encode.c 351 KB
Newer Older
1
/*
2
 * Unit test suite for crypt32.dll's CryptEncodeObjectEx/CryptDecodeObjectEx
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
 *
 * Copyright 2005 Juan Lang
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
18
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 20 21 22 23 24 25 26 27 28
 */
#include <stdio.h>
#include <stdarg.h>
#include <windef.h>
#include <winbase.h>
#include <winerror.h>
#include <wincrypt.h>

#include "wine/test.h"

29 30 31 32

static BOOL (WINAPI *pCryptDecodeObjectEx)(DWORD,LPCSTR,const BYTE*,DWORD,DWORD,PCRYPT_DECODE_PARA,void*,DWORD*);
static BOOL (WINAPI *pCryptEncodeObjectEx)(DWORD,LPCSTR,const void*,DWORD,PCRYPT_ENCODE_PARA,void*,DWORD*);

33 34 35
struct encodedInt
{
    int val;
36
    const BYTE *encoded;
37 38
};

Juan Lang's avatar
Juan Lang committed
39 40 41 42 43 44 45
static const BYTE bin1[] = {0x02,0x01,0x01};
static const BYTE bin2[] = {0x02,0x01,0x7f};
static const BYTE bin3[] = {0x02,0x02,0x00,0x80};
static const BYTE bin4[] = {0x02,0x02,0x01,0x00};
static const BYTE bin5[] = {0x02,0x01,0x80};
static const BYTE bin6[] = {0x02,0x02,0xff,0x7f};
static const BYTE bin7[] = {0x02,0x04,0xba,0xdd,0xf0,0x0d};
Mike McCormack's avatar
Mike McCormack committed
46

47
static const struct encodedInt ints[] = {
Mike McCormack's avatar
Mike McCormack committed
48 49 50 51 52 53 54
 { 1,          bin1 },
 { 127,        bin2 },
 { 128,        bin3 },
 { 256,        bin4 },
 { -128,       bin5 },
 { -129,       bin6 },
 { 0xbaddf00d, bin7 },
55 56
};

57 58
struct encodedBigInt
{
59 60 61
    const BYTE *val;
    const BYTE *encoded;
    const BYTE *decoded;
62 63
};

Mike McCormack's avatar
Mike McCormack committed
64 65 66 67 68 69 70 71
static const BYTE bin8[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
static const BYTE bin9[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
static const BYTE bin10[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};

static const BYTE bin11[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
static const BYTE bin12[] = {0x02,0x09,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
static const BYTE bin13[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0};

72
static const struct encodedBigInt bigInts[] = {
Mike McCormack's avatar
Mike McCormack committed
73 74
 { bin8, bin9, bin10 },
 { bin11, bin12, bin13 },
75 76
};

Mike McCormack's avatar
Mike McCormack committed
77 78 79 80 81
static const BYTE bin14[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
static const BYTE bin15[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
static const BYTE bin16[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
static const BYTE bin17[] = {0x02,0x0c,0x00,0xff,0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};

82 83
/* Decoded is the same as original, so don't bother storing a separate copy */
static const struct encodedBigInt bigUInts[] = {
Mike McCormack's avatar
Mike McCormack committed
84 85
 { bin14, bin15, NULL },
 { bin16, bin17, NULL },
86 87
};

88
static void test_encodeInt(DWORD dwEncoding)
89 90 91 92
{
    DWORD bufSize = 0;
    int i;
    BOOL ret;
93 94
    CRYPT_INTEGER_BLOB blob;
    BYTE *buf = NULL;
95 96

    /* CryptEncodeObjectEx with NULL bufSize crashes..
97
    ret = pCryptEncodeObjectEx(3, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
98 99 100
     NULL);
     */
    /* check bogus encoding */
101
    ret = pCryptEncodeObjectEx(0, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
102 103
     &bufSize);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
104
     "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
105 106 107 108 109 110 111 112 113 114
    if (0)
    {
        /* check with NULL integer buffer.  Windows XP incorrectly returns an
         * NTSTATUS (crashes on win9x).
         */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, NULL, NULL,
         &bufSize);
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
115 116
    for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
    {
117
        /* encode as normal integer */
118
        ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val, 0,
119
         NULL, NULL, &bufSize);
120
        ok(ret, "Expected success, got %d\n", GetLastError());
121
        ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val,
Mike McCormack's avatar
Mike McCormack committed
122
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
123
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
124
        if (ret)
125 126 127
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
128 129
            ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], ints[i].encoded[1]);
130 131 132 133
            ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
             "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
            LocalFree(buf);
        }
134 135 136
        /* encode as multibyte integer */
        blob.cbData = sizeof(ints[i].val);
        blob.pbData = (BYTE *)&ints[i].val;
137
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
138
         0, NULL, NULL, &bufSize);
139
        ok(ret, "Expected success, got %d\n", GetLastError());
140
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
Mike McCormack's avatar
Mike McCormack committed
141
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
142
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
143
        if (ret)
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
            ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], ints[i].encoded[1]);
            ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
             "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
            LocalFree(buf);
        }
    }
    /* encode a couple bigger ints, just to show it's little-endian and leading
     * sign bytes are dropped
     */
    for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
    {
Mike McCormack's avatar
Mike McCormack committed
159
        blob.cbData = strlen((const char*)bigInts[i].val);
160
        blob.pbData = (BYTE *)bigInts[i].val;
161
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
162
         0, NULL, NULL, &bufSize);
163
        ok(ret, "Expected success, got %d\n", GetLastError());
164
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
Mike McCormack's avatar
Mike McCormack committed
165
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
166
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
167
        if (ret)
168 169 170 171 172 173 174 175 176 177
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
            ok(buf[1] == bigInts[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], bigInts[i].encoded[1]);
            ok(!memcmp(buf + 1, bigInts[i].encoded + 1,
             bigInts[i].encoded[1] + 1),
             "Encoded value didn't match expected\n");
            LocalFree(buf);
        }
178
    }
179 180 181
    /* and, encode some uints */
    for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
    {
Mike McCormack's avatar
Mike McCormack committed
182 183
        blob.cbData = strlen((const char*)bigUInts[i].val);
        blob.pbData = (BYTE*)bigUInts[i].val;
184
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
185
         0, NULL, NULL, &bufSize);
186
        ok(ret, "Expected success, got %d\n", GetLastError());
187
        ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
Mike McCormack's avatar
Mike McCormack committed
188
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
189
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
190
        if (ret)
191 192 193 194 195 196 197 198 199 200 201
        {
            ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
             buf[0]);
            ok(buf[1] == bigUInts[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], bigUInts[i].encoded[1]);
            ok(!memcmp(buf + 1, bigUInts[i].encoded + 1,
             bigUInts[i].encoded[1] + 1),
             "Encoded value didn't match expected\n");
            LocalFree(buf);
        }
    }
202 203
}

204
static void test_decodeInt(DWORD dwEncoding)
205
{
Mike McCormack's avatar
Mike McCormack committed
206 207
    static const BYTE bigInt[] = { 2, 5, 0xff, 0xfe, 0xff, 0xfe, 0xff };
    static const BYTE testStr[] = { 0x16, 4, 't', 'e', 's', 't' };
208
    static const BYTE longForm[] = { 2, 0x81, 0x01, 0x01 };
209
    static const BYTE bigBogus[] = { 0x02, 0x84, 0x01, 0xff, 0xff, 0xf9 };
210
    static const BYTE extraBytes[] = { 2, 1, 1, 0, 0, 0, 0 };
211 212 213 214 215 216
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    int i;
    BOOL ret;

    /* CryptDecodeObjectEx with NULL bufSize crashes..
217
    ret = pCryptDecodeObjectEx(3, X509_INTEGER, &ints[0].encoded,
218 219 220
     ints[0].encoded[1] + 2, 0, NULL, NULL, NULL);
     */
    /* check bogus encoding */
221
    ret = pCryptDecodeObjectEx(3, X509_INTEGER, (BYTE *)&ints[0].encoded,
222 223
     ints[0].encoded[1] + 2, 0, NULL, NULL, &bufSize);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
224
     "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
225
    /* check with NULL integer buffer */
226
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, 0, NULL, NULL,
227
     &bufSize);
228 229 230
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == OSS_BAD_ARG /* Win9x */),
     "Expected CRYPT_E_ASN1_EOD or OSS_BAD_ARG, got %08x\n", GetLastError());
231
    /* check with a valid, but too large, integer */
232
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, bigInt, bigInt[1] + 2,
233
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
234 235
    ok((!ret && GetLastError() == CRYPT_E_ASN1_LARGE) ||
     broken(ret) /* Win9x */,
236
     "Expected CRYPT_E_ASN1_LARGE, got %d\n", GetLastError());
237
    /* check with a DER-encoded string */
238
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, testStr, testStr[1] + 2,
239
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
240 241 242 243
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_PDU_MISMATCH /* Win9x */ ),
     "Expected CRYPT_E_ASN1_BADTAG or OSS_PDU_MISMATCH, got %08x\n",
     GetLastError());
244 245
    for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
    {
246 247
        /* When the output buffer is NULL, this always succeeds */
        SetLastError(0xdeadbeef);
248
        ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER,
249
         ints[i].encoded, ints[i].encoded[1] + 2, 0, NULL, NULL,
250
         &bufSize);
251
        ok(ret && GetLastError() == NOERROR,
252
         "Expected success and NOERROR, got %d\n", GetLastError());
253
        ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER,
254
         ints[i].encoded, ints[i].encoded[1] + 2,
255
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
256 257
        ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
        ok(bufSize == sizeof(int), "Wrong size %d\n", bufSize);
258
        ok(buf != NULL, "Expected allocated buffer\n");
259
        if (ret)
260 261 262 263 264 265
        {
            ok(!memcmp(buf, &ints[i].val, bufSize), "Expected %d, got %d\n",
             ints[i].val, *(int *)buf);
            LocalFree(buf);
        }
    }
266 267
    for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
    {
268
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
269
         bigInts[i].encoded, bigInts[i].encoded[1] + 2, 0, NULL, NULL,
270 271
         &bufSize);
        ok(ret && GetLastError() == NOERROR,
272
         "Expected success and NOERROR, got %d\n", GetLastError());
273
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
274
         bigInts[i].encoded, bigInts[i].encoded[1] + 2,
275
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
276 277
        ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
        ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB), "Wrong size %d\n", bufSize);
278
        ok(buf != NULL, "Expected allocated buffer\n");
279
        if (ret)
280 281 282
        {
            CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;

Mike McCormack's avatar
Mike McCormack committed
283
            ok(blob->cbData == strlen((const char*)bigInts[i].decoded),
284
             "Expected len %d, got %d\n", lstrlenA((const char*)bigInts[i].decoded),
285 286 287 288 289 290
             blob->cbData);
            ok(!memcmp(blob->pbData, bigInts[i].decoded, blob->cbData),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
291 292
    for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
    {
293
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
294
         bigUInts[i].encoded, bigUInts[i].encoded[1] + 2, 0, NULL, NULL,
295 296
         &bufSize);
        ok(ret && GetLastError() == NOERROR,
297
         "Expected success and NOERROR, got %d\n", GetLastError());
298
        ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
299
         bigUInts[i].encoded, bigUInts[i].encoded[1] + 2,
300
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
301 302
        ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
        ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB), "Wrong size %d\n", bufSize);
303
        ok(buf != NULL, "Expected allocated buffer\n");
304
        if (ret)
305 306 307
        {
            CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;

Mike McCormack's avatar
Mike McCormack committed
308
            ok(blob->cbData == strlen((const char*)bigUInts[i].val),
309
             "Expected len %d, got %d\n", lstrlenA((const char*)bigUInts[i].val),
310 311 312 313 314 315
             blob->cbData);
            ok(!memcmp(blob->pbData, bigUInts[i].val, blob->cbData),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
316
    /* Decode the value 1 with long-form length */
317
    ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, longForm,
318
     sizeof(longForm), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
319
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
320
    if (ret)
321 322 323 324
    {
        ok(*(int *)buf == 1, "Expected 1, got %d\n", *(int *)buf);
        LocalFree(buf);
    }
325
    /* check with extra bytes at the end */
326
    ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, extraBytes,
327
     sizeof(extraBytes), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
328
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
329
    if (ret)
330 331 332 333
    {
        ok(*(int *)buf == 1, "Expected 1, got %d\n", *(int *)buf);
        LocalFree(buf);
    }
334 335
    /* Try to decode some bogus large items */
    /* The buffer size is smaller than the encoded length, so this should fail
336 337 338 339
     * with CRYPT_E_ASN1_EOD if it's being decoded.
     * Under XP it fails with CRYPT_E_ASN1_LARGE, which means there's a limit
     * on the size decoded, but in ME it fails with CRYPT_E_ASN1_EOD or crashes.
     * So this test unfortunately isn't useful.
340
    ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, tooBig,
341
     0x7fffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
342
    ok(!ret && GetLastError() == CRYPT_E_ASN1_LARGE,
343
     "Expected CRYPT_E_ASN1_LARGE, got %08x\n", GetLastError());
344
     */
345 346 347
    /* This will try to decode the buffer and overflow it, check that it's
     * caught.
     */
348 349 350
    if (0)
    {
    /* a large buffer isn't guaranteed to crash, it depends on memory allocation order */
351
    ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, bigBogus,
352
     0x01ffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
353
    ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
354
     "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
355
    }
356 357
}

Juan Lang's avatar
Juan Lang committed
358 359
static const BYTE bin18[] = {0x0a,0x01,0x01};
static const BYTE bin19[] = {0x0a,0x05,0x00,0xff,0xff,0xff,0x80};
Mike McCormack's avatar
Mike McCormack committed
360

361 362 363 364
/* These are always encoded unsigned, and aren't constrained to be any
 * particular value
 */
static const struct encodedInt enums[] = {
Mike McCormack's avatar
Mike McCormack committed
365 366
 { 1,    bin18 },
 { -128, bin19 },
367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386
};

/* X509_CRL_REASON_CODE is also an enumerated type, but it's #defined to
 * X509_ENUMERATED.
 */
static const LPCSTR enumeratedTypes[] = { X509_ENUMERATED,
 szOID_CRL_REASON_CODE };

static void test_encodeEnumerated(DWORD dwEncoding)
{
    DWORD i, j;

    for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
    {
        for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
        {
            BOOL ret;
            BYTE *buf = NULL;
            DWORD bufSize = 0;

387
            ret = pCryptEncodeObjectEx(dwEncoding, enumeratedTypes[i],
388
             &enums[j].val, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf,
389
             &bufSize);
390
            ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
391
            if (ret)
392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419
            {
                ok(buf[0] == 0xa,
                 "Got unexpected type %d for enumerated (expected 0xa)\n",
                 buf[0]);
                ok(buf[1] == enums[j].encoded[1],
                 "Got length %d, expected %d\n", buf[1], enums[j].encoded[1]);
                ok(!memcmp(buf + 1, enums[j].encoded + 1,
                 enums[j].encoded[1] + 1),
                 "Encoded value of 0x%08x didn't match expected\n",
                 enums[j].val);
                LocalFree(buf);
            }
        }
    }
}

static void test_decodeEnumerated(DWORD dwEncoding)
{
    DWORD i, j;

    for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
    {
        for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
        {
            BOOL ret;
            DWORD bufSize = sizeof(int);
            int val;

420
            ret = pCryptDecodeObjectEx(dwEncoding, enumeratedTypes[i],
421
             enums[j].encoded, enums[j].encoded[1] + 2, 0, NULL,
422
             &val, &bufSize);
423
            ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
424
            ok(bufSize == sizeof(int),
425
             "Got unexpected size %d for enumerated\n", bufSize);
426 427 428 429
            ok(val == enums[j].val, "Unexpected value %d, expected %d\n",
             val, enums[j].val);
        }
    }
430 431
}

432 433 434
struct encodedFiletime
{
    SYSTEMTIME sysTime;
435
    const BYTE *encodedTime;
436 437
};

438
static void testTimeEncoding(DWORD dwEncoding, LPCSTR structType,
439 440 441 442 443 444 445 446
 const struct encodedFiletime *time)
{
    FILETIME ft = { 0 };
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;

    ret = SystemTimeToFileTime(&time->sysTime, &ft);
447
    ok(ret, "SystemTimeToFileTime failed: %d\n", GetLastError());
448
    ret = pCryptEncodeObjectEx(dwEncoding, structType, &ft,
449
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
450 451 452
    /* years other than 1950-2050 are not allowed for encodings other than
     * X509_CHOICE_OF_TIME.
     */
453
    if (structType == X509_CHOICE_OF_TIME ||
454 455
     (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
    {
456
        ok(ret, "CryptEncodeObjectEx failed: %d (0x%08x)\n", GetLastError(),
457 458
         GetLastError());
        ok(buf != NULL, "Expected an allocated buffer\n");
459
        if (ret)
460 461 462 463
        {
            ok(buf[0] == time->encodedTime[0],
             "Expected type 0x%02x, got 0x%02x\n", time->encodedTime[0],
             buf[0]);
464
            ok(buf[1] == time->encodedTime[1], "Expected %d bytes, got %d\n",
465 466 467 468 469 470 471
             time->encodedTime[1], bufSize);
            ok(!memcmp(time->encodedTime + 2, buf + 2, time->encodedTime[1]),
             "Got unexpected value for time encoding\n");
            LocalFree(buf);
        }
    }
    else
472 473
        ok((!ret && GetLastError() == CRYPT_E_BAD_ENCODE) ||
         broken(GetLastError() == ERROR_SUCCESS),
474
         "Expected CRYPT_E_BAD_ENCODE, got 0x%08x\n", GetLastError());
475 476
}

477 478
static const char *printSystemTime(const SYSTEMTIME *st)
{
479
    static char buf[25];
480 481 482 483 484 485 486 487

    sprintf(buf, "%02d-%02d-%04d %02d:%02d:%02d.%03d", st->wMonth, st->wDay,
     st->wYear, st->wHour, st->wMinute, st->wSecond, st->wMilliseconds);
    return buf;
}

static const char *printFileTime(const FILETIME *ft)
{
488
    static char buf[25];
489 490 491 492 493 494 495 496
    SYSTEMTIME st;

    FileTimeToSystemTime(ft, &st);
    sprintf(buf, "%02d-%02d-%04d %02d:%02d:%02d.%03d", st.wMonth, st.wDay,
     st.wYear, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
    return buf;
}

497 498 499 500 501
static void compareTime(const SYSTEMTIME *expected, const FILETIME *got)
{
    SYSTEMTIME st;

    FileTimeToSystemTime(got, &st);
502
    ok((expected->wYear == st.wYear &&
503 504 505 506 507
     expected->wMonth == st.wMonth &&
     expected->wDay == st.wDay &&
     expected->wHour == st.wHour &&
     expected->wMinute == st.wMinute &&
     expected->wSecond == st.wSecond &&
508 509 510 511 512 513 514 515
     abs(expected->wMilliseconds - st.wMilliseconds) <= 1) ||
     /* Some Windows systems only seem to be accurate in their time decoding to
      * within about an hour.
      */
     broken(expected->wYear == st.wYear &&
     expected->wMonth == st.wMonth &&
     expected->wDay == st.wDay &&
     abs(expected->wHour - st.wHour) <= 1),
516 517 518 519
     "Got unexpected value for time decoding:\nexpected %s, got %s\n",
     printSystemTime(expected), printFileTime(got));
}

520
static void testTimeDecoding(DWORD dwEncoding, LPCSTR structType,
521 522
 const struct encodedFiletime *time)
{
523 524
    FILETIME ft = { 0 };
    DWORD size = sizeof(ft);
525 526
    BOOL ret;

527
    ret = pCryptDecodeObjectEx(dwEncoding, structType, time->encodedTime,
528
     time->encodedTime[1] + 2, 0, NULL, &ft, &size);
529 530 531
    /* years other than 1950-2050 are not allowed for encodings other than
     * X509_CHOICE_OF_TIME.
     */
532
    if (structType == X509_CHOICE_OF_TIME ||
533 534
     (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
    {
535 536
        ok(ret || broken(GetLastError() == OSS_DATA_ERROR),
         "CryptDecodeObjectEx failed: %d (0x%08x)\n", GetLastError(),
537
         GetLastError());
538 539
        if (ret)
            compareTime(&time->sysTime, &ft);
540 541
    }
    else
542 543 544 545
        ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
         GetLastError() == OSS_PDU_MISMATCH /* Win9x */ ),
         "Expected CRYPT_E_ASN1_BADTAG or OSS_PDU_MISMATCH, got %08x\n",
         GetLastError());
546 547
}

Mike McCormack's avatar
Mike McCormack committed
548
static const BYTE bin20[] = {
Juan Lang's avatar
Juan Lang committed
549
    0x17,0x0d,'0','5','0','6','0','6','1','6','1','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
550
static const BYTE bin21[] = {
Juan Lang's avatar
Juan Lang committed
551
    0x18,0x0f,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
552
static const BYTE bin22[] = {
Juan Lang's avatar
Juan Lang committed
553
    0x18,0x0f,'2','1','4','5','0','6','0','6','1','6','1','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
554

555
static const struct encodedFiletime times[] = {
Mike McCormack's avatar
Mike McCormack committed
556 557 558
 { { 2005, 6, 1, 6, 16, 10, 0, 0 }, bin20 },
 { { 1945, 6, 1, 6, 16, 10, 0, 0 }, bin21 },
 { { 2145, 6, 1, 6, 16, 10, 0, 0 }, bin22 },
559 560
};

561
static void test_encodeFiletime(DWORD dwEncoding)
562 563 564 565 566
{
    DWORD i;

    for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
    {
567 568 569
        testTimeEncoding(dwEncoding, X509_CHOICE_OF_TIME, &times[i]);
        testTimeEncoding(dwEncoding, PKCS_UTC_TIME, &times[i]);
        testTimeEncoding(dwEncoding, szOID_RSA_signingTime, &times[i]);
570 571 572
    }
}

