a,0x97,0x36,0xb1,0x26,0x14,0x73,0x50,0xa3,0xcc,0x3f,
0xd0,0x3b,0x83,0x99,0xc9,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x31,0x30,0x33,
0x32,0x39,0x33,0x30,0x5a,0x30,0x21,0x02,0x10,0x3b,0x87,0x3e,0x20,0xbe,0x97,
0xff,0xa7,0x6b,0x2b,0x5f,0xff,0x9a,0x7f,0x4c,0x95,0x17,0x0d,0x30,0x32,0x30,
0x37,0x30,0x33,0x30,0x30,0x33,0x31,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x3b,
0xba,0xe5,0xf2,0x23,0x99,0xc6,0xd7,0xae,0xe2,0x98,0x0d,0xa4,0x13,0x5c,0xd4,
0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x34,0x31,0x39,0x32,0x38,0x34,0x35,0x5a,
0x30,0x21,0x02,0x10,0x3b,0xc2,0x7c,0xf0,0xbd,0xd2,0x9a,0x6f,0x97,0xdd,0x76,
0xbc,0xa9,0x6c,0x45,0x0d,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x30,
0x34,0x32,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x3b,0xc5,0xda,0x41,0x64,0x7a,
0x37,0x8e,0x9f,0x7f,0x1f,0x9b,0x25,0x0a,0xb4,0xda,0x17,0x0d,0x30,0x32,0x30,
0x33,0x30,0x36,0x31,0x33,0x32,0x34,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x3c,
0x1b,0xf1,0x9a,0x48,0xb0,0xb8,0xa0,0x45,0xd5,0x8f,0x0f,0x57,0x90,0xc2,0xcd,
0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x38,0x30,0x36,0x34,0x33,0x32,0x33,0x5a,
0x30,0x21,0x02,0x10,0x3d,0x15,0x48,0x80,0xb4,0xfe,0x51,0x7e,0xed,0x46,0xae,
0x51,0xfd,0x47,0x73,0xde,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x37,0x30,0x39,
0x32,0x30,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x3d,0x61,0x4e,0x87,0xea,0x39,
0x02,0xf3,0x1e,0x3e,0x56,0x5c,0x0e,0x3b,0xa7,0xe3,0x17,0x0d,0x30,0x32,0x31,
0x30,0x32,0x39,0x31,0x39,0x35,0x34,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x3d,
0xdd,0x61,0x92,0x82,0x69,0x6b,0x01,0x79,0x0e,0xef,0x96,0x12,0xa3,0x76,0x80,
0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x31,0x32,0x32,0x32,0x34,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x3e,0x0e,0x14,0x71,0x55,0xf3,0x48,0x09,0x1b,0x56,0x3b,
0x91,0x7a,0x7d,0xec,0xc9,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x31,0x32,0x31,
0x34,0x35,0x35,0x31,0x5a,0x30,0x21,0x02,0x10,0x3e,0x23,0x00,0x1f,0x9b,0xbd,
0xe8,0xb1,0xf0,0x06,0x67,0xa6,0x70,0x42,0x2e,0xc3,0x17,0x0d,0x30,0x32,0x30,
0x38,0x30,0x38,0x31,0x32,0x32,0x31,0x33,0x32,0x5a,0x30,0x21,0x02,0x10,0x41,
0x91,0x1a,0x8c,0xde,0x2d,0xb3,0xeb,0x79,0x1d,0xc7,0x99,0x99,0xbe,0x0c,0x0e,
0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x35,0x31,0x39,0x31,0x38,0x35,0x34,0x5a,
0x30,0x21,0x02,0x10,0x41,0xa8,0xd7,0x9c,0x10,0x5e,0x5a,0xac,0x16,0x7f,0x93,
0xaa,0xd1,0x83,0x34,0x55,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x31,0x32,
0x35,0x33,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x42,0x88,0x96,0xb0,0x7b,0x28,
0xa2,0xfa,0x2f,0x91,0x73,0x58,0xa7,0x1e,0x53,0x7c,0x17,0x0d,0x30,0x33,0x30,
0x33,0x30,0x31,0x30,0x39,0x34,0x33,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,0x42,
0x93,0x2f,0xd2,0x54,0xd3,0x94,0xd0,0x41,0x6a,0x2e,0x33,0x8b,0x81,0xb4,0x3c,
0x17,0x0d,0x30,0x32,0x30,0x38,0x30,0x38,0x30,0x30,0x34,0x38,0x34,0x36,0x5a,
0x30,0x21,0x02,0x10,0x44,0x24,0xdd,0xba,0x85,0xfd,0x3e,0xb2,0xb8,0x17,0x74,
0xfd,0x9d,0x5c,0x0c,0xbd,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x31,0x31,0x36,
0x30,0x39,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x45,0x02,0x18,0x7d,0x39,0x9c,
0xb9,0x14,0xfb,0x10,0x37,0x96,0xf4,0xc1,0xdd,0x2f,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x31,0x31,0x31,0x31,0x31,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,0x45,
0x16,0xbc,0x31,0x0b,0x4e,0x87,0x0a,0xcc,0xe3,0xd5,0x14,0x16,0x33,0x11,0x83,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x32,0x30,0x32,0x32,0x30,0x31,0x37,0x5a,
0x30,0x21,0x02,0x10,0x46,0x16,0x36,0xde,0x3f,0xef,0x8c,0xfa,0x67,0x53,0x12,
0xcc,0x76,0x63,0xd6,0xdd,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x34,0x31,0x36,
0x35,0x39,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x46,0x5f,0x85,0xa3,0xa4,0x98,
0x3c,0x40,0x63,0xf6,0x1c,0xf7,0xc2,0xbe,0xfd,0x0e,0x17,0x0d,0x30,0x32,0x30,
0x34,0x30,0x39,0x31,0x35,0x33,0x30,0x30,0x35,0x5a,0x30,0x21,0x02,0x10,0x47,
0x20,0xc2,0xd8,0x85,0x85,0x54,0x39,0xcd,0xf2,0x10,0xf0,0xa7,0x88,0x52,0x75,
0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x30,0x32,0x32,0x32,0x35,0x32,0x37,0x5a,
0x30,0x21,0x02,0x10,0x47,0x42,0x6e,0xa2,0xab,0xc5,0x33,0x5d,0x50,0x44,0x0b,
0x88,0x97,0x84,0x59,0x4c,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x35,0x31,0x34,
0x30,0x35,0x31,0x39,0x5a,0x30,0x21,0x02,0x10,0x49,0x20,0x3f,0xa8,0x6e,0x81,
0xc8,0x3b,0x26,0x05,0xf4,0xa7,0x9b,0x5a,0x81,0x60,0x17,0x0d,0x30,0x32,0x30,
0x37,0x31,0x31,0x31,0x37,0x35,0x30,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x49,
0x8b,0x6f,0x05,0xfb,0xcb,0xf4,0x5a,0xaf,0x09,0x47,0xb1,0x04,0xc5,0xe3,0x51,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x32,0x31,0x37,0x34,0x38,0x30,0x38,0x5a,
0x30,0x21,0x02,0x10,0x49,0xb2,0xc3,0x7a,0xbf,0x75,0x2a,0xb3,0x13,0xae,0x53,
0xc6,0xcb,0x45,0x5a,0x3e,0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x35,0x32,0x31,
0x33,0x35,0x33,0x37,0x5a,0x30,0x21,0x02,0x10,0x4b,0xca,0xc3,0xab,0x0a,0xc5,
0xcd,0x90,0xa2,0xbe,0x43,0xfe,0xdd,0x06,0xe1,0x45,0x17,0x0d,0x30,0x32,0x30,
0x37,0x32,0x30,0x31,0x37,0x33,0x32,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x4c,
0x00,0xcc,0x73,0xd5,0x74,0x61,0x62,0x92,0x52,0xff,0xde,0x5b,0xc1,0x55,0xbd,
0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x36,0x31,0x34,0x30,0x31,0x35,0x31,0x5a,
0x30,0x21,0x02,0x10,0x4c,0x59,0xc1,0xc3,0x56,0x40,0x27,0xd4,0x22,0x0e,0x37,
0xf6,0x5f,0x26,0x50,0xc5,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x30,0x39,
0x35,0x37,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x4c,0xca,0x12,0x59,0x46,0xf9,
0x2b,0xc6,0x7d,0x33,0x78,0x40,0x2c,0x3b,0x7a,0x0c,0x17,0x0d,0x30,0x32,0x30,
0x35,0x33,0x30,0x32,0x30,0x32,0x34,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x4d,
0x57,0x51,0x35,0x9b,0xe5,0x41,0x2c,0x69,0x66,0xc7,0x21,0xec,0xc6,0x29,0x32,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x30,0x34,0x33,0x35,0x35,0x36,0x5a,
0x30,0x21,0x02,0x10,0x4e,0x85,0xab,0x9e,0x17,0x54,0xe7,0x42,0x0f,0x8c,0xa1,
0x65,0x96,0x88,0x53,0x54,0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x38,0x30,0x30,
0x31,0x38,0x35,0x33,0x5a,0x30,0x21,0x02,0x10,0x50,0x3d,0xed,0xac,0x21,0x86,
0x66,0x5d,0xa5,0x1a,0x13,0xee,0xfc,0xa7,0x0b,0xc6,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x38,0x31,0x33,0x35,0x35,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,0x50,
0xa3,0x81,0x9c,0xcb,0x22,0xe4,0x0f,0x80,0xcb,0x7a,0xec,0x35,0xf8,0x73,0x82,
0x17,0x0d,0x30,0x32,0x31,0x30,0x30,0x35,0x31,0x36,0x35,0x39,0x35,0x39,0x5a,
0x30,0x21,0x02,0x10,0x51,0x28,0x73,0x26,0x17,0xcf,0x10,0x6e,0xeb,0x4a,0x03,
0x74,0xa3,0x35,0xe5,0x60,0x17,0x0d,0x30,0x33,0x30,0x36,0x31,0x33,0x31,0x30,
0x30,0x39,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x51,0x52,0xff,0xdc,0x69,0x6b,
0x1f,0x1f,0xff,0x7c,0xb1,0x7f,0x03,0x90,0xa9,0x6b,0x17,0x0d,0x30,0x32,0x30,
0x36,0x31,0x34,0x31,0x36,0x30,0x34,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x52,
0xd9,0x53,0x69,0x9f,0xec,0xab,0xdd,0x5d,0x2a,0x2f,0xaa,0x57,0x86,0xb9,0x1f,
0x17,0x0d,0x30,0x32,0x30,0x38,0x33,0x30,0x32,0x33,0x34,0x36,0x34,0x33,0x5a,
0x30,0x21,0x02,0x10,0x54,0x46,0xa8,0x8f,0x69,0x2e,0x02,0xf4,0xb4,0xb2,0x69,
0xda,0xbd,0x40,0x02,0xe0,0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x36,0x30,0x31,
0x35,0x36,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x54,0xb5,0x81,0x73,0xb5,0x7c,
0x6d,0xba,0x5c,0x99,0x0d,0xff,0x0a,0x4d,0xee,0xef,0x17,0x0d,0x30,0x32,0x30,
0x37,0x32,0x34,0x31,0x36,0x33,0x39,0x35,0x31,0x5a,0x30,0x21,0x02,0x10,0x57,
0x91,0x41,0x20,0x9f,0x57,0x6f,0x42,0x53,0x4e,0x19,0xcc,0xe4,0xc8,0x52,0x4a,
0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x38,0x32,0x33,0x32,0x34,0x30,0x30,0x5a,
0x30,0x21,0x02,0x10,0x57,0xc6,0xdc,0xa0,0xed,0xbf,0x77,0xdd,0x7e,0x18,0x68,
0x83,0x57,0x0c,0x2a,0x4f,0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x31,0x31,0x34,
0x30,0x36,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x57,0xed,0xe2,0x5b,0xe2,0x62,
0x3f,0x98,0xe1,0xf5,0x4d,0x30,0xa4,0x0e,0xdf,0xdf,0x17,0x0d,0x30,0x32,0x30,
0x36,0x30,0x39,0x30,0x31,0x34,0x37,0x31,0x38,0x5a,0x30,0x21,0x02,0x10,0x58,
0x47,0xd9,0xbd,0x83,0x1a,0x63,0x6f,0xb7,0x63,0x7f,0x4a,0x56,0x5e,0x8e,0x4d,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x35,0x31,0x37,0x32,0x33,0x30,0x33,0x5a,
0x30,0x21,0x02,0x10,0x58,0xc6,0x62,0x99,0x80,0xe6,0x0c,0x4f,0x00,0x8b,0x25,
0x38,0x93,0xe6,0x18,0x10,0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x36,0x30,0x37,
0x30,0x39,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x59,0x52,0x09,0x0e,0x99,0xf3,
0xa9,0xe5,0x2f,0xed,0xa9,0xb2,0xd8,0x61,0xe7,0xea,0x17,0x0d,0x30,0x32,0x30,
0x36,0x32,0x36,0x31,0x34,0x31,0x38,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x59,
0x5c,0xaa,0xfb,0xbe,0xfb,0x73,0xd1,0xf4,0xab,0xc8,0xe3,0x3d,0x01,0x04,0xdd,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x37,0x32,0x32,0x32,0x30,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x59,0x97,0x59,0xa7,0x3d,0xb0,0xd9,0x7e,0xff,0x2a,0xcb,
0x31,0xcc,0x66,0xf3,0x85,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x32,0x30,0x30,
0x35,0x35,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x59,0xdd,0x45,0x36,0x61,0xd9,
0x3e,0xe9,0xff,0xbd,0xad,0x2e,0xbf,0x9a,0x5d,0x98,0x17,0x0d,0x30,0x32,0x30,
0x37,0x30,0x32,0x32,0x30,0x34,0x30,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x5a,
0x4b,0x48,0x18,0xa9,0x2a,0x9c,0xd5,0x91,0x2f,0x4f,0xa4,0xf8,0xb3,0x1b,0x4d,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x34,0x32,0x33,0x33,0x33,0x31,0x32,0x5a,
0x30,0x21,0x02,0x10,0x5a,0xdf,0x32,0x0d,0x64,0xeb,0x9b,0xd2,0x11,0xe2,0x58,
0x50,0xbe,0x93,0x0c,0x65,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x35,0x31,0x37,
0x30,0x37,0x32,0x31,0x5a,0x30,0x21,0x02,0x10,0x5b,0x23,0xbf,0xbb,0xc4,0xb3,
0xf4,0x02,0xe9,0xcb,0x10,0x9e,0xee,0xa5,0x3f,0xcd,0x17,0x0d,0x30,0x32,0x30,
0x33,0x32,0x39,0x31,0x36,0x32,0x36,0x35,0x39,0x5a,0x30,0x21,0x02,0x10,0x5b,
0x51,0xbc,0x38,0xbf,0xaf,0x9f,0x27,0xa9,0xc7,0xed,0x25,0xd0,0x8d,0xec,0x2e,
0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x30,0x32,0x35,0x32,0x30,0x5a,
0x30,0x21,0x02,0x10,0x5c,0x29,0x7f,0x46,0x61,0xdd,0x47,0x90,0x82,0x91,0xbd,
0x79,0x22,0x6a,0x98,0x38,0x17,0x0d,0x30,0x32,0x31,0x31,0x30,0x38,0x31,0x35,
0x35,0x34,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x5e,0x38,0xf7,0x5b,0x00,0xf1,
0xef,0x1c,0xb6,0xff,0xd5,0x5c,0x74,0xfb,0x95,0x5d,0x17,0x0d,0x30,0x32,0x31,
0x31,0x32,0x33,0x30,0x31,0x34,0x39,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x5e,
0x88,0xbe,0xb6,0xb4,0xb2,0xaa,0xb0,0x92,0xf3,0xf6,0xc2,0xbc,0x72,0x21,0xca,
0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x34,0x30,0x37,0x31,0x32,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x5f,0x59,0xa0,0xbb,0xaf,0x26,0xc8,0xc1,0xb4,0x04,0x3a,
0xbb,0xfc,0x4c,0x75,0xa5,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x36,0x31,0x35,
0x35,0x31,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x5f,0x81,0x08,0x0f,0xa0,0xcd,
0x44,0x73,0x23,0x58,0x8e,0x49,0x9f,0xb5,0x08,0x35,0x17,0x0d,0x30,0x32,0x30,
0x36,0x31,0x39,0x31,0x34,0x31,0x37,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x5f,
0xba,0x1f,0x8f,0xb2,0x23,0x56,0xdd,0xbc,0xa6,0x72,0xb0,0x99,0x13,0xb5,0xb2,
0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x36,0x30,0x38,0x34,0x37,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x60,0x09,0xd5,0xb7,0x6b,0xf1,0x16,0x4a,0xfa,0xd0,0xa5,
0x4c,0x8e,0xdd,0x02,0xcb,0x17,0x0d,0x30,0x32,0x30,0x36,0x31,0x37,0x31,0x36,
0x31,0x32,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x60,0x1d,0x19,0xd8,0x55,0xd5,
0x14,0xd5,0xff,0x03,0x0d,0xad,0x5c,0x07,0x4c,0xe7,0x17,0x0d,0x30,0x32,0x30,
0x37,0x31,0x35,0x32,0x33,0x30,0x31,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x60,
0x24,0x67,0xc3,0x0b,0xad,0x53,0x8f,0xce,0x89,0x05,0xb5,0x87,0xaf,0x7c,0xe4,
0x17,0x0d,0x30,0x32,0x31,0x30,0x30,0x38,0x32,0x30,0x33,0x38,0x35,0x32,0x5a,
0x30,0x21,0x02,0x10,0x60,0x5c,0xf3,0x3d,0x22,0x23,0x39,0x3f,0xe6,0x21,0x09,
0xfd,0xdd,0x77,0xc2,0x8f,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x32,0x31,0x37,
0x32,0x37,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x60,0xa2,0x5e,0xbf,0x07,0x83,
0xa3,0x18,0x56,0x18,0x48,0x63,0xa7,0xfd,0xc7,0x63,0x17,0x0d,0x30,0x32,0x30,
0x35,0x30,0x39,0x31,0x39,0x35,0x32,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x60,
0xc2,0xad,0xa8,0x0e,0xf9,0x9a,0x66,0x5d,0xa2,0x75,0x04,0x5e,0x5c,0x71,0xc2,
0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x32,0x31,0x33,0x33,0x36,0x31,0x37,0x5a,
0x30,0x21,0x02,0x10,0x60,0xdb,0x1d,0x37,0x34,0xf6,0x02,0x9d,0x68,0x1b,0x70,
0xf1,0x13,0x00,0x2f,0x80,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x30,0x39,
0x35,0x35,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x61,0xf0,0x38,0xea,0xbc,0x17,
0x0d,0x11,0xd2,0x89,0xee,0x87,0x50,0x57,0xa0,0xed,0x17,0x0d,0x30,0x33,0x30,
0x31,0x32,0x39,0x31,0x37,0x34,0x31,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x61,
0xfa,0x9b,0xeb,0x58,0xf9,0xe5,0xa5,0x9e,0x79,0xa8,0x3d,0x79,0xac,0x35,0x97,
0x17,0x0d,0x30,0x32,0x31,0x30,0x31,0x30,0x32,0x30,0x31,0x36,0x33,0x37,0x5a,
0x30,0x21,0x02,0x10,0x62,0x44,0x57,0x24,0x41,0xc0,0x89,0x3f,0x5b,0xd2,0xbd,
0xe7,0x2f,0x75,0x41,0xfa,0x17,0x0d,0x30,0x32,0x30,0x38,0x30,0x38,0x31,0x38,
0x33,0x30,0x31,0x35,0x5a,0x30,0x21,0x02,0x10,0x62,0x51,0x3a,0x2d,0x8d,0x82,
0x39,0x65,0xfe,0xf6,0x8a,0xc8,0x4e,0x29,0x91,0xfd,0x17,0x0d,0x30,0x32,0x30,
0x39,0x32,0x36,0x30,0x30,0x35,0x34,0x33,0x34,0x5a,0x30,0x21,0x02,0x10,0x62,
0x52,0x49,0x49,0xf2,0x51,0x67,0x7a,0xe2,0xee,0xc9,0x0c,0x23,0x11,0x3d,0xb2,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x37,0x31,0x38,0x30,0x36,0x35,0x35,0x5a,
0x30,0x21,0x02,0x10,0x63,0x52,0xbd,0xdc,0xb7,0xbf,0xbb,0x90,0x6c,0x82,0xee,
0xb5,0xa3,0x9f,0xd8,0xc9,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x31,0x36,
0x33,0x30,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x63,0x5e,0x6b,0xe9,0xea,0x3d,
0xd6,0x3b,0xc3,0x4d,0x09,0xc3,0x13,0xdb,0xdd,0xbc,0x17,0x0d,0x30,0x33,0x30,
0x36,0x30,0x32,0x31,0x34,0x34,0x37,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x63,
0xda,0x0b,0xd5,0x13,0x1e,0x98,0x83,0x32,0xa2,0x3a,0x4b,0xdf,0x8c,0x89,0x86,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x35,0x30,0x38,0x30,0x38,0x31,0x33,0x5a,
0x30,0x21,0x02,0x10,0x64,0xfe,0xf0,0x1a,0x3a,0xed,0x89,0xf8,0xb5,0x34,0xd3,
0x1e,0x0f,0xce,0x0d,0xce,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x38,0x32,0x31,
0x30,0x36,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x65,0xa7,0x49,0xd8,0x37,0x22,
0x4b,0x4a,0xe5,0xcf,0xa3,0xfe,0xd6,0x3b,0xc0,0x67,0x17,0x0d,0x30,0x32,0x31,
0x32,0x30,0x34,0x31,0x37,0x31,0x34,0x31,0x36,0x5a,0x30,0x21,0x02,0x10,0x65,
0xc9,0x9e,0x47,0x76,0x98,0x0d,0x9e,0x57,0xe4,0xae,0xc5,0x1c,0x3e,0xf2,0xe7,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x33,0x31,0x34,0x30,0x38,0x31,0x38,0x5a,
0x30,0x21,0x02,0x10,0x65,0xe0,0x7b,0xc5,0x74,0xe4,0xab,0x01,0x4f,0xa3,0x5e,
0xd6,0xeb,0xcd,0xd5,0x69,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x33,0x31,0x37,
0x32,0x34,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,0x66,0x51,0xb7,0xe5,0x62,0xb7,
0xe3,0x31,0xc0,0xee,0xf2,0xe8,0xfe,0x84,0x6a,0x4e,0x17,0x0d,0x30,0x32,0x30,
0x39,0x30,0x36,0x31,0x33,0x32,0x33,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x67,
0x7c,0x76,0xac,0x66,0x5a,0x6b,0x41,0x5c,0x07,0x83,0x02,0xd6,0xd9,0x63,0xc0,
0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x38,0x31,0x33,0x35,0x35,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x68,0x67,0xde,0xb3,0xaa,0x20,0xcf,0x4b,0x34,0xa5,0xe0,
0xc8,0xc0,0xc5,0xc9,0xa4,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x32,0x30,0x31,
0x30,0x39,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x69,0x23,0x34,0x5d,0x75,0x04,
0xdc,0x99,0xbd,0xce,0x8d,0x21,0xb4,0x6b,0x10,0xfc,0x17,0x0d,0x30,0x32,0x30,
0x39,0x30,0x33,0x31,0x33,0x31,0x39,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x69,
0x9f,0x20,0x31,0xd1,0x3f,0xfa,0x1e,0x70,0x2e,0x37,0xd5,0x9a,0x8c,0x0a,0x16,
0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x30,0x30,0x39,0x30,0x31,0x33,0x35,0x5a,
0x30,0x21,0x02,0x10,0x6a,0x94,0xd6,0x25,0xd0,0x67,0xe4,0x4d,0x79,0x2b,0xc6,
0xd5,0xc9,0x4a,0x7f,0xc6,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x31,0x31,0x39,
0x31,0x35,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x6b,0x5c,0xa4,0x45,0x5b,0xe9,
0xcf,0xe7,0x3b,0x29,0xb1,0x32,0xd7,0xa1,0x04,0x3d,0x17,0x0d,0x30,0x32,0x31,
0x30,0x31,0x38,0x31,0x35,0x34,0x33,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x6b,
0xc0,0x7d,0x4f,0x18,0xfe,0xb7,0x07,0xe8,0x56,0x9a,0x6c,0x40,0x0f,0x36,0x53,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x32,0x31,0x30,0x31,0x32,0x36,0x5a,
0x30,0x21,0x02,0x10,0x6b,0xe1,0xdd,0x36,0x3b,0xec,0xe0,0xa9,0xf5,0x92,0x7e,
0x33,0xbf,0xed,0x48,0x46,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x37,0x31,0x34,
0x34,0x32,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,0x6c,0xac,0xeb,0x37,0x2b,0x6a,
0x42,0xe2,0xca,0xc8,0xd2,0xda,0xb8,0xb9,0x82,0x6a,0x17,0x0d,0x30,0x32,0x30,
0x33,0x30,0x31,0x31,0x34,0x32,0x38,0x33,0x34,0x5a,0x30,0x21,0x02,0x10,0x6d,
0x98,0x1b,0xb4,0x76,0xd1,0x62,0x59,0xa1,0x3c,0xee,0xd2,0x21,0xd8,0xdf,0x4c,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x34,0x31,0x37,0x35,0x36,0x31,0x32,0x5a,
0x30,0x21,0x02,0x10,0x6d,0xdd,0x0b,0x5a,0x3c,0x9c,0xab,0xd3,0x3b,0xd9,0x16,
0xec,0x69,0x74,0xfb,0x9a,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x31,0x32,
0x32,0x36,0x33,0x38,0x5a,0x30,0x21,0x02,0x10,0x6e,0xde,0xfd,0x89,0x36,0xae,
0xa0,0x41,0x8d,0x5c,0xec,0x2e,0x90,0x31,0xf8,0x9a,0x17,0x0d,0x30,0x32,0x30,
0x34,0x30,0x38,0x32,0x32,0x33,0x36,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x6f,
0xb2,0x6b,0x4c,0x48,0xca,0xfe,0xe6,0x69,0x9a,0x06,0x63,0xc4,0x32,0x96,0xc1,
0x17,0x0d,0x30,0x33,0x30,0x31,0x31,0x37,0x31,0x37,0x32,0x37,0x32,0x35,0x5a,
0x30,0x21,0x02,0x10,0x70,0x0b,0xe1,0xee,0x44,0x89,0x51,0x52,0x65,0x27,0x2c,
0x2d,0x34,0x7c,0xe0,0x8d,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x38,0x30,0x30,
0x33,0x36,0x30,0x30,0x5a,0x30,0x21,0x02,0x10,0x70,0x2d,0xc0,0xa6,0xb8,0xa5,
0xa0,0xda,0x48,0x59,0xb3,0x96,0x34,0x80,0xc8,0x25,0x17,0x0d,0x30,0x32,0x30,
0x38,0x33,0x30,0x31,0x34,0x30,0x31,0x30,0x31,0x5a,0x30,0x21,0x02,0x10,0x70,
0xe1,0xd9,0x92,0xcd,0x76,0x42,0x63,0x51,0x6e,0xcd,0x8c,0x09,0x29,0x17,0x48,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x37,0x31,0x31,0x31,0x30,0x34,0x31,0x5a,
0x30,0x21,0x02,0x10,0x72,0x38,0xe4,0x91,0x6a,0x7a,0x8a,0xf3,0xbf,0xf0,0xd8,
0xe0,0xa4,0x70,0x8d,0xa8,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x34,0x31,0x39,
0x30,0x36,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x72,0x97,0xa1,0xd8,0x9c,0x3b,
0x00,0xc2,0xc4,0x26,0x2d,0x06,0x2b,0x29,0x76,0x4e,0x17,0x0d,0x30,0x32,0x30,
0x36,0x31,0x38,0x31,0x35,0x30,0x39,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x72,
0xd2,0x23,0x9b,0xf2,0x33,0xe9,0x7c,0xcf,0xb6,0xa9,0x41,0xd5,0x0e,0x5c,0x39,
0x17,0x0d,0x30,0x33,0x30,0x34,0x30,0x39,0x31,0x37,0x30,0x32,0x32,0x39,0x5a,
0x30,0x21,0x02,0x10,0x74,0x5c,0x9c,0xf9,0xaa,0xc3,0xfa,0x94,0x3c,0x25,0x39,
0x65,0x44,0x95,0x13,0xf1,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x39,0x32,0x33,
0x35,0x33,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x74,0x98,0x7f,0x68,0xad,0x17,
0x92,0x93,0xf2,0x65,0x94,0x0c,0x33,0xe6,0xbd,0x49,0x17,0x0d,0x30,0x32,0x30,
0x34,0x32,0x33,0x30,0x37,0x34,0x34,0x31,0x38,0x5a,0x30,0x21,0x02,0x10,0x75,
0x0e,0x40,0xff,0x97,0xf0,0x47,0xed,0xf5,0x56,0xc7,0x08,0x4e,0xb1,0xab,0xfd,
0x17,0x0d,0x30,0x31,0x30,0x31,0x33,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,
0x30,0x21,0x02,0x10,0x75,0x26,0x51,0x59,0x65,0xb7,0x33,0x32,0x5f,0xe6,0xcd,
0xaa,0x30,0x65,0x78,0xe0,0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x36,0x31,0x38,
0x32,0x34,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,0x76,0x13,0x6f,0xbf,0xc8,0xde,
0xd9,0x36,0x30,0x39,0xcc,0x85,0x8f,0x00,0x2f,0x19,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x34,0x30,0x39,0x34,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x76,
0x52,0x78,0x89,0x44,0xfa,0xc1,0xb3,0xd7,0xc9,0x4c,0xb3,0x32,0x95,0xaf,0x03,
0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x34,0x31,0x39,0x31,0x35,0x34,0x33,0x5a,
0x30,0x21,0x02,0x10,0x77,0x5d,0x4c,0x40,0xd9,0x8d,0xfa,0xc8,0x9a,0x24,0x8d,
0x47,0x10,0x90,0x4a,0x0a,0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x39,0x30,0x31,
0x31,0x33,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x77,0xe6,0x5a,0x43,0x59,0x93,
0x5d,0x5f,0x7a,0x75,0x80,0x1a,0xcd,0xad,0xc2,0x22,0x17,0x0d,0x30,0x30,0x30,
0x38,0x33,0x31,0x31,0x38,0x32,0x32,0x35,0x30,0x5a,0x30,0x21,0x02,0x10,0x78,
0x19,0xf1,0xb6,0x87,0x83,0xaf,0xdf,0x60,0x8d,0x9a,0x64,0x0d,0xec,0xe0,0x51,
0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x30,0x31,0x37,0x32,0x38,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x78,0x64,0x65,0x8f,0x82,0x79,0xdb,0xa5,0x1c,0x47,0x10,
0x1d,0x72,0x23,0x66,0x52,0x17,0x0d,0x30,0x33,0x30,0x31,0x32,0x34,0x31,0x38,
0x34,0x35,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x78,0x64,0xe1,0xc0,0x69,0x8f,
0x3a,0xc7,0x8b,0x23,0xe3,0x29,0xb1,0xee,0xa9,0x41,0x17,0x0d,0x30,0x32,0x30,
0x35,0x30,0x38,0x31,0x37,0x34,0x36,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x78,
0x79,0x89,0x61,0x12,0x67,0x64,0x14,0xfd,0x08,0xcc,0xb3,0x05,0x55,0xc0,0x67,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x32,0x31,0x33,0x31,0x38,0x35,0x33,0x5a,
0x30,0x21,0x02,0x10,0x78,0x8a,0x56,0x22,0x08,0xce,0x42,0xee,0xd1,0xa3,0x79,
0x10,0x14,0xfd,0x3a,0x36,0x17,0x0d,0x30,0x33,0x30,0x32,0x30,0x35,0x31,0x36,
0x35,0x33,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x7a,0xa0,0x6c,0xba,0x33,0x02,
0xac,0x5f,0xf5,0x0b,0xb6,0x77,0x61,0xef,0x77,0x09,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x38,0x31,0x37,0x35,0x35,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x7b,
0x91,0x33,0x66,0x6c,0xf0,0xd4,0xe3,0x9d,0xf6,0x88,0x29,0x9b,0xf7,0xd0,0xea,
0x17,0x0d,0x30,0x32,0x31,0x31,0x32,0x30,0x32,0x32,0x31,0x36,0x34,0x39,0x5a,
0x30,0x21,0x02,0x10,0x7c,0xef,0xf2,0x0a,0x08,0xae,0x10,0x57,0x1e,0xde,0xdc,
0xd6,0x63,0x76,0xb0,0x5d,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x31,0x30,
0x32,0x32,0x33,0x30,0x5a,0x30,0x21,0x02,0x10,0x7f,0x76,0xef,0x69,0xeb,0xf5,
0x3f,0x53,0x2e,0xaa,0xa5,0xed,0xde,0xc0,0xb4,0x06,0x17,0x0d,0x30,0x32,0x30,
0x35,0x30,0x31,0x30,0x33,0x33,0x33,0x30,0x37,0x5a,0x30,0x21,0x02,0x10,0x7f,
0xcb,0x6b,0x99,0x91,0xd0,0x76,0xe1,0x3c,0x0e,0x67,0x15,0xc4,0xd4,0x4d,0x7b,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x32,0x31,0x31,0x38,0x34,0x30,0x5a,
0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,
0x03,0x81,0x81,0x00,0x5c,0xb9,0xb3,0xbe,0xd3,0xd6,0x73,0xa3,0xfe,0x4a,0xb2,
0x21,0x80,0xea,0xaa,0x05,0x61,0x14,0x1d,0x67,0xb1,0xdf,0xa6,0xf9,0x42,0x08,
0x0d,0x59,0x62,0x9c,0x11,0x5f,0x0e,0x92,0xc5,0xc6,0xae,0x74,0x64,0xc7,0x84,
0x3e,0x64,0x43,0xd2,0xec,0xbb,0xe1,0x9b,0x52,0x74,0x57,0xcf,0x96,0xef,0x68,
0x02,0x7a,0x7b,0x36,0xb7,0xc6,0x9a,0x5f,0xca,0x9c,0x37,0x47,0xc8,0x3a,0x5c,
0x34,0x35,0x3b,0x4b,0xca,0x20,0x77,0x44,0x68,0x07,0x02,0x34,0x46,0xaa,0x0f,
0xd0,0x4d,0xd9,0x47,0xf4,0xb3,0x2d,0xb1,0x44,0xa5,0x69,0xa9,0x85,0x13,0x43,
0xcd,0xcc,0x1d,0x9a,0xe6,0x2d,0xfd,0x9f,0xdc,0x2f,0x83,0xbb,0x8c,0xe2,0x8c,
0x61,0xc0,0x99,0x16,0x71,0x05,0xb6,0x25,0x14,0x64,0x4f,0x30 };
4543

4544 4545 4546 4547 4548 4549 4550 4551 4552
static void test_decodeCRLToBeSigned(DWORD dwEncoding)
{
    static const BYTE *corruptCRLs[] = { v1CRL, v2CRL };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0, i;

    for (i = 0; i < sizeof(corruptCRLs) / sizeof(corruptCRLs[0]); i++)
    {
4553
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4554
         corruptCRLs[i], corruptCRLs[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
4555
         &buf, &size);
4556 4557 4558 4559
        ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
         GetLastError() == OSS_DATA_ERROR /* Win9x */),
         "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
         GetLastError());
4560 4561
    }
    /* at a minimum, a CRL must contain an issuer: */
4562
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4563
     v1CRLWithIssuer, v1CRLWithIssuer[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
4564
     &buf, &size);
4565
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4566
    if (ret)
4567 4568 4569
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4570 4571
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 0, "Expected 0 CRL entries, got %d\n",
4572 4573
         info->cCRLEntry);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
4574
         "Wrong issuer size %d\n", info->Issuer.cbData);
4575 4576 4577 4578 4579
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        LocalFree(buf);
    }
    /* check decoding with an empty CRL entry */
4580
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4581
     v1CRLWithIssuerAndEmptyEntry, v1CRLWithIssuerAndEmptyEntry[1] + 2,
4582
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4583 4584 4585 4586
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
4587
    /* with a real CRL entry */
4588
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4589
     v1CRLWithIssuerAndEntry, v1CRLWithIssuerAndEntry[1] + 2,
4590
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4591
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4592
    if (ret)
4593 4594 4595 4596
    {
        CRL_INFO *info = (CRL_INFO *)buf;
        CRL_ENTRY *entry;

4597 4598
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %d\n",
4599 4600 4601 4602
         info->cCRLEntry);
        ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
        entry = info->rgCRLEntry;
        ok(entry->SerialNumber.cbData == 1,
4603
         "Expected serial number size 1, got %d\n",
4604 4605 4606 4607 4608
         entry->SerialNumber.cbData);
        ok(*entry->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *entry->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
4609
         "Wrong issuer size %d\n", info->Issuer.cbData);
4610 4611
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
4612
        LocalFree(buf);
4613
    }
4614
    /* a real CRL from verisign that has extensions */
4615
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4616
     verisignCRL, sizeof(verisignCRL), CRYPT_DECODE_ALLOC_FLAG,
4617
     NULL, &buf, &size);
4618
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4619
    if (ret)
4620 4621 4622
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4623 4624
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 3, "Expected 3 CRL entries, got %d\n",
4625 4626
         info->cCRLEntry);
        ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
4627
        ok(info->cExtension == 2, "Expected 2 extensions, got %d\n",
4628
         info->cExtension);
4629 4630 4631
        LocalFree(buf);
    }
    /* another real CRL from verisign that has lots of entries */
4632
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4633
     verisignCRLWithLotsOfEntries, sizeof(verisignCRLWithLotsOfEntries),
4634
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4635
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4636
    if (ret)
4637 4638 4639
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4640
        ok(size >= sizeof(CRL_INFO), "Got size %d\n", size);
4641
        ok(info->cCRLEntry == 209, "Expected 209 CRL entries, got %d\n",
4642
         info->cCRLEntry);
4643
        ok(info->cExtension == 0, "Expected 0 extensions, got %d\n",
4644 4645
         info->cExtension);
        LocalFree(buf);
4646
    }
4647
    /* and finally, with an extension */
4648
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4649
     v1CRLWithExt, sizeof(v1CRLWithExt), CRYPT_DECODE_ALLOC_FLAG,
4650
     NULL, &buf, &size);
4651
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4652
    if (ret)
4653 4654 4655 4656
    {
        CRL_INFO *info = (CRL_INFO *)buf;
        CRL_ENTRY *entry;

4657 4658
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %d\n",
4659 4660 4661 4662
         info->cCRLEntry);
        ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
        entry = info->rgCRLEntry;
        ok(entry->SerialNumber.cbData == 1,
4663
         "Expected serial number size 1, got %d\n",
4664 4665 4666 4667 4668
         entry->SerialNumber.cbData);
        ok(*entry->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *entry->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
4669
         "Wrong issuer size %d\n", info->Issuer.cbData);
4670 4671
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
4672
        ok(info->cExtension == 1, "Expected 1 extensions, got %d\n",
4673
         info->cExtension);
4674
        LocalFree(buf);
4675
    }
4676
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4677
     v2CRLWithExt, sizeof(v2CRLWithExt), CRYPT_DECODE_ALLOC_FLAG,
4678
     NULL, &buf, &size);
4679
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4680
    if (ret)
4681 4682 4683
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4684
        ok(info->cExtension == 1, "Expected 1 extensions, got %d\n",
4685 4686 4687
         info->cExtension);
        LocalFree(buf);
    }
4688 4689
}

4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705
static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
static const BYTE encodedUsage[] = {
 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03,
 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09,
 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };

static void test_encodeEnhancedKeyUsage(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CERT_ENHKEY_USAGE usage;

    /* Test with empty usage */
    usage.cUsageIdentifier = 0;
4706
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
4707
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4708
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4709
    if (ret)
4710
    {
4711
        ok(size == sizeof(emptySequence), "Wrong size %d\n", size);
4712 4713 4714 4715 4716 4717
        ok(!memcmp(buf, emptySequence, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test with a few usages */
    usage.cUsageIdentifier = sizeof(keyUsages) / sizeof(keyUsages[0]);
    usage.rgpszUsageIdentifier = (LPSTR *)keyUsages;
4718
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
4719
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4720
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4721
    if (ret)
4722
    {
4723
        ok(size == sizeof(encodedUsage), "Wrong size %d\n", size);
4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734
        ok(!memcmp(buf, encodedUsage, size), "Got unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeEnhancedKeyUsage(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

4735
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
4736
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4737
     &buf, &size);
4738
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4739
    if (ret)
4740 4741 4742 4743
    {
        CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;

        ok(size >= sizeof(CERT_ENHKEY_USAGE),
4744 4745
         "Wrong size %d\n", size);
        ok(usage->cUsageIdentifier == 0, "Expected 0 CRL entries, got %d\n",
4746 4747 4748
         usage->cUsageIdentifier);
        LocalFree(buf);
    }
4749
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
4750
     encodedUsage, sizeof(encodedUsage), CRYPT_DECODE_ALLOC_FLAG, NULL,
4751
     &buf, &size);
4752
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4753
    if (ret)
4754 4755 4756 4757 4758
    {
        CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;
        DWORD i;

        ok(size >= sizeof(CERT_ENHKEY_USAGE),
4759
         "Wrong size %d\n", size);
4760
        ok(usage->cUsageIdentifier == sizeof(keyUsages) / sizeof(keyUsages[0]),
4761
         "Wrong CRL entries count %d\n", usage->cUsageIdentifier);
4762 4763 4764 4765 4766 4767
        for (i = 0; i < usage->cUsageIdentifier; i++)
            ok(!strcmp(usage->rgpszUsageIdentifier[i], keyUsages[i]),
             "Expected OID %s, got %s\n", keyUsages[i],
             usage->rgpszUsageIdentifier[i]);
        LocalFree(buf);
    }
4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
     encodedUsage, sizeof(encodedUsage), 0, NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
    if (buf)
    {
        ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
         encodedUsage, sizeof(encodedUsage), 0, NULL, buf, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        HeapFree(GetProcessHeap(), 0, buf);
    }
4779 4780
}