Mike McCormack's avatar
Mike McCormack committed
573
static const BYTE bin23[] = {
Juan Lang's avatar
Juan Lang committed
574
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','0','0','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
575
static const BYTE bin24[] = {
Juan Lang's avatar
Juan Lang committed
576
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','9','9','9','Z'};
Mike McCormack's avatar
Mike McCormack committed
577
static const BYTE bin25[] = {
Juan Lang's avatar
Juan Lang committed
578
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','+','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
579
static const BYTE bin26[] = {
Juan Lang's avatar
Juan Lang committed
580
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
581
static const BYTE bin27[] = {
Juan Lang's avatar
Juan Lang committed
582
    0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','1','5'};
Mike McCormack's avatar
Mike McCormack committed
583
static const BYTE bin28[] = {
Juan Lang's avatar
Juan Lang committed
584
    0x18,0x0a,'2','1','4','5','0','6','0','6','1','6'};
Mike McCormack's avatar
Mike McCormack committed
585
static const BYTE bin29[] = {
Juan Lang's avatar
Juan Lang committed
586
    0x17,0x0a,'4','5','0','6','0','6','1','6','1','0'};
Mike McCormack's avatar
Mike McCormack committed
587
static const BYTE bin30[] = {
Juan Lang's avatar
Juan Lang committed
588
    0x17,0x0b,'4','5','0','6','0','6','1','6','1','0','Z'};
Mike McCormack's avatar
Mike McCormack committed
589
static const BYTE bin31[] = {
Juan Lang's avatar
Juan Lang committed
590
    0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','+','0','1'};
Mike McCormack's avatar
Mike McCormack committed
591
static const BYTE bin32[] = {
Juan Lang's avatar
Juan Lang committed
592
    0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','-','0','1'};
Mike McCormack's avatar
Mike McCormack committed
593
static const BYTE bin33[] = {
Juan Lang's avatar
Juan Lang committed
594
    0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','+','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
595
static const BYTE bin34[] = {
Juan Lang's avatar
Juan Lang committed
596
    0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','-','0','1','0','0'};
Mike McCormack's avatar
Mike McCormack committed
597
static const BYTE bin35[] = {
Juan Lang's avatar
Juan Lang committed
598
    0x17,0x08, '4','5','0','6','0','6','1','6'};
Mike McCormack's avatar
Mike McCormack committed
599
static const BYTE bin36[] = {
Juan Lang's avatar
Juan Lang committed
600
    0x18,0x0f, 'a','a','a','a','a','a','a','a','a','a','a','a','a','a','Z'};
Mike McCormack's avatar
Mike McCormack committed
601
static const BYTE bin37[] = {
Juan Lang's avatar
Juan Lang committed
602
    0x18,0x04, '2','1','4','5'};
Mike McCormack's avatar
Mike McCormack committed
603
static const BYTE bin38[] = {
Juan Lang's avatar
Juan Lang committed
604
    0x18,0x08, '2','1','4','5','0','6','0','6'};
Mike McCormack's avatar
Mike McCormack committed
605

606
static void test_decodeFiletime(DWORD dwEncoding)
607 608
{
    static const struct encodedFiletime otherTimes[] = {
Mike McCormack's avatar
Mike McCormack committed
609 610 611 612 613 614 615 616 617 618 619 620
     { { 1945, 6, 1, 6, 16, 10, 0, 0 },   bin23 },
     { { 1945, 6, 1, 6, 16, 10, 0, 999 }, bin24 },
     { { 1945, 6, 1, 6, 17, 10, 0, 0 },   bin25 },
     { { 1945, 6, 1, 6, 15, 10, 0, 0 },   bin26 },
     { { 1945, 6, 1, 6, 14, 55, 0, 0 },   bin27 },
     { { 2145, 6, 1, 6, 16,  0, 0, 0 },   bin28 },
     { { 2045, 6, 1, 6, 16, 10, 0, 0 },   bin29 },
     { { 2045, 6, 1, 6, 16, 10, 0, 0 },   bin30 },
     { { 2045, 6, 1, 6, 17, 10, 0, 0 },   bin31 },
     { { 2045, 6, 1, 6, 15, 10, 0, 0 },   bin32 },
     { { 2045, 6, 1, 6, 17, 10, 0, 0 },   bin33 },
     { { 2045, 6, 1, 6, 15, 10, 0, 0 },   bin34 },
621 622 623 624
    };
    /* An oddball case that succeeds in Windows, but doesn't seem correct
     { { 2145, 6, 1, 2, 11, 31, 0, 0 },   "\x18" "\x13" "21450606161000-9999" },
     */
Mike McCormack's avatar
Mike McCormack committed
625
    static const unsigned char *bogusTimes[] = {
626 627 628
     /* oddly, this succeeds on Windows, with year 2765
     "\x18" "\x0f" "21r50606161000Z",
      */
Mike McCormack's avatar
Mike McCormack committed
629 630 631 632
     bin35,
     bin36,
     bin37,
     bin38,
633
    };
634 635 636
    DWORD i, size;
    FILETIME ft1 = { 0 }, ft2 = { 0 };
    BOOL ret;
637

638 639
    /* Check bogus length with non-NULL buffer */
    ret = SystemTimeToFileTime(&times[0].sysTime, &ft1);
640
    ok(ret, "SystemTimeToFileTime failed: %d\n", GetLastError());
641
    size = 1;
642
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
643 644
     times[0].encodedTime, times[0].encodedTime[1] + 2, 0, NULL, &ft2, &size);
    ok(!ret && GetLastError() == ERROR_MORE_DATA,
645
     "Expected ERROR_MORE_DATA, got %d\n", GetLastError());
646
    /* Normal tests */
647 648
    for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
    {
649 650 651
        testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, &times[i]);
        testTimeDecoding(dwEncoding, PKCS_UTC_TIME, &times[i]);
        testTimeDecoding(dwEncoding, szOID_RSA_signingTime, &times[i]);
652 653 654
    }
    for (i = 0; i < sizeof(otherTimes) / sizeof(otherTimes[0]); i++)
    {
655 656 657
        testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, &otherTimes[i]);
        testTimeDecoding(dwEncoding, PKCS_UTC_TIME, &otherTimes[i]);
        testTimeDecoding(dwEncoding, szOID_RSA_signingTime, &otherTimes[i]);
658 659 660
    }
    for (i = 0; i < sizeof(bogusTimes) / sizeof(bogusTimes[0]); i++)
    {
661
        size = sizeof(ft1);
662
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
663
         bogusTimes[i], bogusTimes[i][1] + 2, 0, NULL, &ft1, &size);
664 665 666
        ok((!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
                     GetLastError() == OSS_DATA_ERROR /* Win9x */)) ||
           broken(ret), /* Win9x and NT4 for bin38 */
667 668
         "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
         GetLastError());
669 670 671
    }
}

672 673 674
static const char commonName[] = "Juan Lang";
static const char surName[] = "Lang";

675
static const BYTE emptySequence[] = { 0x30, 0 };
676
static const BYTE emptyRDNs[] = { 0x30, 0x02, 0x31, 0 };
Mike McCormack's avatar
Mike McCormack committed
677 678 679 680
static const BYTE twoRDNs[] = {
    0x30,0x23,0x31,0x21,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,
    0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
    0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0};
681 682 683 684 685 686
static const BYTE encodedTwoRDNs[] = {
0x30,0x2e,0x31,0x2c,0x30,0x2a,0x06,0x03,0x55,0x04,0x03,0x30,0x23,0x31,0x21,
0x30,0x0c,0x06,0x03,0x55,0x04,0x04,0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,
};
687

688 689 690 691 692 693 694 695 696 697 698 699 700 701
static const BYTE us[] = { 0x55, 0x53 };
static const BYTE minnesota[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x73, 0x6f,
 0x74, 0x61 };
static const BYTE minneapolis[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, 0x70,
 0x6f, 0x6c, 0x69, 0x73 };
static const BYTE codeweavers[] = { 0x43, 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61,
 0x76, 0x65, 0x72, 0x73 };
static const BYTE wine[] = { 0x57, 0x69, 0x6e, 0x65, 0x20, 0x44, 0x65, 0x76,
 0x65, 0x6c, 0x6f, 0x70, 0x6d, 0x65, 0x6e, 0x74 };
static const BYTE localhostAttr[] = { 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
 0x73, 0x74 };
static const BYTE aric[] = { 0x61, 0x72, 0x69, 0x63, 0x40, 0x63, 0x6f, 0x64,
 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63, 0x6f, 0x6d };

702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728
#define RDNA(arr)   oid_ ## arr, CERT_RDN_PRINTABLE_STRING, { sizeof(arr), (LPBYTE)arr }
#define RDNIA5(arr) oid_ ## arr, CERT_RDN_IA5_STRING,       { sizeof(arr), (LPBYTE)arr }

static CHAR oid_us[]            = "2.5.4.6",
            oid_minnesota[]     = "2.5.4.8",
            oid_minneapolis[]   = "2.5.4.7",
            oid_codeweavers[]   = "2.5.4.10",
            oid_wine[]          = "2.5.4.11",
            oid_localhostAttr[] = "2.5.4.3",
            oid_aric[]          = "1.2.840.113549.1.9.1";
static CERT_RDN_ATTR rdnAttrs[] = { { RDNA(us) },
                                    { RDNA(minnesota) },
                                    { RDNA(minneapolis) },
                                    { RDNA(codeweavers) },
                                    { RDNA(wine) },
                                    { RDNA(localhostAttr) },
                                    { RDNIA5(aric) } };
static CERT_RDN_ATTR decodedRdnAttrs[] = { { RDNA(us) },
                                           { RDNA(localhostAttr) },
                                           { RDNA(minnesota) },
                                           { RDNA(minneapolis) },
                                           { RDNA(codeweavers) },
                                           { RDNA(wine) },
                                           { RDNIA5(aric) } };

#undef RDNIA5
#undef RDNA
729 730 731 732 733 734 735 736 737 738 739 740 741 742

static const BYTE encodedRDNAttrs[] = {
0x30,0x81,0x96,0x31,0x81,0x93,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
0x53,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x6c,0x6f,0x63,0x61,0x6c,0x68,
0x6f,0x73,0x74,0x30,0x10,0x06,0x03,0x55,0x04,0x08,0x13,0x09,0x4d,0x69,0x6e,0x6e,
0x65,0x73,0x6f,0x74,0x61,0x30,0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0b,0x4d,0x69,
0x6e,0x6e,0x65,0x61,0x70,0x6f,0x6c,0x69,0x73,0x30,0x12,0x06,0x03,0x55,0x04,0x0a,
0x13,0x0b,0x43,0x6f,0x64,0x65,0x57,0x65,0x61,0x76,0x65,0x72,0x73,0x30,0x17,0x06,
0x03,0x55,0x04,0x0b,0x13,0x10,0x57,0x69,0x6e,0x65,0x20,0x44,0x65,0x76,0x65,0x6c,
0x6f,0x70,0x6d,0x65,0x6e,0x74,0x30,0x21,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
0x01,0x09,0x01,0x16,0x14,0x61,0x72,0x69,0x63,0x40,0x63,0x6f,0x64,0x65,0x77,0x65,
0x61,0x76,0x65,0x72,0x73,0x2e,0x63,0x6f,0x6d
};

743 744 745 746 747
static void test_encodeName(DWORD dwEncoding)
{
    CERT_RDN_ATTR attrs[2];
    CERT_RDN rdn;
    CERT_NAME_INFO info;
748 749
    static CHAR oid_common_name[] = szOID_COMMON_NAME,
                oid_sur_name[]    = szOID_SUR_NAME;
750
    BYTE *buf = NULL;
751
    DWORD size = 0;
752 753
    BOOL ret;

754 755 756 757
    if (0)
    {
        /* Test with NULL pvStructInfo (crashes on win9x) */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, NULL,
758
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
759 760 761
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
762 763 764
    /* Test with empty CERT_NAME_INFO */
    info.cRDN = 0;
    info.rgRDN = NULL;
765
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
766
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
767
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
768
    if (ret)
769
    {
770
        ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
771 772 773
         "Got unexpected encoding for empty name\n");
        LocalFree(buf);
    }
774 775 776 777 778
    if (0)
    {
        /* Test with bogus CERT_RDN (crashes on win9x) */
        info.cRDN = 1;
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
779
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
780 781 782
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
783 784 785 786 787
    /* Test with empty CERT_RDN */
    rdn.cRDNAttr = 0;
    rdn.rgRDNAttr = NULL;
    info.cRDN = 1;
    info.rgRDN = &rdn;
788
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
789
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
790
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
791
    if (ret)
792 793 794 795 796
    {
        ok(!memcmp(buf, emptyRDNs, sizeof(emptyRDNs)),
         "Got unexpected encoding for empty RDN array\n");
        LocalFree(buf);
    }
797 798 799 800 801 802
    if (0)
    {
        /* Test with bogus attr array (crashes on win9x) */
        rdn.cRDNAttr = 1;
        rdn.rgRDNAttr = NULL;
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
803
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
804 805 806
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
807 808 809 810
    /* oddly, a bogus OID is accepted by Windows XP; not testing.
    attrs[0].pszObjId = "bogus";
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = sizeof(commonName);
811
    attrs[0].Value.pbData = commonName;
812 813
    rdn.cRDNAttr = 1;
    rdn.rgRDNAttr = attrs;
814
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
815
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
816 817 818 819 820
    ok(!ret, "Expected failure, got success\n");
     */
    /* Check with two CERT_RDN_ATTRs.  Note DER encoding forces the order of
     * the encoded attributes to be swapped.
     */
821
    attrs[0].pszObjId = oid_common_name;
822 823 824
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = sizeof(commonName);
    attrs[0].Value.pbData = (BYTE *)commonName;
825
    attrs[1].pszObjId = oid_sur_name;
826 827 828 829 830
    attrs[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[1].Value.cbData = sizeof(surName);
    attrs[1].Value.pbData = (BYTE *)surName;
    rdn.cRDNAttr = 2;
    rdn.rgRDNAttr = attrs;
831
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
832
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
833
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
834
    if (ret)
835 836 837 838 839
    {
        ok(!memcmp(buf, twoRDNs, sizeof(twoRDNs)),
         "Got unexpected encoding for two RDN array\n");
        LocalFree(buf);
    }
840 841 842 843 844
    /* A name can be "encoded" with previously encoded RDN attrs. */
    attrs[0].dwValueType = CERT_RDN_ENCODED_BLOB;
    attrs[0].Value.pbData = (LPBYTE)twoRDNs;
    attrs[0].Value.cbData = sizeof(twoRDNs);
    rdn.cRDNAttr = 1;
845
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
846
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
847
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
848
    if (ret)
849
    {
850
        ok(size == sizeof(encodedTwoRDNs), "Unexpected size %d\n", size);
851 852 853 854
        ok(!memcmp(buf, encodedTwoRDNs, size),
         "Unexpected value for re-endoded two RDN array\n");
        LocalFree(buf);
    }
855 856 857
    /* CERT_RDN_ANY_TYPE is too vague for X509_NAMEs, check the return */
    rdn.cRDNAttr = 1;
    attrs[0].dwValueType = CERT_RDN_ANY_TYPE;
858
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
859
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
860
    ok(!ret && GetLastError() == E_INVALIDARG,
861
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
862 863
    /* Test a more complex name */
    rdn.cRDNAttr = sizeof(rdnAttrs) / sizeof(rdnAttrs[0]);
864
    rdn.rgRDNAttr = rdnAttrs;
865 866 867 868
    info.cRDN = 1;
    info.rgRDN = &rdn;
    buf = NULL;
    size = 0;
869
    ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, X509_NAME, &info,
870
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
871
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
872 873
    if (ret)
    {
874
        ok(size == sizeof(encodedRDNAttrs), "Wrong size %d\n", size);
875 876 877 878 879
        ok(!memcmp(buf, encodedRDNAttrs, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897
static WCHAR commonNameW[] = { 'J','u','a','n',' ','L','a','n','g',0 };
static WCHAR surNameW[] = { 'L','a','n','g',0 };

static const BYTE twoRDNsNoNull[] = {
 0x30,0x21,0x31,0x1f,0x30,0x0b,0x06,0x03,0x55,0x04,0x04,0x13,0x04,0x4c,0x61,
 0x6e,0x67,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,
 0x20,0x4c,0x61,0x6e,0x67 };
static const BYTE anyType[] = {
 0x30,0x2f,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x1e,0x24,0x23,0x30,
 0x21,0x31,0x0c,0x30,0x03,0x06,0x04,0x55,0x13,0x04,0x4c,0x05,0x6e,0x61,0x00,
 0x67,0x11,0x30,0x03,0x06,0x04,0x55,0x13,0x03,0x4a,0x0a,0x61,0x75,0x20,0x6e,
 0x61,0x4c,0x67,0x6e };

static void test_encodeUnicodeName(DWORD dwEncoding)
{
    CERT_RDN_ATTR attrs[2];
    CERT_RDN rdn;
    CERT_NAME_INFO info;
898 899
    static CHAR oid_common_name[] = szOID_COMMON_NAME,
                oid_sur_name[]    = szOID_SUR_NAME;
900 901 902 903
    BYTE *buf = NULL;
    DWORD size = 0;
    BOOL ret;

904 905 906 907
    if (0)
    {
        /* Test with NULL pvStructInfo (crashes on win9x) */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, NULL,
908
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
909 910 911
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
912 913 914
    /* Test with empty CERT_NAME_INFO */
    info.cRDN = 0;
    info.rgRDN = NULL;
915
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
916
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
917
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
918
    if (ret)
919 920 921 922 923 924 925 926
    {
        ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
         "Got unexpected encoding for empty name\n");
        LocalFree(buf);
    }
    /* Check with one CERT_RDN_ATTR, that has an invalid character for the
     * encoding (the NULL).
     */
927
    attrs[0].pszObjId = oid_common_name;
928 929 930 931 932 933 934
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = sizeof(commonNameW);
    attrs[0].Value.pbData = (BYTE *)commonNameW;
    rdn.cRDNAttr = 1;
    rdn.rgRDNAttr = attrs;
    info.cRDN = 1;
    info.rgRDN = &rdn;
935
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
936
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
937
    ok(!ret && GetLastError() == CRYPT_E_INVALID_PRINTABLE_STRING,
938 939
     "Expected CRYPT_E_INVALID_PRINTABLE_STRING, got %08x\n", GetLastError());
    ok(size == 9, "Unexpected error index %08x\n", size);
940 941 942
    /* Check with two NULL-terminated CERT_RDN_ATTRs.  Note DER encoding
     * forces the order of the encoded attributes to be swapped.
     */
943
    attrs[0].pszObjId = oid_common_name;
944 945 946
    attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[0].Value.cbData = 0;
    attrs[0].Value.pbData = (BYTE *)commonNameW;
947
    attrs[1].pszObjId = oid_sur_name;
948 949 950 951 952 953 954
    attrs[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
    attrs[1].Value.cbData = 0;
    attrs[1].Value.pbData = (BYTE *)surNameW;
    rdn.cRDNAttr = 2;
    rdn.rgRDNAttr = attrs;
    info.cRDN = 1;
    info.rgRDN = &rdn;
955
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
956
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
957
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
958
    if (ret)
959 960 961 962 963 964 965 966 967 968
    {
        ok(!memcmp(buf, twoRDNsNoNull, sizeof(twoRDNsNoNull)),
         "Got unexpected encoding for two RDN array\n");
        LocalFree(buf);
    }
    /* A name can be "encoded" with previously encoded RDN attrs. */
    attrs[0].dwValueType = CERT_RDN_ENCODED_BLOB;
    attrs[0].Value.pbData = (LPBYTE)twoRDNs;
    attrs[0].Value.cbData = sizeof(twoRDNs);
    rdn.cRDNAttr = 1;
969
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
970
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
971
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
972
    if (ret)
973
    {
974
        ok(size == sizeof(encodedTwoRDNs), "Unexpected size %d\n", size);
975 976 977 978 979 980 981
        ok(!memcmp(buf, encodedTwoRDNs, size),
         "Unexpected value for re-endoded two RDN array\n");
        LocalFree(buf);
    }
    /* Unicode names infer the type for CERT_RDN_ANY_TYPE */
    rdn.cRDNAttr = 1;
    attrs[0].dwValueType = CERT_RDN_ANY_TYPE;
982
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
983
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
984
    todo_wine ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
985
    if (ret)
986
    {
987
        ok(size == sizeof(anyType), "Unexpected size %d\n", size);
988 989 990 991 992
        ok(!memcmp(buf, anyType, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

993 994 995
static void compareNameValues(const CERT_NAME_VALUE *expected,
 const CERT_NAME_VALUE *got)
{
996 997 998 999 1000 1001 1002
    if (expected->dwValueType == CERT_RDN_UTF8_STRING &&
        got->dwValueType == CERT_RDN_ENCODED_BLOB)
    {
        win_skip("Can't handle CERT_RDN_UTF8_STRING\n");
        return;
    }

1003
    ok(got->dwValueType == expected->dwValueType,
1004
     "Expected string type %d, got %d\n", expected->dwValueType,
1005 1006
     got->dwValueType);
    ok(got->Value.cbData == expected->Value.cbData,
1007
     "String type %d: unexpected data size, got %d, expected %d\n",
1008
     expected->dwValueType, got->Value.cbData, expected->Value.cbData);
1009 1010
    if (got->Value.cbData && got->Value.pbData)
        ok(!memcmp(got->Value.pbData, expected->Value.pbData,
1011
         min(got->Value.cbData, expected->Value.cbData)),
1012
         "String type %d: unexpected value\n", expected->dwValueType);
1013 1014
}