4781 4782 4783
static BYTE keyId[] = { 1,2,3,4 };
static const BYTE authorityKeyIdWithId[] = {
 0x30,0x06,0x80,0x04,0x01,0x02,0x03,0x04 };
4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796
static const BYTE authorityKeyIdWithIssuer[] = { 0x30,0x19,0xa1,0x17,0x30,0x15,
 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
 0x20,0x4c,0x61,0x6e,0x67,0x00 };
static const BYTE authorityKeyIdWithSerial[] = { 0x30,0x03,0x82,0x01,0x01 };

static void test_encodeAuthorityKeyId(DWORD dwEncoding)
{
    CERT_AUTHORITY_KEY_ID_INFO info = { { 0 } };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

    /* Test with empty id */
4797
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4798
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4799
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4800
    if (ret)
4801
    {
4802
        ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
4803 4804 4805 4806
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a key id */
4807 4808
    info.KeyId.cbData = sizeof(keyId);
    info.KeyId.pbData = keyId;
4809
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4810
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4811
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4812
    if (ret)
4813
    {
4814
        ok(size == sizeof(authorityKeyIdWithId), "Unexpected size %d\n", size);
4815 4816 4817 4818 4819 4820 4821
        ok(!memcmp(buf, authorityKeyIdWithId, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just an issuer */
    info.KeyId.cbData = 0;
    info.CertIssuer.cbData = sizeof(encodedCommonName);
    info.CertIssuer.pbData = (BYTE *)encodedCommonName;
4822
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4823
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4824
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4825
    if (ret)
4826
    {
4827
        ok(size == sizeof(authorityKeyIdWithIssuer), "Unexpected size %d\n",
4828 4829 4830 4831 4832 4833 4834 4835
         size);
        ok(!memcmp(buf, authorityKeyIdWithIssuer, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a serial number */
    info.CertIssuer.cbData = 0;
    info.CertSerialNumber.cbData = sizeof(serialNum);
    info.CertSerialNumber.pbData = (BYTE *)serialNum;
4836
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4837
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4838
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4839
    if (ret)
4840
    {
4841
        ok(size == sizeof(authorityKeyIdWithSerial), "Unexpected size %d\n",
4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853
         size);
        ok(!memcmp(buf, authorityKeyIdWithSerial, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeAuthorityKeyId(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

4854
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4855
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4856
     &buf, &size);
4857
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4858
    if (ret)
4859 4860 4861
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4862
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4863 4864 4865 4866 4867 4868
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
        ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
        LocalFree(buf);
    }
4869
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4870
     authorityKeyIdWithId, sizeof(authorityKeyIdWithId),
4871
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4872
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4873
    if (ret)
4874 4875 4876
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4877
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4878
         size);
4879 4880
        ok(info->KeyId.cbData == sizeof(keyId), "Unexpected key id len\n");
        ok(!memcmp(info->KeyId.pbData, keyId, sizeof(keyId)),
4881 4882 4883 4884 4885
         "Unexpected key id\n");
        ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
        ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
        LocalFree(buf);
    }
4886
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4887
     authorityKeyIdWithIssuer, sizeof(authorityKeyIdWithIssuer),
4888
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4889
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4890
    if (ret)
4891 4892 4893
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4894
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4895 4896 4897 4898 4899 4900 4901 4902 4903
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->CertIssuer.cbData == sizeof(encodedCommonName),
         "Unexpected issuer len\n");
        ok(!memcmp(info->CertIssuer.pbData, encodedCommonName,
         sizeof(encodedCommonName)), "Unexpected issuer\n");
        ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
        LocalFree(buf);
    }
4904
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4905
     authorityKeyIdWithSerial, sizeof(authorityKeyIdWithSerial),
4906
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4907
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4908
    if (ret)
4909 4910 4911
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4912
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
        ok(info->CertSerialNumber.cbData == sizeof(serialNum),
         "Unexpected serial number len\n");
        ok(!memcmp(info->CertSerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected serial number\n");
        LocalFree(buf);
    }
}

4924 4925 4926 4927 4928 4929 4930 4931 4932 4933 4934 4935 4936
static const BYTE authorityKeyIdWithIssuerUrl[] = { 0x30,0x15,0xa1,0x13,0x86,
 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
 0x6f,0x72,0x67 };

static void test_encodeAuthorityKeyId2(DWORD dwEncoding)
{
    CERT_AUTHORITY_KEY_ID2_INFO info = { { 0 } };
    CERT_ALT_NAME_ENTRY entry = { 0 };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

    /* Test with empty id */
4937
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4938
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4939
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4940
    if (ret)
4941 4942 4943 4944 4945 4946
    {
        ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a key id */
4947 4948
    info.KeyId.cbData = sizeof(keyId);
    info.KeyId.pbData = keyId;
4949
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4950
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4951
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4952
    if (ret)
4953 4954 4955 4956 4957 4958 4959 4960 4961 4962
    {
        ok(size == sizeof(authorityKeyIdWithId), "Unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityKeyIdWithId, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With a bogus issuer name */
    info.KeyId.cbData = 0;
    info.AuthorityCertIssuer.cAltEntry = 1;
    info.AuthorityCertIssuer.rgAltEntry = &entry;
4963
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4964
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4965 4966 4967 4968
    ok(!ret && GetLastError() == E_INVALIDARG,
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
    /* With an issuer name */
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
4969
    U(entry).pwszURL = (LPWSTR)url;
4970
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4971
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4972
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4973
    if (ret)
4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984
    {
        ok(size == sizeof(authorityKeyIdWithIssuerUrl), "Unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityKeyIdWithIssuerUrl, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a serial number */
    info.AuthorityCertIssuer.cAltEntry = 0;
    info.AuthorityCertSerialNumber.cbData = sizeof(serialNum);
    info.AuthorityCertSerialNumber.pbData = (BYTE *)serialNum;
4985
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4986
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4987
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4988
    if (ret)
4989 4990 4991 4992 4993 4994 4995 4996 4997 4998 4999 5000 5001 5002
    {
        ok(size == sizeof(authorityKeyIdWithSerial), "Unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityKeyIdWithSerial, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeAuthorityKeyId2(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

5003
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
5004
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
5005
     &buf, &size);
5006
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5007
    if (ret)
5008 5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 0,
         "Expected no issuer name entries\n");
        ok(info->AuthorityCertSerialNumber.cbData == 0,
         "Expected no serial number\n");
        LocalFree(buf);
    }
5020
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
5021
     authorityKeyIdWithId, sizeof(authorityKeyIdWithId),
5022
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5023
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5024
    if (ret)
5025 5026 5027 5028 5029
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
5030 5031
        ok(info->KeyId.cbData == sizeof(keyId), "Unexpected key id len\n");
        ok(!memcmp(info->KeyId.pbData, keyId, sizeof(keyId)),
5032 5033 5034 5035 5036 5037 5038
         "Unexpected key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 0,
         "Expected no issuer name entries\n");
        ok(info->AuthorityCertSerialNumber.cbData == 0,
         "Expected no serial number\n");
        LocalFree(buf);
    }
5039
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
5040
     authorityKeyIdWithIssuerUrl, sizeof(authorityKeyIdWithIssuerUrl),
5041
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5042
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5043
    if (ret)
5044 5045 5046 5047 5048 5049 5050 5051 5052 5053 5054 5055
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 1,
         "Expected 1 issuer entry, got %d\n",
         info->AuthorityCertIssuer.cAltEntry);
        ok(info->AuthorityCertIssuer.rgAltEntry[0].dwAltNameChoice ==
         CERT_ALT_NAME_URL, "Expected CERT_ALT_NAME_URL, got %d\n",
         info->AuthorityCertIssuer.rgAltEntry[0].dwAltNameChoice);
5056
        ok(!lstrcmpW(U(info->AuthorityCertIssuer.rgAltEntry[0]).pwszURL,
5057 5058 5059 5060 5061
         url), "Unexpected URL\n");
        ok(info->AuthorityCertSerialNumber.cbData == 0,
         "Expected no serial number\n");
        LocalFree(buf);
    }
5062
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
5063
     authorityKeyIdWithSerial, sizeof(authorityKeyIdWithSerial),
5064
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5065
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5066
    if (ret)
5067 5068 5069 5070 5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 5082
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 0,
         "Expected no issuer name entries\n");
        ok(info->AuthorityCertSerialNumber.cbData == sizeof(serialNum),
         "Unexpected serial number len\n");
        ok(!memcmp(info->AuthorityCertSerialNumber.pbData, serialNum,
         sizeof(serialNum)), "Unexpected serial number\n");
        LocalFree(buf);
    }
}

5083 5084 5085 5086 5087 5088 5089 5090 5091 5092 5093 5094 5095 5096 5097 5098 5099 5100 5101 5102 5103 5104
static const BYTE authorityInfoAccessWithUrl[] = {
0x30,0x19,0x30,0x17,0x06,0x02,0x2a,0x03,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,
0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static const BYTE authorityInfoAccessWithUrlAndIPAddr[] = {
0x30,0x29,0x30,0x17,0x06,0x02,0x2a,0x03,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,
0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67,0x30,0x0e,0x06,
0x02,0x2d,0x06,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,0x01 };

static void test_encodeAuthorityInfoAccess(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CERT_ACCESS_DESCRIPTION accessDescription[2];
    CERT_AUTHORITY_INFO_ACCESS aia;

    memset(accessDescription, 0, sizeof(accessDescription));
    aia.cAccDescr = 0;
    aia.rgAccDescr = NULL;
    /* Having no access descriptions is allowed */
5105
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5106
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5107
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5108
    if (ret)
5109 5110 5111 5112 5113 5114 5115 5116 5117
    {
        ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    /* It can't have an empty access method */
    aia.cAccDescr = 1;
    aia.rgAccDescr = accessDescription;
5118
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5119
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5120 5121 5122
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
5123 5124 5125
    /* It can't have an empty location */
    accessDescription[0].pszAccessMethod = oid1;
    SetLastError(0xdeadbeef);
5126
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5127
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5128 5129 5130
    ok(!ret && GetLastError() == E_INVALIDARG,
     "expected E_INVALIDARG, got %08x\n", GetLastError());
    accessDescription[0].AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
5131
    U(accessDescription[0].AccessLocation).pwszURL = (LPWSTR)url;
5132
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5133
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5134
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5135
    if (ret)
5136 5137 5138 5139 5140 5141 5142 5143 5144 5145 5146
    {
        ok(size == sizeof(authorityInfoAccessWithUrl), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityInfoAccessWithUrl, size),
         "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    accessDescription[1].pszAccessMethod = oid2;
    accessDescription[1].AccessLocation.dwAltNameChoice =
     CERT_ALT_NAME_IP_ADDRESS;
5147
    U(accessDescription[1].AccessLocation).IPAddress.cbData =
5148
     sizeof(encodedIPAddr);
5149
    U(accessDescription[1].AccessLocation).IPAddress.pbData =
5150 5151
     (LPBYTE)encodedIPAddr;
    aia.cAccDescr = 2;
5152
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5153
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5154
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5155
    if (ret)
5156 5157 5158 5159 5160 5161 5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193
    {
        ok(size == sizeof(authorityInfoAccessWithUrlAndIPAddr),
         "unexpected size %d\n", size);
        ok(!memcmp(buf, authorityInfoAccessWithUrlAndIPAddr, size),
         "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
}

static void compareAuthorityInfoAccess(LPCSTR header,
 const CERT_AUTHORITY_INFO_ACCESS *expected,
 const CERT_AUTHORITY_INFO_ACCESS *got)
{
    DWORD i;

    ok(expected->cAccDescr == got->cAccDescr,
     "%s: expected %d access descriptions, got %d\n", header,
     expected->cAccDescr, got->cAccDescr);
    for (i = 0; i < expected->cAccDescr; i++)
    {
        ok(!strcmp(expected->rgAccDescr[i].pszAccessMethod,
         got->rgAccDescr[i].pszAccessMethod), "%s[%d]: expected %s, got %s\n",
         header, i, expected->rgAccDescr[i].pszAccessMethod,
         got->rgAccDescr[i].pszAccessMethod);
        compareAltNameEntry(&expected->rgAccDescr[i].AccessLocation,
         &got->rgAccDescr[i].AccessLocation);
    }
}

static void test_decodeAuthorityInfoAccess(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

5194
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
5195
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
5196
     &buf, &size);
5197
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5198
    if (ret)
5199 5200 5201 5202 5203 5204 5205 5206
    {
        CERT_AUTHORITY_INFO_ACCESS aia = { 0, NULL };

        compareAuthorityInfoAccess("empty AIA", &aia,
         (CERT_AUTHORITY_INFO_ACCESS *)buf);
        LocalFree(buf);
        buf = NULL;
    }
5207
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
5208
     authorityInfoAccessWithUrl, sizeof(authorityInfoAccessWithUrl),
5209
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5210
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5211
    if (ret)
5212 5213 5214 5215 5216 5217
    {
        CERT_ACCESS_DESCRIPTION accessDescription;
        CERT_AUTHORITY_INFO_ACCESS aia;

        accessDescription.pszAccessMethod = oid1;
        accessDescription.AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
5218
        U(accessDescription.AccessLocation).pwszURL = (LPWSTR)url;
5219 5220 5221 5222 5223 5224 5225
        aia.cAccDescr = 1;
        aia.rgAccDescr = &accessDescription;
        compareAuthorityInfoAccess("AIA with URL", &aia,
         (CERT_AUTHORITY_INFO_ACCESS *)buf);
        LocalFree(buf);
        buf = NULL;
    }
5226
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
5227 5228
     authorityInfoAccessWithUrlAndIPAddr,
     sizeof(authorityInfoAccessWithUrlAndIPAddr), CRYPT_DECODE_ALLOC_FLAG,
5229
     NULL, &buf, &size);
5230
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5231
    if (ret)
5232 5233 5234 5235 5236 5237
    {
        CERT_ACCESS_DESCRIPTION accessDescription[2];
        CERT_AUTHORITY_INFO_ACCESS aia;

        accessDescription[0].pszAccessMethod = oid1;
        accessDescription[0].AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
5238
        U(accessDescription[0].AccessLocation).pwszURL = (LPWSTR)url;
5239 5240 5241
        accessDescription[1].pszAccessMethod = oid2;
        accessDescription[1].AccessLocation.dwAltNameChoice =
         CERT_ALT_NAME_IP_ADDRESS;
5242
        U(accessDescription[1].AccessLocation).IPAddress.cbData =
5243
         sizeof(encodedIPAddr);
5244
        U(accessDescription[1].AccessLocation).IPAddress.pbData =
5245 5246 5247 5248 5249 5250 5251 5252
         (LPBYTE)encodedIPAddr;
        aia.cAccDescr = 2;
        aia.rgAccDescr = accessDescription;
        compareAuthorityInfoAccess("AIA with URL and IP addr", &aia,
         (CERT_AUTHORITY_INFO_ACCESS *)buf);
        LocalFree(buf);
        buf = NULL;
    }
5253 5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264 5265
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
     authorityInfoAccessWithUrlAndIPAddr,
     sizeof(authorityInfoAccessWithUrlAndIPAddr), 0, NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
    if (buf)
    {
        ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
         authorityInfoAccessWithUrlAndIPAddr,
         sizeof(authorityInfoAccessWithUrlAndIPAddr), 0, NULL, buf, &size);
        ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
        HeapFree(GetProcessHeap(), 0, buf);
    }
5266 5267
}

5268 5269 5270 5271 5272 5273 5274 5275 5276 5277 5278 5279 5280 5281 5282 5283 5284 5285 5286 5287 5288 5289 5290 5291 5292 5293 5294 5295 5296 5297 5298 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308 5309 5310 5311 5312 5313 5314 5315 5316 5317 5318 5319 5320 5321 5322
static const BYTE emptyCTL[] = {
0x30,0x17,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE emptyCTLWithVersion1[] = {
0x30,0x1a,0x02,0x01,0x01,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithUsageIdentifier[] = {
0x30,0x1b,0x30,0x04,0x06,0x02,0x2a,0x03,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,
0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithListIdentifier[] = {
0x30,0x1a,0x30,0x00,0x04,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithSequenceNumber[] = {
0x30,0x1a,0x30,0x00,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithThisUpdate[] = {
0x30,0x15,0x30,0x00,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithThisAndNextUpdate[] = {
0x30,0x24,0x30,0x00,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithAlgId[] = {
0x30,0x1b,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x06,0x06,0x02,0x2d,0x06,0x05,0x00 };
static const BYTE ctlWithBogusEntry[] = {
0x30,0x29,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x10,0x30,0x0e,0x04,
0x01,0x01,0x31,0x09,0x30,0x07,0x06,0x02,0x2a,0x03,0x31,0x01,0x01 };
static const BYTE ctlWithOneEntry[] = {
0x30,0x2a,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x11,0x30,0x0f,0x04,
0x01,0x01,0x31,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x31,0x02,0x30,0x00 };
static const BYTE ctlWithTwoEntries[] = {
0x30,0x41,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x28,0x30,0x0f,0x04,
0x01,0x01,0x31,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x31,0x02,0x30,0x00,0x30,
0x15,0x04,0x01,0x01,0x31,0x10,0x30,0x0e,0x06,0x02,0x2d,0x06,0x31,0x08,0x30,
0x06,0x87,0x04,0x7f,0x00,0x00,0x01 };

static void test_encodeCTL(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    char *pOid1 = oid1;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CTL_INFO info;
    SYSTEMTIME thisUpdate = { 2005, 6, 1, 6, 16, 10, 0, 0 };
    CTL_ENTRY ctlEntry[2];
    CRYPT_ATTRIBUTE attr1, attr2;
    CRYPT_ATTR_BLOB value1, value2;

    memset(&info, 0, sizeof(info));
5323
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5324
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5325
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5326
    if (ret)
5327 5328 5329 5330 5331 5332 5333
    {
        ok(size == sizeof(emptyCTL), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptyCTL, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 1;
5334
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5335
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5336
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5337
    if (ret)
5338 5339 5340 5341 5342 5343 5344 5345 5346
    {
        ok(size == sizeof(emptyCTLWithVersion1), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptyCTLWithVersion1, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 0;
    info.SubjectUsage.cUsageIdentifier = 1;
    info.SubjectUsage.rgpszUsageIdentifier = &pOid1;
5347
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5348
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5349
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5350
    if (ret)
5351 5352 5353 5354 5355 5356 5357 5358 5359 5360
    {
        ok(size == sizeof(ctlWithUsageIdentifier), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, ctlWithUsageIdentifier, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.SubjectUsage.cUsageIdentifier = 0;
    info.ListIdentifier.cbData = sizeof(serialNum);
    info.ListIdentifier.pbData = (LPBYTE)serialNum;
5361
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5362
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5363
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5364
    if (ret)
5365 5366 5367 5368 5369 5370 5371 5372 5373
    {
        ok(size == sizeof(ctlWithListIdentifier), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithListIdentifier, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.ListIdentifier.cbData = 0;
    info.SequenceNumber.cbData = sizeof(serialNum);
    info.SequenceNumber.pbData = (LPBYTE)serialNum;
5374
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5375
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5376
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5377
    if (ret)
5378 5379 5380 5381 5382 5383 5384 5385 5386
    {
        ok(size == sizeof(ctlWithSequenceNumber), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, ctlWithSequenceNumber, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.SequenceNumber.cbData = 0;
    SystemTimeToFileTime(&thisUpdate, &info.ThisUpdate);
5387
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5388
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5389
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5390
    if (ret)
5391 5392 5393 5394 5395 5396 5397
    {
        ok(size == sizeof(ctlWithThisUpdate), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithThisUpdate, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    SystemTimeToFileTime(&thisUpdate, &info.NextUpdate);
5398
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5399
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5400
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5401
    if (ret)
5402 5403 5404 5405 5406 5407 5408 5409 5410 5411
    {
        ok(size == sizeof(ctlWithThisAndNextUpdate), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, ctlWithThisAndNextUpdate, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
    info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
    info.SubjectAlgorithm.pszObjId = oid2;
5412
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5413
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5414
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5415
    if (ret)
5416 5417 5418 5419 5420 5421 5422 5423 5424 5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436
    {
        ok(size == sizeof(ctlWithAlgId), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithAlgId, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    /* The value is supposed to be asn.1 encoded, so this'll fail to decode
     * (see tests below) but it'll encode fine.
     */
    info.SubjectAlgorithm.pszObjId = NULL;
    value1.cbData = sizeof(serialNum);
    value1.pbData = (LPBYTE)serialNum;
    attr1.pszObjId = oid1;
    attr1.cValue = 1;
    attr1.rgValue = &value1;
    ctlEntry[0].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[0].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[0].cAttribute = 1;
    ctlEntry[0].rgAttribute = &attr1;
    info.cCTLEntry = 1;
    info.rgCTLEntry = ctlEntry;
5437
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5438
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5439
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5440
    if (ret)
5441 5442 5443 5444 5445 5446 5447 5448
    {
        ok(size == sizeof(ctlWithBogusEntry), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithBogusEntry, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    value1.cbData = sizeof(emptySequence);
    value1.pbData = (LPBYTE)emptySequence;
5449
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5450
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5451
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5452
    if (ret)
5453 5454 5455 5456 5457 5458 5459 5460 5461 5462 5463 5464 5465 5466 5467 5468
    {
        ok(size == sizeof(ctlWithOneEntry), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithOneEntry, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    value2.cbData = sizeof(encodedIPAddr);
    value2.pbData = (LPBYTE)encodedIPAddr;
    attr2.pszObjId = oid2;
    attr2.cValue = 1;
    attr2.rgValue = &value2;
    ctlEntry[1].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[1].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[1].cAttribute = 1;
    ctlEntry[1].rgAttribute = &attr2;
    info.cCTLEntry = 2;
5469
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5470
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5471
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5472
    if (ret)
5473 5474 5475 5476 5477 5478 5479 5480 5481 5482 5483 5484 5485 5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511 5512 5513 5514 5515 5516 5517 5518 5519 5520 5521 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 5532 5533 5534 5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 5554 5555 5556 5557 5558 5559 5560 5561 5562 5563 5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576 5577 5578 5579 5580 5581 5582 5583 5584 5585 5586 5587 5588 5589 5590 5591 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 5603 5604 5605 5606
    {
        ok(size == sizeof(ctlWithTwoEntries), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithTwoEntries, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
}

static void compareCTLInfo(LPCSTR header, const CTL_INFO *expected,
 const CTL_INFO *got)
{
    DWORD i, j, k;

    ok(expected->dwVersion == got->dwVersion,
     "%s: expected version %d, got %d\n", header, expected->dwVersion,
     got->dwVersion);
    ok(expected->SubjectUsage.cUsageIdentifier ==
     got->SubjectUsage.cUsageIdentifier,
     "%s: expected %d usage identifiers, got %d\n", header,
     expected->SubjectUsage.cUsageIdentifier,
     got->SubjectUsage.cUsageIdentifier);
    for (i = 0; i < expected->SubjectUsage.cUsageIdentifier; i++)
        ok(!strcmp(expected->SubjectUsage.rgpszUsageIdentifier[i],
         got->SubjectUsage.rgpszUsageIdentifier[i]),
         "%s[%d]: expected %s, got %s\n", header, i,
         expected->SubjectUsage.rgpszUsageIdentifier[i],
         got->SubjectUsage.rgpszUsageIdentifier[i]);
    ok(expected->ListIdentifier.cbData == got->ListIdentifier.cbData,
     "%s: expected list identifier of %d bytes, got %d\n", header,
     expected->ListIdentifier.cbData, got->ListIdentifier.cbData);
    if (expected->ListIdentifier.cbData)
        ok(!memcmp(expected->ListIdentifier.pbData, got->ListIdentifier.pbData,
         expected->ListIdentifier.cbData),
         "%s: unexpected list identifier value\n", header);
    ok(expected->SequenceNumber.cbData == got->SequenceNumber.cbData,
     "%s: expected sequence number of %d bytes, got %d\n", header,
     expected->SequenceNumber.cbData, got->SequenceNumber.cbData);
    if (expected->SequenceNumber.cbData)
        ok(!memcmp(expected->SequenceNumber.pbData, got->SequenceNumber.pbData,
         expected->SequenceNumber.cbData),
         "%s: unexpected sequence number value\n", header);
    ok(!memcmp(&expected->ThisUpdate, &got->ThisUpdate, sizeof(FILETIME)),
     "%s: expected this update = (%d, %d), got (%d, %d)\n", header,
     expected->ThisUpdate.dwLowDateTime, expected->ThisUpdate.dwHighDateTime,
     got->ThisUpdate.dwLowDateTime, got->ThisUpdate.dwHighDateTime);
    ok(!memcmp(&expected->NextUpdate, &got->NextUpdate, sizeof(FILETIME)),
     "%s: expected next update = (%d, %d), got (%d, %d)\n", header,
     expected->NextUpdate.dwLowDateTime, expected->NextUpdate.dwHighDateTime,
     got->NextUpdate.dwLowDateTime, got->NextUpdate.dwHighDateTime);
    if (expected->SubjectAlgorithm.pszObjId &&
     *expected->SubjectAlgorithm.pszObjId && !got->SubjectAlgorithm.pszObjId)
        ok(0, "%s: expected subject algorithm %s, got NULL\n", header,
         expected->SubjectAlgorithm.pszObjId);
    if (expected->SubjectAlgorithm.pszObjId && got->SubjectAlgorithm.pszObjId)
        ok(!strcmp(expected->SubjectAlgorithm.pszObjId,
         got->SubjectAlgorithm.pszObjId),
         "%s: expected subject algorithm %s, got %s\n", header,
         expected->SubjectAlgorithm.pszObjId, got->SubjectAlgorithm.pszObjId);
    ok(expected->SubjectAlgorithm.Parameters.cbData ==
     got->SubjectAlgorithm.Parameters.cbData,
     "%s: expected subject algorithm parameters of %d bytes, got %d\n", header,
     expected->SubjectAlgorithm.Parameters.cbData,
     got->SubjectAlgorithm.Parameters.cbData);
    if (expected->SubjectAlgorithm.Parameters.cbData)
        ok(!memcmp(expected->SubjectAlgorithm.Parameters.pbData,
         got->SubjectAlgorithm.Parameters.pbData,
         expected->SubjectAlgorithm.Parameters.cbData),
         "%s: unexpected subject algorithm parameter value\n", header);
    ok(expected->cCTLEntry == got->cCTLEntry,
     "%s: expected %d CTL entries, got %d\n", header, expected->cCTLEntry,
     got->cCTLEntry);
    for (i = 0; i < expected->cCTLEntry; i++)
    {
        ok(expected->rgCTLEntry[i].SubjectIdentifier.cbData ==
         got->rgCTLEntry[i].SubjectIdentifier.cbData,
         "%s[%d]: expected subject identifier of %d bytes, got %d\n",
         header, i, expected->rgCTLEntry[i].SubjectIdentifier.cbData,
         got->rgCTLEntry[i].SubjectIdentifier.cbData);
        if (expected->rgCTLEntry[i].SubjectIdentifier.cbData)
            ok(!memcmp(expected->rgCTLEntry[i].SubjectIdentifier.pbData,
             got->rgCTLEntry[i].SubjectIdentifier.pbData,
             expected->rgCTLEntry[i].SubjectIdentifier.cbData),
             "%s[%d]: unexpected subject identifier value\n",
             header, i);
        for (j = 0; j < expected->rgCTLEntry[i].cAttribute; j++)
        {
            ok(!strcmp(expected->rgCTLEntry[i].rgAttribute[j].pszObjId,
             got->rgCTLEntry[i].rgAttribute[j].pszObjId),
             "%s[%d][%d]: expected attribute OID %s, got %s\n", header, i, j,
             expected->rgCTLEntry[i].rgAttribute[j].pszObjId,
             got->rgCTLEntry[i].rgAttribute[j].pszObjId);
            for (k = 0; k < expected->rgCTLEntry[i].rgAttribute[j].cValue; k++)
            {
                ok(expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData ==
                 got->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData,
                 "%s[%d][%d][%d]: expected value of %d bytes, got %d\n",
                 header, i, j, k,
                 expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData,
                 got->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData);
                if (expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData)
                    ok(!memcmp(
                     expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].pbData,
                     got->rgCTLEntry[i].rgAttribute[j].rgValue[k].pbData,
                     expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData),
                     "%s[%d][%d][%d]: unexpected value\n",
                     header, i, j, k);
            }
        }
    }
    ok(expected->cExtension == got->cExtension,
     "%s: expected %d extensions, got %d\n", header, expected->cExtension,
     got->cExtension);
    for (i = 0; i < expected->cExtension; i++)
    {
        ok(!strcmp(expected->rgExtension[i].pszObjId,
         got->rgExtension[i].pszObjId), "%s[%d]: expected %s, got %s\n",
         header, i, expected->rgExtension[i].pszObjId,
         got->rgExtension[i].pszObjId);
        ok(expected->rgExtension[i].fCritical == got->rgExtension[i].fCritical,
         "%s[%d]: expected fCritical = %d, got %d\n", header, i,
         expected->rgExtension[i].fCritical, got->rgExtension[i].fCritical);
        ok(expected->rgExtension[i].Value.cbData ==
         got->rgExtension[i].Value.cbData,
         "%s[%d]: expected extension value to have %d bytes, got %d\n",
         header, i, expected->rgExtension[i].Value.cbData,
         got->rgExtension[i].Value.cbData);
        if (expected->rgExtension[i].Value.cbData)
            ok(!memcmp(expected->rgExtension[i].Value.pbData,
             got->rgExtension[i].Value.pbData,
             expected->rgExtension[i].Value.cbData),
             "%s[%d]: unexpected extension value\n", header, i);
    }
}

5607 5608 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 5620 5621 5622 5623 5624 5625 5626 5627 5628 5629 5630 5631 5632 5633 5634 5635 5636 5637 5638 5639 5640 5641 5642
static const BYTE signedCTL[] = {
0x30,0x81,0xc7,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,0xa0,
0x81,0xb9,0x30,0x81,0xb6,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,
0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x28,0x06,0x09,0x2a,0x86,
0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x1b,0x04,0x19,0x30,0x17,0x30,0x00,
0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x30,0x02,0x06,0x00,0x31,0x77,0x30,0x75,0x02,0x01,0x01,0x30,0x1a,
0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,
0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x04,0x06,0x00,0x05,
0x00,0x04,0x40,0xca,0xd8,0x32,0xd1,0xbd,0x97,0x61,0x54,0xd6,0x80,0xcf,0x0d,
0xbd,0xa2,0x42,0xc7,0xca,0x37,0x91,0x7d,0x9d,0xac,0x8c,0xdf,0x05,0x8a,0x39,
0xc6,0x07,0xc1,0x37,0xe6,0xb9,0xd1,0x0d,0x26,0xec,0xa5,0xb0,0x8a,0x51,0x26,
0x2b,0x4f,0x73,0x44,0x86,0x83,0x5e,0x2b,0x6e,0xcc,0xf8,0x1b,0x85,0x53,0xe9,
0x7a,0x80,0x8f,0x6b,0x42,0x19,0x93 };
static const BYTE signedCTLWithCTLInnerContent[] = {
0x30,0x82,0x01,0x0f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,
0xa0,0x82,0x01,0x00,0x30,0x81,0xfd,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,
0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x30,0x06,0x09,
0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x0a,0x01,0xa0,0x23,0x30,0x21,0x30,0x00,
0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,
0x00,0x31,0x81,0xb5,0x30,0x81,0xb2,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,
0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,
0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,
0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0xa0,0x3b,0x30,0x18,0x06,0x09,0x2a,0x86,
0x48,0x86,0xf7,0x0d,0x01,0x09,0x03,0x31,0x0b,0x06,0x09,0x2b,0x06,0x01,0x04,
0x01,0x82,0x37,0x0a,0x01,0x30,0x1f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
0x01,0x09,0x04,0x31,0x12,0x04,0x10,0x54,0x71,0xbc,0xe1,0x56,0x31,0xa2,0xf9,
0x65,0x70,0x34,0xf8,0xe2,0xe9,0xb4,0xf4,0x30,0x04,0x06,0x00,0x05,0x00,0x04,
0x40,0x2f,0x1b,0x9f,0x5a,0x4a,0x15,0x73,0xfa,0xb1,0x93,0x3d,0x09,0x52,0xdf,
0x6b,0x98,0x4b,0x13,0x5e,0xe7,0xbf,0x65,0xf4,0x9c,0xc2,0xb1,0x77,0x09,0xb1,
0x66,0x4d,0x72,0x0d,0xb1,0x1a,0x50,0x20,0xe0,0x57,0xa2,0x39,0xc7,0xcd,0x7f,
0x8e,0xe7,0x5f,0x76,0x2b,0xd1,0x6a,0x82,0xb3,0x30,0x25,0x61,0xf6,0x25,0x23,
0x57,0x6c,0x0b,0x47,0xb8 };

5643 5644 5645 5646 5647 5648 5649 5650 5651 5652 5653 5654 5655 5656 5657 5658
static void test_decodeCTL(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    static BYTE nullData[] = { 5,0 };
    char *pOid1 = oid1;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CTL_INFO info;
    SYSTEMTIME thisUpdate = { 2005, 6, 1, 6, 16, 10, 0, 0 };
    CTL_ENTRY ctlEntry[2];
    CRYPT_ATTRIBUTE attr1, attr2;
    CRYPT_ATTR_BLOB value1, value2;

    memset(&info, 0, sizeof(info));
5659
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, emptyCTL, sizeof(emptyCTL),
5660
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5661
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5662
    if (ret)
5663 5664 5665 5666 5667 5668
    {
        compareCTLInfo("empty CTL", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 1;
5669
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, emptyCTLWithVersion1,
5670
     sizeof(emptyCTLWithVersion1), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
5671 5672
     &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5673
    if (ret)
5674 5675 5676 5677 5678 5679 5680 5681
    {
        compareCTLInfo("v1 CTL", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 0;
    info.SubjectUsage.cUsageIdentifier = 1;
    info.SubjectUsage.rgpszUsageIdentifier = &pOid1;
5682
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithUsageIdentifier,
5683
     sizeof(ctlWithUsageIdentifier), CRYPT_DECODE_ALLOC_FLAG, NULL,
5684
     &buf, &size);
5685
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5686
    if (ret)
5687 5688 5689 5690 5691 5692 5693 5694
    {
        compareCTLInfo("CTL with usage identifier", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.SubjectUsage.cUsageIdentifier = 0;
    info.ListIdentifier.cbData = sizeof(serialNum);
    info.ListIdentifier.pbData = (LPBYTE)serialNum;
5695
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithListIdentifier,
5696
     sizeof(ctlWithListIdentifier), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5697
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5698
    if (ret)
5699 5700 5701 5702 5703 5704 5705 5706
    {
        compareCTLInfo("CTL with list identifier", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.ListIdentifier.cbData = 0;
    info.SequenceNumber.cbData = sizeof(serialNum);
    info.SequenceNumber.pbData = (LPBYTE)serialNum;
5707
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithSequenceNumber,
5708
     sizeof(ctlWithSequenceNumber), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5709
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5710
    if (ret)
5711 5712 5713 5714 5715 5716 5717
    {
        compareCTLInfo("CTL with sequence number", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.SequenceNumber.cbData = 0;
    SystemTimeToFileTime(&thisUpdate, &info.ThisUpdate);
5718
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithThisUpdate,
5719
     sizeof(ctlWithThisUpdate), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5720
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5721
    if (ret)
5722 5723 5724 5725 5726 5727
    {
        compareCTLInfo("CTL with this update", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    SystemTimeToFileTime(&thisUpdate, &info.NextUpdate);
5728
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithThisAndNextUpdate,
5729
     sizeof(ctlWithThisAndNextUpdate), CRYPT_DECODE_ALLOC_FLAG, NULL,
5730
     &buf, &size);
5731
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5732
    if (ret)
5733 5734 5735 5736 5737 5738 5739 5740 5741 5742
    {
        compareCTLInfo("CTL with this and next update", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
    info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
    info.SubjectAlgorithm.pszObjId = oid2;
    info.SubjectAlgorithm.Parameters.cbData = sizeof(nullData);
    info.SubjectAlgorithm.Parameters.pbData = nullData;
5743
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithAlgId,
5744
     sizeof(ctlWithAlgId), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5745
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5746
    if (ret)
5747 5748 5749 5750 5751 5752
    {
        compareCTLInfo("CTL with algorithm identifier", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    SetLastError(0xdeadbeef);
5753
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithBogusEntry,
5754
     sizeof(ctlWithBogusEntry), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5755
    ok(!ret &&
5756 5757 5758
     (GetLastError() == CRYPT_E_ASN1_EOD ||
      GetLastError() == CRYPT_E_ASN1_CORRUPT ||
      GetLastError() == OSS_MORE_INPUT), /* Win9x */
5759 5760
     "expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT, got %08x\n",
     GetLastError());
5761 5762 5763 5764 5765 5766 5767 5768 5769 5770 5771 5772 5773 5774 5775 5776 5777
    info.SubjectAlgorithm.Parameters.cbData = 0;
    info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
    info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
    info.SubjectAlgorithm.pszObjId = oid2;
    info.SubjectAlgorithm.pszObjId = NULL;
    value1.cbData = sizeof(emptySequence);
    value1.pbData = (LPBYTE)emptySequence;
    attr1.pszObjId = oid1;
    attr1.cValue = 1;
    attr1.rgValue = &value1;
    ctlEntry[0].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[0].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[0].cAttribute = 1;
    ctlEntry[0].rgAttribute = &attr1;
    info.cCTLEntry = 1;
    info.rgCTLEntry = ctlEntry;
    SetLastError(0xdeadbeef);
5778
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithOneEntry,
5779
     sizeof(ctlWithOneEntry), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5780
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5781
    if (ret)
5782 5783 5784 5785 5786 5787 5788 5789 5790 5791 5792 5793 5794 5795 5796
    {
        compareCTLInfo("CTL with one entry", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    value2.cbData = sizeof(encodedIPAddr);
    value2.pbData = (LPBYTE)encodedIPAddr;
    attr2.pszObjId = oid2;
    attr2.cValue = 1;
    attr2.rgValue = &value2;
    ctlEntry[1].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[1].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[1].cAttribute = 1;
    ctlEntry[1].rgAttribute = &attr2;
    info.cCTLEntry = 2;
5797
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithTwoEntries,
5798
     sizeof(ctlWithTwoEntries), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5799
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5800
    if (ret)
5801 5802 5803 5804 5805
    {
        compareCTLInfo("CTL with two entries", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
5806 5807
    /* A signed CTL isn't decodable, even if the inner content is a CTL */
    SetLastError(0xdeadbeef);
5808
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, signedCTL,
5809
     sizeof(signedCTL), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5810 5811 5812 5813
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "expected CRYPT_E_ASN1_BADTAG or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
5814
    SetLastError(0xdeadbeef);
5815
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL,
5816
     signedCTLWithCTLInnerContent, sizeof(signedCTLWithCTLInnerContent),
5817
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5818 5819 5820 5821
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "expected CRYPT_E_ASN1_BADTAG or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
5822 5823
}

5824
static const BYTE emptyPKCSContentInfo[] = { 0x30,0x04,0x06,0x02,0x2a,0x03 };
5825 5826
static const BYTE emptyPKCSContentInfoExtraBytes[] = { 0x30,0x04,0x06,0x02,0x2a,
 0x03,0,0,0,0,0,0 };
5827 5828 5829 5830 5831 5832 5833 5834 5835 5836 5837 5838 5839 5840
static const BYTE bogusPKCSContentInfo[] = { 0x30,0x07,0x06,0x02,0x2a,0x03,
 0xa0,0x01,0x01 };
static const BYTE intPKCSContentInfo[] = { 0x30,0x09,0x06,0x02,0x2a,0x03,0xa0,
 0x03,0x02,0x01,0x01 };
static BYTE bogusDER[] = { 1 };

static void test_encodePKCSContentInfo(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRYPT_CONTENT_INFO info = { 0 };
    char oid1[] = "1.2.3";

5841 5842 5843 5844 5845
    if (0)
    {
        /* Crashes on win9x */
        SetLastError(0xdeadbeef);
        ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, NULL,
5846
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5847 5848 5849
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %x\n", GetLastError());
    }
5850
    SetLastError(0xdeadbeef);
5851
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5852
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5853 5854 5855
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %x\n", GetLastError());
5856
    info.pszObjId = oid1;
5857
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5858
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5859
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5860
    if (ret)
5861 5862 5863 5864 5865 5866 5867
    {
        ok(size == sizeof(emptyPKCSContentInfo), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptyPKCSContentInfo, size), "Unexpected value\n");
        LocalFree(buf);
    }
    info.Content.pbData = bogusDER;
    info.Content.cbData = sizeof(bogusDER);
5868
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5869
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5870
    ok(ret, "CryptEncodeObjectEx failed; %x\n", GetLastError());
5871
    if (ret)
5872 5873 5874 5875 5876 5877 5878
    {
        ok(size == sizeof(bogusPKCSContentInfo), "Unexpected size %d\n", size);
        ok(!memcmp(buf, bogusPKCSContentInfo, size), "Unexpected value\n");
        LocalFree(buf);
    }
    info.Content.pbData = (BYTE *)ints[0].encoded;
    info.Content.cbData = ints[0].encoded[1] + 2;
5879
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5880
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5881
    if (ret)
5882 5883 5884 5885 5886 5887 5888
    {
        ok(size == sizeof(intPKCSContentInfo), "Unexpected size %d\n", size);
        ok(!memcmp(buf, intPKCSContentInfo, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

5889 5890 5891 5892 5893 5894 5895 5896 5897 5898 5899 5900 5901 5902 5903 5904 5905 5906 5907 5908 5909 5910 5911 5912 5913 5914 5915 5916 5917 5918
static const BYTE indefiniteSignedPKCSContent[] = {
0x30,0x80,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,0xa0,0x80,
0x30,0x80,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,
0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x80,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
0x0d,0x01,0x07,0x01,0xa0,0x80,0x24,0x80,0x04,0x04,0x01,0x02,0x03,0x04,0x04,
0x04,0x01,0x02,0x03,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0xa0,0x81,0xd2,0x30,
0x81,0xcf,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
0x00,0x30,0x5c,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
0x01,0x05,0x00,0x03,0x4b,0x00,0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,
0x83,0xb1,0x27,0x14,0x3e,0x59,0xbb,0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,
0x68,0xad,0x85,0x53,0xdb,0x6b,0x1e,0xeb,0x65,0x97,0x03,0x86,0x60,0xde,0xf3,
0x6c,0x38,0x75,0xe0,0x4c,0x61,0xbb,0xbc,0x62,0x17,0xa9,0xcd,0x79,0x3f,0x21,
0x4e,0x96,0xcb,0x0e,0xdc,0x61,0x94,0x30,0x18,0x10,0x6b,0xd0,0x1c,0x10,0x79,
0x02,0x03,0x01,0x00,0x01,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,
0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0x31,
0x77,0x30,0x75,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,
0x05,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,0x40,0x57,0xba,0xe0,0xad,
0xfe,0x36,0x8d,0xb3,0x88,0xa2,0x8d,0x84,0x82,0x52,0x09,0x09,0xd9,0xf0,0xb8,
0x04,0xfa,0xb5,0x51,0x0b,0x2b,0x2e,0xd5,0x72,0x3e,0x3d,0x13,0x8a,0x51,0xc3,
0x71,0x65,0x9a,0x52,0xf2,0x8f,0xb2,0x5b,0x39,0x28,0xb3,0x29,0x36,0xa5,0x8d,
0xe3,0x55,0x71,0x91,0xf9,0x2a,0xd1,0xb8,0xaa,0x52,0xb8,0x22,0x3a,0xeb,0x61,
0x00,0x00,0x00,0x00,0x00,0x00 };