1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028
static void compareRDNAttrs(const CERT_RDN_ATTR *expected,
 const CERT_RDN_ATTR *got)
{
    if (expected->pszObjId && strlen(expected->pszObjId))
    {
        ok(got->pszObjId != NULL, "Expected OID %s, got NULL\n",
         expected->pszObjId);
        if (got->pszObjId)
        {
            ok(!strcmp(got->pszObjId, expected->pszObjId),
             "Got unexpected OID %s, expected %s\n", got->pszObjId,
             expected->pszObjId);
        }
    }
1029 1030
    compareNameValues((const CERT_NAME_VALUE *)&expected->dwValueType,
     (const CERT_NAME_VALUE *)&got->dwValueType);
1031 1032 1033 1034 1035
}

static void compareRDNs(const CERT_RDN *expected, const CERT_RDN *got)
{
    ok(got->cRDNAttr == expected->cRDNAttr,
1036
     "Expected %d RDN attrs, got %d\n", expected->cRDNAttr, got->cRDNAttr);
1037 1038 1039 1040 1041 1042 1043
    if (got->cRDNAttr)
    {
        DWORD i;

        for (i = 0; i < got->cRDNAttr; i++)
            compareRDNAttrs(&expected->rgRDNAttr[i], &got->rgRDNAttr[i]);
    }
1044 1045 1046 1047 1048
}

static void compareNames(const CERT_NAME_INFO *expected,
 const CERT_NAME_INFO *got)
{
1049
    ok(got->cRDN == expected->cRDN, "Expected %d RDNs, got %d\n",
1050
     expected->cRDN, got->cRDN);
Juan Lang's avatar
Juan Lang committed
1051
    if (got->cRDN)
1052
    {
1053 1054 1055 1056
        DWORD i;

        for (i = 0; i < got->cRDN; i++)
            compareRDNs(&expected->rgRDN[i], &got->rgRDN[i]);
1057 1058 1059
    }
}

1060
static const BYTE emptyIndefiniteSequence[] = { 0x30,0x80,0x00,0x00 };
1061 1062 1063 1064 1065
static const BYTE twoRDNsExtraBytes[] = {
    0x30,0x23,0x31,0x21,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,
    0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
    0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0,0,0,0,0,0};

1066 1067 1068 1069 1070 1071 1072 1073 1074 1075
static void test_decodeName(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;
    CERT_RDN rdn;
    CERT_NAME_INFO info = { 1, &rdn };

    /* test empty name */
    bufSize = 0;
1076
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptySequence,
1077
     emptySequence[1] + 2,
1078
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1079
     &buf, &bufSize);
1080
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1081 1082 1083
    /* Interestingly, in Windows, if cRDN is 0, rgRGN may not be NULL.  My
     * decoder works the same way, so only test the count.
     */
1084
    if (ret)
1085
    {
1086
        ok(bufSize == sizeof(CERT_NAME_INFO), "Wrong bufSize %d\n", bufSize);
1087
        ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
1088
         "Expected 0 RDNs in empty info, got %d\n",
1089 1090 1091
         ((CERT_NAME_INFO *)buf)->cRDN);
        LocalFree(buf);
    }
1092
    /* test empty name with indefinite-length encoding */
1093
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptyIndefiniteSequence,
1094
     sizeof(emptyIndefiniteSequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
1095
     &buf, &bufSize);
1096 1097 1098 1099 1100 1101 1102 1103 1104
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(bufSize == sizeof(CERT_NAME_INFO), "Wrong bufSize %d\n", bufSize);
        ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
         "Expected 0 RDNs in empty info, got %d\n",
         ((CERT_NAME_INFO *)buf)->cRDN);
        LocalFree(buf);
    }
1105 1106
    /* test empty RDN */
    bufSize = 0;
1107
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptyRDNs,
1108 1109
     emptyRDNs[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1110
     &buf, &bufSize);
1111
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1112
    if (ret)
1113 1114 1115 1116 1117 1118 1119 1120 1121 1122
    {
        CERT_NAME_INFO *info = (CERT_NAME_INFO *)buf;

        ok(bufSize == sizeof(CERT_NAME_INFO) + sizeof(CERT_RDN) &&
         info->cRDN == 1 && info->rgRDN && info->rgRDN[0].cRDNAttr == 0,
         "Got unexpected value for empty RDN\n");
        LocalFree(buf);
    }
    /* test two RDN attrs */
    bufSize = 0;
1123
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, twoRDNs,
1124 1125
     twoRDNs[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1126
     &buf, &bufSize);
1127
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1128
    if (ret)
1129
    {
1130 1131 1132
        static CHAR oid_sur_name[]    = szOID_SUR_NAME,
                    oid_common_name[] = szOID_COMMON_NAME;

1133
        CERT_RDN_ATTR attrs[] = {
1134
         { oid_sur_name, CERT_RDN_PRINTABLE_STRING, { sizeof(surName),
1135
          (BYTE *)surName } },
1136
         { oid_common_name, CERT_RDN_PRINTABLE_STRING, { sizeof(commonName),
1137 1138 1139 1140 1141
          (BYTE *)commonName } },
        };

        rdn.cRDNAttr = sizeof(attrs) / sizeof(attrs[0]);
        rdn.rgRDNAttr = attrs;
Juan Lang's avatar
Juan Lang committed
1142
        compareNames(&info, (CERT_NAME_INFO *)buf);
1143 1144
        LocalFree(buf);
    }
1145 1146
    /* test that two RDN attrs with extra bytes succeeds */
    bufSize = 0;
1147
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, twoRDNsExtraBytes,
1148 1149
     sizeof(twoRDNsExtraBytes), 0, NULL, NULL, &bufSize);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1150 1151 1152
    /* And, a slightly more complicated name */
    buf = NULL;
    bufSize = 0;
1153
    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, encodedRDNAttrs,
1154
     sizeof(encodedRDNAttrs), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1155
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1156 1157 1158
    if (ret)
    {
        rdn.cRDNAttr = sizeof(decodedRdnAttrs) / sizeof(decodedRdnAttrs[0]);
1159
        rdn.rgRDNAttr = decodedRdnAttrs;
1160 1161 1162
        compareNames(&info, (CERT_NAME_INFO *)buf);
        LocalFree(buf);
    }
1163 1164
}

1165 1166 1167 1168 1169 1170 1171 1172 1173 1174
static void test_decodeUnicodeName(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;
    CERT_RDN rdn;
    CERT_NAME_INFO info = { 1, &rdn };

    /* test empty name */
    bufSize = 0;
1175
    ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, emptySequence,
1176 1177
     emptySequence[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1178
     &buf, &bufSize);
1179
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1180
    if (ret)
1181 1182
    {
        ok(bufSize == sizeof(CERT_NAME_INFO),
1183
         "Got wrong bufSize %d\n", bufSize);
1184
        ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
1185
         "Expected 0 RDNs in empty info, got %d\n",
1186 1187 1188 1189 1190
         ((CERT_NAME_INFO *)buf)->cRDN);
        LocalFree(buf);
    }
    /* test empty RDN */
    bufSize = 0;
1191
    ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, emptyRDNs,
1192 1193
     emptyRDNs[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1194
     &buf, &bufSize);
1195
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1196
    if (ret)
1197 1198 1199 1200 1201 1202 1203 1204 1205 1206
    {
        CERT_NAME_INFO *info = (CERT_NAME_INFO *)buf;

        ok(bufSize == sizeof(CERT_NAME_INFO) + sizeof(CERT_RDN) &&
         info->cRDN == 1 && info->rgRDN && info->rgRDN[0].cRDNAttr == 0,
         "Got unexpected value for empty RDN\n");
        LocalFree(buf);
    }
    /* test two RDN attrs */
    bufSize = 0;
1207
    ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, twoRDNsNoNull,
1208 1209
     sizeof(twoRDNsNoNull),
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1210
     &buf, &bufSize);
1211
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1212
    if (ret)
1213
    {
1214 1215 1216
        static CHAR oid_sur_name[]    = szOID_SUR_NAME,
                    oid_common_name[] = szOID_COMMON_NAME;

1217
        CERT_RDN_ATTR attrs[] = {
1218
         { oid_sur_name, CERT_RDN_PRINTABLE_STRING,
1219
         { lstrlenW(surNameW) * sizeof(WCHAR), (BYTE *)surNameW } },
1220
         { oid_common_name, CERT_RDN_PRINTABLE_STRING,
1221 1222 1223 1224 1225 1226 1227 1228 1229 1230
         { lstrlenW(commonNameW) * sizeof(WCHAR), (BYTE *)commonNameW } },
        };

        rdn.cRDNAttr = sizeof(attrs) / sizeof(attrs[0]);
        rdn.rgRDNAttr = attrs;
        compareNames(&info, (CERT_NAME_INFO *)buf);
        LocalFree(buf);
    }
}

1231 1232 1233 1234
struct EncodedNameValue
{
    CERT_NAME_VALUE value;
    const BYTE *encoded;
1235
    DWORD encodedSize;
1236 1237 1238 1239 1240 1241 1242 1243
};

static const char bogusIA5[] = "\x80";
static const char bogusPrintable[] = "~";
static const char bogusNumeric[] = "A";
static const BYTE bin42[] = { 0x16,0x02,0x80,0x00 };
static const BYTE bin43[] = { 0x13,0x02,0x7e,0x00 };
static const BYTE bin44[] = { 0x12,0x02,0x41,0x00 };
1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266
static BYTE octetCommonNameValue[] = {
 0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE numericCommonNameValue[] = {
 0x12,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE printableCommonNameValue[] = {
 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE t61CommonNameValue[] = {
 0x14,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE videotexCommonNameValue[] = {
 0x15,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE ia5CommonNameValue[] = {
 0x16,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE graphicCommonNameValue[] = {
 0x19,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE visibleCommonNameValue[] = {
 0x1a,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE generalCommonNameValue[] = {
 0x1b,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
static BYTE bmpCommonNameValue[] = {
 0x1e,0x14,0x00,0x4a,0x00,0x75,0x00,0x61,0x00,0x6e,0x00,0x20,0x00,0x4c,0x00,
 0x61,0x00,0x6e,0x00,0x67,0x00,0x00 };
static BYTE utf8CommonNameValue[] = {
 0x0c,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1267 1268 1269
static char embedded_null[] = "foo\0com";
static BYTE ia5EmbeddedNull[] = {
 0x16,0x07,0x66,0x6f,0x6f,0x00,0x63,0x6f,0x6d };
1270

1271 1272 1273 1274 1275
static struct EncodedNameValue nameValues[] = {
 { { CERT_RDN_OCTET_STRING, { sizeof(commonName), (BYTE *)commonName } },
     octetCommonNameValue, sizeof(octetCommonNameValue) },
 { { CERT_RDN_NUMERIC_STRING, { sizeof(commonName), (BYTE *)commonName } },
     numericCommonNameValue, sizeof(numericCommonNameValue) },
1276
 { { CERT_RDN_PRINTABLE_STRING, { sizeof(commonName), (BYTE *)commonName } },
1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293
     printableCommonNameValue, sizeof(printableCommonNameValue) },
 { { CERT_RDN_T61_STRING, { sizeof(commonName), (BYTE *)commonName } },
     t61CommonNameValue, sizeof(t61CommonNameValue) },
 { { CERT_RDN_VIDEOTEX_STRING, { sizeof(commonName), (BYTE *)commonName } },
     videotexCommonNameValue, sizeof(videotexCommonNameValue) },
 { { CERT_RDN_IA5_STRING, { sizeof(commonName), (BYTE *)commonName } },
     ia5CommonNameValue, sizeof(ia5CommonNameValue) },
 { { CERT_RDN_GRAPHIC_STRING, { sizeof(commonName), (BYTE *)commonName } },
     graphicCommonNameValue, sizeof(graphicCommonNameValue) },
 { { CERT_RDN_VISIBLE_STRING, { sizeof(commonName), (BYTE *)commonName } },
     visibleCommonNameValue, sizeof(visibleCommonNameValue) },
 { { CERT_RDN_GENERAL_STRING, { sizeof(commonName), (BYTE *)commonName } },
     generalCommonNameValue, sizeof(generalCommonNameValue) },
 { { CERT_RDN_BMP_STRING, { sizeof(commonNameW), (BYTE *)commonNameW } },
     bmpCommonNameValue, sizeof(bmpCommonNameValue) },
 { { CERT_RDN_UTF8_STRING, { sizeof(commonNameW), (BYTE *)commonNameW } },
     utf8CommonNameValue, sizeof(utf8CommonNameValue) },
1294 1295 1296 1297
 /* The following tests succeed under Windows, but really should fail,
  * they contain characters that are illegal for the encoding.  I'm
  * including them to justify my lazy encoding.
  */
1298 1299
 { { CERT_RDN_IA5_STRING, { sizeof(bogusIA5), (BYTE *)bogusIA5 } }, bin42,
     sizeof(bin42) },
1300
 { { CERT_RDN_PRINTABLE_STRING, { sizeof(bogusPrintable),
1301
     (BYTE *)bogusPrintable } }, bin43, sizeof(bin43) },
1302
 { { CERT_RDN_NUMERIC_STRING, { sizeof(bogusNumeric), (BYTE *)bogusNumeric } },
1303
     bin44, sizeof(bin44) },
1304
};
1305 1306 1307 1308 1309 1310
/* This is kept separate, because the decoding doesn't return to the original
 * value.
 */
static struct EncodedNameValue embeddedNullNameValue = {
 { CERT_RDN_IA5_STRING, { sizeof(embedded_null) - 1, (BYTE *)embedded_null } },
   ia5EmbeddedNull, sizeof(ia5EmbeddedNull) };
1311 1312 1313 1314 1315 1316

static void test_encodeNameValue(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD size = 0, i;
    BOOL ret;
1317
    CERT_NAME_VALUE value = { 0, { 0, NULL } };
1318

1319 1320 1321
    value.dwValueType = CERT_RDN_ENCODED_BLOB;
    value.Value.pbData = printableCommonNameValue;
    value.Value.cbData = sizeof(printableCommonNameValue);
1322
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE, &value,
1323
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1324
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1325
    if (ret)
1326
    {
1327
        ok(size == sizeof(printableCommonNameValue), "Unexpected size %d\n",
1328 1329 1330 1331 1332
         size);
        ok(!memcmp(buf, printableCommonNameValue, size),
         "Unexpected encoding\n");
        LocalFree(buf);
    }
1333 1334
    for (i = 0; i < sizeof(nameValues) / sizeof(nameValues[0]); i++)
    {
1335
        ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE,
1336
         &nameValues[i].value, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1337 1338
        ok(ret || broken(GetLastError() == OSS_PDU_MISMATCH) /* NT4/Win9x */,
         "Type %d: CryptEncodeObjectEx failed: %08x\n",
1339
         nameValues[i].value.dwValueType, GetLastError());
1340
        if (ret)
1341
        {
1342
            ok(size == nameValues[i].encodedSize,
1343
             "Expected size %d, got %d\n", nameValues[i].encodedSize, size);
1344 1345 1346 1347 1348
            ok(!memcmp(buf, nameValues[i].encoded, size),
             "Got unexpected encoding\n");
            LocalFree(buf);
        }
    }
1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE,
     &embeddedNullNameValue.value, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret || broken(GetLastError() == OSS_PDU_MISMATCH) /* NT4/Win9x */,
     "Type %d: CryptEncodeObjectEx failed: %08x\n",
     embeddedNullNameValue.value.dwValueType, GetLastError());
    if (ret)
    {
        ok(size == embeddedNullNameValue.encodedSize,
         "Expected size %d, got %d\n", embeddedNullNameValue.encodedSize, size);
        ok(!memcmp(buf, embeddedNullNameValue.encoded, size),
         "Got unexpected encoding\n");
        LocalFree(buf);
    }
1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372
}

static void test_decodeNameValue(DWORD dwEncoding)
{
    int i;
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;

    for (i = 0; i < sizeof(nameValues) / sizeof(nameValues[0]); i++)
    {
1373
        ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_VALUE,
1374 1375
         nameValues[i].encoded, nameValues[i].encoded[1] + 2,
         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1376
         &buf, &bufSize);
1377
        ok(ret, "Value type %d: CryptDecodeObjectEx failed: %08x\n",
1378
         nameValues[i].value.dwValueType, GetLastError());
1379
        if (ret)
1380 1381 1382 1383 1384 1385
        {
            compareNameValues(&nameValues[i].value,
             (const CERT_NAME_VALUE *)buf);
            LocalFree(buf);
        }
    }
1386 1387 1388 1389
    ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_VALUE,
     embeddedNullNameValue.encoded, embeddedNullNameValue.encodedSize,
     CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
     &buf, &bufSize);
1390 1391 1392
    /* Some Windows versions disallow name values with embedded NULLs, so
     * either success or failure is acceptable.
     */
1393 1394
    if (ret)
    {
1395
        CERT_NAME_VALUE rdnEncodedValue = { CERT_RDN_ENCODED_BLOB,
1396
         { sizeof(ia5EmbeddedNull), ia5EmbeddedNull } };
1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423
        CERT_NAME_VALUE embeddedNullValue = { CERT_RDN_IA5_STRING,
         { sizeof(embedded_null) - 1, (BYTE *)embedded_null } };
        const CERT_NAME_VALUE *got = (const CERT_NAME_VALUE *)buf,
         *expected = NULL;

        /* Some Windows versions decode name values with embedded NULLs,
         * others leave them encoded, even with the same version of crypt32.
         * Accept either.
         */
        ok(got->dwValueType == CERT_RDN_ENCODED_BLOB ||
         got->dwValueType == CERT_RDN_IA5_STRING,
         "Expected CERT_RDN_ENCODED_BLOB or CERT_RDN_IA5_STRING, got %d\n",
         got->dwValueType);
        if (got->dwValueType == CERT_RDN_ENCODED_BLOB)
            expected = &rdnEncodedValue;
        else if (got->dwValueType == CERT_RDN_IA5_STRING)
            expected = &embeddedNullValue;
        if (expected)
        {
            ok(got->Value.cbData == expected->Value.cbData,
             "String type %d: unexpected data size, got %d, expected %d\n",
             got->dwValueType, got->Value.cbData, expected->Value.cbData);
            if (got->Value.cbData && got->Value.pbData)
                ok(!memcmp(got->Value.pbData, expected->Value.pbData,
                 min(got->Value.cbData, expected->Value.cbData)),
                 "String type %d: unexpected value\n", expected->dwValueType);
        }
1424 1425
        LocalFree(buf);
    }
1426 1427
}

1428
static const BYTE emptyURL[] = { 0x30, 0x02, 0x86, 0x00 };
1429
static const BYTE emptyURLExtraBytes[] = { 0x30, 0x02, 0x86, 0x00, 0, 0, 0 };
1430 1431 1432 1433 1434
static const WCHAR url[] = { 'h','t','t','p',':','/','/','w','i','n','e',
 'h','q','.','o','r','g',0 };
static const BYTE encodedURL[] = { 0x30, 0x13, 0x86, 0x11, 0x68, 0x74,
 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e,
 0x6f, 0x72, 0x67 };
1435 1436
static const WCHAR nihongoURL[] = { 'h','t','t','p',':','/','/',0x226f,
 0x575b, 0 };
1437 1438 1439 1440 1441 1442
static const WCHAR dnsName[] = { 'w','i','n','e','h','q','.','o','r','g',0 };
static const BYTE encodedDnsName[] = { 0x30, 0x0c, 0x82, 0x0a, 0x77, 0x69,
 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE localhost[] = { 127, 0, 0, 1 };
static const BYTE encodedIPAddr[] = { 0x30, 0x06, 0x87, 0x04, 0x7f, 0x00, 0x00,
 0x01 };
1443 1444 1445 1446 1447 1448
static const unsigned char encodedCommonName[] = {
    0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,'J','u','a','n',' ','L','a','n','g',0};
static const BYTE encodedOidName[] = { 0x30,0x04,0x88,0x02,0x2a,0x03 };
static const BYTE encodedDirectoryName[] = {
0x30,0x19,0xa4,0x17,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1449 1450 1451 1452 1453 1454 1455 1456

static void test_encodeAltName(DWORD dwEncoding)
{
    CERT_ALT_NAME_INFO info = { 0 };
    CERT_ALT_NAME_ENTRY entry = { 0 };
    BYTE *buf = NULL;
    DWORD size = 0;
    BOOL ret;
1457
    char oid[] = "1.2.3";
1458 1459