5919 5920 5921 5922 5923 5924 5925
static void test_decodePKCSContentInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_CONTENT_INFO *info;

5926
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5927
     emptyPKCSContentInfo, sizeof(emptyPKCSContentInfo),
5928
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5929
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5930
    if (ret)
5931 5932 5933 5934 5935 5936 5937 5938 5939
    {
        info = (CRYPT_CONTENT_INFO *)buf;

        ok(!strcmp(info->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         info->pszObjId);
        ok(info->Content.cbData == 0, "Expected no data, got %d\n",
         info->Content.cbData);
        LocalFree(buf);
    }
5940
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5941 5942 5943
     emptyPKCSContentInfoExtraBytes, sizeof(emptyPKCSContentInfoExtraBytes),
     0, NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5944
    SetLastError(0xdeadbeef);
5945
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5946
     bogusPKCSContentInfo, sizeof(bogusPKCSContentInfo),
5947
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5948 5949 5950
    /* Native fails with CRYPT_E_ASN1_EOD, accept also CRYPT_E_ASN1_CORRUPT as
     * I doubt an app depends on that.
     */
5951 5952
    ok((!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == CRYPT_E_ASN1_CORRUPT)) || broken(ret),
5953 5954
     "Expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT, got %x\n",
     GetLastError());
5955
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5956
     intPKCSContentInfo, sizeof(intPKCSContentInfo),
5957
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5958
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5959
    if (ret)
5960 5961 5962 5963 5964 5965 5966 5967 5968
    {
        info = (CRYPT_CONTENT_INFO *)buf;

        ok(!strcmp(info->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         info->pszObjId);
        ok(info->Content.cbData == ints[0].encoded[1] + 2,
         "Unexpected size %d\n", info->Content.cbData);
        ok(!memcmp(info->Content.pbData, ints[0].encoded,
         info->Content.cbData), "Unexpected value\n");
5969 5970
        LocalFree(buf);
    }
5971
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5972
     indefiniteSignedPKCSContent, sizeof(indefiniteSignedPKCSContent),
5973
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5974
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5975
    if (ret)
5976 5977 5978 5979 5980 5981 5982 5983
    {
        info = (CRYPT_CONTENT_INFO *)buf;

        ok(!strcmp(info->pszObjId, szOID_RSA_signedData),
         "Expected %s, got %s\n", szOID_RSA_signedData, info->pszObjId);
        ok(info->Content.cbData == 392, "Expected 392, got %d\n",
         info->Content.cbData);
        LocalFree(buf);
5984 5985 5986
    }
}

5987 5988 5989 5990 5991 5992 5993 5994 5995 5996 5997 5998 5999 6000 6001 6002
static const BYTE emptyPKCSAttr[] = { 0x30,0x06,0x06,0x02,0x2a,0x03,0x31,
 0x00 };
static const BYTE bogusPKCSAttr[] = { 0x30,0x07,0x06,0x02,0x2a,0x03,0x31,0x01,
 0x01 };
static const BYTE intPKCSAttr[] = { 0x30,0x09,0x06,0x02,0x2a,0x03,0x31,0x03,
 0x02,0x01,0x01 };

static void test_encodePKCSAttribute(DWORD dwEncoding)
{
    CRYPT_ATTRIBUTE attr = { 0 };
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_ATTR_BLOB blob;
    char oid[] = "1.2.3";

6003 6004 6005 6006 6007
    if (0)
    {
        /* Crashes on win9x */
        SetLastError(0xdeadbeef);
        ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, NULL,
6008
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6009 6010 6011
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %x\n", GetLastError());
    }
6012
    SetLastError(0xdeadbeef);
6013
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
6014
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6015 6016 6017
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %x\n", GetLastError());
6018
    attr.pszObjId = oid;
6019
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
6020
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6021
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6022
    if (ret)
6023 6024 6025 6026 6027 6028 6029 6030 6031
    {
        ok(size == sizeof(emptyPKCSAttr), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptyPKCSAttr, size), "Unexpected value\n");
        LocalFree(buf);
    }
    blob.cbData = sizeof(bogusDER);
    blob.pbData = bogusDER;
    attr.cValue = 1;
    attr.rgValue = &blob;
6032
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
6033
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6034
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6035
    if (ret)
6036 6037 6038 6039 6040 6041 6042
    {
        ok(size == sizeof(bogusPKCSAttr), "Unexpected size %d\n", size);
        ok(!memcmp(buf, bogusPKCSAttr, size), "Unexpected value\n");
        LocalFree(buf);
    }
    blob.pbData = (BYTE *)ints[0].encoded;
    blob.cbData = ints[0].encoded[1] + 2;
6043
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
6044
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6045
    if (ret)
6046 6047 6048 6049 6050 6051 6052 6053 6054 6055 6056 6057 6058 6059
    {
        ok(size == sizeof(intPKCSAttr), "Unexpected size %d\n", size);
        ok(!memcmp(buf, intPKCSAttr, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodePKCSAttribute(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_ATTRIBUTE *attr;

6060
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
6061
     emptyPKCSAttr, sizeof(emptyPKCSAttr),
6062
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6063
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6064
    if (ret)
6065 6066 6067 6068 6069 6070 6071 6072 6073
    {
        attr = (CRYPT_ATTRIBUTE *)buf;

        ok(!strcmp(attr->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         attr->pszObjId);
        ok(attr->cValue == 0, "Expected no value, got %d\n", attr->cValue);
        LocalFree(buf);
    }
    SetLastError(0xdeadbeef);
6074
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
6075
     bogusPKCSAttr, sizeof(bogusPKCSAttr),
6076
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6077 6078 6079 6080
    /* Native fails with CRYPT_E_ASN1_EOD, accept also CRYPT_E_ASN1_CORRUPT as
     * I doubt an app depends on that.
     */
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
6081 6082
     GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_MORE_INPUT /* Win9x */),
6083
     "Expected CRYPT_E_ASN1_EOD, CRYPT_E_ASN1_CORRUPT, or OSS_MORE_INPUT, got %x\n",
6084
     GetLastError());
6085
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
6086
     intPKCSAttr, sizeof(intPKCSAttr),
6087
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6088
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6089
    if (ret)
6090 6091 6092 6093 6094 6095 6096 6097 6098 6099
    {
        attr = (CRYPT_ATTRIBUTE *)buf;

        ok(!strcmp(attr->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         attr->pszObjId);
        ok(attr->cValue == 1, "Expected 1 value, got %d\n", attr->cValue);
        ok(attr->rgValue[0].cbData == ints[0].encoded[1] + 2,
         "Unexpected size %d\n", attr->rgValue[0].cbData);
        ok(!memcmp(attr->rgValue[0].pbData, ints[0].encoded,
         attr->rgValue[0].cbData), "Unexpected value\n");
6100
        LocalFree(buf);
6101 6102
    }
}
6103 6104 6105 6106 6107 6108 6109 6110 6111 6112 6113 6114 6115 6116 6117 6118 6119

static const BYTE emptyPKCSAttributes[] = { 0x31,0x00 };
static const BYTE singlePKCSAttributes[] = { 0x31,0x08,0x30,0x06,0x06,0x02,
 0x2a,0x03,0x31,0x00 };
static const BYTE doublePKCSAttributes[] = { 0x31,0x13,0x30,0x06,0x06,0x02,
 0x2a,0x03,0x31,0x00,0x30,0x09,0x06,0x02,0x2d,0x06,0x31,0x03,0x02,0x01,0x01 };

static void test_encodePKCSAttributes(DWORD dwEncoding)
{
    CRYPT_ATTRIBUTES attributes = { 0 };
    CRYPT_ATTRIBUTE attr[2] = { { 0 } };
    CRYPT_ATTR_BLOB blob;
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    char oid1[] = "1.2.3", oid2[] = "1.5.6";

6120
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6121
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6122
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6123
    if (ret)
6124 6125 6126 6127 6128 6129 6130 6131
    {
        ok(size == sizeof(emptyPKCSAttributes), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptyPKCSAttributes, size), "Unexpected value\n");
        LocalFree(buf);
    }
    attributes.cAttr = 1;
    attributes.rgAttr = attr;
    SetLastError(0xdeadbeef);
6132
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6133
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6134 6135 6136
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
6137
    attr[0].pszObjId = oid1;
6138
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6139
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6140
    if (ret)
6141 6142 6143 6144 6145 6146 6147 6148 6149 6150 6151
    {
        ok(size == sizeof(singlePKCSAttributes), "Unexpected size %d\n", size);
        ok(!memcmp(buf, singlePKCSAttributes, size), "Unexpected value\n");
        LocalFree(buf);
    }
    attr[1].pszObjId = oid2;
    attr[1].cValue = 1;
    attr[1].rgValue = &blob;
    blob.pbData = (BYTE *)ints[0].encoded;
    blob.cbData = ints[0].encoded[1] + 2;
    attributes.cAttr = 2;
6152
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6153
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6154
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6155
    if (ret)
6156 6157 6158 6159 6160 6161 6162 6163 6164 6165 6166 6167 6168 6169
    {
        ok(size == sizeof(doublePKCSAttributes), "Unexpected size %d\n", size);
        ok(!memcmp(buf, doublePKCSAttributes, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodePKCSAttributes(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_ATTRIBUTES *attributes;

6170
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
6171
     emptyPKCSAttributes, sizeof(emptyPKCSAttributes),
6172
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6173
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6174
    if (ret)
6175 6176 6177 6178 6179 6180
    {
        attributes = (CRYPT_ATTRIBUTES *)buf;
        ok(attributes->cAttr == 0, "Expected no attributes, got %d\n",
         attributes->cAttr);
        LocalFree(buf);
    }
6181
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
6182
     singlePKCSAttributes, sizeof(singlePKCSAttributes),
6183
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6184
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6185
    if (ret)
6186 6187 6188 6189 6190 6191 6192 6193 6194 6195
    {
        attributes = (CRYPT_ATTRIBUTES *)buf;
        ok(attributes->cAttr == 1, "Expected 1 attribute, got %d\n",
         attributes->cAttr);
        ok(!strcmp(attributes->rgAttr[0].pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", attributes->rgAttr[0].pszObjId);
        ok(attributes->rgAttr[0].cValue == 0,
         "Expected no attributes, got %d\n", attributes->rgAttr[0].cValue);
        LocalFree(buf);
    }
6196
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
6197
     doublePKCSAttributes, sizeof(doublePKCSAttributes),
6198
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6199
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6200
    if (ret)
6201 6202 6203 6204 6205 6206 6207 6208 6209
    {
        attributes = (CRYPT_ATTRIBUTES *)buf;
        ok(attributes->cAttr == 2, "Expected 2 attributes, got %d\n",
         attributes->cAttr);
        ok(!strcmp(attributes->rgAttr[0].pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", attributes->rgAttr[0].pszObjId);
        ok(attributes->rgAttr[0].cValue == 0,
         "Expected no attributes, got %d\n", attributes->rgAttr[0].cValue);
        ok(!strcmp(attributes->rgAttr[1].pszObjId, "1.5.6"),
6210
         "Expected 1.5.6, got %s\n", attributes->rgAttr[1].pszObjId);
6211 6212 6213 6214 6215 6216 6217 6218
        ok(attributes->rgAttr[1].cValue == 1,
         "Expected 1 attribute, got %d\n", attributes->rgAttr[1].cValue);
        ok(attributes->rgAttr[1].rgValue[0].cbData == ints[0].encoded[1] + 2,
         "Unexpected size %d\n", attributes->rgAttr[1].rgValue[0].cbData);
        ok(!memcmp(attributes->rgAttr[1].rgValue[0].pbData, ints[0].encoded,
         attributes->rgAttr[1].rgValue[0].cbData), "Unexpected value\n");
        LocalFree(buf);
    }
6219 6220 6221 6222 6223 6224 6225 6226 6227 6228 6229
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
     doublePKCSAttributes, sizeof(doublePKCSAttributes), 0, NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
    if (buf)
    {
        ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
         doublePKCSAttributes, sizeof(doublePKCSAttributes), 0, NULL, buf, &size);
        ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
        HeapFree(GetProcessHeap(), 0, buf);
    }
6230 6231
}

6232 6233 6234 6235 6236 6237 6238 6239 6240 6241 6242 6243 6244 6245 6246 6247 6248 6249
static const BYTE singleCapability[] = {
0x30,0x06,0x30,0x04,0x06,0x02,0x2d,0x06 };
static const BYTE twoCapabilities[] = {
0x30,0x0c,0x30,0x04,0x06,0x02,0x2d,0x06,0x30,0x04,0x06,0x02,0x2a,0x03 };
static const BYTE singleCapabilitywithNULL[] = {
0x30,0x08,0x30,0x06,0x06,0x02,0x2d,0x06,0x05,0x00 };

static void test_encodePKCSSMimeCapabilities(DWORD dwEncoding)
{
    static char oid1[] = "1.5.6", oid2[] = "1.2.3";
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_SMIME_CAPABILITY capability[2];
    CRYPT_SMIME_CAPABILITIES capabilities;

    /* An empty capabilities is allowed */
    capabilities.cCapability = 0;
6250
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6251
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6252
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6253
    if (ret)
6254 6255 6256 6257 6258 6259 6260 6261 6262 6263 6264 6265 6266
    {
        ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
    }
    /* A non-empty capabilities with an empty capability (lacking an OID) is
     * not allowed
     */
    capability[0].pszObjId = NULL;
    capability[0].Parameters.cbData = 0;
    capabilities.cCapability = 1;
    capabilities.rgCapability = capability;
    SetLastError(0xdeadbeef);
6267
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6268
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6269 6270 6271
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
6272
    capability[0].pszObjId = oid1;
6273
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6274
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6275
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6276
    if (ret)
6277 6278 6279 6280 6281 6282 6283 6284
    {
        ok(size == sizeof(singleCapability), "unexpected size %d\n", size);
        ok(!memcmp(buf, singleCapability, size), "unexpected value\n");
        LocalFree(buf);
    }
    capability[1].pszObjId = oid2;
    capability[1].Parameters.cbData = 0;
    capabilities.cCapability = 2;
6285
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6286
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6287
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6288
    if (ret)
6289 6290 6291 6292 6293 6294 6295 6296 6297 6298 6299 6300 6301 6302 6303 6304 6305 6306 6307 6308 6309 6310 6311 6312 6313 6314 6315 6316 6317 6318 6319 6320 6321 6322 6323 6324 6325 6326 6327 6328 6329 6330 6331
    {
        ok(size == sizeof(twoCapabilities), "unexpected size %d\n", size);
        ok(!memcmp(buf, twoCapabilities, size), "unexpected value\n");
        LocalFree(buf);
    }
}

static void compareSMimeCapabilities(LPCSTR header,
 const CRYPT_SMIME_CAPABILITIES *expected, const CRYPT_SMIME_CAPABILITIES *got)
{
    DWORD i;

    ok(got->cCapability == expected->cCapability,
     "%s: expected %d capabilities, got %d\n", header, expected->cCapability,
     got->cCapability);
    for (i = 0; i < expected->cCapability; i++)
    {
        ok(!strcmp(expected->rgCapability[i].pszObjId,
         got->rgCapability[i].pszObjId), "%s[%d]: expected %s, got %s\n",
         header, i, expected->rgCapability[i].pszObjId,
         got->rgCapability[i].pszObjId);
        ok(expected->rgCapability[i].Parameters.cbData ==
         got->rgCapability[i].Parameters.cbData,
         "%s[%d]: expected %d bytes, got %d\n", header, i,
         expected->rgCapability[i].Parameters.cbData,
         got->rgCapability[i].Parameters.cbData);
        if (expected->rgCapability[i].Parameters.cbData)
            ok(!memcmp(expected->rgCapability[i].Parameters.pbData,
             got->rgCapability[i].Parameters.pbData,
             expected->rgCapability[i].Parameters.cbData),
             "%s[%d]: unexpected value\n", header, i);
    }
}

static void test_decodePKCSSMimeCapabilities(DWORD dwEncoding)
{
    static char oid1[] = "1.5.6", oid2[] = "1.2.3";
    BOOL ret;
    DWORD size = 0;
    CRYPT_SMIME_CAPABILITY capability[2];
    CRYPT_SMIME_CAPABILITIES capabilities, *ptr;

    SetLastError(0xdeadbeef);
6332
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6333
     emptySequence, sizeof(emptySequence),
6334
     CRYPT_DECODE_ALLOC_FLAG, NULL, &ptr, &size);
6335 6336 6337 6338 6339 6340 6341 6342
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        capabilities.cCapability = 0;
        compareSMimeCapabilities("empty capabilities", &capabilities, ptr);
        LocalFree(ptr);
    }
    SetLastError(0xdeadbeef);
6343
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6344
     singleCapability, sizeof(singleCapability), CRYPT_DECODE_ALLOC_FLAG, NULL,
6345
     &ptr, &size);
6346 6347 6348 6349 6350 6351 6352 6353 6354 6355 6356
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        capability[0].pszObjId = oid1;
        capability[0].Parameters.cbData = 0;
        capabilities.cCapability = 1;
        capabilities.rgCapability = capability;
        compareSMimeCapabilities("single capability", &capabilities, ptr);
        LocalFree(ptr);
    }
    SetLastError(0xdeadbeef);
6357
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6358
     singleCapabilitywithNULL, sizeof(singleCapabilitywithNULL),
6359
     CRYPT_DECODE_ALLOC_FLAG, NULL, &ptr, &size);
6360 6361 6362 6363 6364 6365 6366 6367 6368 6369 6370 6371 6372 6373
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        BYTE NULLparam[] = {0x05, 0x00};
        capability[0].pszObjId = oid1;
        capability[0].Parameters.cbData = 2;
        capability[0].Parameters.pbData = NULLparam;
        capabilities.cCapability = 1;
        capabilities.rgCapability = capability;
        compareSMimeCapabilities("single capability with NULL", &capabilities,
         ptr);
        LocalFree(ptr);
    }
    SetLastError(0xdeadbeef);
6374
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6375
    twoCapabilities, sizeof(twoCapabilities), CRYPT_DECODE_ALLOC_FLAG, NULL,
6376
    &ptr, &size);
6377 6378 6379 6380 6381 6382 6383 6384 6385 6386
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        capability[0].Parameters.cbData = 0;
        capability[1].pszObjId = oid2;
        capability[1].Parameters.cbData = 0;
        capabilities.cCapability = 2;
        compareSMimeCapabilities("two capabilities", &capabilities, ptr);
        LocalFree(ptr);
    }
6387 6388 6389 6390 6391 6392 6393 6394 6395 6396 6397 6398 6399
    SetLastError(0xdeadbeef);
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
     twoCapabilities, sizeof(twoCapabilities), 0, NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
    if (ptr)
    {
        SetLastError(0xdeadbeef);
        ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
         twoCapabilities, sizeof(twoCapabilities), 0, NULL, ptr, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        HeapFree(GetProcessHeap(), 0, ptr);
    }
6400 6401
}

6402 6403 6404 6405 6406 6407 6408 6409 6410 6411 6412 6413 6414 6415 6416 6417 6418 6419 6420 6421 6422 6423 6424 6425 6426 6427 6428 6429
static BYTE encodedCommonNameNoNull[] = { 0x30,0x14,0x31,0x12,0x30,0x10,
 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
 0x67 };
static const BYTE minimalPKCSSigner[] = {
 0x30,0x2b,0x02,0x01,0x00,0x30,0x18,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,0x00 };
static const BYTE PKCSSignerWithSerial[] = {
 0x30,0x2c,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x04,0x06,0x00,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,
 0x00 };
static const BYTE PKCSSignerWithHashAlgo[] = {
 0x30,0x2e,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x04,0x06,0x00,0x05,
 0x00,0x04,0x00 };
static const BYTE PKCSSignerWithHashAndEncryptionAlgo[] = {
 0x30,0x30,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x06,0x06,0x02,0x2d,
 0x06,0x05,0x00,0x04,0x00 };
static const BYTE PKCSSignerWithHash[] = {
 0x30,0x40,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x06,0x06,0x02,0x2d,
 0x06,0x05,0x00,0x04,0x10,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
6430 6431 6432 6433 6434 6435 6436 6437
static const BYTE PKCSSignerWithAuthAttr[] = {
0x30,0x62,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0xa0,0x20,0x30,0x1e,0x06,
0x03,0x55,0x04,0x03,0x31,0x17,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,
0x06,0x06,0x02,0x2d,0x06,0x05,0x00,0x04,0x10,0x00,0x01,0x02,0x03,0x04,0x05,
0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
6438 6439 6440 6441 6442 6443 6444 6445

static void test_encodePKCSSignerInfo(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3", oid2[] = "1.5.6";
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_SIGNER_INFO info = { 0 };
6446 6447 6448 6449
    char oid_common_name[] = szOID_COMMON_NAME;
    CRYPT_ATTR_BLOB commonName = { sizeof(encodedCommonName),
     (LPBYTE)encodedCommonName };
    CRYPT_ATTRIBUTE attr = { oid_common_name, 1, &commonName };
6450 6451

    SetLastError(0xdeadbeef);
6452
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6453
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6454 6455 6456 6457 6458
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no PKCS7_SIGNER_INFO encode support\n");
        return;
    }
6459 6460 6461
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
6462 6463 6464 6465 6466 6467 6468
    /* To be encoded, a signer must have an issuer at least, and the encoding
     * must include PKCS_7_ASN_ENCODING.  (That isn't enough to be decoded,
     * see decoding tests.)
     */
    info.Issuer.cbData = sizeof(encodedCommonNameNoNull);
    info.Issuer.pbData = encodedCommonNameNoNull;
    SetLastError(0xdeadbeef);
6469
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6470
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6471 6472 6473 6474 6475
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
6476 6477
        ok(ret || broken(GetLastError() == OSS_LIMITED /* Win9x */),
         "CryptEncodeObjectEx failed: %x\n", GetLastError());
6478
        if (ret)
6479
        {
6480
            ok(size == sizeof(minimalPKCSSigner), "Unexpected size %d\n", size);
6481 6482 6483 6484 6485 6486 6487 6488 6489 6490
            if (size == sizeof(minimalPKCSSigner))
                ok(!memcmp(buf, minimalPKCSSigner, size), "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.SerialNumber.cbData = sizeof(serialNum);
    info.SerialNumber.pbData = (BYTE *)serialNum;
    SetLastError(0xdeadbeef);
6491
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6492
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6493 6494 6495 6496 6497
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
6498 6499
        ok(ret || broken(GetLastError() == OSS_LIMITED /* Win9x */),
         "CryptEncodeObjectEx failed: %x\n", GetLastError());
6500
        if (ret)
6501
        {
6502
            ok(size == sizeof(PKCSSignerWithSerial), "Unexpected size %d\n",
6503 6504 6505 6506 6507 6508 6509 6510 6511 6512 6513
             size);
            if (size == sizeof(PKCSSignerWithSerial))
                ok(!memcmp(buf, PKCSSignerWithSerial, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.HashAlgorithm.pszObjId = oid1;
    SetLastError(0xdeadbeef);
6514
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6515
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6516 6517 6518 6519 6520
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
6521 6522
        ok(ret || broken(GetLastError() == OSS_LIMITED /* Win9x */),
         "CryptEncodeObjectEx failed: %x\n", GetLastError());
6523
        if (ret)
6524
        {
6525 6526
            ok(size == sizeof(PKCSSignerWithHashAlgo), "Unexpected size %d\n",
             size);
6527 6528 6529 6530 6531 6532 6533 6534 6535 6536
            if (size == sizeof(PKCSSignerWithHashAlgo))
                ok(!memcmp(buf, PKCSSignerWithHashAlgo, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.HashEncryptionAlgorithm.pszObjId = oid2;
    SetLastError(0xdeadbeef);
6537
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6538
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6539 6540 6541 6542 6543 6544
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6545
        if (ret)
6546
        {
6547
            ok(size == sizeof(PKCSSignerWithHashAndEncryptionAlgo),
6548 6549 6550 6551 6552 6553 6554 6555 6556 6557 6558 6559
             "Unexpected size %d\n", size);
            if (size == sizeof(PKCSSignerWithHashAndEncryptionAlgo))
                ok(!memcmp(buf, PKCSSignerWithHashAndEncryptionAlgo, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.EncryptedHash.cbData = sizeof(hash);
    info.EncryptedHash.pbData = (BYTE *)hash;
    SetLastError(0xdeadbeef);
6560
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6561
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6562 6563 6564 6565 6566 6567
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6568
        if (ret)
6569
        {
6570
            ok(size == sizeof(PKCSSignerWithHash), "Unexpected size %d\n",
6571 6572 6573 6574 6575 6576 6577 6578 6579
             size);
            if (size == sizeof(PKCSSignerWithHash))
                ok(!memcmp(buf, PKCSSignerWithHash, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
6580 6581 6582
    info.AuthAttrs.cAttr = 1;
    info.AuthAttrs.rgAttr = &attr;
    SetLastError(0xdeadbeef);
6583
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6584
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6585 6586 6587 6588 6589 6590
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6591
        if (ret)
6592 6593 6594 6595 6596 6597 6598 6599 6600 6601 6602
        {
            ok(size == sizeof(PKCSSignerWithAuthAttr), "Unexpected size %d\n",
             size);
            if (size == sizeof(PKCSSignerWithAuthAttr))
                ok(!memcmp(buf, PKCSSignerWithAuthAttr, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
6603 6604 6605 6606 6607 6608 6609 6610 6611 6612 6613
}

static void test_decodePKCSSignerInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_SIGNER_INFO *info;

    /* A PKCS signer can't be decoded without a serial number. */
    SetLastError(0xdeadbeef);
6614
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6615
     minimalPKCSSigner, sizeof(minimalPKCSSigner),
6616
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6617 6618 6619 6620
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %x\n",
     GetLastError());
6621
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6622
     PKCSSignerWithSerial, sizeof(PKCSSignerWithSerial),
6623
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6624 6625
    ok(ret || broken(GetLastError() == OSS_DATA_ERROR),
     "CryptDecodeObjectEx failed: %x\n", GetLastError());
6626
    if (ret)
6627 6628 6629 6630 6631 6632 6633 6634 6635 6636 6637 6638 6639 6640
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        LocalFree(buf);
    }
6641
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6642
     PKCSSignerWithHashAlgo, sizeof(PKCSSignerWithHashAlgo),
6643
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6644
    if (ret)
6645 6646 6647 6648 6649 6650 6651 6652 6653 6654 6655 6656 6657 6658 6659 6660
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
        LocalFree(buf);
    }
6661
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6662 6663
     PKCSSignerWithHashAndEncryptionAlgo,
     sizeof(PKCSSignerWithHashAndEncryptionAlgo), CRYPT_DECODE_ALLOC_FLAG,
6664
     NULL, &buf, &size);
6665
    if (ret)
6666 6667 6668 6669 6670 6671 6672 6673 6674 6675 6676 6677 6678 6679 6680 6681 6682 6683
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, "1.5.6"),
         "Expected 1.5.6, got %s\n", info->HashEncryptionAlgorithm.pszObjId);
        LocalFree(buf);
    }
6684
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6685
     PKCSSignerWithHash, sizeof(PKCSSignerWithHash),
6686
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6687
    if (ret)
6688 6689 6690 6691 6692 6693 6694 6695 6696 6697 6698 6699 6700 6701 6702 6703 6704 6705 6706 6707 6708 6709
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, "1.5.6"),
         "Expected 1.5.6, got %s\n", info->HashEncryptionAlgorithm.pszObjId);
        ok(info->EncryptedHash.cbData == sizeof(hash), "Unexpected size %d\n",
         info->EncryptedHash.cbData);
        ok(!memcmp(info->EncryptedHash.pbData, hash, sizeof(hash)),
         "Unexpected value\n");
        LocalFree(buf);
    }
6710
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6711
     PKCSSignerWithAuthAttr, sizeof(PKCSSignerWithAuthAttr),
6712
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6713
    if (ret)
6714 6715 6716 6717 6718 6719 6720 6721 6722 6723 6724 6725 6726 6727 6728 6729
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->AuthAttrs.cAttr == 1, "Expected 1 attribute, got %d\n",
         info->AuthAttrs.cAttr);
        ok(!strcmp(info->AuthAttrs.rgAttr[0].pszObjId, szOID_COMMON_NAME),
         "Expected %s, got %s\n", szOID_COMMON_NAME,
         info->AuthAttrs.rgAttr[0].pszObjId);
        ok(info->AuthAttrs.rgAttr[0].cValue == 1, "Expected 1 value, got %d\n",
         info->AuthAttrs.rgAttr[0].cValue);
        ok(info->AuthAttrs.rgAttr[0].rgValue[0].cbData ==
         sizeof(encodedCommonName), "Unexpected size %d\n",
         info->AuthAttrs.rgAttr[0].rgValue[0].cbData);
        ok(!memcmp(info->AuthAttrs.rgAttr[0].rgValue[0].pbData,
         encodedCommonName, sizeof(encodedCommonName)), "Unexpected value\n");
        LocalFree(buf);
    }
6730 6731
}

6732 6733 6734 6735 6736 6737 6738 6739 6740 6741 6742 6743 6744
static const BYTE CMSSignerWithKeyId[] = {
0x30,0x14,0x02,0x01,0x00,0x80,0x01,0x01,0x30,0x04,0x06,0x00,0x05,0x00,0x30,
0x04,0x06,0x00,0x05,0x00,0x04,0x00 };

static void test_encodeCMSSignerInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_CMS_SIGNER_INFO info = { 0 };
    static char oid1[] = "1.2.3", oid2[] = "1.5.6";

    SetLastError(0xdeadbeef);
6745
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6746
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6747
    ok(!ret, "Expected failure, got %d\n", ret);
6748 6749 6750 6751 6752
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no CMS_SIGNER_INFO encode support\n");
        return;
    }
6753 6754
    ok(GetLastError() == E_INVALIDARG,
       "Expected E_INVALIDARG, got %08x\n", GetLastError());
6755 6756 6757
    info.SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
    SetLastError(0xdeadbeef);
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6758
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6759 6760 6761 6762 6763 6764 6765 6766
    ok(!ret, "Expected failure, got %d\n", ret);
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no CMS_SIGNER_INFO encode support\n");
        return;
    }
    ok(GetLastError() == E_INVALIDARG,
       "Expected E_INVALIDARG, got %08x\n", GetLastError());
6767 6768 6769 6770 6771
    /* To be encoded, a signer must have a valid cert ID, where a valid ID may
     * be a key id or a issuer serial number with at least the issuer set, and
     * the encoding must include PKCS_7_ASN_ENCODING.
     * (That isn't enough to be decoded, see decoding tests.)
     */
6772
    U(info.SignerId).IssuerSerialNumber.Issuer.cbData =
6773
     sizeof(encodedCommonNameNoNull);
6774
    U(info.SignerId).IssuerSerialNumber.Issuer.pbData = encodedCommonNameNoNull;
6775
    SetLastError(0xdeadbeef);
6776
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6777
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6778 6779 6780 6781 6782 6783
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6784
        if (ret)
6785 6786 6787 6788 6789 6790
        {
            ok(size == sizeof(minimalPKCSSigner), "Unexpected size %d\n", size);
            ok(!memcmp(buf, minimalPKCSSigner, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
6791 6792
    U(info.SignerId).IssuerSerialNumber.SerialNumber.cbData = sizeof(serialNum);
    U(info.SignerId).IssuerSerialNumber.SerialNumber.pbData = (BYTE *)serialNum;
6793
    SetLastError(0xdeadbeef);
6794
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6795
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6796 6797 6798 6799 6800 6801
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6802
        if (ret)
6803 6804 6805 6806 6807 6808 6809 6810
        {
            ok(size == sizeof(PKCSSignerWithSerial), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, PKCSSignerWithSerial, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.SignerId.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
6811 6812
    U(info.SignerId).KeyId.cbData = sizeof(serialNum);
    U(info.SignerId).KeyId.pbData = (BYTE *)serialNum;
6813
    SetLastError(0xdeadbeef);
6814
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6815
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6816 6817 6818 6819 6820 6821
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6822
        if (ret)
6823 6824 6825 6826 6827 6828 6829 6830 6831 6832 6833 6834
        {
            ok(size == sizeof(CMSSignerWithKeyId), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, CMSSignerWithKeyId, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
    /* While a CERT_ID can have a hash type, that's not allowed in CMS, where
     * only the IssuerAndSerialNumber and SubjectKeyIdentifier types are allowed
     * (see RFC 3852, section 5.3.)
     */
    info.SignerId.dwIdChoice = CERT_ID_SHA1_HASH;
6835 6836
    U(info.SignerId).HashId.cbData = sizeof(hash);
    U(info.SignerId).HashId.pbData = (BYTE *)hash;
6837
    SetLastError(0xdeadbeef);
6838
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6839
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6840 6841 6842 6843
    ok(!ret && GetLastError() == E_INVALIDARG,
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
    /* Now with a hash algo */
    info.SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
6844
    U(info.SignerId).IssuerSerialNumber.Issuer.cbData =
6845
     sizeof(encodedCommonNameNoNull);
6846
    U(info.SignerId).IssuerSerialNumber.Issuer.pbData = encodedCommonNameNoNull;
6847 6848
    info.HashAlgorithm.pszObjId = oid1;
    SetLastError(0xdeadbeef);
6849
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6850
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6851 6852 6853 6854 6855 6856
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6857
        if (ret)
6858 6859 6860 6861 6862 6863 6864 6865 6866 6867
        {
            ok(size == sizeof(PKCSSignerWithHashAlgo), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, PKCSSignerWithHashAlgo, size),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.HashEncryptionAlgorithm.pszObjId = oid2;
    SetLastError(0xdeadbeef);
6868
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6869
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6870 6871 6872 6873 6874 6875
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6876
        if (ret)
6877 6878 6879 6880 6881 6882 6883 6884 6885 6886 6887
        {
            ok(size == sizeof(PKCSSignerWithHashAndEncryptionAlgo),
             "Unexpected size %d\n", size);
            ok(!memcmp(buf, PKCSSignerWithHashAndEncryptionAlgo, size),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.EncryptedHash.cbData = sizeof(hash);
    info.EncryptedHash.pbData = (BYTE *)hash;
    SetLastError(0xdeadbeef);
6888
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6889
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6890 6891 6892 6893 6894 6895
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6896
        if (ret)
6897 6898 6899 6900 6901 6902 6903 6904 6905 6906 6907 6908 6909 6910 6911 6912 6913 6914 6915
        {
            ok(size == sizeof(PKCSSignerWithHash), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, PKCSSignerWithHash, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeCMSSignerInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_CMS_SIGNER_INFO *info;
    static char oid1[] = "1.2.3", oid2[] = "1.5.6";

    /* A CMS signer can't be decoded without a serial number. */
    SetLastError(0xdeadbeef);
6916
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6917
     minimalPKCSSigner, sizeof(minimalPKCSSigner),
6918
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6919 6920 6921 6922 6923 6924 6925
    ok(!ret, "expected failure\n");
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no CMS_SIGNER_INFO decode support\n");
        return;
    }
    ok(GetLastError() == CRYPT_E_ASN1_CORRUPT,
6926
     "Expected CRYPT_E_ASN1_CORRUPT, got %x\n", GetLastError());
6927
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6928
     PKCSSignerWithSerial, sizeof(PKCSSignerWithSerial),
6929
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6930
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6931
    if (ret)
6932 6933 6934 6935 6936 6937 6938
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
6939
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6940
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6941 6942
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6943
         encodedCommonNameNoNull,
6944
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6945
         "Unexpected value\n");
6946
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6947
         sizeof(serialNum), "Unexpected size %d\n",
6948 6949
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6950 6951 6952
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        LocalFree(buf);
    }
6953
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6954
     PKCSSignerWithHashAlgo, sizeof(PKCSSignerWithHashAlgo),
6955
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6956
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6957
    if (ret)
6958 6959 6960 6961 6962 6963 6964
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
6965
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6966
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6967 6968
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6969
         encodedCommonNameNoNull,
6970
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6971
         "Unexpected value\n");
6972
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6973
         sizeof(serialNum), "Unexpected size %d\n",
6974 6975
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6976 6977 6978 6979 6980
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
         "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
        LocalFree(buf);
    }
6981
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6982 6983
     PKCSSignerWithHashAndEncryptionAlgo,
     sizeof(PKCSSignerWithHashAndEncryptionAlgo), CRYPT_DECODE_ALLOC_FLAG,
6984
     NULL, &buf, &size);
6985
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6986
    if (ret)
6987 6988 6989 6990 6991 6992 6993
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
6994
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6995
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6996 6997
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6998
         encodedCommonNameNoNull,
6999
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
7000
         "Unexpected value\n");
7001
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
7002
         sizeof(serialNum), "Unexpected size %d\n",
7003 7004
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
7005 7006 7007 7008 7009 7010 7011
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
         "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, oid2),
         "Expected %s, got %s\n", oid2, info->HashEncryptionAlgorithm.pszObjId);
        LocalFree(buf);
    }
7012
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
7013
     PKCSSignerWithHash, sizeof(PKCSSignerWithHash),
7014
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
7015
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
7016
    if (ret)
7017 7018 7019 7020 7021 7022 7023
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
7024
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
7025
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
7026 7027
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
7028
         encodedCommonNameNoNull,
7029
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
7030
         "Unexpected value\n");
7031
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
7032
         sizeof(serialNum), "Unexpected size %d\n",
7033 7034
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
7035 7036 7037 7038 7039 7040 7041 7042 7043 7044 7045
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
         "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, oid2),
         "Expected %s, got %s\n", oid2, info->HashEncryptionAlgorithm.pszObjId);
        ok(info->EncryptedHash.cbData == sizeof(hash), "Unexpected size %d\n",
         info->EncryptedHash.cbData);
        ok(!memcmp(info->EncryptedHash.pbData, hash, sizeof(hash)),
         "Unexpected value\n");
        LocalFree(buf);
    }
7046
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
7047
     CMSSignerWithKeyId, sizeof(CMSSignerWithKeyId),
7048
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
7049
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
7050
    if (ret)
7051 7052 7053 7054 7055 7056 7057
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_KEY_IDENTIFIER,
         "Expected CERT_ID_KEY_IDENTIFIER, got %d\n",
         info->SignerId.dwIdChoice);
7058 7059 7060
        ok(U(info->SignerId).KeyId.cbData == sizeof(serialNum),
         "Unexpected size %d\n", U(info->SignerId).KeyId.cbData);
        ok(!memcmp(U(info->SignerId).KeyId.pbData, serialNum, sizeof(serialNum)),
7061 7062 7063 7064 7065
         "Unexpected value\n");
        LocalFree(buf);
    }
}

7066 7067 7068 7069 7070 7071 7072 7073 7074 7075 7076 7077 7078 7079 7080 7081 7082 7083 7084 7085 7086 7087 7088 7089 7090 7091 7092 7093 7094
static BYTE emptyDNSPermittedConstraints[] = {
0x30,0x06,0xa0,0x04,0x30,0x02,0x82,0x00 };
static BYTE emptyDNSExcludedConstraints[] = {
0x30,0x06,0xa1,0x04,0x30,0x02,0x82,0x00 };
static BYTE DNSExcludedConstraints[] = {
0x30,0x17,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static BYTE permittedAndExcludedConstraints[] = {
0x30,0x25,0xa0,0x0c,0x30,0x0a,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
0x01,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static BYTE permittedAndExcludedWithMinConstraints[] = {
0x30,0x28,0xa0,0x0f,0x30,0x0d,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
0x01,0x80,0x01,0x05,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,
0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static BYTE permittedAndExcludedWithMinMaxConstraints[] = {
0x30,0x2b,0xa0,0x12,0x30,0x10,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
0x01,0x80,0x01,0x05,0x81,0x01,0x03,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,
0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };

static void test_encodeNameConstraints(DWORD dwEncoding)
{
    BOOL ret;
    CERT_NAME_CONSTRAINTS_INFO constraints = { 0 };
    CERT_GENERAL_SUBTREE permitted = { { 0 } };
    CERT_GENERAL_SUBTREE excluded = { { 0 } };
    LPBYTE buf;
    DWORD size;