    /* Test with empty info */
1460
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1461
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1462
    if (ret)
1463
    {
1464
        ok(size == sizeof(emptySequence), "Wrong size %d\n", size);
1465
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
1466 1467 1468 1469 1470
        LocalFree(buf);
    }
    /* Test with an empty entry */
    info.cAltEntry = 1;
    info.rgAltEntry = &entry;
1471
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1472
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1473
    ok(!ret && GetLastError() == E_INVALIDARG,
1474
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
1475 1476
    /* Test with an empty pointer */
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
1477
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1478
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1479
    if (ret)
1480
    {
1481
        ok(size == sizeof(emptyURL), "Wrong size %d\n", size);
1482 1483 1484 1485 1486
        ok(!memcmp(buf, emptyURL, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Test with a real URL */
    U(entry).pwszURL = (LPWSTR)url;
1487
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1488
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1489
    if (ret)
1490
    {
1491
        ok(size == sizeof(encodedURL), "Wrong size %d\n", size);
1492 1493 1494 1495
        ok(!memcmp(buf, encodedURL, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Now with the URL containing an invalid IA5 char */
1496
    U(entry).pwszURL = (LPWSTR)nihongoURL;
1497
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1498
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1499
    ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
1500
     "Expected CRYPT_E_INVALID_IA5_STRING, got %08x\n", GetLastError());
1501 1502
    /* The first invalid character is at index 7 */
    ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
1503
     "Expected invalid char at index 7, got %d\n",
1504
     GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
1505 1506
    /* Now with the URL missing a scheme */
    U(entry).pwszURL = (LPWSTR)dnsName;
1507
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1508
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1509
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1510
    if (ret)
1511 1512 1513 1514 1515 1516
    {
        /* This succeeds, but it shouldn't, so don't worry about conforming */
        LocalFree(buf);
    }
    /* Now with a DNS name */
    entry.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
1517
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1518
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1519
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1520
    if (ret)
1521
    {
1522
        ok(size == sizeof(encodedDnsName), "Wrong size %d\n", size);
1523 1524 1525 1526 1527 1528 1529
        ok(!memcmp(buf, encodedDnsName, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Test with an IP address */
    entry.dwAltNameChoice = CERT_ALT_NAME_IP_ADDRESS;
    U(entry).IPAddress.cbData = sizeof(localhost);
    U(entry).IPAddress.pbData = (LPBYTE)localhost;
1530
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1531
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1532
    if (ret)
1533
    {
1534
        ok(size == sizeof(encodedIPAddr), "Wrong size %d\n", size);
1535 1536 1537
        ok(!memcmp(buf, encodedIPAddr, size), "Unexpected value\n");
        LocalFree(buf);
    }
1538 1539 1540
    /* Test with OID */
    entry.dwAltNameChoice = CERT_ALT_NAME_REGISTERED_ID;
    U(entry).pszRegisteredID = oid;
1541
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1542
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1543
    if (ret)
1544 1545 1546 1547 1548 1549 1550 1551 1552
    {
        ok(size == sizeof(encodedOidName), "Wrong size %d\n", size);
        ok(!memcmp(buf, encodedOidName, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Test with directory name */
    entry.dwAltNameChoice = CERT_ALT_NAME_DIRECTORY_NAME;
    U(entry).DirectoryName.cbData = sizeof(encodedCommonName);
    U(entry).DirectoryName.pbData = (LPBYTE)encodedCommonName;
1553
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1554
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1555
    if (ret)
1556 1557 1558 1559 1560
    {
        ok(size == sizeof(encodedDirectoryName), "Wrong size %d\n", size);
        ok(!memcmp(buf, encodedDirectoryName, size), "Unexpected value\n");
        LocalFree(buf);
    }
1561 1562 1563 1564 1565 1566 1567 1568
}

static void test_decodeAltName(DWORD dwEncoding)
{
    static const BYTE unimplementedType[] = { 0x30, 0x06, 0x85, 0x04, 0x7f,
     0x00, 0x00, 0x01 };
    static const BYTE bogusType[] = { 0x30, 0x06, 0x89, 0x04, 0x7f, 0x00, 0x00,
     0x01 };
1569 1570 1571 1572 1573 1574
    static const BYTE dns_embedded_null[] = { 0x30,0x10,0x82,0x0e,0x66,0x6f,
     0x6f,0x2e,0x63,0x6f,0x6d,0x00,0x62,0x61,0x64,0x64,0x69,0x65 };
    static const BYTE dns_embedded_bell[] = { 0x30,0x10,0x82,0x0e,0x66,0x6f,
     0x6f,0x2e,0x63,0x6f,0x6d,0x07,0x62,0x61,0x64,0x64,0x69,0x65 };
    static const BYTE url_embedded_null[] = { 0x30,0x10,0x86,0x0e,0x66,0x6f,
     0x6f,0x2e,0x63,0x6f,0x6d,0x00,0x62,0x61,0x64,0x64,0x69,0x65 };
1575 1576 1577 1578 1579 1580
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;
    CERT_ALT_NAME_INFO *info;

    /* Test some bogus ones first */
1581
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1582
     unimplementedType, sizeof(unimplementedType), CRYPT_DECODE_ALLOC_FLAG,
1583
     NULL, &buf, &bufSize);
1584 1585 1586 1587
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_BADTAG or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
1588
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1589
     bogusType, sizeof(bogusType), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
1590
     &bufSize);
1591 1592 1593 1594
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
1595
    /* Now expected cases */
1596
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptySequence,
1597
     emptySequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1598
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1599
    if (ret)
1600 1601 1602
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1603
        ok(info->cAltEntry == 0, "Expected 0 entries, got %d\n",
1604 1605 1606
         info->cAltEntry);
        LocalFree(buf);
    }
1607
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptyURL,
1608
     emptyURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1609
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1610
    if (ret)
1611 1612 1613
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1614
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1615 1616
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1617
         "Expected CERT_ALT_NAME_URL, got %d\n",
1618 1619 1620 1621 1622
         info->rgAltEntry[0].dwAltNameChoice);
        ok(U(info->rgAltEntry[0]).pwszURL == NULL || !*U(info->rgAltEntry[0]).pwszURL,
         "Expected empty URL\n");
        LocalFree(buf);
    }
1623
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1624 1625
     emptyURLExtraBytes, sizeof(emptyURLExtraBytes), 0, NULL, NULL, &bufSize);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1626
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedURL,
1627
     encodedURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1628
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1629
    if (ret)
1630 1631 1632
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1633
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1634 1635
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1636
         "Expected CERT_ALT_NAME_URL, got %d\n",
1637 1638 1639 1640
         info->rgAltEntry[0].dwAltNameChoice);
        ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszURL, url), "Unexpected URL\n");
        LocalFree(buf);
    }
1641
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedDnsName,
1642
     encodedDnsName[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1643
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1644
    if (ret)
1645 1646 1647
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1648
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1649 1650
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME,
1651
         "Expected CERT_ALT_NAME_DNS_NAME, got %d\n",
1652 1653 1654 1655 1656
         info->rgAltEntry[0].dwAltNameChoice);
        ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszDNSName, dnsName),
         "Unexpected DNS name\n");
        LocalFree(buf);
    }
1657
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedIPAddr,
1658
     encodedIPAddr[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1659
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1660
    if (ret)
1661 1662 1663
    {
        info = (CERT_ALT_NAME_INFO *)buf;

1664
        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1665 1666
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS,
1667
         "Expected CERT_ALT_NAME_IP_ADDRESS, got %d\n",
1668 1669
         info->rgAltEntry[0].dwAltNameChoice);
        ok(U(info->rgAltEntry[0]).IPAddress.cbData == sizeof(localhost),
1670
         "Unexpected IP address length %d\n",
1671 1672 1673 1674 1675
          U(info->rgAltEntry[0]).IPAddress.cbData);
        ok(!memcmp(U(info->rgAltEntry[0]).IPAddress.pbData, localhost,
         sizeof(localhost)), "Unexpected IP address value\n");
        LocalFree(buf);
    }
1676
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedOidName,
1677
     sizeof(encodedOidName), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1678
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1679
    if (ret)
1680 1681 1682 1683 1684 1685 1686 1687
    {
        info = (CERT_ALT_NAME_INFO *)buf;

        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_REGISTERED_ID,
         "Expected CERT_ALT_NAME_REGISTERED_ID, got %d\n",
         info->rgAltEntry[0].dwAltNameChoice);
1688 1689
        ok(!strcmp(U(info->rgAltEntry[0]).pszRegisteredID, "1.2.3"),
           "Expected OID 1.2.3, got %s\n", U(info->rgAltEntry[0]).pszRegisteredID);
1690 1691
        LocalFree(buf);
    }
1692
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1693
     encodedDirectoryName, sizeof(encodedDirectoryName),
1694
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1695
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1696
    if (ret)
1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712
    {
        info = (CERT_ALT_NAME_INFO *)buf;

        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME,
         "Expected CERT_ALT_NAME_DIRECTORY_NAME, got %d\n",
         info->rgAltEntry[0].dwAltNameChoice);
        ok(U(info->rgAltEntry[0]).DirectoryName.cbData ==
         sizeof(encodedCommonName), "Unexpected directory name length %d\n",
          U(info->rgAltEntry[0]).DirectoryName.cbData);
        ok(!memcmp(U(info->rgAltEntry[0]).DirectoryName.pbData,
         encodedCommonName, sizeof(encodedCommonName)),
         "Unexpected directory name value\n");
        LocalFree(buf);
    }
1713 1714 1715 1716 1717
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
     dns_embedded_null, sizeof(dns_embedded_null), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &buf, &bufSize);
    /* Fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned about the
     * particular failure, just that it doesn't decode.
1718 1719
     * It succeeds on (broken) Windows versions that haven't addressed
     * embedded NULLs in alternate names.
1720
     */
1721
    ok(!ret || broken(ret), "expected failure\n");
1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742
    /* An embedded bell character is allowed, however. */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
     dns_embedded_bell, sizeof(dns_embedded_bell), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &buf, &bufSize);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        info = (CERT_ALT_NAME_INFO *)buf;

        ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
         info->cAltEntry);
        ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME,
         "Expected CERT_ALT_NAME_DNS_NAME, got %d\n",
         info->rgAltEntry[0].dwAltNameChoice);
        LocalFree(buf);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
     url_embedded_null, sizeof(dns_embedded_null), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &buf, &bufSize);
    /* Again, fails on WinXP with CRYPT_E_ASN1_RULE.  I'm not too concerned
     * about the particular failure, just that it doesn't decode.
1743 1744
     * It succeeds on (broken) Windows versions that haven't addressed
     * embedded NULLs in alternate names.
1745
     */
1746
    ok(!ret || broken(ret), "expected failure\n");
1747 1748
}

1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824
struct UnicodeExpectedError
{
    DWORD   valueType;
    LPCWSTR str;
    DWORD   errorIndex;
    DWORD   error;
};

static const WCHAR oneW[] = { '1',0 };
static const WCHAR aW[] = { 'a',0 };
static const WCHAR quoteW[] = { '"', 0 };

static struct UnicodeExpectedError unicodeErrors[] = {
 { CERT_RDN_ANY_TYPE,         oneW,       0, CRYPT_E_NOT_CHAR_STRING },
 { CERT_RDN_ENCODED_BLOB,     oneW,       0, CRYPT_E_NOT_CHAR_STRING },
 { CERT_RDN_OCTET_STRING,     oneW,       0, CRYPT_E_NOT_CHAR_STRING },
 { CERT_RDN_NUMERIC_STRING,   aW,         0, CRYPT_E_INVALID_NUMERIC_STRING },
 { CERT_RDN_PRINTABLE_STRING, quoteW,     0, CRYPT_E_INVALID_PRINTABLE_STRING },
 { CERT_RDN_IA5_STRING,       nihongoURL, 7, CRYPT_E_INVALID_IA5_STRING },
};

struct UnicodeExpectedResult
{
    DWORD           valueType;
    LPCWSTR         str;
    CRYPT_DATA_BLOB encoded;
};

static BYTE oneNumeric[] = { 0x12, 0x01, 0x31 };
static BYTE onePrintable[] = { 0x13, 0x01, 0x31 };
static BYTE oneTeletex[] = { 0x14, 0x01, 0x31 };
static BYTE oneVideotex[] = { 0x15, 0x01, 0x31 };
static BYTE oneIA5[] = { 0x16, 0x01, 0x31 };
static BYTE oneGraphic[] = { 0x19, 0x01, 0x31 };
static BYTE oneVisible[] = { 0x1a, 0x01, 0x31 };
static BYTE oneUniversal[] = { 0x1c, 0x04, 0x00, 0x00, 0x00, 0x31 };
static BYTE oneGeneral[] = { 0x1b, 0x01, 0x31 };
static BYTE oneBMP[] = { 0x1e, 0x02, 0x00, 0x31 };
static BYTE oneUTF8[] = { 0x0c, 0x01, 0x31 };
static BYTE nihongoT61[] = { 0x14,0x09,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,
 0x5b };
static BYTE nihongoGeneral[] = { 0x1b,0x09,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
 0x6f,0x5b };
static BYTE nihongoBMP[] = { 0x1e,0x12,0x00,0x68,0x00,0x74,0x00,0x74,0x00,0x70,
 0x00,0x3a,0x00,0x2f,0x00,0x2f,0x22,0x6f,0x57,0x5b };
static BYTE nihongoUTF8[] = { 0x0c,0x0d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
 0xe2,0x89,0xaf,0xe5,0x9d,0x9b };

static struct UnicodeExpectedResult unicodeResults[] = {
 { CERT_RDN_NUMERIC_STRING,   oneW, { sizeof(oneNumeric), oneNumeric } },
 { CERT_RDN_PRINTABLE_STRING, oneW, { sizeof(onePrintable), onePrintable } },
 { CERT_RDN_TELETEX_STRING,   oneW, { sizeof(oneTeletex), oneTeletex } },
 { CERT_RDN_VIDEOTEX_STRING,  oneW, { sizeof(oneVideotex), oneVideotex } },
 { CERT_RDN_IA5_STRING,       oneW, { sizeof(oneIA5), oneIA5 } },
 { CERT_RDN_GRAPHIC_STRING,   oneW, { sizeof(oneGraphic), oneGraphic } },
 { CERT_RDN_VISIBLE_STRING,   oneW, { sizeof(oneVisible), oneVisible } },
 { CERT_RDN_UNIVERSAL_STRING, oneW, { sizeof(oneUniversal), oneUniversal } },
 { CERT_RDN_GENERAL_STRING,   oneW, { sizeof(oneGeneral), oneGeneral } },
 { CERT_RDN_BMP_STRING,       oneW, { sizeof(oneBMP), oneBMP } },
 { CERT_RDN_UTF8_STRING,      oneW, { sizeof(oneUTF8), oneUTF8 } },
 { CERT_RDN_BMP_STRING,     nihongoURL, { sizeof(nihongoBMP), nihongoBMP } },
 { CERT_RDN_UTF8_STRING,    nihongoURL, { sizeof(nihongoUTF8), nihongoUTF8 } },
};

static struct UnicodeExpectedResult unicodeWeirdness[] = {
 { CERT_RDN_TELETEX_STRING, nihongoURL, { sizeof(nihongoT61), nihongoT61 } },
 { CERT_RDN_GENERAL_STRING, nihongoURL, { sizeof(nihongoGeneral), nihongoGeneral } },
};

static void test_encodeUnicodeNameValue(DWORD dwEncoding)
{
    BYTE *buf = NULL;
    DWORD size = 0, i;
    BOOL ret;
    CERT_NAME_VALUE value;

1825 1826 1827 1828
    if (0)
    {
        /* Crashes on win9x */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, NULL,
1829
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1830 1831 1832
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
1833 1834 1835 1836
    /* Have to have a string of some sort */
    value.dwValueType = 0; /* aka CERT_RDN_ANY_TYPE */
    value.Value.pbData = NULL;
    value.Value.cbData = 0;
1837
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1838
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1839
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1840
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1841
    value.dwValueType = CERT_RDN_ENCODED_BLOB;
1842
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1843
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1844
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1845
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1846 1847
    value.dwValueType = CERT_RDN_ANY_TYPE;
    value.Value.pbData = (LPBYTE)oneW;
1848
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1849
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1850
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1851
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1852
    value.Value.cbData = sizeof(oneW);
1853
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1854
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1855
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1856
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1857 1858 1859 1860
    /* An encoded string with specified length isn't good enough either */
    value.dwValueType = CERT_RDN_ENCODED_BLOB;
    value.Value.pbData = oneUniversal;
    value.Value.cbData = sizeof(oneUniversal);
1861
    ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1862
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1863
    ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1864
     "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1865 1866 1867 1868 1869 1870
    /* More failure checking */
    value.Value.cbData = 0;
    for (i = 0; i < sizeof(unicodeErrors) / sizeof(unicodeErrors[0]); i++)
    {
        value.Value.pbData = (LPBYTE)unicodeErrors[i].str;
        value.dwValueType = unicodeErrors[i].valueType;
1871
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1872
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1873
        ok(!ret && GetLastError() == unicodeErrors[i].error,
1874
         "Value type %d: expected %08x, got %08x\n", value.dwValueType,
1875 1876
         unicodeErrors[i].error, GetLastError());
        ok(size == unicodeErrors[i].errorIndex,
1877
         "Expected error index %d, got %d\n", unicodeErrors[i].errorIndex,
1878 1879 1880 1881 1882 1883 1884 1885
         size);
    }
    /* cbData can be zero if the string is NULL-terminated */
    value.Value.cbData = 0;
    for (i = 0; i < sizeof(unicodeResults) / sizeof(unicodeResults[0]); i++)
    {
        value.Value.pbData = (LPBYTE)unicodeResults[i].str;
        value.dwValueType = unicodeResults[i].valueType;
1886
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1887
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1888 1889
        ok(ret || broken(GetLastError() == OSS_PDU_MISMATCH /* Win9x */),
         "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1890
        if (ret)
1891 1892
        {
            ok(size == unicodeResults[i].encoded.cbData,
1893
             "Value type %d: expected size %d, got %d\n",
1894 1895
             value.dwValueType, unicodeResults[i].encoded.cbData, size);
            ok(!memcmp(unicodeResults[i].encoded.pbData, buf, size),
1896
             "Value type %d: unexpected value\n", value.dwValueType);
1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907
            LocalFree(buf);
        }
    }
    /* These "encode," but they do so by truncating each unicode character
     * rather than properly encoding it.  Kept separate from the proper results,
     * because the encoded forms won't decode to their original strings.
     */
    for (i = 0; i < sizeof(unicodeWeirdness) / sizeof(unicodeWeirdness[0]); i++)
    {
        value.Value.pbData = (LPBYTE)unicodeWeirdness[i].str;
        value.dwValueType = unicodeWeirdness[i].valueType;
1908
        ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1909
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1910
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1911
        if (ret)
1912 1913
        {
            ok(size == unicodeWeirdness[i].encoded.cbData,
1914
             "Value type %d: expected size %d, got %d\n",
1915 1916
             value.dwValueType, unicodeWeirdness[i].encoded.cbData, size);
            ok(!memcmp(unicodeWeirdness[i].encoded.pbData, buf, size),
1917
             "Value type %d: unexpected value\n", value.dwValueType);
1918 1919 1920 1921 1922
            LocalFree(buf);
        }
    }
}

1923 1924 1925 1926 1927 1928 1929
static inline int strncmpW( const WCHAR *str1, const WCHAR *str2, int n )
{
    if (n <= 0) return 0;
    while ((--n > 0) && *str1 && (*str1 == *str2)) { str1++; str2++; }
    return *str1 - *str2;
}

1930 1931 1932 1933 1934 1935 1936 1937 1938 1939
static void test_decodeUnicodeNameValue(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(unicodeResults) / sizeof(unicodeResults[0]); i++)
    {
        BYTE *buf = NULL;
        BOOL ret;
        DWORD size = 0;

1940
        ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE,
1941
         unicodeResults[i].encoded.pbData, unicodeResults[i].encoded.cbData,
1942
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
1943 1944
        ok(ret || broken(GetLastError() == CRYPT_E_NOT_CHAR_STRING /* Win9x */),
         "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1945 1946 1947 1948 1949
        if (ret && buf)
        {
            PCERT_NAME_VALUE value = (PCERT_NAME_VALUE)buf;

            ok(value->dwValueType == unicodeResults[i].valueType,
1950
             "Expected value type %d, got %d\n", unicodeResults[i].valueType,
1951
             value->dwValueType);
1952 1953
            ok(!strncmpW((LPWSTR)value->Value.pbData, unicodeResults[i].str,
             value->Value.cbData / sizeof(WCHAR)),
1954
             "Unexpected decoded value for index %d (value type %d)\n", i,
1955 1956 1957 1958 1959 1960
             unicodeResults[i].valueType);
            LocalFree(buf);
        }
    }
}

1961 1962
struct encodedOctets
{
1963 1964
    const BYTE *val;
    const BYTE *encoded;
1965 1966
};

Mike McCormack's avatar
Mike McCormack committed
1967 1968 1969 1970 1971 1972 1973 1974 1975
static const unsigned char bin46[] = { 'h','i',0 };
static const unsigned char bin47[] = { 0x04,0x02,'h','i',0 };
static const unsigned char bin48[] = {
     's','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
static const unsigned char bin49[] = {
     0x04,0x0f,'s','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
static const unsigned char bin50[] = { 0 };
static const unsigned char bin51[] = { 0x04,0x00,0 };

1976
static const struct encodedOctets octets[] = {
Mike McCormack's avatar
Mike McCormack committed
1977 1978 1979
    { bin46, bin47 },
    { bin48, bin49 },
    { bin50, bin51 },
1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992
};

static void test_encodeOctets(DWORD dwEncoding)
{
    CRYPT_DATA_BLOB blob;
    DWORD i;

    for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
    {
        BYTE *buf = NULL;
        BOOL ret;
        DWORD bufSize = 0;

Mike McCormack's avatar
Mike McCormack committed
1993 1994
        blob.cbData = strlen((const char*)octets[i].val);
        blob.pbData = (BYTE*)octets[i].val;
1995
        ret = pCryptEncodeObjectEx(dwEncoding, X509_OCTET_STRING, &blob,
1996
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1997
        ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
1998
        if (ret)
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
        {
            ok(buf[0] == 4,
             "Got unexpected type %d for octet string (expected 4)\n", buf[0]);
            ok(buf[1] == octets[i].encoded[1], "Got length %d, expected %d\n",
             buf[1], octets[i].encoded[1]);
            ok(!memcmp(buf + 1, octets[i].encoded + 1,
             octets[i].encoded[1] + 1), "Got unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeOctets(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
    {
        BYTE *buf = NULL;
        BOOL ret;
        DWORD bufSize = 0;

2021
        ret = pCryptDecodeObjectEx(dwEncoding, X509_OCTET_STRING,
2022 2023
         octets[i].encoded, octets[i].encoded[1] + 2,
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2024
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2025
        ok(bufSize >= sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1],
2026
         "Expected size >= %d, got %d\n",
2027
           (int)sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1], bufSize);
2028
        ok(buf != NULL, "Expected allocated buffer\n");
2029
        if (ret)
2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045
        {
            CRYPT_DATA_BLOB *blob = (CRYPT_DATA_BLOB *)buf;

            if (blob->cbData)
                ok(!memcmp(blob->pbData, octets[i].val, blob->cbData),
                 "Unexpected value\n");
            LocalFree(buf);
        }
    }
}

static const BYTE bytesToEncode[] = { 0xff, 0xff };

struct encodedBits
{
    DWORD cUnusedBits;
2046
    const BYTE *encoded;
2047
    DWORD cbDecoded;
2048
    const BYTE *decoded;
2049 2050
};