7095
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7096
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7097 7098 7099 7100 7101
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_NAME_CONSTRAINTS encode support\n");
        return;
    }
7102 7103 7104 7105 7106 7107 7108 7109 7110 7111
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(emptySequence), "Unexpected size\n");
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    constraints.cPermittedSubtree = 1;
    constraints.rgPermittedSubtree = &permitted;
    SetLastError(0xdeadbeef);
7112
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7113
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7114 7115 7116
    ok(!ret && GetLastError() == E_INVALIDARG,
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
    permitted.Base.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
7117
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7118
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7119 7120 7121 7122 7123 7124 7125 7126 7127 7128 7129 7130
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(emptyDNSPermittedConstraints), "Unexpected size\n");
        ok(!memcmp(buf, emptyDNSPermittedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    constraints.cPermittedSubtree = 0;
    constraints.cExcludedSubtree = 1;
    constraints.rgExcludedSubtree = &excluded;
    excluded.Base.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
7131
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7132
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7133 7134 7135 7136 7137 7138 7139 7140
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(emptyDNSExcludedConstraints), "Unexpected size\n");
        ok(!memcmp(buf, emptyDNSExcludedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
7141
    U(excluded.Base).pwszURL = (LPWSTR)url;
7142
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7143
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7144 7145 7146 7147 7148 7149 7150 7151 7152
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(DNSExcludedConstraints), "Unexpected size\n");
        ok(!memcmp(buf, DNSExcludedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    permitted.Base.dwAltNameChoice = CERT_ALT_NAME_IP_ADDRESS;
7153 7154
    U(permitted.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(permitted.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
7155
    constraints.cPermittedSubtree = 1;
7156
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7157
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7158 7159 7160 7161 7162 7163 7164 7165 7166 7167
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(permittedAndExcludedConstraints),
         "Unexpected size\n");
        ok(!memcmp(buf, permittedAndExcludedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    permitted.dwMinimum = 5;
7168
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7169
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7170 7171 7172 7173 7174 7175 7176 7177 7178 7179 7180 7181
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(permittedAndExcludedWithMinConstraints),
         "Unexpected size\n");
        ok(!memcmp(buf, permittedAndExcludedWithMinConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    permitted.fMaximum = TRUE;
    permitted.dwMaximum = 3;
    SetLastError(0xdeadbeef);
7182
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7183
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7184 7185 7186 7187 7188 7189 7190 7191 7192 7193 7194 7195 7196 7197 7198 7199 7200 7201 7202 7203 7204 7205 7206 7207 7208 7209 7210 7211
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(permittedAndExcludedWithMinMaxConstraints),
         "Unexpected size\n");
        ok(!memcmp(buf, permittedAndExcludedWithMinMaxConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
}

struct EncodedNameConstraints
{
    CRYPT_DATA_BLOB            encoded;
    CERT_NAME_CONSTRAINTS_INFO constraints;
};

static CERT_GENERAL_SUBTREE emptyDNSSubtree = {
 { CERT_ALT_NAME_DNS_NAME, { 0 } }, 0 };
static CERT_GENERAL_SUBTREE DNSSubtree = {
 { CERT_ALT_NAME_DNS_NAME, { 0 } }, 0 };
static CERT_GENERAL_SUBTREE IPAddressSubtree = {
 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 0 };
static CERT_GENERAL_SUBTREE IPAddressWithMinSubtree = {
 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 5, 0 };
static CERT_GENERAL_SUBTREE IPAddressWithMinMaxSubtree = {
 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 5, TRUE, 3 };

7212
static const struct EncodedNameConstraints encodedNameConstraints[] = {
7213 7214 7215 7216 7217 7218 7219 7220 7221 7222 7223 7224 7225 7226 7227 7228 7229 7230 7231 7232 7233 7234 7235
 { { sizeof(emptySequence), (LPBYTE)emptySequence }, { 0 } },
 { { sizeof(emptyDNSPermittedConstraints), emptyDNSPermittedConstraints },
   { 1, &emptyDNSSubtree, 0, NULL } },
 { { sizeof(emptyDNSExcludedConstraints), emptyDNSExcludedConstraints },
   { 0, NULL, 1, &emptyDNSSubtree } },
 { { sizeof(DNSExcludedConstraints), DNSExcludedConstraints },
   { 0, NULL, 1, &DNSSubtree } },
 { { sizeof(permittedAndExcludedConstraints), permittedAndExcludedConstraints },
   { 1, &IPAddressSubtree, 1, &DNSSubtree } },
 { { sizeof(permittedAndExcludedWithMinConstraints),
     permittedAndExcludedWithMinConstraints },
   { 1, &IPAddressWithMinSubtree, 1, &DNSSubtree } },
 { { sizeof(permittedAndExcludedWithMinMaxConstraints),
     permittedAndExcludedWithMinMaxConstraints },
   { 1, &IPAddressWithMinMaxSubtree, 1, &DNSSubtree } },
};

static void test_decodeNameConstraints(DWORD dwEncoding)
{
    BOOL ret;
    DWORD i;
    CERT_NAME_CONSTRAINTS_INFO *constraints;

7236 7237 7238 7239 7240 7241 7242
    U(DNSSubtree.Base).pwszURL = (LPWSTR)url;
    U(IPAddressSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(IPAddressSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
    U(IPAddressWithMinSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(IPAddressWithMinSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
    U(IPAddressWithMinMaxSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(IPAddressWithMinMaxSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
7243 7244 7245 7246 7247 7248
    for (i = 0;
     i < sizeof(encodedNameConstraints) / sizeof(encodedNameConstraints[0]);
     i++)
    {
        DWORD size;

7249
        ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS,
7250 7251 7252
         encodedNameConstraints[i].encoded.pbData,
         encodedNameConstraints[i].encoded.cbData,
         CRYPT_DECODE_ALLOC_FLAG, NULL, &constraints, &size);
7253 7254 7255 7256 7257
        if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
        {
            skip("no X509_NAME_CONSTRAINTS decode support\n");
            return;
        }
7258 7259 7260 7261 7262 7263 7264 7265 7266 7267 7268 7269 7270 7271 7272 7273 7274 7275 7276 7277 7278 7279 7280 7281 7282 7283 7284 7285 7286 7287 7288 7289 7290 7291 7292 7293 7294 7295
        ok(ret, "%d: CryptDecodeObjectEx failed: %08x\n", i, GetLastError());
        if (ret)
        {
            DWORD j;

            if (constraints->cPermittedSubtree !=
             encodedNameConstraints[i].constraints.cPermittedSubtree)
                fprintf(stderr, "%d: expected %d permitted, got %d\n", i,
                 encodedNameConstraints[i].constraints.cPermittedSubtree,
                 constraints->cPermittedSubtree);
            if (constraints->cPermittedSubtree ==
             encodedNameConstraints[i].constraints.cPermittedSubtree)
            {
                for (j = 0; j < constraints->cPermittedSubtree; j++)
                {
                    compareAltNameEntry(&constraints->rgPermittedSubtree[j].Base,
                     &encodedNameConstraints[i].constraints.rgPermittedSubtree[j].Base);
                }
            }
            if (constraints->cExcludedSubtree !=
             encodedNameConstraints[i].constraints.cExcludedSubtree)
                fprintf(stderr, "%d: expected %d excluded, got %d\n", i,
                 encodedNameConstraints[i].constraints.cExcludedSubtree,
                 constraints->cExcludedSubtree);
            if (constraints->cExcludedSubtree ==
             encodedNameConstraints[i].constraints.cExcludedSubtree)
            {
                for (j = 0; j < constraints->cExcludedSubtree; j++)
                {
                    compareAltNameEntry(&constraints->rgExcludedSubtree[j].Base,
                     &encodedNameConstraints[i].constraints.rgExcludedSubtree[j].Base);
                }
            }
            LocalFree(constraints);
        }
    }
}

7296 7297 7298 7299 7300 7301 7302 7303 7304 7305 7306 7307 7308 7309 7310 7311 7312 7313 7314 7315 7316 7317 7318 7319 7320 7321 7322 7323
static WCHAR noticeText[] = { 'T','h','i','s',' ','i','s',' ','a',' ',
 'n','o','t','i','c','e',0 };
static const BYTE noticeWithDisplayText[] = {
 0x30,0x22,0x1e,0x20,0x00,0x54,0x00,0x68,0x00,0x69,0x00,0x73,0x00,0x20,0x00,
 0x69,0x00,0x73,0x00,0x20,0x00,0x61,0x00,0x20,0x00,0x6e,0x00,0x6f,0x00,0x74,
 0x00,0x69,0x00,0x63,0x00,0x65
};
static char org[] = "Wine";
static int noticeNumbers[] = { 2,3 };
static BYTE noticeWithReference[] = {
 0x30,0x32,0x30,0x0e,0x16,0x04,0x57,0x69,0x6e,0x65,0x30,0x06,0x02,0x01,0x02,
 0x02,0x01,0x03,0x1e,0x20,0x00,0x54,0x00,0x68,0x00,0x69,0x00,0x73,0x00,0x20,
 0x00,0x69,0x00,0x73,0x00,0x20,0x00,0x61,0x00,0x20,0x00,0x6e,0x00,0x6f,0x00,
 0x74,0x00,0x69,0x00,0x63,0x00,0x65
};

static void test_encodePolicyQualifierUserNotice(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf;
    DWORD size;
    CERT_POLICY_QUALIFIER_USER_NOTICE notice;
    CERT_POLICY_QUALIFIER_NOTICE_REFERENCE reference;

    memset(&notice, 0, sizeof(notice));
    ret = pCryptEncodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE, &notice, CRYPT_ENCODE_ALLOC_FLAG,
     NULL, &buf, &size);
7324 7325 7326 7327 7328
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_PKIX_POLICY_QUALIFIER_USERNOTICE encode support\n");
        return;
    }
7329 7330 7331 7332 7333 7334 7335 7336 7337 7338 7339 7340 7341 7342 7343 7344 7345 7346 7347 7348 7349 7350 7351 7352 7353 7354 7355 7356 7357 7358 7359 7360 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(emptySequence) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
    }
    notice.pszDisplayText = noticeText;
    ret = pCryptEncodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE, &notice, CRYPT_ENCODE_ALLOC_FLAG,
     NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(noticeWithDisplayText) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, noticeWithDisplayText, size), "unexpected value\n");
        LocalFree(buf);
    }
    reference.pszOrganization = org;
    reference.cNoticeNumbers = 2;
    reference.rgNoticeNumbers = noticeNumbers;
    notice.pNoticeReference = &reference;
    ret = pCryptEncodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE, &notice, CRYPT_ENCODE_ALLOC_FLAG,
     NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(noticeWithReference) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, noticeWithReference, size), "unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodePolicyQualifierUserNotice(DWORD dwEncoding)
{
    BOOL ret;
    CERT_POLICY_QUALIFIER_USER_NOTICE *notice;
    DWORD size;

    ret = pCryptDecodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE,
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
     &notice, &size);
7373 7374 7375 7376 7377
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_PKIX_POLICY_QUALIFIER_USERNOTICE decode support\n");
        return;
    }
7378 7379 7380 7381 7382 7383 7384 7385 7386 7387 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(notice->pszDisplayText == NULL, "unexpected display text\n");
        ok(notice->pNoticeReference == NULL, "unexpected notice reference\n");
        LocalFree(notice);
    }
    ret = pCryptDecodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE,
     noticeWithDisplayText, sizeof(noticeWithDisplayText),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &notice, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(!lstrcmpW(notice->pszDisplayText, noticeText),
         "unexpected display text\n");
        ok(notice->pNoticeReference == NULL, "unexpected notice reference\n");
        LocalFree(notice);
    }
    ret = pCryptDecodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE,
     noticeWithReference, sizeof(noticeWithReference),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &notice, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(!lstrcmpW(notice->pszDisplayText, noticeText),
         "unexpected display text\n");
        ok(notice->pNoticeReference != NULL, "expected a notice reference\n");
        if (notice->pNoticeReference)
        {
            ok(!strcmp(notice->pNoticeReference->pszOrganization, org),
7410 7411
             "unexpected organization %s\n",
             notice->pNoticeReference->pszOrganization);
7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 7423 7424 7425
            ok(notice->pNoticeReference->cNoticeNumbers == 2,
             "expected 2 notice numbers, got %d\n",
             notice->pNoticeReference->cNoticeNumbers);
            ok(notice->pNoticeReference->rgNoticeNumbers[0] == noticeNumbers[0],
             "unexpected notice number %d\n",
             notice->pNoticeReference->rgNoticeNumbers[0]);
            ok(notice->pNoticeReference->rgNoticeNumbers[1] == noticeNumbers[1],
             "unexpected notice number %d\n",
             notice->pNoticeReference->rgNoticeNumbers[1]);
        }
        LocalFree(notice);
    }
}

7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 7436 7437 7438 7439 7440 7441 7442 7443 7444 7445 7446 7447 7448 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 7463 7464
static char oid_any_policy[] = "2.5.29.32.0";
static const BYTE policiesWithAnyPolicy[] = {
 0x30,0x08,0x30,0x06,0x06,0x04,0x55,0x1d,0x20,0x00
};
static char oid1[] = "1.2.3";
static char oid_user_notice[] = "1.3.6.1.5.5.7.2.2";
static const BYTE twoPolicies[] = {
 0x30,0x50,0x30,0x06,0x06,0x04,0x55,0x1d,0x20,0x00,0x30,0x46,0x06,0x02,0x2a,
 0x03,0x30,0x40,0x30,0x3e,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x02,
 0x30,0x32,0x30,0x0e,0x16,0x04,0x57,0x69,0x6e,0x65,0x30,0x06,0x02,0x01,0x02,
 0x02,0x01,0x03,0x1e,0x20,0x00,0x54,0x00,0x68,0x00,0x69,0x00,0x73,0x00,0x20,
 0x00,0x69,0x00,0x73,0x00,0x20,0x00,0x61,0x00,0x20,0x00,0x6e,0x00,0x6f,0x00,
 0x74,0x00,0x69,0x00,0x63,0x00,0x65
};

static void test_encodeCertPolicies(DWORD dwEncoding)
{
    BOOL ret;
    CERT_POLICIES_INFO info;
    CERT_POLICY_INFO policy[2];
    CERT_POLICY_QUALIFIER_INFO qualifier;
    LPBYTE buf;
    DWORD size;

    memset(&info, 0, sizeof(info));
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(emptySequence) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
    }
    memset(policy, 0, sizeof(policy));
    info.cPolicyInfo = 1;
    info.rgPolicyInfo = policy;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7465 7466 7467
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x/NT4 */),
     "expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
7468 7469 7470 7471 7472 7473 7474 7475 7476 7477 7478 7479 7480 7481 7482 7483 7484 7485 7486 7487 7488 7489 7490 7491 7492 7493 7494 7495 7496 7497 7498 7499 7500 7501 7502 7503 7504 7505 7506 7507 7508 7509 7510 7511 7512 7513 7514 7515 7516 7517 7518 7519 7520 7521 7522 7523 7524 7525 7526 7527 7528 7529 7530 7531 7532 7533 7534 7535 7536 7537 7538 7539 7540 7541 7542 7543 7544 7545 7546 7547 7548 7549 7550 7551 7552 7553 7554 7555 7556 7557 7558 7559 7560 7561
    policy[0].pszPolicyIdentifier = oid_any_policy;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(policiesWithAnyPolicy) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, policiesWithAnyPolicy, size), "unexpected value\n");
        LocalFree(buf);
    }
    policy[1].pszPolicyIdentifier = oid1;
    memset(&qualifier, 0, sizeof(qualifier));
    qualifier.pszPolicyQualifierId = oid_user_notice;
    qualifier.Qualifier.cbData = sizeof(noticeWithReference);
    qualifier.Qualifier.pbData = noticeWithReference;
    policy[1].cPolicyQualifier = 1;
    policy[1].rgPolicyQualifier = &qualifier;
    info.cPolicyInfo = 2;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(twoPolicies) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, twoPolicies, size), "unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeCertPolicies(DWORD dwEncoding)
{
    BOOL ret;
    CERT_POLICIES_INFO *info;
    DWORD size;

    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
     &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->cPolicyInfo == 0, "unexpected policy info %d\n",
         info->cPolicyInfo);
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
     policiesWithAnyPolicy, sizeof(policiesWithAnyPolicy),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->cPolicyInfo == 1, "unexpected policy info %d\n",
         info->cPolicyInfo);
        ok(!strcmp(info->rgPolicyInfo[0].pszPolicyIdentifier, oid_any_policy),
         "unexpected policy id %s\n",
         info->rgPolicyInfo[0].pszPolicyIdentifier);
        ok(info->rgPolicyInfo[0].cPolicyQualifier == 0,
         "unexpected policy qualifier count %d\n",
         info->rgPolicyInfo[0].cPolicyQualifier);
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
     twoPolicies, sizeof(twoPolicies),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->cPolicyInfo == 2, "unexpected policy info %d\n",
         info->cPolicyInfo);
        ok(!strcmp(info->rgPolicyInfo[0].pszPolicyIdentifier, oid_any_policy),
         "unexpected policy id %s\n",
         info->rgPolicyInfo[0].pszPolicyIdentifier);
        ok(info->rgPolicyInfo[0].cPolicyQualifier == 0,
         "unexpected policy qualifier count %d\n",
         info->rgPolicyInfo[0].cPolicyQualifier);
        ok(!strcmp(info->rgPolicyInfo[1].pszPolicyIdentifier, oid1),
         "unexpected policy id %s\n",
         info->rgPolicyInfo[1].pszPolicyIdentifier);
        ok(info->rgPolicyInfo[1].cPolicyQualifier == 1,
         "unexpected policy qualifier count %d\n",
         info->rgPolicyInfo[1].cPolicyQualifier);
        ok(!strcmp(
         info->rgPolicyInfo[1].rgPolicyQualifier[0].pszPolicyQualifierId,
         oid_user_notice), "unexpected policy qualifier id %s\n",
         info->rgPolicyInfo[1].rgPolicyQualifier[0].pszPolicyQualifierId);
        ok(info->rgPolicyInfo[1].rgPolicyQualifier[0].Qualifier.cbData ==
         sizeof(noticeWithReference), "unexpected qualifier size %d\n",
         info->rgPolicyInfo[1].rgPolicyQualifier[0].Qualifier.cbData);
        ok(!memcmp(
         info->rgPolicyInfo[1].rgPolicyQualifier[0].Qualifier.pbData,
         noticeWithReference, sizeof(noticeWithReference)),
         "unexpected qualifier value\n");
        LocalFree(info);
    }
7562 7563 7564 7565 7566 7567 7568 7569 7570 7571 7572
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
     twoPolicies, sizeof(twoPolicies), 0, NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    info = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
    if (info)
    {
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
         twoPolicies, sizeof(twoPolicies), 0, NULL, info, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        HeapFree(GetProcessHeap(), 0, info);
    }
7573 7574
}

7575 7576 7577 7578 7579 7580 7581 7582 7583 7584 7585 7586 7587 7588 7589 7590 7591 7592 7593 7594 7595 7596 7597 7598 7599
static const BYTE policyMappingWithOneMapping[] = {
0x30,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x06,0x02,0x53,0x04 };
static const BYTE policyMappingWithTwoMappings[] = {
0x30,0x14,0x30,0x08,0x06,0x02,0x2a,0x03,0x06,0x02,0x53,0x04,0x30,0x08,0x06,
0x02,0x2b,0x04,0x06,0x02,0x55,0x06 };
static const LPCSTR mappingOids[] = { X509_POLICY_MAPPINGS,
 szOID_POLICY_MAPPINGS, szOID_LEGACY_POLICY_MAPPINGS };

static void test_encodeCertPolicyMappings(DWORD dwEncoding)
{
    static char oid2[] = "2.3.4";
    static char oid3[] = "1.3.4";
    static char oid4[] = "2.5.6";
    BOOL ret;
    CERT_POLICY_MAPPINGS_INFO info = { 0 };
    CERT_POLICY_MAPPING mapping[2];
    LPBYTE buf;
    DWORD size, i;

    /* Each of the mapping OIDs is equivalent, so check with all of them */
    for (i = 0; i < sizeof(mappingOids) / sizeof(mappingOids[0]); i++)
    {
        memset(&info, 0, sizeof(info));
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7600 7601 7602 7603 7604 7605 7606
        ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
         "CryptEncodeObjectEx failed: %08x\n", GetLastError());
        if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
        {
            win_skip("no policy mappings support\n");
            return;
        }
7607 7608 7609 7610 7611 7612 7613 7614 7615 7616 7617 7618 7619 7620 7621 7622 7623 7624 7625 7626 7627 7628 7629 7630 7631 7632 7633 7634 7635 7636 7637 7638 7639 7640 7641 7642 7643 7644 7645 7646 7647 7648 7649 7650 7651 7652 7653 7654 7655 7656 7657 7658 7659 7660 7661 7662 7663 7664
        if (ret)
        {
            ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
            ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
             "unexpected value\n");
            LocalFree(buf);
        }
        mapping[0].pszIssuerDomainPolicy = NULL;
        mapping[0].pszSubjectDomainPolicy = NULL;
        info.cPolicyMapping = 1;
        info.rgPolicyMapping = mapping;
        SetLastError(0xdeadbeef);
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
        ok(!ret && GetLastError() == E_INVALIDARG,
         "expected E_INVALIDARG, got %08x\n", GetLastError());
        mapping[0].pszIssuerDomainPolicy = oid1;
        mapping[0].pszSubjectDomainPolicy = oid2;
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(size == sizeof(policyMappingWithOneMapping),
             "unexpected size %d\n", size);
            ok(!memcmp(buf, policyMappingWithOneMapping, size),
             "unexpected value\n");
            LocalFree(buf);
        }
        mapping[1].pszIssuerDomainPolicy = oid3;
        mapping[1].pszSubjectDomainPolicy = oid4;
        info.cPolicyMapping = 2;
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(size == sizeof(policyMappingWithTwoMappings),
             "unexpected size %d\n", size);
            ok(!memcmp(buf, policyMappingWithTwoMappings, size),
             "unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeCertPolicyMappings(DWORD dwEncoding)
{
    DWORD size, i;
    CERT_POLICY_MAPPINGS_INFO *info;
    BOOL ret;