Juan Lang's avatar
Juan Lang committed
2051 2052 2053 2054 2055 2056 2057
static const unsigned char bin52[] = { 0x03,0x03,0x00,0xff,0xff };
static const unsigned char bin53[] = { 0xff,0xff };
static const unsigned char bin54[] = { 0x03,0x03,0x01,0xff,0xfe };
static const unsigned char bin55[] = { 0xff,0xfe };
static const unsigned char bin56[] = { 0x03,0x02,0x01,0xfe };
static const unsigned char bin57[] = { 0xfe };
static const unsigned char bin58[] = { 0x03,0x01,0x00 };
Mike McCormack's avatar
Mike McCormack committed
2058

2059
static const struct encodedBits bits[] = {
2060
    /* normal test cases */
Mike McCormack's avatar
Mike McCormack committed
2061 2062
    { 0, bin52, 2, bin53 },
    { 1, bin54, 2, bin55 },
2063
    /* strange test case, showing cUnusedBits >= 8 is allowed */
Mike McCormack's avatar
Mike McCormack committed
2064
    { 9, bin56, 1, bin57 },
2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080
};

static void test_encodeBits(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
    {
        CRYPT_BIT_BLOB blob;
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

        blob.cbData = sizeof(bytesToEncode);
        blob.pbData = (BYTE *)bytesToEncode;
        blob.cUnusedBits = bits[i].cUnusedBits;
2081
        ret = pCryptEncodeObjectEx(dwEncoding, X509_BITS, &blob,
2082
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2083
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2084
        if (ret)
2085 2086
        {
            ok(bufSize == bits[i].encoded[1] + 2,
2087
             "%d: Got unexpected size %d, expected %d\n", i, bufSize,
2088 2089
             bits[i].encoded[1] + 2);
            ok(!memcmp(buf, bits[i].encoded, bits[i].encoded[1] + 2),
2090
             "%d: Unexpected value\n", i);
2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107
            LocalFree(buf);
        }
    }
}

static void test_decodeBits(DWORD dwEncoding)
{
    static const BYTE ber[] = "\x03\x02\x01\xff";
    static const BYTE berDecoded = 0xfe;
    DWORD i;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

    /* normal cases */
    for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
    {
2108
        ret = pCryptDecodeObjectEx(dwEncoding, X509_BITS, bits[i].encoded,
2109
         bits[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
2110
         &bufSize);
2111
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2112
        if (ret)
2113 2114 2115 2116
        {
            CRYPT_BIT_BLOB *blob;

            ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + bits[i].cbDecoded,
2117
               "Got unexpected size %d\n", bufSize);
2118 2119
            blob = (CRYPT_BIT_BLOB *)buf;
            ok(blob->cbData == bits[i].cbDecoded,
2120
             "Got unexpected length %d, expected %d\n", blob->cbData,
2121 2122 2123 2124 2125 2126 2127 2128 2129 2130
             bits[i].cbDecoded);
            if (blob->cbData && bits[i].cbDecoded)
                ok(!memcmp(blob->pbData, bits[i].decoded, bits[i].cbDecoded),
                 "Unexpected value\n");
            LocalFree(buf);
        }
    }
    /* special case: check that something that's valid in BER but not in DER
     * decodes successfully
     */
2131
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BITS, ber, ber[1] + 2,
2132
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2133
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2134
    if (ret)
2135 2136 2137 2138
    {
        CRYPT_BIT_BLOB *blob;

        ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + sizeof(berDecoded),
2139
           "Got unexpected size %d\n", bufSize);
2140 2141
        blob = (CRYPT_BIT_BLOB *)buf;
        ok(blob->cbData == sizeof(berDecoded),
2142
           "Got unexpected length %d\n", blob->cbData);
2143 2144 2145 2146 2147 2148
        if (blob->cbData)
            ok(*blob->pbData == berDecoded, "Unexpected value\n");
        LocalFree(buf);
    }
}

2149 2150 2151 2152 2153 2154
struct Constraints2
{
    CERT_BASIC_CONSTRAINTS2_INFO info;
    const BYTE *encoded;
};

Juan Lang's avatar
Juan Lang committed
2155 2156 2157 2158
static const unsigned char bin59[] = { 0x30,0x00 };
static const unsigned char bin60[] = { 0x30,0x03,0x01,0x01,0xff };
static const unsigned char bin61[] = { 0x30,0x03,0x02,0x01,0x00 };
static const unsigned char bin62[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2159 2160
static const struct Constraints2 constraints2[] = {
 /* empty constraints */
Mike McCormack's avatar
Mike McCormack committed
2161
 { { FALSE, FALSE, 0}, bin59 },
2162
 /* can be a CA */
Mike McCormack's avatar
Mike McCormack committed
2163
 { { TRUE,  FALSE, 0}, bin60 },
2164 2165 2166
 /* has path length constraints set (MSDN implies fCA needs to be TRUE as well,
  * but that's not the case
  */
Mike McCormack's avatar
Mike McCormack committed
2167
 { { FALSE, TRUE,  0}, bin61 },
2168
 /* can be a CA and has path length constraints set */
Mike McCormack's avatar
Mike McCormack committed
2169
 { { TRUE,  TRUE,  1}, bin62 },
2170 2171
};

2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182
static const BYTE emptyConstraint[] = { 0x30, 0x03, 0x03, 0x01, 0x00 };
static const BYTE encodedDomainName[] = { 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11,
 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16,
 0x03, 0x6f, 0x72, 0x67, 0x30, 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93,
 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };
static const BYTE constraintWithDomainName[] = { 0x30, 0x32, 0x03, 0x01, 0x00,
 0x30, 0x2d, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26,
 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x03, 0x6f, 0x72, 0x67, 0x30,
 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19,
 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };

2183 2184
static void test_encodeBasicConstraints(DWORD dwEncoding)
{
2185
    DWORD i, bufSize = 0;
2186
    CERT_BASIC_CONSTRAINTS_INFO info = { { 0 } };
2187 2188 2189 2190
    CERT_NAME_BLOB nameBlob = { sizeof(encodedDomainName),
     (LPBYTE)encodedDomainName };
    BOOL ret;
    BYTE *buf = NULL;
2191 2192 2193 2194

    /* First test with the simpler info2 */
    for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
    {
2195
        ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2196
         &constraints2[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf,
2197
         &bufSize);
2198
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2199
        if (ret)
2200 2201
        {
            ok(bufSize == constraints2[i].encoded[1] + 2,
2202
             "Expected %d bytes, got %d\n", constraints2[i].encoded[1] + 2,
2203 2204 2205 2206 2207 2208
             bufSize);
            ok(!memcmp(buf, constraints2[i].encoded,
             constraints2[i].encoded[1] + 2), "Unexpected value\n");
            LocalFree(buf);
        }
    }
2209 2210 2211 2212
    /* Now test with more complex basic constraints */
    info.SubjectType.cbData = 0;
    info.fPathLenConstraint = FALSE;
    info.cSubtreesConstraint = 0;
2213
    ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
2214
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2215 2216
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2217
    if (ret)
2218
    {
2219
        ok(bufSize == sizeof(emptyConstraint), "Wrong size %d\n", bufSize);
2220 2221 2222 2223 2224 2225 2226 2227 2228
        ok(!memcmp(buf, emptyConstraint, sizeof(emptyConstraint)),
         "Unexpected value\n");
        LocalFree(buf);
    }
    /* None of the certs I examined had any subtree constraint, but I test one
     * anyway just in case.
     */
    info.cSubtreesConstraint = 1;
    info.rgSubtreesConstraint = &nameBlob;
2229
    ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
2230
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2231 2232
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2233
    if (ret)
2234
    {
2235
        ok(bufSize == sizeof(constraintWithDomainName), "Wrong size %d\n", bufSize);
2236 2237 2238 2239 2240
        ok(!memcmp(buf, constraintWithDomainName,
         sizeof(constraintWithDomainName)), "Unexpected value\n");
        LocalFree(buf);
    }
    /* FIXME: test encoding with subject type. */
2241 2242
}

Juan Lang's avatar
Juan Lang committed
2243
static const unsigned char bin63[] = { 0x30,0x06,0x01,0x01,0x01,0x02,0x01,0x01 };
Mike McCormack's avatar
Mike McCormack committed
2244

2245 2246
static void test_decodeBasicConstraints(DWORD dwEncoding)
{
Juan Lang's avatar
Juan Lang committed
2247 2248
    static const BYTE inverted[] = { 0x30, 0x06, 0x02, 0x01, 0x01, 0x01, 0x01,
     0xff };
Mike McCormack's avatar
Mike McCormack committed
2249
    static const struct Constraints2 badBool = { { TRUE, TRUE, 1 }, bin63 };
2250 2251 2252 2253 2254 2255 2256 2257
    DWORD i;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

    /* First test with simpler info2 */
    for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
    {
2258
        ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2259
         constraints2[i].encoded, constraints2[i].encoded[1] + 2,
2260
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2261
        ok(ret, "CryptDecodeObjectEx failed for item %d: %08x\n", i,
2262
         GetLastError());
2263
        if (ret)
2264 2265 2266 2267 2268
        {
            CERT_BASIC_CONSTRAINTS2_INFO *info =
             (CERT_BASIC_CONSTRAINTS2_INFO *)buf;

            ok(!memcmp(info, &constraints2[i].info, sizeof(*info)),
2269
             "Unexpected value for item %d\n", i);
2270 2271 2272 2273 2274
            LocalFree(buf);
        }
    }
    /* Check with the order of encoded elements inverted */
    buf = (PBYTE)1;
2275
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2276
     inverted, inverted[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
2277
     &bufSize);
2278 2279 2280 2281
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
2282 2283
    ok(!buf, "Expected buf to be set to NULL\n");
    /* Check with a non-DER bool */
2284
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2285
     badBool.encoded, badBool.encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2286
     &buf, &bufSize);
2287
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2288
    if (ret)
2289 2290 2291 2292 2293 2294 2295 2296
    {
        CERT_BASIC_CONSTRAINTS2_INFO *info =
         (CERT_BASIC_CONSTRAINTS2_INFO *)buf;

        ok(!memcmp(info, &badBool.info, sizeof(*info)), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Check with a non-basic constraints value */
2297
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2298 2299
     encodedCommonName, encodedCommonName[1] + 2,
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2300 2301 2302 2303
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
2304
    /* Now check with the more complex CERT_BASIC_CONSTRAINTS_INFO */
2305
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
2306
     emptyConstraint, sizeof(emptyConstraint), CRYPT_DECODE_ALLOC_FLAG, NULL,
2307
     &buf, &bufSize);
2308
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2309
    if (ret)
2310 2311 2312 2313 2314 2315 2316 2317
    {
        CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;

        ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
        ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
        ok(info->cSubtreesConstraint == 0, "Expected no subtree constraints\n");
        LocalFree(buf);
    }
2318
    ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
2319
     constraintWithDomainName, sizeof(constraintWithDomainName),
2320
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2321
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2322
    if (ret)
2323 2324 2325 2326 2327 2328 2329 2330 2331
    {
        CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;

        ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
        ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
        ok(info->cSubtreesConstraint == 1, "Expected a subtree constraint\n");
        if (info->cSubtreesConstraint && info->rgSubtreesConstraint)
        {
            ok(info->rgSubtreesConstraint[0].cbData ==
2332
             sizeof(encodedDomainName), "Wrong size %d\n",
2333
             info->rgSubtreesConstraint[0].cbData);
2334 2335 2336 2337 2338
            ok(!memcmp(info->rgSubtreesConstraint[0].pbData, encodedDomainName,
             sizeof(encodedDomainName)), "Unexpected value\n");
        }
        LocalFree(buf);
    }
2339 2340
}

2341 2342 2343
/* These are terrible public keys of course, I'm just testing encoding */
static const BYTE modulus1[] = { 0,0,0,1,1,1,1,1 };
static const BYTE modulus2[] = { 1,1,1,1,1,0,0,0 };
2344 2345
static const BYTE modulus3[] = { 0x80,1,1,1,1,0,0,0 };
static const BYTE modulus4[] = { 1,1,1,1,1,0,0,0x80 };
Mike McCormack's avatar
Mike McCormack committed
2346 2347
static const BYTE mod1_encoded[] = { 0x30,0x0f,0x02,0x08,0x01,0x01,0x01,0x01,0x01,0x00,0x00,0x00,0x02,0x03,0x01,0x00,0x01 };
static const BYTE mod2_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
2348 2349
static const BYTE mod3_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x80,0x02,0x03,0x01,0x00,0x01 };
static const BYTE mod4_encoded[] = { 0x30,0x10,0x02,0x09,0x00,0x80,0x00,0x00,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
2350 2351 2352 2353 2354 2355 2356 2357 2358

struct EncodedRSAPubKey
{
    const BYTE *modulus;
    size_t modulusLen;
    const BYTE *encoded;
    size_t decodedModulusLen;
};

2359
static const struct EncodedRSAPubKey rsaPubKeys[] = {
Mike McCormack's avatar
Mike McCormack committed
2360 2361
    { modulus1, sizeof(modulus1), mod1_encoded, sizeof(modulus1) },
    { modulus2, sizeof(modulus2), mod2_encoded, 5 },
2362 2363
    { modulus3, sizeof(modulus3), mod3_encoded, 5 },
    { modulus4, sizeof(modulus4), mod4_encoded, 8 },
2364 2365 2366 2367 2368 2369 2370 2371 2372
};

static void test_encodeRsaPublicKey(DWORD dwEncoding)
{
    BYTE toEncode[sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + sizeof(modulus1)];
    BLOBHEADER *hdr = (BLOBHEADER *)toEncode;
    RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(toEncode + sizeof(BLOBHEADER));
    BOOL ret;
    BYTE *buf = NULL;
2373
    DWORD bufSize = 0, i;
2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385

    /* Try with a bogus blob type */
    hdr->bType = 2;
    hdr->bVersion = CUR_BLOB_VERSION;
    hdr->reserved = 0;
    hdr->aiKeyAlg = CALG_RSA_KEYX;
    rsaPubKey->magic = 0x31415352;
    rsaPubKey->bitlen = sizeof(modulus1) * 8;
    rsaPubKey->pubexp = 65537;
    memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY), modulus1,
     sizeof(modulus1));

2386
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2387
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2388
    ok(!ret && GetLastError() == E_INVALIDARG,
2389
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
2390 2391 2392
    /* Now with a bogus reserved field */
    hdr->bType = PUBLICKEYBLOB;
    hdr->reserved = 1;
2393
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2394
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2395
    if (ret)
2396 2397
    {
        ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2398
         "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2399 2400 2401 2402 2403 2404
        ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Now with a bogus blob version */
    hdr->reserved = 0;
    hdr->bVersion = 0;
2405
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2406
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2407
    if (ret)
2408 2409
    {
        ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2410
         "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2411 2412 2413 2414 2415 2416
        ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
        LocalFree(buf);
    }
    /* And with a bogus alg ID */
    hdr->bVersion = CUR_BLOB_VERSION;
    hdr->aiKeyAlg = CALG_DES;
2417
    ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2418
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2419
    if (ret)
2420 2421
    {
        ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2422
         "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2423 2424 2425
        ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
        LocalFree(buf);
    }
2426 2427
    /* Check a couple of RSA-related OIDs */
    hdr->aiKeyAlg = CALG_RSA_KEYX;
2428
    ret = pCryptEncodeObjectEx(dwEncoding, szOID_RSA_RSA,
2429
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2430
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2431
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2432
    ret = pCryptEncodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
2433
     toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2434
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2435
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2436
    /* Finally, all valid */
2437
    hdr->aiKeyAlg = CALG_RSA_KEYX;
2438
    for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
2439
    {
2440 2441
        memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
         rsaPubKeys[i].modulus, rsaPubKeys[i].modulusLen);
2442
        ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2443
         toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2444
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2445
        if (ret)
2446 2447
        {
            ok(bufSize == rsaPubKeys[i].encoded[1] + 2,
2448
             "Expected size %d, got %d\n", rsaPubKeys[i].encoded[1] + 2,
2449 2450 2451 2452 2453
             bufSize);
            ok(!memcmp(buf, rsaPubKeys[i].encoded, bufSize),
             "Unexpected value\n");
            LocalFree(buf);
        }
2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464
    }
}

static void test_decodeRsaPublicKey(DWORD dwEncoding)
{
    DWORD i;
    LPBYTE buf = NULL;
    DWORD bufSize = 0;
    BOOL ret;

    /* Try with a bad length */
2465
    ret = pCryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2466
     rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1],
2467
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2468 2469 2470 2471
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == OSS_MORE_INPUT /* Win9x/NT4 */),
     "Expected CRYPT_E_ASN1_EOD or OSS_MORE_INPUT, got %08x\n",
     GetLastError());
2472
    /* Try with a couple of RSA-related OIDs */
2473
    ret = pCryptDecodeObjectEx(dwEncoding, szOID_RSA_RSA,
2474
     rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
2475
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2476
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2477
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2478
    ret = pCryptDecodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
2479
     rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
2480
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2481
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2482
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2483 2484 2485 2486
    /* Now try success cases */
    for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
    {
        bufSize = 0;
2487
        ret = pCryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2488
         rsaPubKeys[i].encoded, rsaPubKeys[i].encoded[1] + 2,
2489
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2490
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2491
        if (ret)
2492 2493 2494 2495 2496 2497
        {
            BLOBHEADER *hdr = (BLOBHEADER *)buf;
            RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(buf + sizeof(BLOBHEADER));

            ok(bufSize >= sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
             rsaPubKeys[i].decodedModulusLen,
2498
             "Wrong size %d\n", bufSize);
2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509
            ok(hdr->bType == PUBLICKEYBLOB,
             "Expected type PUBLICKEYBLOB (%d), got %d\n", PUBLICKEYBLOB,
             hdr->bType);
            ok(hdr->bVersion == CUR_BLOB_VERSION,
             "Expected version CUR_BLOB_VERSION (%d), got %d\n",
             CUR_BLOB_VERSION, hdr->bVersion);
            ok(hdr->reserved == 0, "Expected reserved 0, got %d\n",
             hdr->reserved);
            ok(hdr->aiKeyAlg == CALG_RSA_KEYX,
             "Expected CALG_RSA_KEYX, got %08x\n", hdr->aiKeyAlg);
            ok(rsaPubKey->magic == 0x31415352,
2510
             "Expected magic RSA1, got %08x\n", rsaPubKey->magic);
2511
            ok(rsaPubKey->bitlen == rsaPubKeys[i].decodedModulusLen * 8,
2512 2513
             "Wrong bit len %d\n", rsaPubKey->bitlen);
            ok(rsaPubKey->pubexp == 65537, "Expected pubexp 65537, got %d\n",
2514 2515 2516 2517 2518 2519 2520 2521 2522
             rsaPubKey->pubexp);
            ok(!memcmp(buf + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
             rsaPubKeys[i].modulus, rsaPubKeys[i].decodedModulusLen),
             "Unexpected modulus\n");
            LocalFree(buf);
        }
    }
}

2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540
static const BYTE intSequence[] = { 0x30, 0x1b, 0x02, 0x01, 0x01, 0x02, 0x01,
 0x7f, 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02,
 0x02, 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };

static const BYTE mixedSequence[] = { 0x30, 0x27, 0x17, 0x0d, 0x30, 0x35, 0x30,
 0x36, 0x30, 0x36, 0x31, 0x36, 0x31, 0x30, 0x30, 0x30, 0x5a, 0x02, 0x01, 0x7f,
 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02, 0x02,
 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };

static void test_encodeSequenceOfAny(DWORD dwEncoding)
{
    CRYPT_DER_BLOB blobs[sizeof(ints) / sizeof(ints[0])];
    CRYPT_SEQUENCE_OF_ANY seq;
    DWORD i;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

2541
    /* Encode a homogeneous sequence */
2542 2543 2544
    for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
    {
        blobs[i].cbData = ints[i].encoded[1] + 2;
2545
        blobs[i].pbData = (BYTE *)ints[i].encoded;
2546 2547 2548 2549
    }
    seq.cValue = sizeof(ints) / sizeof(ints[0]);
    seq.rgValue = blobs;

2550
    ret = pCryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
2551
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2552
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2553
    if (ret)
2554
    {
2555
        ok(bufSize == sizeof(intSequence), "Wrong size %d\n", bufSize);
2556 2557 2558 2559 2560 2561 2562 2563
        ok(!memcmp(buf, intSequence, intSequence[1] + 2), "Unexpected value\n");
        LocalFree(buf);
    }
    /* Change the type of the first element in the sequence, and give it
     * another go
     */
    blobs[0].cbData = times[0].encodedTime[1] + 2;
    blobs[0].pbData = (BYTE *)times[0].encodedTime;
2564
    ret = pCryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
2565
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2566
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2567
    if (ret)
2568
    {
2569
        ok(bufSize == sizeof(mixedSequence), "Wrong size %d\n", bufSize);
2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581
        ok(!memcmp(buf, mixedSequence, mixedSequence[1] + 2),
         "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeSequenceOfAny(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

2582
    ret = pCryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, intSequence,
2583
     intSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2584
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2585
    if (ret)
2586 2587 2588 2589 2590
    {
        CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;
        DWORD i;

        ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
2591
         "Wrong elements %d\n", seq->cValue);
2592 2593 2594
        for (i = 0; i < min(seq->cValue, sizeof(ints) / sizeof(ints[0])); i++)
        {
            ok(seq->rgValue[i].cbData == ints[i].encoded[1] + 2,
2595
             "Expected %d bytes, got %d\n", ints[i].encoded[1] + 2,
2596 2597 2598 2599 2600 2601
             seq->rgValue[i].cbData);
            ok(!memcmp(seq->rgValue[i].pbData, ints[i].encoded,
             ints[i].encoded[1] + 2), "Unexpected value\n");
        }
        LocalFree(buf);
    }
2602
    ret = pCryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, mixedSequence,
2603
     mixedSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
2604
     &bufSize);
2605
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2606
    if (ret)
2607 2608 2609 2610
    {
        CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;

        ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
2611
         "Wrong elements %d\n", seq->cValue);
2612 2613
        /* Just check the first element since it's all that changed */
        ok(seq->rgValue[0].cbData == times[0].encodedTime[1] + 2,
2614
         "Expected %d bytes, got %d\n", times[0].encodedTime[1] + 2,
2615 2616 2617 2618 2619 2620 2621
         seq->rgValue[0].cbData);
        ok(!memcmp(seq->rgValue[0].pbData, times[0].encodedTime,
         times[0].encodedTime[1] + 2), "Unexpected value\n");
        LocalFree(buf);
    }
}

2622 2623 2624 2625 2626 2627
struct encodedExtensions
{
    CERT_EXTENSIONS exts;
    const BYTE *encoded;
};

Mike McCormack's avatar
Mike McCormack committed
2628 2629
static BYTE crit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static BYTE noncrit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2630
static CHAR oid_basic_constraints2[] = szOID_BASIC_CONSTRAINTS2;
2631
static CERT_EXTENSION criticalExt =
2632
 { oid_basic_constraints2, TRUE, { 8, crit_ext_data } };
2633
static CERT_EXTENSION nonCriticalExt =
2634
 { oid_basic_constraints2, FALSE, { 8, noncrit_ext_data } };
2635 2636 2637
static CHAR oid_short[] = "1.1";
static CERT_EXTENSION extWithShortOid =
 { oid_short, FALSE, { 0, NULL } };
Mike McCormack's avatar
Mike McCormack committed
2638 2639 2640 2641 2642 2643

static const BYTE ext0[] = { 0x30,0x00 };
static const BYTE ext1[] = { 0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
                             0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE ext2[] = { 0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x04,
                             0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2644
static const BYTE ext3[] = { 0x30,0x07,0x30,0x05,0x06,0x01,0x29,0x04,0x00 };
2645 2646

static const struct encodedExtensions exts[] = {
Mike McCormack's avatar
Mike McCormack committed
2647 2648 2649
 { { 0, NULL }, ext0 },
 { { 1, &criticalExt }, ext1 },
 { { 1, &nonCriticalExt }, ext2 },
2650
 { { 1, &extWithShortOid }, ext3 }
2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662
};

static void test_encodeExtensions(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
    {
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

2663
        ret = pCryptEncodeObjectEx(dwEncoding, X509_EXTENSIONS, &exts[i].exts,
Mike McCormack's avatar
Mike McCormack committed
2664
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2665
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2666
        if (ret)
2667 2668
        {
            ok(bufSize == exts[i].encoded[1] + 2,
2669
             "Expected %d bytes, got %d\n", exts[i].encoded[1] + 2, bufSize);
2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686
            ok(!memcmp(buf, exts[i].encoded, exts[i].encoded[1] + 2),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeExtensions(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
    {
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

2687
        ret = pCryptDecodeObjectEx(dwEncoding, X509_EXTENSIONS,
2688
         exts[i].encoded, exts[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2689
         NULL, &buf, &bufSize);
2690
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2691
        if (ret)
2692 2693 2694 2695 2696
        {
            CERT_EXTENSIONS *ext = (CERT_EXTENSIONS *)buf;
            DWORD j;

            ok(ext->cExtension == exts[i].exts.cExtension,
2697
             "Expected %d extensions, see %d\n", exts[i].exts.cExtension,
2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715
             ext->cExtension);
            for (j = 0; j < min(ext->cExtension, exts[i].exts.cExtension); j++)
            {
                ok(!strcmp(ext->rgExtension[j].pszObjId,
                 exts[i].exts.rgExtension[j].pszObjId),
                 "Expected OID %s, got %s\n",
                 exts[i].exts.rgExtension[j].pszObjId,
                 ext->rgExtension[j].pszObjId);
                ok(!memcmp(ext->rgExtension[j].Value.pbData,
                 exts[i].exts.rgExtension[j].Value.pbData,
                 exts[i].exts.rgExtension[j].Value.cbData),
                 "Unexpected value\n");
            }
            LocalFree(buf);
        }
    }
}

2716 2717
/* MS encodes public key info with a NULL if the algorithm identifier's
 * parameters are empty.  However, when encoding an algorithm in a CERT_INFO,
2718 2719
 * it encodes them by omitting the algorithm parameters.  It accepts either
 * form for decoding.
2720
 */
2721 2722 2723 2724
struct encodedPublicKey
{
    CERT_PUBLIC_KEY_INFO info;
    const BYTE *encoded;
2725
    const BYTE *encodedNoNull;
2726 2727 2728 2729 2730 2731 2732
    CERT_PUBLIC_KEY_INFO decoded;
};

static const BYTE aKey[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
 0xe, 0xf };
static const BYTE params[] = { 0x02, 0x01, 0x01 };

Mike McCormack's avatar
Mike McCormack committed
2733
static const unsigned char bin64[] = {
Juan Lang's avatar
Juan Lang committed
2734
    0x30,0x0b,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2735
static const unsigned char bin65[] = {
Juan Lang's avatar
Juan Lang committed
2736
    0x30,0x09,0x30,0x04,0x06,0x02,0x2a,0x03,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2737
static const unsigned char bin66[] = {
Juan Lang's avatar
Juan Lang committed
2738
    0x30,0x0f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2739
static const unsigned char bin67[] = {
Juan Lang's avatar
Juan Lang committed
2740
    0x30,0x0d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x01,0x00};
Mike McCormack's avatar
Mike McCormack committed
2741 2742
static const unsigned char bin68[] = {
    0x30,0x1f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x11,0x00,0x00,0x01,
Juan Lang's avatar
Juan Lang committed
2743
    0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
Mike McCormack's avatar
Mike McCormack committed
2744 2745
static const unsigned char bin69[] = {
    0x30,0x1d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x11,0x00,0x00,0x01,
Juan Lang's avatar
Juan Lang committed
2746
    0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
Mike McCormack's avatar
Mike McCormack committed
2747 2748 2749
static const unsigned char bin70[] = {
    0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
    0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
Juan Lang's avatar
Juan Lang committed
2750
    0x0f};
Mike McCormack's avatar
Mike McCormack committed
2751 2752 2753
static const unsigned char bin71[] = {
    0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
    0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
Juan Lang's avatar
Juan Lang committed
2754 2755
    0x0f};
static unsigned char bin72[] = { 0x05,0x00};
Mike McCormack's avatar
Mike McCormack committed
2756

2757 2758 2759
static CHAR oid_bogus[] = "1.2.3",
            oid_rsa[]   = szOID_RSA;

2760 2761
static const struct encodedPublicKey pubKeys[] = {
 /* with a bogus OID */
2762
 { { { oid_bogus, { 0, NULL } }, { 0, NULL, 0 } },
Mike McCormack's avatar
Mike McCormack committed
2763
  bin64, bin65,
2764
  { { oid_bogus, { 2, bin72 } }, { 0, NULL, 0 } } },
2765
 /* some normal keys */
2766
 { { { oid_rsa, { 0, NULL } }, { 0, NULL, 0} },
Mike McCormack's avatar
Mike McCormack committed
2767
  bin66, bin67,
2768 2769
  { { oid_rsa, { 2, bin72 } }, { 0, NULL, 0 } } },
 { { { oid_rsa, { 0, NULL } }, { sizeof(aKey), (BYTE *)aKey, 0} },
Mike McCormack's avatar
Mike McCormack committed
2770
  bin68, bin69,
2771
  { { oid_rsa, { 2, bin72 } }, { sizeof(aKey), (BYTE *)aKey, 0} } },
2772
 /* with add'l parameters--note they must be DER-encoded */
2773
 { { { oid_rsa, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2774
  (BYTE *)aKey, 0 } },
Mike McCormack's avatar
Mike McCormack committed
2775
  bin70, bin71,
2776
  { { oid_rsa, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789
  (BYTE *)aKey, 0 } } },
};

static void test_encodePublicKeyInfo(DWORD dwEncoding)
{
    DWORD i;

    for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
    {
        BOOL ret;
        BYTE *buf = NULL;
        DWORD bufSize = 0;

2790
        ret = pCryptEncodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2791
         &pubKeys[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf,
2792
         &bufSize);
2793 2794
        ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
         "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2795
        if (ret)
2796
        {
2797 2798
            ok(bufSize == pubKeys[i].encoded[1] + 2,
             "Expected %d bytes, got %d\n", pubKeys[i].encoded[1] + 2, bufSize);
2799 2800 2801
            if (bufSize == pubKeys[i].encoded[1] + 2)
                ok(!memcmp(buf, pubKeys[i].encoded, pubKeys[i].encoded[1] + 2),
                 "Unexpected value\n");
2802 2803 2804 2805 2806
            LocalFree(buf);
        }
    }
}

2807 2808 2809 2810 2811 2812 2813 2814
static void comparePublicKeyInfo(const CERT_PUBLIC_KEY_INFO *expected,
 const CERT_PUBLIC_KEY_INFO *got)
{
    ok(!strcmp(expected->Algorithm.pszObjId, got->Algorithm.pszObjId),
     "Expected OID %s, got %s\n", expected->Algorithm.pszObjId,
     got->Algorithm.pszObjId);
    ok(expected->Algorithm.Parameters.cbData ==
     got->Algorithm.Parameters.cbData,
2815
     "Expected parameters of %d bytes, got %d\n",
2816 2817 2818 2819 2820 2821
     expected->Algorithm.Parameters.cbData, got->Algorithm.Parameters.cbData);
    if (expected->Algorithm.Parameters.cbData)
        ok(!memcmp(expected->Algorithm.Parameters.pbData,
         got->Algorithm.Parameters.pbData, got->Algorithm.Parameters.cbData),
         "Unexpected algorithm parameters\n");
    ok(expected->PublicKey.cbData == got->PublicKey.cbData,
2822
     "Expected public key of %d bytes, got %d\n",
2823 2824 2825 2826 2827 2828
     expected->PublicKey.cbData, got->PublicKey.cbData);
    if (expected->PublicKey.cbData)
        ok(!memcmp(expected->PublicKey.pbData, got->PublicKey.pbData,
         got->PublicKey.cbData), "Unexpected public key value\n");
}

2829 2830
static void test_decodePublicKeyInfo(DWORD dwEncoding)
{
Juan Lang's avatar
Juan Lang committed
2831 2832 2833 2834
    static const BYTE bogusPubKeyInfo[] = { 0x30, 0x22, 0x30, 0x0d, 0x06, 0x06,
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x01, 0x01, 0x03,
     0x11, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
     0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
2835
    DWORD i;
2836 2837 2838
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;
2839 2840 2841

    for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
    {
2842
        /* The NULL form decodes to the decoded member */
2843
        ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2844
         pubKeys[i].encoded, pubKeys[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2845
         NULL, &buf, &bufSize);
2846
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2847
        if (ret)
2848
        {
2849 2850
            comparePublicKeyInfo(&pubKeys[i].decoded,
             (CERT_PUBLIC_KEY_INFO *)buf);
2851 2852
            LocalFree(buf);
        }
2853
        /* The non-NULL form decodes to the original */
2854
        ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2855
         pubKeys[i].encodedNoNull, pubKeys[i].encodedNoNull[1] + 2,
2856
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2857
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2858
        if (ret)
2859 2860 2861 2862 2863 2864
        {
            comparePublicKeyInfo(&pubKeys[i].info, (CERT_PUBLIC_KEY_INFO *)buf);
            LocalFree(buf);
        }
    }
    /* Test with bogus (not valid DER) parameters */
2865
    ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2866
     bogusPubKeyInfo, bogusPubKeyInfo[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2867
     NULL, &buf, &bufSize);
2868 2869 2870 2871
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
2872 2873
}

2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888
static const BYTE v1Cert[] = { 0x30, 0x33, 0x02, 0x00, 0x30, 0x02, 0x06, 0x00,
 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x07, 0x30,
 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
static const BYTE v2Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x01, 0x02,
 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
static const BYTE v3Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2889 2890 2891 2892 2893
static const BYTE v4Cert[] = {
0x30,0x38,0xa0,0x03,0x02,0x01,0x03,0x02,0x00,0x30,0x02,0x06,0x00,0x30,0x22,
0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
0x30,0x30,0x30,0x5a,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00 };
2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917
static const BYTE v1CertWithConstraints[] = { 0x30, 0x4b, 0x02, 0x00, 0x30,
 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
static const BYTE v1CertWithSerial[] = { 0x30, 0x4c, 0x02, 0x01, 0x01, 0x30,
 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940
static const BYTE v1CertWithPubKey[] = {
0x30,0x81,0x95,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
0x01,0x01 };
static const BYTE v1CertWithPubKeyNoNull[] = {
0x30,0x81,0x93,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x20,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,
0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2941 2942 2943 2944 2945 2946 2947 2948 2949 2950
static const BYTE v1CertWithSubjectKeyId[] = {
0x30,0x7b,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x17,0x30,0x15,0x30,
0x13,0x06,0x03,0x55,0x1d,0x0e,0x04,0x0c,0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,
0x4c,0x61,0x6e,0x67,0x00 };
2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979
static const BYTE v1CertWithIssuerUniqueId[] = {
0x30,0x38,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,
0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,
0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,
0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0x81,0x02,0x00,0x01 };
static const BYTE v1CertWithSubjectIssuerSerialAndIssuerUniqueId[] = {
0x30,0x81,0x99,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x81,0x02,0x00,0x01,0xa3,0x16,0x30,
0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,
0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull[] = {
0x30,0x81,0x97,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x20,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
0x01,0x01,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x81,0x02,0x00,0x01,0xa3,0x16,0x30,0x14,0x30,
0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,
0xff,0x02,0x01,0x01 };
2980

2981 2982 2983 2984 2985 2986 2987 2988
static const BYTE serialNum[] = { 0x01 };

static void test_encodeCertToBeSigned(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CERT_INFO info = { 0 };
2989
    static char oid_rsa_rsa[] = szOID_RSA_RSA;
2990 2991
    static char oid_subject_key_identifier[] = szOID_SUBJECT_KEY_IDENTIFIER;
    CERT_EXTENSION ext;
2992

2993 2994 2995 2996
    if (0)
    {
        /* Test with NULL pvStructInfo (crashes on win9x) */
        ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL,
2997
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
2998 2999 3000
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
3001
    /* Test with a V1 cert */
3002
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3003
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3004 3005
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3006
    if (ret)
3007
    {
3008
        ok(size == v1Cert[1] + 2, "Expected size %d, got %d\n",
3009 3010 3011 3012 3013 3014
         v1Cert[1] + 2, size);
        ok(!memcmp(buf, v1Cert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test v2 cert */
    info.dwVersion = CERT_V2;
3015
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3016
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3017 3018
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3019
    if (ret)
3020
    {
3021
        ok(size == sizeof(v2Cert), "Wrong size %d\n", size);
3022 3023 3024 3025 3026
        ok(!memcmp(buf, v2Cert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test v3 cert */
    info.dwVersion = CERT_V3;
3027
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3028
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3029 3030
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3031
    if (ret)
3032
    {
3033
        ok(size == sizeof(v3Cert), "Wrong size %d\n", size);
3034 3035 3036
        ok(!memcmp(buf, v3Cert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3037 3038 3039 3040
    /* A v4 cert? */
    info.dwVersion = 3; /* Not a typo, CERT_V3 is 2 */
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3041
    if (ret)
3042 3043 3044 3045 3046
    {
        ok(size == sizeof(v4Cert), "Wrong size %d\n", size);
        ok(!memcmp(buf, v4Cert, size), "Unexpected value\n");
        LocalFree(buf);
    }
3047 3048 3049 3050 3051 3052
    /* see if a V1 cert can have basic constraints set (RFC3280 says no, but
     * API doesn't prevent it)
     */
    info.dwVersion = CERT_V1;
    info.cExtension = 1;
    info.rgExtension = &criticalExt;
3053
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3054
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3055 3056
    ok(ret || GetLastError() == OSS_BAD_PTR /* Win9x */,
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3057
    if (ret)
3058
    {
3059
        ok(size == sizeof(v1CertWithConstraints), "Wrong size %d\n", size);
3060 3061 3062 3063 3064 3065
        ok(!memcmp(buf, v1CertWithConstraints, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* test v1 cert with a serial number */
    info.SerialNumber.cbData = sizeof(serialNum);
    info.SerialNumber.pbData = (BYTE *)serialNum;
3066
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3067
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3068
    if (ret)
3069
    {
3070
        ok(size == sizeof(v1CertWithSerial), "Wrong size %d\n", size);
3071 3072 3073
        ok(!memcmp(buf, v1CertWithSerial, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3074 3075 3076 3077 3078 3079 3080
    /* Test v1 cert with an issuer name, serial number, and issuer unique id */
    info.dwVersion = CERT_V1;
    info.cExtension = 0;
    info.IssuerUniqueId.cbData = sizeof(serialNum);
    info.IssuerUniqueId.pbData = (BYTE *)serialNum;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3081 3082
    ok(ret || broken(GetLastError() == OSS_BAD_PTR /* Win98 */),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3083
    if (ret)
3084 3085 3086 3087 3088 3089
    {
        ok(size == sizeof(v1CertWithIssuerUniqueId), "Wrong size %d\n", size);
        ok(!memcmp(buf, v1CertWithIssuerUniqueId, size),
         "Got unexpected value\n");
        LocalFree(buf);
    }
3090
    /* Test v1 cert with an issuer name, a subject name, and a serial number */
3091 3092 3093 3094
    info.IssuerUniqueId.cbData = 0;
    info.IssuerUniqueId.pbData = NULL;
    info.cExtension = 1;
    info.rgExtension = &criticalExt;
3095 3096 3097 3098
    info.Issuer.cbData = sizeof(encodedCommonName);
    info.Issuer.pbData = (BYTE *)encodedCommonName;
    info.Subject.cbData = sizeof(encodedCommonName);
    info.Subject.pbData = (BYTE *)encodedCommonName;
3099
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3100
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3101
    if (ret)
3102
    {
3103
        ok(size == sizeof(bigCert), "Wrong size %d\n", size);
3104 3105 3106
        ok(!memcmp(buf, bigCert, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3107 3108 3109 3110
    /* Add a public key */
    info.SubjectPublicKeyInfo.Algorithm.pszObjId = oid_rsa_rsa;
    info.SubjectPublicKeyInfo.PublicKey.cbData = sizeof(aKey);
    info.SubjectPublicKeyInfo.PublicKey.pbData = (LPBYTE)aKey;
3111
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3112
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3113
    if (ret)
3114 3115 3116 3117 3118 3119 3120 3121 3122 3123
    {
        ok(size == sizeof(v1CertWithPubKey) ||
         size == sizeof(v1CertWithPubKeyNoNull), "Wrong size %d\n", size);
        if (size == sizeof(v1CertWithPubKey))
            ok(!memcmp(buf, v1CertWithPubKey, size), "Got unexpected value\n");
        else if (size == sizeof(v1CertWithPubKeyNoNull))
            ok(!memcmp(buf, v1CertWithPubKeyNoNull, size),
             "Got unexpected value\n");
        LocalFree(buf);
    }
3124 3125 3126 3127 3128 3129
    /* Again add an issuer unique id */
    info.IssuerUniqueId.cbData = sizeof(serialNum);
    info.IssuerUniqueId.pbData = (BYTE *)serialNum;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3130
    if (ret)
3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144
    {
        ok(size == sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueId) ||
         size == sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull),
         "Wrong size %d\n", size);
        if (size == sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueId))
            ok(!memcmp(buf, v1CertWithSubjectIssuerSerialAndIssuerUniqueId,
             size), "unexpected value\n");
        else if (size ==
         sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull))
            ok(!memcmp(buf,
             v1CertWithSubjectIssuerSerialAndIssuerUniqueIdNoNull, size),
             "unexpected value\n");
        LocalFree(buf);
    }
3145
    /* Remove the public key, and add a subject key identifier extension */
3146 3147
    info.IssuerUniqueId.cbData = 0;
    info.IssuerUniqueId.pbData = NULL;
3148 3149 3150 3151 3152 3153
    info.SubjectPublicKeyInfo.Algorithm.pszObjId = NULL;
    info.SubjectPublicKeyInfo.PublicKey.cbData = 0;
    info.SubjectPublicKeyInfo.PublicKey.pbData = NULL;
    ext.pszObjId = oid_subject_key_identifier;
    ext.fCritical = FALSE;
    ext.Value.cbData = sizeof(octetCommonNameValue);
3154
    ext.Value.pbData = octetCommonNameValue;
3155 3156
    info.cExtension = 1;
    info.rgExtension = &ext;
3157
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
3158
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3159
    if (ret)
3160 3161 3162 3163 3164
    {
        ok(size == sizeof(v1CertWithSubjectKeyId), "Wrong size %d\n", size);
        ok(!memcmp(buf, v1CertWithSubjectKeyId, size), "Unexpected value\n");
        LocalFree(buf);
    }
3165 3166 3167 3168
}

static void test_decodeCertToBeSigned(DWORD dwEncoding)
{
3169 3170
    static const BYTE *corruptCerts[] = { v1Cert, v2Cert, v3Cert, v4Cert,
     v1CertWithConstraints, v1CertWithSerial, v1CertWithIssuerUniqueId };
3171 3172 3173 3174 3175
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0, i;