    /* Each of the mapping OIDs is equivalent, so check with all of them */
    for (i = 0; i < sizeof(mappingOids) / sizeof(mappingOids[0]); i++)
    {
        ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
         emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
         &info, &size);
7665 7666 7667 7668 7669 7670 7671
        ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
         "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
        {
            win_skip("no policy mappings support\n");
            return;
        }
7672 7673 7674 7675 7676 7677 7678 7679 7680 7681 7682 7683 7684 7685 7686 7687 7688 7689 7690 7691 7692 7693 7694 7695 7696 7697 7698 7699 7700 7701 7702 7703 7704 7705 7706 7707 7708 7709 7710 7711 7712 7713 7714 7715
        if (ret)
        {
            ok(info->cPolicyMapping == 0,
             "expected 0 policy mappings, got %d\n", info->cPolicyMapping);
            LocalFree(info);
        }
        ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
         policyMappingWithOneMapping, sizeof(policyMappingWithOneMapping),
         CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(info->cPolicyMapping == 1,
             "expected 1 policy mappings, got %d\n", info->cPolicyMapping);
            ok(!strcmp(info->rgPolicyMapping[0].pszIssuerDomainPolicy, "1.2.3"),
             "unexpected issuer policy %s\n",
             info->rgPolicyMapping[0].pszIssuerDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[0].pszSubjectDomainPolicy,
             "2.3.4"), "unexpected subject policy %s\n",
             info->rgPolicyMapping[0].pszSubjectDomainPolicy);
            LocalFree(info);
        }
        ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
         policyMappingWithTwoMappings, sizeof(policyMappingWithTwoMappings),
         CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(info->cPolicyMapping == 2,
             "expected 2 policy mappings, got %d\n", info->cPolicyMapping);
            ok(!strcmp(info->rgPolicyMapping[0].pszIssuerDomainPolicy, "1.2.3"),
             "unexpected issuer policy %s\n",
             info->rgPolicyMapping[0].pszIssuerDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[0].pszSubjectDomainPolicy,
             "2.3.4"), "unexpected subject policy %s\n",
             info->rgPolicyMapping[0].pszSubjectDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[1].pszIssuerDomainPolicy, "1.3.4"),
             "unexpected issuer policy %s\n",
             info->rgPolicyMapping[1].pszIssuerDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[1].pszSubjectDomainPolicy,
             "2.5.6"), "unexpected subject policy %s\n",
             info->rgPolicyMapping[1].pszSubjectDomainPolicy);
            LocalFree(info);
        }
7716 7717 7718 7719 7720 7721 7722 7723 7724 7725 7726 7727 7728
        ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
         policyMappingWithTwoMappings, sizeof(policyMappingWithTwoMappings), 0,
         NULL, NULL, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        info = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
        if (info)
        {
            ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
             policyMappingWithTwoMappings, sizeof(policyMappingWithTwoMappings), 0,
             NULL, info, &size);
            ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
            HeapFree(GetProcessHeap(), 0, info);
        }
7729 7730 7731
    }
}

7732 7733 7734 7735 7736 7737 7738 7739 7740 7741 7742 7743 7744 7745 7746 7747 7748 7749 7750
static const BYTE policyConstraintsWithRequireExplicit[] = {
0x30,0x03,0x80,0x01,0x00 };
static const BYTE policyConstraintsWithInhibitMapping[] = {
0x30,0x03,0x81,0x01,0x01 };
static const BYTE policyConstraintsWithBoth[] = {
0x30,0x06,0x80,0x01,0x01,0x81,0x01,0x01 };

static void test_encodeCertPolicyConstraints(DWORD dwEncoding)
{
    CERT_POLICY_CONSTRAINTS_INFO info = { 0 };
    LPBYTE buf;
    DWORD size;
    BOOL ret;

    /* Even though RFC 5280 explicitly states CAs must not issue empty
     * policy constraints (section 4.2.1.11), the API doesn't prevent it.
     */
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7751 7752 7753 7754 7755 7756 7757
    ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        win_skip("no policy constraints support\n");
        return;
    }
7758 7759 7760 7761 7762 7763 7764 7765 7766 7767 7768 7769 7770 7771 7772 7773 7774 7775 7776 7777 7778 7779 7780 7781 7782 7783 7784 7785 7786 7787 7788 7789 7790 7791 7792 7793 7794 7795 7796 7797 7798 7799 7800 7801 7802 7803 7804 7805 7806 7807 7808 7809 7810 7811 7812 7813 7814 7815 7816 7817 7818 7819 7820 7821 7822 7823
    if (ret)
    {
        ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
         "unexpected value\n");
        LocalFree(buf);
    }
    /* If fRequireExplicitPolicy is set but dwRequireExplicitPolicySkipCerts
     * is not, then a skip of 0 is encoded.
     */
    info.fRequireExplicitPolicy = TRUE;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(policyConstraintsWithRequireExplicit),
         "unexpected size %d\n", size);
        ok(!memcmp(buf, policyConstraintsWithRequireExplicit,
         sizeof(policyConstraintsWithRequireExplicit)), "unexpected value\n");
        LocalFree(buf);
    }
    /* With inhibit policy mapping */
    info.fRequireExplicitPolicy = FALSE;
    info.dwRequireExplicitPolicySkipCerts = 0;
    info.fInhibitPolicyMapping = TRUE;
    info.dwInhibitPolicyMappingSkipCerts = 1;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(policyConstraintsWithInhibitMapping),
         "unexpected size %d\n", size);
        ok(!memcmp(buf, policyConstraintsWithInhibitMapping,
         sizeof(policyConstraintsWithInhibitMapping)), "unexpected value\n");
        LocalFree(buf);
    }
    /* And with both */
    info.fRequireExplicitPolicy = TRUE;
    info.dwRequireExplicitPolicySkipCerts = 1;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(policyConstraintsWithBoth), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, policyConstraintsWithBoth,
         sizeof(policyConstraintsWithBoth)), "unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeCertPolicyConstraints(DWORD dwEncoding)
{
    CERT_POLICY_CONSTRAINTS_INFO *info;
    DWORD size;
    BOOL ret;

    /* Again, even though CAs must not issue such constraints, they can be
     * decoded.
     */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
     &info, &size);
7824 7825 7826 7827 7828 7829 7830
    ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
     "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        win_skip("no policy mappings support\n");
        return;
    }
7831 7832 7833 7834 7835 7836 7837 7838 7839 7840 7841 7842 7843 7844 7845 7846 7847 7848 7849 7850 7851 7852 7853 7854 7855 7856 7857 7858 7859 7860 7861 7862 7863 7864 7865 7866 7867 7868 7869 7870 7871 7872 7873 7874 7875 7876 7877 7878 7879 7880 7881 7882 7883 7884 7885 7886
    if (ret)
    {
        ok(!info->fRequireExplicitPolicy,
         "expected require explicit = FALSE\n");
        ok(!info->fInhibitPolicyMapping,
         "expected implicit mapping = FALSE\n");
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     policyConstraintsWithRequireExplicit,
     sizeof(policyConstraintsWithRequireExplicit), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->fRequireExplicitPolicy,
         "expected require explicit = TRUE\n");
        ok(info->dwRequireExplicitPolicySkipCerts == 0, "expected 0, got %d\n",
         info->dwRequireExplicitPolicySkipCerts);
        ok(!info->fInhibitPolicyMapping,
         "expected implicit mapping = FALSE\n");
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     policyConstraintsWithInhibitMapping,
     sizeof(policyConstraintsWithInhibitMapping), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(!info->fRequireExplicitPolicy,
         "expected require explicit = FALSE\n");
        ok(info->fInhibitPolicyMapping,
         "expected implicit mapping = TRUE\n");
        ok(info->dwInhibitPolicyMappingSkipCerts == 1, "expected 1, got %d\n",
         info->dwInhibitPolicyMappingSkipCerts);
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     policyConstraintsWithBoth, sizeof(policyConstraintsWithBoth),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->fRequireExplicitPolicy,
         "expected require explicit = TRUE\n");
        ok(info->dwRequireExplicitPolicySkipCerts == 1, "expected 1, got %d\n",
         info->dwRequireExplicitPolicySkipCerts);
        ok(info->fInhibitPolicyMapping,
         "expected implicit mapping = TRUE\n");
        ok(info->dwInhibitPolicyMappingSkipCerts == 1, "expected 1, got %d\n",
         info->dwInhibitPolicyMappingSkipCerts);
        LocalFree(info);
    }
}

7887 7888 7889 7890 7891 7892 7893 7894 7895 7896 7897 7898
/* Free *pInfo with HeapFree */
static void testExportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO *pInfo)
{
    BOOL ret;
    DWORD size = 0;
    HCRYPTKEY key;

    /* This crashes
    ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, NULL);
     */
    ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7899
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7900 7901 7902
    ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, 0, NULL, 0, NULL, NULL,
     &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7903
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7904 7905 7906
    ret = CryptExportPublicKeyInfoEx(0, 0, X509_ASN_ENCODING, NULL, 0, NULL,
     NULL, &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7907
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7908 7909 7910
    ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
     0, NULL, NULL, &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7911
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7912 7913 7914
    /* Test with no key */
    ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
     0, NULL, NULL, &size);
7915
    ok(!ret && GetLastError() == NTE_NO_KEY, "Expected NTE_NO_KEY, got %08x\n",
7916 7917
     GetLastError());
    ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
7918
    ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
7919 7920 7921 7922
    if (ret)
    {
        ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
         NULL, 0, NULL, NULL, &size);
7923
        ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
7924 7925 7926 7927 7928
        *pInfo = HeapAlloc(GetProcessHeap(), 0, size);
        if (*pInfo)
        {
            ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
             X509_ASN_ENCODING, NULL, 0, NULL, *pInfo, &size);
7929
            ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n",
7930 7931 7932 7933 7934 7935 7936 7937 7938 7939 7940 7941
             GetLastError());
            if (ret)
            {
                /* By default (we passed NULL as the OID) the OID is
                 * szOID_RSA_RSA.
                 */
                ok(!strcmp((*pInfo)->Algorithm.pszObjId, szOID_RSA_RSA),
                 "Expected %s, got %s\n", szOID_RSA_RSA,
                 (*pInfo)->Algorithm.pszObjId);
            }
        }
    }
Juan Lang's avatar
Juan Lang committed
7942
    CryptDestroyKey(key);
7943 7944
}

7945 7946 7947 7948 7949 7950 7951 7952 7953 7954 7955 7956 7957 7958 7959 7960 7961 7962 7963 7964 7965 7966 7967 7968 7969 7970
static const BYTE expiredCert[] = { 0x30, 0x82, 0x01, 0x33, 0x30, 0x81, 0xe2,
 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xc4, 0xd7, 0x7f, 0x0e, 0x6f, 0xa6,
 0x8c, 0xaa, 0x47, 0x47, 0x40, 0xe7, 0xb7, 0x0b, 0x4a, 0x7f, 0x30, 0x09, 0x06,
 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d, 0x30,
 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x36, 0x39, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30,
 0x31, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30,
 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
 0x00, 0xa1, 0xaf, 0x4a, 0xea, 0xa7, 0x83, 0x57, 0xc0, 0x37, 0x33, 0x7e, 0x29,
 0x5e, 0x0d, 0xfc, 0x44, 0x74, 0x3a, 0x1d, 0xc3, 0x1b, 0x1d, 0x96, 0xed, 0x4e,
 0xf4, 0x1b, 0x98, 0xec, 0x69, 0x1b, 0x04, 0xea, 0x25, 0xcf, 0xb3, 0x2a, 0xf5,
 0xd9, 0x22, 0xd9, 0x8d, 0x08, 0x39, 0x81, 0xc6, 0xe0, 0x4f, 0x12, 0x37, 0x2a,
 0x3f, 0x80, 0xa6, 0x6c, 0x67, 0x43, 0x3a, 0xdd, 0x95, 0x0c, 0xbb, 0x2f, 0x6b,
 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x8f, 0xa2, 0x5b, 0xd6, 0xdf, 0x34, 0xd0,
 0xa2, 0xa7, 0x47, 0xf1, 0x13, 0x79, 0xd3, 0xf3, 0x39, 0xbd, 0x4e, 0x2b, 0xa3,
 0xf4, 0x63, 0x37, 0xac, 0x5a, 0x0c, 0x5e, 0x4d, 0x0d, 0x54, 0x87, 0x4f, 0x31,
 0xfb, 0xa0, 0xce, 0x8f, 0x9a, 0x2f, 0x4d, 0x48, 0xc6, 0x84, 0x8d, 0xf5, 0x70,
 0x74, 0x17, 0xa5, 0xf3, 0x66, 0x47, 0x06, 0xd6, 0x64, 0x45, 0xbc, 0x52, 0xef,
 0x49, 0xe5, 0xf9, 0x65, 0xf3 };

7971 7972 7973 7974
static void testImportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO info)
{
    BOOL ret;
    HCRYPTKEY key;
7975
    PCCERT_CONTEXT context;
7976 7977
    DWORD dwSize;
    ALG_ID ai;
7978 7979 7980 7981 7982 7983 7984 7985 7986 7987

    /* These crash
    ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, NULL);
    ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, &key);
    ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, NULL);
    ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
     NULL);
     */
    ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, &key);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
7988
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
7989 7990
    ret = CryptImportPublicKeyInfoEx(csp, 0, info, 0, 0, NULL, &key);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
7991
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
7992 7993 7994
    ret = CryptImportPublicKeyInfoEx(0, X509_ASN_ENCODING, info, 0, 0, NULL,
     &key);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7995
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7996 7997

    /* Export key with standard algorithm (CALG_RSA_KEYX) */
7998 7999
    ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
     &key);
8000
    ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());
8001 8002 8003 8004 8005 8006 8007 8008 8009 8010 8011 8012 8013 8014 8015 8016 8017 8018 8019 8020 8021 8022 8023 8024 8025 8026

    dwSize = sizeof(ai);
    CryptGetKeyParam(key, KP_ALGID, (LPVOID)&ai, &dwSize, 0);
    ok(ret, "CryptGetKeyParam failed: %08x\n", GetLastError());
    if(ret)
    {
      ok(dwSize == sizeof(ai), "CryptGetKeyParam returned size %d\n",dwSize);
      ok(ai == CALG_RSA_KEYX, "Default ALG_ID is %04x (expected CALG_RSA_KEYX)\n", ai);
    }

    CryptDestroyKey(key);

    /* Repeat with forced algorithm */
    ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, CALG_RSA_SIGN, 0, NULL,
     &key);
    ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());

    dwSize = sizeof(ai);
    CryptGetKeyParam(key, KP_ALGID, (LPVOID)&ai, &dwSize, 0);
    ok(ret, "CryptGetKeyParam failed: %08x\n", GetLastError());
    if(ret)
    {
      ok(dwSize == sizeof(ai), "CryptGetKeyParam returned size %d\n",dwSize);
      ok(ai == CALG_RSA_SIGN, "ALG_ID is %04x (expected CALG_RSA_SIGN)\n", ai);
    }

8027
    CryptDestroyKey(key);
8028 8029 8030 8031

    /* Test importing a public key from a certificate context */
    context = CertCreateCertificateContext(X509_ASN_ENCODING, expiredCert,
     sizeof(expiredCert));
8032
    ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
8033 8034 8035 8036 8037 8038 8039 8040 8041
     GetLastError());
    if (context)
    {
        ok(!strcmp(szOID_RSA_RSA,
         context->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId),
         "Expected %s, got %s\n", szOID_RSA_RSA,
         context->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId);
        ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING,
         &context->pCertInfo->SubjectPublicKeyInfo, 0, 0, NULL, &key);
8042
        ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());
8043 8044 8045
        CryptDestroyKey(key);
        CertFreeCertificateContext(context);
    }
8046 8047 8048 8049 8050 8051 8052 8053 8054 8055 8056 8057 8058 8059 8060
}

static const char cspName[] = "WineCryptTemp";

static void testPortPublicKeyInfo(void)
{
    HCRYPTPROV csp;
    BOOL ret;
    PCERT_PUBLIC_KEY_INFO info = NULL;

    /* Just in case a previous run failed, delete this thing */
    CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
     CRYPT_DELETEKEYSET);
    ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
     CRYPT_NEWKEYSET);
8061
    ok(ret,"CryptAcquireContextA failed\n");
8062 8063 8064 8065 8066 8067 8068 8069

    testExportPublicKey(csp, &info);
    testImportPublicKey(csp, info);

    HeapFree(GetProcessHeap(), 0, info);
    CryptReleaseContext(csp, 0);
    ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
     CRYPT_DELETEKEYSET);
8070
    ok(ret,"CryptAcquireContextA failed\n");
8071 8072
}

8073 8074
START_TEST(encode)
{
8075 8076
    static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
     X509_ASN_ENCODING | PKCS_7_ASN_ENCODING };
8077
    HMODULE hCrypt32;
8078 8079
    DWORD i;

8080 8081 8082 8083 8084
    hCrypt32 = GetModuleHandleA("crypt32.dll");
    pCryptDecodeObjectEx = (void*)GetProcAddress(hCrypt32, "CryptDecodeObjectEx");
    pCryptEncodeObjectEx = (void*)GetProcAddress(hCrypt32, "CryptEncodeObjectEx");
    if (!pCryptDecodeObjectEx || !pCryptEncodeObjectEx)
    {
8085
        win_skip("CryptDecodeObjectEx() is not available\n");
8086 8087 8088
        return;
    }

8089 8090
    for (i = 0; i < sizeof(encodings) / sizeof(encodings[0]); i++)
    {
8091 8092
        test_encodeInt(encodings[i]);
        test_decodeInt(encodings[i]);
8093 8094
        test_encodeEnumerated(encodings[i]);
        test_decodeEnumerated(encodings[i]);
8095 8096 8097 8098
        test_encodeFiletime(encodings[i]);
        test_decodeFiletime(encodings[i]);
        test_encodeName(encodings[i]);
        test_decodeName(encodings[i]);
8099 8100
        test_encodeUnicodeName(encodings[i]);
        test_decodeUnicodeName(encodings[i]);
8101 8102
        test_encodeNameValue(encodings[i]);
        test_decodeNameValue(encodings[i]);
8103 8104
        test_encodeUnicodeNameValue(encodings[i]);
        test_decodeUnicodeNameValue(encodings[i]);
8105 8106
        test_encodeAltName(encodings[i]);
        test_decodeAltName(encodings[i]);
8107 8108 8109 8110
        test_encodeOctets(encodings[i]);
        test_decodeOctets(encodings[i]);
        test_encodeBits(encodings[i]);
        test_decodeBits(encodings[i]);
8111 8112
        test_encodeBasicConstraints(encodings[i]);
        test_decodeBasicConstraints(encodings[i]);
8113 8114
        test_encodeRsaPublicKey(encodings[i]);
        test_decodeRsaPublicKey(encodings[i]);
8115 8116
        test_encodeSequenceOfAny(encodings[i]);
        test_decodeSequenceOfAny(encodings[i]);
8117 8118
        test_encodeExtensions(encodings[i]);
        test_decodeExtensions(encodings[i]);
8119 8120
        test_encodePublicKeyInfo(encodings[i]);
        test_decodePublicKeyInfo(encodings[i]);
8121 8122
        test_encodeCertToBeSigned(encodings[i]);
        test_decodeCertToBeSigned(encodings[i]);
8123 8124
        test_encodeCert(encodings[i]);
        test_decodeCert(encodings[i]);
8125 8126
        test_encodeCRLDistPoints(encodings[i]);
        test_decodeCRLDistPoints(encodings[i]);
8127 8128
        test_encodeCRLIssuingDistPoint(encodings[i]);
        test_decodeCRLIssuingDistPoint(encodings[i]);
8129 8130
        test_encodeCRLToBeSigned(encodings[i]);
        test_decodeCRLToBeSigned(encodings[i]);
8131 8132
        test_encodeEnhancedKeyUsage(encodings[i]);
        test_decodeEnhancedKeyUsage(encodings[i]);
8133 8134
        test_encodeAuthorityKeyId(encodings[i]);
        test_decodeAuthorityKeyId(encodings[i]);
8135 8136
        test_encodeAuthorityKeyId2(encodings[i]);
        test_decodeAuthorityKeyId2(encodings[i]);
8137 8138
        test_encodeAuthorityInfoAccess(encodings[i]);
        test_decodeAuthorityInfoAccess(encodings[i]);
8139 8140
        test_encodeCTL(encodings[i]);
        test_decodeCTL(encodings[i]);
8141 8142
        test_encodePKCSContentInfo(encodings[i]);
        test_decodePKCSContentInfo(encodings[i]);
8143 8144
        test_encodePKCSAttribute(encodings[i]);
        test_decodePKCSAttribute(encodings[i]);
8145 8146
        test_encodePKCSAttributes(encodings[i]);
        test_decodePKCSAttributes(encodings[i]);
8147 8148
        test_encodePKCSSMimeCapabilities(encodings[i]);
        test_decodePKCSSMimeCapabilities(encodings[i]);
8149 8150
        test_encodePKCSSignerInfo(encodings[i]);
        test_decodePKCSSignerInfo(encodings[i]);
8151 8152
        test_encodeCMSSignerInfo(encodings[i]);
        test_decodeCMSSignerInfo(encodings[i]);
8153 8154
        test_encodeNameConstraints(encodings[i]);
        test_decodeNameConstraints(encodings[i]);
8155 8156
        test_encodePolicyQualifierUserNotice(encodings[i]);
        test_decodePolicyQualifierUserNotice(encodings[i]);
8157 8158
        test_encodeCertPolicies(encodings[i]);
        test_decodeCertPolicies(encodings[i]);
8159 8160
        test_encodeCertPolicyMappings(encodings[i]);
        test_decodeCertPolicyMappings(encodings[i]);
8161 8162
        test_encodeCertPolicyConstraints(encodings[i]);
        test_decodeCertPolicyConstraints(encodings[i]);
8163
    }
8164
    testPortPublicKeyInfo();
8165
}