    /* Test with NULL pbEncoded */
3176
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 0,
3177
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3178 3179 3180
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == OSS_BAD_ARG /* Win9x */),
     "Expected CRYPT_E_ASN1_EOD or OSS_BAD_ARG, got %08x\n", GetLastError());
3181 3182 3183 3184
    if (0)
    {
        /* Crashes on win9x */
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 1,
3185
         CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3186 3187 3188
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
3189 3190 3191
    /* The following certs all fail with CRYPT_E_ASN1_CORRUPT or
     * CRYPT_E_ASN1_BADTAG, because at a minimum a cert must have a non-zero
     * serial number, an issuer, a subject, and a public key.
3192 3193 3194
     */
    for (i = 0; i < sizeof(corruptCerts) / sizeof(corruptCerts[0]); i++)
    {
3195
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
3196
         corruptCerts[i], corruptCerts[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3197
         &buf, &size);
3198
        ok(!ret, "Expected failure\n");
3199
    }
3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238
    /* The following succeeds, even though v1 certs are not allowed to have
     * extensions.
     */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
     v1CertWithSubjectKeyId, sizeof(v1CertWithSubjectKeyId),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        CERT_INFO *info = (CERT_INFO *)buf;

        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
        ok(info->dwVersion == CERT_V1, "expected CERT_V1, got %d\n",
         info->dwVersion);
        ok(info->cExtension == 1, "expected 1 extension, got %d\n",
         info->cExtension);
        LocalFree(buf);
    }
    /* The following also succeeds, even though V1 certs are not allowed to
     * have issuer unique ids.
     */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
     v1CertWithSubjectIssuerSerialAndIssuerUniqueId,
     sizeof(v1CertWithSubjectIssuerSerialAndIssuerUniqueId),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        CERT_INFO *info = (CERT_INFO *)buf;

        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
        ok(info->dwVersion == CERT_V1, "expected CERT_V1, got %d\n",
         info->dwVersion);
        ok(info->IssuerUniqueId.cbData == sizeof(serialNum),
         "unexpected issuer unique id size %d\n", info->IssuerUniqueId.cbData);
        ok(!memcmp(info->IssuerUniqueId.pbData, serialNum, sizeof(serialNum)),
         "unexpected issuer unique id value\n");
        LocalFree(buf);
    }
3239
    /* Now check with serial number, subject and issuer specified */
3240
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, bigCert,
3241
     sizeof(bigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3242
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3243
    if (ret)
3244 3245 3246
    {
        CERT_INFO *info = (CERT_INFO *)buf;

3247
        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
3248
        ok(info->SerialNumber.cbData == 1,
3249
         "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
3250 3251 3252 3253
        ok(*info->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *info->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
3254
         "Wrong size %d\n", info->Issuer.cbData);
3255 3256 3257
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        ok(info->Subject.cbData == sizeof(encodedCommonName),
3258
         "Wrong size %d\n", info->Subject.cbData);
3259 3260 3261
        ok(!memcmp(info->Subject.pbData, encodedCommonName,
         info->Subject.cbData), "Unexpected subject\n");
        LocalFree(buf);
3262
    }
3263
    /* Check again with pub key specified */
3264
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
3265
     v1CertWithPubKey, sizeof(v1CertWithPubKey), CRYPT_DECODE_ALLOC_FLAG, NULL,
3266
     &buf, &size);
3267
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3268
    if (ret)
3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294
    {
        CERT_INFO *info = (CERT_INFO *)buf;

        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
        ok(info->SerialNumber.cbData == 1,
         "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
        ok(*info->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *info->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
         "Wrong size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        ok(info->Subject.cbData == sizeof(encodedCommonName),
         "Wrong size %d\n", info->Subject.cbData);
        ok(!memcmp(info->Subject.pbData, encodedCommonName,
         info->Subject.cbData), "Unexpected subject\n");
        ok(!strcmp(info->SubjectPublicKeyInfo.Algorithm.pszObjId,
         szOID_RSA_RSA), "Expected szOID_RSA_RSA, got %s\n",
         info->SubjectPublicKeyInfo.Algorithm.pszObjId);
        ok(info->SubjectPublicKeyInfo.PublicKey.cbData == sizeof(aKey),
         "Wrong size %d\n", info->SubjectPublicKeyInfo.PublicKey.cbData);
        ok(!memcmp(info->SubjectPublicKeyInfo.PublicKey.pbData, aKey,
         sizeof(aKey)), "Unexpected public key\n");
        LocalFree(buf);
    }
3295 3296
}

3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319
static const BYTE hash[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
 0xe, 0xf };

static const BYTE signedBigCert[] = {
 0x30, 0x81, 0x93, 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06, 0x00, 0x30,
 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3,
 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 0x07,
 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };

static void test_encodeCert(DWORD dwEncoding)
{
    /* Note the SignatureAlgorithm must match that in the encoded cert.  Note
     * also that bigCert is a NULL-terminated string, so don't count its
     * last byte (otherwise the signed cert won't decode.)
     */
3320
    CERT_SIGNED_CONTENT_INFO info = { { sizeof(bigCert), (BYTE *)bigCert },
3321 3322 3323 3324 3325
     { NULL, { 0, NULL } }, { sizeof(hash), (BYTE *)hash, 0 } };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD bufSize = 0;

3326
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT, &info,
3327
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
3328
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3329
    if (ret)
3330
    {
3331
        ok(bufSize == sizeof(signedBigCert), "Wrong size %d\n", bufSize);
3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342
        ok(!memcmp(buf, signedBigCert, bufSize), "Unexpected cert\n");
        LocalFree(buf);
    }
}

static void test_decodeCert(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

3343
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT, signedBigCert,
3344
     sizeof(signedBigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3345
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3346
    if (ret)
3347 3348 3349
    {
        CERT_SIGNED_CONTENT_INFO *info = (CERT_SIGNED_CONTENT_INFO *)buf;

3350
        ok(info->ToBeSigned.cbData == sizeof(bigCert),
3351
         "Wrong cert size %d\n", info->ToBeSigned.cbData);
3352 3353 3354
        ok(!memcmp(info->ToBeSigned.pbData, bigCert, info->ToBeSigned.cbData),
         "Unexpected cert\n");
        ok(info->Signature.cbData == sizeof(hash),
3355
         "Wrong signature size %d\n", info->Signature.cbData);
3356 3357 3358 3359
        ok(!memcmp(info->Signature.pbData, hash, info->Signature.cbData),
         "Unexpected signature\n");
        LocalFree(buf);
    }
3360
    /* A signed cert decodes as a CERT_INFO too */
3361
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, signedBigCert,
3362
     sizeof(signedBigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3363
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3364
    if (ret)
3365 3366 3367
    {
        CERT_INFO *info = (CERT_INFO *)buf;

3368
        ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
3369
        ok(info->SerialNumber.cbData == 1,
3370
         "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
3371 3372 3373 3374
        ok(*info->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *info->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
3375
         "Wrong size %d\n", info->Issuer.cbData);
3376 3377 3378
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        ok(info->Subject.cbData == sizeof(encodedCommonName),
3379
         "Wrong size %d\n", info->Subject.cbData);
3380 3381 3382 3383
        ok(!memcmp(info->Subject.pbData, encodedCommonName,
         info->Subject.cbData), "Unexpected subject\n");
        LocalFree(buf);
    }
3384 3385
}

3386 3387 3388 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412
static const BYTE emptyDistPoint[] = { 0x30, 0x02, 0x30, 0x00 };
static const BYTE distPointWithUrl[] = { 0x30, 0x19, 0x30, 0x17, 0xa0, 0x15,
 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69,
 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE distPointWithReason[] = { 0x30, 0x06, 0x30, 0x04, 0x81, 0x02,
 0x00, 0x03 };
static const BYTE distPointWithIssuer[] = { 0x30, 0x17, 0x30, 0x15, 0xa2, 0x13,
 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65,
 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE distPointWithUrlAndIssuer[] = { 0x30, 0x2e, 0x30, 0x2c, 0xa0,
 0x15, 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67, 0xa2, 0x13, 0x86, 0x11,
 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71,
 0x2e, 0x6f, 0x72, 0x67 };
static const BYTE crlReason = CRL_REASON_KEY_COMPROMISE |
 CRL_REASON_AFFILIATION_CHANGED;

static void test_encodeCRLDistPoints(DWORD dwEncoding)
{
    CRL_DIST_POINTS_INFO info = { 0 };
    CRL_DIST_POINT point = { { 0 } };
    CERT_ALT_NAME_ENTRY entry = { 0 };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

    /* Test with an empty info */
3413
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3414
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3415
    ok(!ret && GetLastError() == E_INVALIDARG,
3416
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
3417 3418 3419
    /* Test with one empty dist point */
    info.cDistPoint = 1;
    info.rgDistPoint = &point;
3420
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3421
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3422
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3423
    if (ret)
3424
    {
3425
        ok(size == sizeof(emptyDistPoint), "Wrong size %d\n", size);
3426 3427 3428 3429 3430 3431
        ok(!memcmp(buf, emptyDistPoint, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with an invalid name */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3432 3433 3434
    U(entry).pwszURL = (LPWSTR)nihongoURL;
    U(point.DistPointName).FullName.cAltEntry = 1;
    U(point.DistPointName).FullName.rgAltEntry = &entry;
3435
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3436
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3437
    ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
3438
     "Expected CRYPT_E_INVALID_IA5_STRING, got %08x\n", GetLastError());
3439 3440
    /* The first invalid character is at index 7 */
    ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
3441
     "Expected invalid char at index 7, got %d\n",
3442 3443
     GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
    /* A dist point with (just) a valid name */
3444
    U(entry).pwszURL = (LPWSTR)url;
3445
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3446
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3447
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3448
    if (ret)
3449
    {
3450
        ok(size == sizeof(distPointWithUrl), "Wrong size %d\n", size);
3451 3452 3453 3454 3455 3456 3457
        ok(!memcmp(buf, distPointWithUrl, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with (just) reason flags */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_NO_NAME;
    point.ReasonFlags.cbData = sizeof(crlReason);
    point.ReasonFlags.pbData = (LPBYTE)&crlReason;
3458
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3459
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3460
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3461
    if (ret)
3462
    {
3463
        ok(size == sizeof(distPointWithReason), "Wrong size %d\n", size);
3464 3465 3466 3467 3468 3469 3470
        ok(!memcmp(buf, distPointWithReason, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with just an issuer */
    point.ReasonFlags.cbData = 0;
    point.CRLIssuer.cAltEntry = 1;
    point.CRLIssuer.rgAltEntry = &entry;
3471
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3472
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3473
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3474
    if (ret)
3475
    {
3476
        ok(size == sizeof(distPointWithIssuer), "Wrong size %d\n", size);
3477 3478 3479 3480 3481
        ok(!memcmp(buf, distPointWithIssuer, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* A dist point with both a name and an issuer */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3482
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3483
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3484
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3485
    if (ret)
3486 3487
    {
        ok(size == sizeof(distPointWithUrlAndIssuer),
3488
         "Wrong size %d\n", size);
3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502
        ok(!memcmp(buf, distPointWithUrlAndIssuer, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeCRLDistPoints(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    PCRL_DIST_POINTS_INFO info;
    PCRL_DIST_POINT point;
    PCERT_ALT_NAME_ENTRY entry;

3503
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3504
     emptyDistPoint, emptyDistPoint[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3505
     &buf, &size);
3506
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3507 3508 3509 3510
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3511 3512
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3513 3514 3515
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice == CRL_DIST_POINT_NO_NAME,
3516
         "Expected CRL_DIST_POINT_NO_NAME, got %d\n",
3517 3518 3519 3520 3521
         point->DistPointName.dwDistPointNameChoice);
        ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
        ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
        LocalFree(buf);
    }
3522
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3523
     distPointWithUrl, distPointWithUrl[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3524
     &buf, &size);
3525
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3526 3527 3528 3529
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3530 3531
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3532 3533 3534 3535
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice ==
         CRL_DIST_POINT_FULL_NAME,
3536
         "Expected CRL_DIST_POINT_FULL_NAME, got %d\n",
3537
         point->DistPointName.dwDistPointNameChoice);
3538
        ok(U(point->DistPointName).FullName.cAltEntry == 1,
3539
         "Expected 1 name entry, got %d\n",
3540 3541
         U(point->DistPointName).FullName.cAltEntry);
        entry = U(point->DistPointName).FullName.rgAltEntry;
3542
        ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3543
         "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3544
        ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3545 3546 3547 3548
        ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
        ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
        LocalFree(buf);
    }
3549
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3550
     distPointWithReason, distPointWithReason[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
3551
     NULL, &buf, &size);
3552
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3553 3554 3555 3556
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3557 3558
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3559 3560 3561 3562
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice ==
         CRL_DIST_POINT_NO_NAME,
3563
         "Expected CRL_DIST_POINT_NO_NAME, got %d\n",
3564 3565 3566 3567 3568 3569 3570 3571
         point->DistPointName.dwDistPointNameChoice);
        ok(point->ReasonFlags.cbData == sizeof(crlReason),
         "Expected reason length\n");
        ok(!memcmp(point->ReasonFlags.pbData, &crlReason, sizeof(crlReason)),
         "Unexpected reason\n");
        ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
        LocalFree(buf);
    }
3572
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3573
     distPointWithUrlAndIssuer, distPointWithUrlAndIssuer[1] + 2,
3574
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3575
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3576 3577 3578 3579
    if (ret)
    {
        info = (PCRL_DIST_POINTS_INFO)buf;
        ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3580 3581
         "Wrong size %d\n", size);
        ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3582 3583 3584 3585
         info->cDistPoint);
        point = info->rgDistPoint;
        ok(point->DistPointName.dwDistPointNameChoice ==
         CRL_DIST_POINT_FULL_NAME,
3586
         "Expected CRL_DIST_POINT_FULL_NAME, got %d\n",
3587
         point->DistPointName.dwDistPointNameChoice);
3588
        ok(U(point->DistPointName).FullName.cAltEntry == 1,
3589
         "Expected 1 name entry, got %d\n",
3590 3591
         U(point->DistPointName).FullName.cAltEntry);
        entry = U(point->DistPointName).FullName.rgAltEntry;
3592
        ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3593
         "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3594
        ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3595 3596
        ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
        ok(point->CRLIssuer.cAltEntry == 1,
3597
         "Expected 1 issuer entry, got %d\n", point->CRLIssuer.cAltEntry);
3598 3599
        entry = point->CRLIssuer.rgAltEntry;
        ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3600
         "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3601
        ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3602 3603 3604 3605
        LocalFree(buf);
    }
}

3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619
static const BYTE badFlagsIDP[] = { 0x30,0x06,0x81,0x01,0xff,0x82,0x01,0xff };
static const BYTE emptyNameIDP[] = { 0x30,0x04,0xa0,0x02,0xa0,0x00 };
static const BYTE urlIDP[] = { 0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,
 0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,
 0x67 };

static void test_encodeCRLIssuingDistPoint(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRL_ISSUING_DIST_POINT point = { { 0 } };
    CERT_ALT_NAME_ENTRY entry;

3620
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, NULL,
3621
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3622 3623 3624 3625 3626
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_ISSUING_DIST_POINT encode support\n");
        return;
    }
3627
    ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
3628
     "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
3629
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3630
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3631
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3632
    if (ret)
3633
    {
3634
        ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
3635 3636 3637 3638 3639 3640
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* nonsensical flags */
    point.fOnlyContainsUserCerts = TRUE;
    point.fOnlyContainsCACerts = TRUE;
3641
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3642
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3643
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3644
    if (ret)
3645
    {
3646
        ok(size == sizeof(badFlagsIDP), "Unexpected size %d\n", size);
3647 3648 3649 3650 3651 3652
        ok(!memcmp(buf, badFlagsIDP, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* unimplemented name type */
    point.fOnlyContainsCACerts = point.fOnlyContainsUserCerts = FALSE;
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_ISSUER_RDN_NAME;
3653
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3654
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3655
    ok(!ret && GetLastError() == E_INVALIDARG,
3656
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
3657 3658
    /* empty name */
    point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3659
    U(point.DistPointName).FullName.cAltEntry = 0;
3660
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3661
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3662
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3663
    if (ret)
3664
    {
3665
        ok(size == sizeof(emptyNameIDP), "Unexpected size %d\n", size);
3666 3667 3668 3669 3670
        ok(!memcmp(buf, emptyNameIDP, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* name with URL entry */
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3671 3672 3673
    U(entry).pwszURL = (LPWSTR)url;
    U(point.DistPointName).FullName.cAltEntry = 1;
    U(point.DistPointName).FullName.rgAltEntry = &entry;
3674
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3675
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3676
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3677
    if (ret)
3678
    {
3679
        ok(size == sizeof(urlIDP), "Unexpected size %d\n", size);
3680 3681 3682 3683 3684 3685 3686 3687 3688
        ok(!memcmp(buf, urlIDP, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void compareAltNameEntry(const CERT_ALT_NAME_ENTRY *expected,
 const CERT_ALT_NAME_ENTRY *got)
{
    ok(expected->dwAltNameChoice == got->dwAltNameChoice,
3689
     "Expected name choice %d, got %d\n", expected->dwAltNameChoice,
3690 3691 3692 3693 3694 3695 3696 3697 3698 3699
     got->dwAltNameChoice);
    if (expected->dwAltNameChoice == got->dwAltNameChoice)
    {
        switch (got->dwAltNameChoice)
        {
        case CERT_ALT_NAME_RFC822_NAME:
        case CERT_ALT_NAME_DNS_NAME:
        case CERT_ALT_NAME_EDI_PARTY_NAME:
        case CERT_ALT_NAME_URL:
        case CERT_ALT_NAME_REGISTERED_ID:
3700
            ok((!U(*expected).pwszURL && !U(*got).pwszURL) ||
3701 3702 3703 3704
             (!U(*expected).pwszURL && !lstrlenW(U(*got).pwszURL)) ||
             (!U(*got).pwszURL && !lstrlenW(U(*expected).pwszURL)) ||
             !lstrcmpW(U(*expected).pwszURL, U(*got).pwszURL),
             "Unexpected name\n");
3705 3706 3707 3708
            break;
        case CERT_ALT_NAME_X400_ADDRESS:
        case CERT_ALT_NAME_DIRECTORY_NAME:
        case CERT_ALT_NAME_IP_ADDRESS:
3709
            ok(U(*got).IPAddress.cbData == U(*expected).IPAddress.cbData,
3710
               "Unexpected IP address length %d\n", U(*got).IPAddress.cbData);
3711 3712
            ok(!memcmp(U(*got).IPAddress.pbData, U(*got).IPAddress.pbData,
                       U(*got).IPAddress.cbData), "Unexpected value\n");
3713 3714 3715 3716 3717 3718 3719 3720 3721 3722
            break;
        }
    }
}

static void compareAltNameInfo(const CERT_ALT_NAME_INFO *expected,
 const CERT_ALT_NAME_INFO *got)
{
    DWORD i;

3723
    ok(expected->cAltEntry == got->cAltEntry, "Expected %d entries, got %d\n",
3724 3725 3726 3727 3728 3729 3730 3731 3732
     expected->cAltEntry, got->cAltEntry);
    for (i = 0; i < min(expected->cAltEntry, got->cAltEntry); i++)
        compareAltNameEntry(&expected->rgAltEntry[i], &got->rgAltEntry[i]);
}

static void compareDistPointName(const CRL_DIST_POINT_NAME *expected,
 const CRL_DIST_POINT_NAME *got)
{
    ok(got->dwDistPointNameChoice == expected->dwDistPointNameChoice,
3733
     "Unexpected name choice %d\n", got->dwDistPointNameChoice);
3734
    if (got->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
3735
        compareAltNameInfo(&(U(*expected).FullName), &(U(*got).FullName));
3736 3737 3738 3739 3740 3741 3742 3743 3744 3745 3746 3747 3748 3749 3750 3751 3752 3753 3754 3755 3756 3757 3758
}

static void compareCRLIssuingDistPoints(const CRL_ISSUING_DIST_POINT *expected,
 const CRL_ISSUING_DIST_POINT *got)
{
    compareDistPointName(&expected->DistPointName, &got->DistPointName);
    ok(got->fOnlyContainsUserCerts == expected->fOnlyContainsUserCerts,
     "Unexpected fOnlyContainsUserCerts\n");
    ok(got->fOnlyContainsCACerts == expected->fOnlyContainsCACerts,
     "Unexpected fOnlyContainsCACerts\n");
    ok(got->OnlySomeReasonFlags.cbData == expected->OnlySomeReasonFlags.cbData,
     "Unexpected reason flags\n");
    ok(got->fIndirectCRL == expected->fIndirectCRL,
     "Unexpected fIndirectCRL\n");
}

static void test_decodeCRLIssuingDistPoint(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRL_ISSUING_DIST_POINT point = { { 0 } };

3759
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3760
     emptySequence, emptySequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3761
     &buf, &size);
3762 3763 3764 3765 3766
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_ISSUING_DIST_POINT decode support\n");
        return;
    }
3767
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3768 3769 3770 3771 3772
    if (ret)
    {
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
3773
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3774
     badFlagsIDP, badFlagsIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3775
     &buf, &size);
3776
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3777 3778 3779 3780 3781 3782
    if (ret)
    {
        point.fOnlyContainsUserCerts = point.fOnlyContainsCACerts = TRUE;
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
3783
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3784
     emptyNameIDP, emptyNameIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3785
     &buf, &size);
3786
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3787 3788 3789 3790
    if (ret)
    {
        point.fOnlyContainsCACerts = point.fOnlyContainsUserCerts = FALSE;
        point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3791
        U(point.DistPointName).FullName.cAltEntry = 0;
3792 3793 3794
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
3795
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3796
     urlIDP, urlIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
3797
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3798 3799 3800 3801 3802
    if (ret)
    {
        CERT_ALT_NAME_ENTRY entry;

        entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3803 3804 3805
        U(entry).pwszURL = (LPWSTR)url;
        U(point.DistPointName).FullName.cAltEntry = 1;
        U(point.DistPointName).FullName.rgAltEntry = &entry;
3806 3807 3808 3809 3810
        compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
        LocalFree(buf);
    }
}

3811 3812 3813 3814 3815 3816 3817 3818 3819 3820 3821 3822 3823 3824 3825 3826 3827 3828 3829 3830 3831 3832 3833
static const BYTE v1CRL[] = { 0x30, 0x15, 0x30, 0x02, 0x06, 0x00, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a };
static const BYTE v2CRL[] = { 0x30, 0x18, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
 0x00, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x5a };
static const BYTE v1CRLWithIssuer[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x5a };
static const BYTE v1CRLWithIssuerAndEmptyEntry[] = { 0x30, 0x43, 0x30, 0x02,
 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18,
 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x30, 0x5a, 0x30, 0x15, 0x30, 0x13, 0x02, 0x00, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
3834 3835 3836 3837 3838 3839 3840 3841 3842 3843 3844 3845 3846 3847 3848 3849 3850 3851 3852 3853 3854
static const BYTE v1CRLWithEntryExt[] = { 0x30,0x5a,0x30,0x02,0x06,0x00,0x30,
 0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,
 0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x2c,0x30,0x2a,0x02,0x01,
 0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,
 0x30,0x30,0x5a,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,
 0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE v1CRLWithExt[] = { 0x30,0x5c,0x30,0x02,0x06,0x00,0x30,0x15,
 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
 0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,
 0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
 0x30,0x5a,0xa0,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
 0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
static const BYTE v2CRLWithExt[] = { 0x30,0x5c,0x02,0x01,0x01,0x30,0x02,0x06,
 0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,
 0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,
 0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,
 0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,
 0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,
 0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
3855 3856 3857 3858 3859 3860 3861 3862 3863 3864

static void test_encodeCRLToBeSigned(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRL_INFO info = { 0 };
    CRL_ENTRY entry = { { 0 }, { 0 }, 0, 0 };

    /* Test with a V1 CRL */
3865
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3866
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3867 3868
    ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3869
    if (ret)
3870
    {
3871
        ok(size == sizeof(v1CRL), "Wrong size %d\n", size);
3872 3873 3874 3875 3876
        ok(!memcmp(buf, v1CRL, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test v2 CRL */
    info.dwVersion = CRL_V2;
3877
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3878
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3879 3880
    ok(ret || broken(GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3881
    if (ret)
3882
    {
3883
        ok(size == v2CRL[1] + 2, "Expected size %d, got %d\n",
3884 3885 3886 3887 3888 3889 3890 3891
         v2CRL[1] + 2, size);
        ok(!memcmp(buf, v2CRL, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* v1 CRL with a name */
    info.dwVersion = CRL_V1;
    info.Issuer.cbData = sizeof(encodedCommonName);
    info.Issuer.pbData = (BYTE *)encodedCommonName;
3892
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3893
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3894
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3895
    if (ret)
3896
    {
3897
        ok(size == sizeof(v1CRLWithIssuer), "Wrong size %d\n", size);
3898 3899 3900
        ok(!memcmp(buf, v1CRLWithIssuer, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3901 3902 3903 3904 3905
    if (0)
    {
        /* v1 CRL with a name and a NULL entry pointer (crashes on win9x) */
        info.cCRLEntry = 1;
        ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3906
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3907 3908 3909
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
    }
3910
    /* now set an empty entry */
3911
    info.cCRLEntry = 1;
3912
    info.rgCRLEntry = &entry;
3913
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3914
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3915
    if (ret)
3916 3917
    {
        ok(size == sizeof(v1CRLWithIssuerAndEmptyEntry),
3918
         "Wrong size %d\n", size);
3919 3920 3921 3922 3923 3924 3925
        ok(!memcmp(buf, v1CRLWithIssuerAndEmptyEntry, size),
         "Got unexpected value\n");
        LocalFree(buf);
    }
    /* an entry with a serial number */
    entry.SerialNumber.cbData = sizeof(serialNum);
    entry.SerialNumber.pbData = (BYTE *)serialNum;
3926
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3927
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3928
    if (ret)
3929 3930
    {
        ok(size == sizeof(v1CRLWithIssuerAndEntry),
3931
         "Wrong size %d\n", size);
3932 3933 3934 3935
        ok(!memcmp(buf, v1CRLWithIssuerAndEntry, size),
         "Got unexpected value\n");
        LocalFree(buf);
    }
3936
    /* an entry with an extension */
3937 3938
    entry.cExtension = 1;
    entry.rgExtension = &criticalExt;
3939
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3940
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3941
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3942
    if (ret)
3943
    {
3944
        ok(size == sizeof(v1CRLWithEntryExt), "Wrong size %d\n", size);
3945 3946 3947 3948 3949 3950 3951
        ok(!memcmp(buf, v1CRLWithEntryExt, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* a CRL with an extension */
    entry.cExtension = 0;
    info.cExtension = 1;
    info.rgExtension = &criticalExt;
3952
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3953
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3954
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3955
    if (ret)
3956
    {
3957
        ok(size == sizeof(v1CRLWithExt), "Wrong size %d\n", size);
3958 3959 3960
        ok(!memcmp(buf, v1CRLWithExt, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3961 3962
    /* a v2 CRL with an extension, this time non-critical */
    info.dwVersion = CRL_V2;
3963
    info.rgExtension = &nonCriticalExt;
3964
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3965
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
3966
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3967
    if (ret)
3968
    {
3969
        ok(size == sizeof(v2CRLWithExt), "Wrong size %d\n", size);
3970 3971 3972
        ok(!memcmp(buf, v2CRLWithExt, size), "Got unexpected value\n");
        LocalFree(buf);
    }
3973 3974
}

3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988 3989 3990 3991 3992 3993 3994 3995 3996 3997 3998 3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009
static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
 0xcd };
4010 4011 4012 4013 4014 4015 4016 4017 4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 4031 4032 4033 4034 4035 4036 4037 4038 4039 4040 4041 4042 4043 4044 4045 4046 4047 4048 4049 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518
static const BYTE verisignCRLWithLotsOfEntries[] = {
0x30,0x82,0x1d,0xbd,0x30,0x82,0x1d,0x26,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,
0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,
0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,
0x6f,0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,
0x61,0x72,0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,
0x43,0x41,0x17,0x0d,0x30,0x34,0x30,0x33,0x33,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x17,0x0d,0x30,0x34,0x30,0x35,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
0x39,0x5a,0x30,0x82,0x1c,0x92,0x30,0x21,0x02,0x10,0x01,0x22,0xb8,0xb2,0xf3,
0x76,0x42,0xcc,0x48,0x71,0xb6,0x11,0xbf,0xd1,0xcf,0xda,0x17,0x0d,0x30,0x32,
0x30,0x34,0x31,0x35,0x31,0x35,0x34,0x30,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,
0x01,0x83,0x93,0xfb,0x96,0xde,0x1d,0x89,0x4e,0xc3,0x47,0x9c,0xe1,0x60,0x13,
0x63,0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x39,0x31,0x33,0x35,0x37,0x35,0x38,
0x5a,0x30,0x21,0x02,0x10,0x01,0xdc,0xdb,0x63,0xd4,0xc9,0x9f,0x31,0xb8,0x16,
0xf9,0x2c,0xf5,0xb1,0x08,0x8e,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x38,0x31,
0x37,0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x02,0x1a,0xa6,0xaf,0x94,
0x71,0xf0,0x07,0x6e,0xf1,0x17,0xe4,0xd4,0x17,0x82,0xdb,0x17,0x0d,0x30,0x32,
0x30,0x37,0x31,0x39,0x32,0x31,0x32,0x38,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,
0x02,0x4c,0xe8,0x9d,0xfd,0x5f,0x77,0x4d,0x4b,0xf5,0x79,0x8b,0xb1,0x08,0x67,
0xac,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x32,0x30,0x36,0x31,0x36,0x35,0x30,
0x5a,0x30,0x21,0x02,0x10,0x02,0x59,0xae,0x6c,0x4c,0x21,0xf1,0x59,0x49,0x87,
0xb0,0x95,0xf9,0x65,0xf3,0x20,0x17,0x0d,0x30,0x33,0x30,0x36,0x31,0x39,0x30,
0x38,0x30,0x34,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x03,0x3c,0x41,0x0e,0x2f,
0x42,0x5c,0x32,0x2c,0xb1,0x35,0xfe,0xe7,0x61,0x97,0xa5,0x17,0x0d,0x30,0x32,
0x30,0x34,0x32,0x34,0x31,0x39,0x34,0x37,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,
0x03,0x4e,0x68,0xfa,0x8b,0xb2,0x8e,0xb9,0x72,0xea,0x72,0xe5,0x3b,0x15,0xac,
0x8b,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x32,0x31,0x35,0x31,0x35,0x31,
0x5a,0x30,0x21,0x02,0x10,0x03,0xc9,0xa8,0xe3,0x48,0xb0,0x5f,0xcf,0x08,0xee,
0xb9,0x93,0xf9,0xe9,0xaf,0x0c,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x38,0x31,
0x33,0x34,0x39,0x32,0x32,0x5a,0x30,0x21,0x02,0x10,0x04,0x9b,0x23,0x6a,0x37,
0x5c,0x06,0x98,0x0a,0x31,0xc8,0x86,0xdc,0x3a,0x95,0xcc,0x17,0x0d,0x30,0x32,
0x31,0x30,0x30,0x31,0x32,0x32,0x31,0x30,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,
0x06,0x08,0xba,0xc7,0xac,0xf8,0x5a,0x7c,0xa1,0xf4,0x25,0x85,0xbb,0x4e,0x8c,
0x4f,0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x33,0x30,0x37,0x35,0x37,0x31,0x34,
0x5a,0x30,0x21,0x02,0x10,0x07,0x66,0x22,0x4a,0x4a,0x9d,0xff,0x6e,0xb5,0x11,
0x0b,0xa9,0x94,0xfc,0x68,0x20,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x32,0x30,
0x31,0x34,0x30,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x07,0x8f,0xa1,0x4d,0xb5,
0xfc,0x0c,0xc6,0x42,0x72,0x88,0x37,0x76,0x29,0x44,0x31,0x17,0x0d,0x30,0x32,
0x30,0x33,0x31,0x35,0x32,0x30,0x31,0x39,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,
0x07,0xb9,0xd9,0x42,0x19,0x81,0xc4,0xfd,0x49,0x4f,0x72,0xce,0xf2,0xf8,0x6d,
0x76,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x35,0x31,0x35,0x33,0x37,0x31,0x39,
0x5a,0x30,0x21,0x02,0x10,0x08,0x6e,0xf9,0x6c,0x7f,0xbf,0xbc,0xc8,0x86,0x70,
0x62,0x3f,0xe9,0xc4,0x2f,0x2b,0x17,0x0d,0x30,0x32,0x31,0x31,0x32,0x38,0x30,
0x30,0x32,0x38,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x09,0x08,0xe4,0xaa,0xf5,
0x2d,0x2b,0xc0,0x15,0x9e,0x00,0x8b,0x3f,0x97,0x93,0xf9,0x17,0x0d,0x30,0x33,
0x30,0x32,0x31,0x32,0x32,0x32,0x30,0x30,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,
0x09,0x13,0x0a,0x4f,0x0f,0x88,0xe5,0x50,0x05,0xc3,0x5f,0xf4,0xff,0x15,0x39,
0xdd,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,0x38,0x31,0x31,0x33,0x30,
0x5a,0x30,0x21,0x02,0x10,0x09,0x8d,0xdd,0x37,0xda,0xe7,0x84,0x03,0x9d,0x98,
0x96,0xf8,0x88,0x3a,0x55,0xca,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x32,
0x33,0x33,0x35,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x0a,0x35,0x0c,0xd7,0xf4,
0x53,0xe6,0xc1,0x4e,0xf2,0x2a,0xd3,0xce,0xf8,0x7c,0xe7,0x17,0x0d,0x30,0x32,
0x30,0x38,0x30,0x32,0x32,0x32,0x32,0x34,0x32,0x38,0x5a,0x30,0x21,0x02,0x10,
0x0b,0x9c,0xb8,0xf8,0xfb,0x35,0x38,0xf2,0x91,0xfd,0xa1,0xe9,0x69,0x4a,0xb1,
0x24,0x17,0x0d,0x30,0x33,0x30,0x34,0x30,0x38,0x30,0x31,0x30,0x32,0x32,0x32,
0x5a,0x30,0x21,0x02,0x10,0x0c,0x2f,0x7f,0x32,0x15,0xe0,0x2f,0x74,0xfa,0x05,
0x22,0x67,0xbc,0x8a,0x2d,0xd0,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x31,
0x39,0x30,0x37,0x35,0x34,0x5a,0x30,0x21,0x02,0x10,0x0c,0x32,0x5b,0x78,0x32,
0xc6,0x7c,0xd8,0xdd,0x25,0x91,0x22,0x4d,0x84,0x0a,0x94,0x17,0x0d,0x30,0x32,
0x30,0x33,0x31,0x38,0x31,0x32,0x33,0x39,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,
0x0d,0x76,0x36,0xb9,0x1c,0x72,0xb7,0x9d,0xdf,0xa5,0x35,0x82,0xc5,0xa8,0xf7,
0xbb,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x37,0x32,0x31,0x34,0x32,0x31,0x31,
0x5a,0x30,0x21,0x02,0x10,0x0f,0x28,0x79,0x98,0x56,0xb8,0xa5,0x5e,0xeb,0x79,
0x5f,0x1b,0xed,0x0b,0x86,0x76,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x33,0x30,
0x31,0x31,0x30,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x0f,0x80,0x3c,0x24,0xf4,
0x62,0x27,0x24,0xbe,0x6a,0x74,0x9c,0x18,0x8e,0x4b,0x3b,0x17,0x0d,0x30,0x32,
0x31,0x31,0x32,0x30,0x31,0x37,0x31,0x31,0x33,0x35,0x5a,0x30,0x21,0x02,0x10,
0x0f,0xf2,0xa7,0x8c,0x80,0x9c,0xbe,0x2f,0xc8,0xa9,0xeb,0xfe,0x94,0x86,0x5a,
0x5c,0x17,0x0d,0x30,0x32,0x30,0x36,0x32,0x30,0x31,0x39,0x35,0x38,0x34,0x35,
0x5a,0x30,0x21,0x02,0x10,0x10,0x45,0x13,0x35,0x45,0xf3,0xc6,0x02,0x8d,0x8d,
0x18,0xb1,0xc4,0x0a,0x7a,0x18,0x17,0x0d,0x30,0x32,0x30,0x34,0x32,0x36,0x31,
0x37,0x33,0x32,0x35,0x39,0x5a,0x30,0x21,0x02,0x10,0x10,0x79,0xb1,0x71,0x1b,
0x26,0x98,0x92,0x08,0x1e,0x3c,0xe4,0x8b,0x29,0x37,0xf9,0x17,0x0d,0x30,0x32,
0x30,0x33,0x32,0x38,0x31,0x36,0x33,0x32,0x35,0x35,0x5a,0x30,0x21,0x02,0x10,
0x11,0x38,0x80,0x77,0xcb,0x6b,0xe5,0xd6,0xa7,0xf2,0x99,0xa1,0xc8,0xe9,0x40,
0x25,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x39,0x31,0x32,0x32,0x34,0x31,0x37,
0x5a,0x30,0x21,0x02,0x10,0x11,0x7a,0xc3,0x82,0xfe,0x74,0x36,0x11,0x21,0xd6,
0x92,0x86,0x09,0xdf,0xe6,0xf3,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x39,0x31,
0x35,0x31,0x31,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x11,0xab,0x8e,0x21,0x28,
0x7f,0x6d,0xf2,0xc1,0xc8,0x40,0x3e,0xa5,0xde,0x98,0xd3,0x17,0x0d,0x30,0x32,
0x30,0x35,0x30,0x32,0x31,0x38,0x34,0x34,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,
0x12,0x3c,0x38,0xae,0x3f,0x64,0x53,0x3a,0xf7,0xbc,0x6c,0x27,0xe2,0x9c,0x65,
0x75,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x32,0x33,0x30,0x38,0x35,0x39,
0x5a,0x30,0x21,0x02,0x10,0x12,0x88,0xb6,0x6c,0x9b,0xcf,0xe7,0x50,0x92,0xd2,
0x87,0x63,0x8f,0xb7,0xa6,0xe3,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x32,0x32,
0x30,0x35,0x35,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x12,0x95,0x4e,0xb6,0x8f,
0x3a,0x19,0x6a,0x16,0x73,0x4f,0x6e,0x15,0xba,0xa5,0xe7,0x17,0x0d,0x30,0x32,
0x30,0x36,0x31,0x37,0x31,0x38,0x35,0x36,0x30,0x31,0x5a,0x30,0x21,0x02,0x10,
0x13,0x37,0x0b,0x41,0x8c,0x31,0x43,0x1c,0x27,0xaa,0xe1,0x83,0x0f,0x99,0x21,
0xcd,0x17,0x0d,0x30,0x32,0x30,0x37,0x32,0x32,0x31,0x32,0x31,0x37,0x31,0x36,
0x5a,0x30,0x21,0x02,0x10,0x14,0x7a,0x29,0x0a,0x09,0x38,0xf4,0x53,0x28,0x33,
0x6f,0x37,0x07,0x23,0x12,0x10,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x30,
0x32,0x30,0x30,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x15,0x04,0x81,0x1e,0xe2,
0x6f,0xf0,0xd8,0xdd,0x12,0x55,0x05,0x66,0x51,0x6e,0x1a,0x17,0x0d,0x30,0x32,
0x30,0x33,0x31,0x33,0x31,0x30,0x35,0x33,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,
0x15,0x30,0x0d,0x8a,0xbd,0x0e,0x89,0x0e,0x66,0x4f,0x49,0x93,0xa2,0x8f,0xbc,
0x2e,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x34,0x30,0x36,0x34,0x32,0x32,0x33,
0x5a,0x30,0x21,0x02,0x10,0x16,0xbe,0x64,0xd6,0x4f,0x90,0xf4,0xf7,0x2b,0xc8,
0xca,0x67,0x5c,0x82,0x13,0xe8,0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x36,0x31,
0x39,0x30,0x39,0x30,0x37,0x5a,0x30,0x21,0x02,0x10,0x18,0x51,0x9c,0xe4,0x48,
0x62,0x06,0xfe,0xb8,0x2d,0x93,0xb7,0xc9,0xc9,0x1b,0x4e,0x17,0x0d,0x30,0x32,
0x30,0x34,0x31,0x37,0x30,0x35,0x30,0x30,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,
0x19,0x82,0xdb,0x39,0x74,0x00,0x38,0x36,0x59,0xf6,0xcc,0xc1,0x23,0x8d,0x40,
0xe9,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,0x37,0x35,0x34,0x35,0x34,
0x5a,0x30,0x21,0x02,0x10,0x1b,0x51,0x90,0xf7,0x37,0x24,0x39,0x9c,0x92,0x54,
0xcd,0x42,0x46,0x37,0x99,0x6a,0x17,0x0d,0x30,0x31,0x30,0x31,0x33,0x30,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x21,0x02,0x10,0x1b,0xe4,0xb2,0xbb,0xb6,
0x74,0x5d,0x6b,0x8b,0x04,0xb6,0xa0,0x1b,0x35,0xeb,0x29,0x17,0x0d,0x30,0x32,
0x30,0x39,0x32,0x35,0x32,0x30,0x31,0x34,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,
0x1c,0x1d,0xd5,0x2a,0xf6,0xaa,0xfd,0xbb,0x47,0xc2,0x73,0x36,0xcf,0x53,0xbd,
0x81,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x31,0x39,0x30,0x33,0x34,0x32,
0x5a,0x30,0x21,0x02,0x10,0x1c,0xb0,0x5a,0x1f,0xfd,0xa6,0x98,0xf6,0x46,0xf9,
0x32,0x10,0x9e,0xef,0x52,0x8e,0x17,0x0d,0x30,0x32,0x30,0x36,0x32,0x37,0x31,
0x33,0x30,0x33,0x32,0x32,0x5a,0x30,0x21,0x02,0x10,0x1d,0x01,0xfc,0xa7,0xdd,
0xb4,0x0c,0x64,0xbd,0x65,0x45,0xe6,0xbf,0x1c,0x7e,0x90,0x17,0x0d,0x30,0x32,
0x30,0x32,0x32,0x31,0x30,0x34,0x32,0x30,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,
0x1e,0x4d,0xc9,0xc6,0x6e,0x57,0xda,0x8a,0x07,0x97,0x70,0xfa,0xee,0x9c,0xc5,
0x58,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x39,0x32,0x32,0x33,0x34,0x32,0x31,
0x5a,0x30,0x21,0x02,0x10,0x1e,0xbb,0x9b,0x28,0x61,0x50,0x7f,0x12,0x30,0xfb,
0x02,0xb5,0xe1,0xb0,0x7e,0x9d,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,
0x30,0x30,0x34,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x1f,0x5a,0x64,0xc9,0xa5,
0x51,0x8c,0xe2,0x2d,0x50,0x83,0xc2,0x4c,0x7c,0xe7,0x85,0x17,0x0d,0x30,0x32,
0x30,0x38,0x32,0x34,0x30,0x36,0x33,0x31,0x32,0x38,0x5a,0x30,0x21,0x02,0x10,
0x1f,0xc2,0x4e,0xd0,0xac,0x52,0xd3,0x39,0x18,0x6d,0xd0,0x0f,0x23,0xd7,0x45,
0x72,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x31,0x39,0x31,0x35,0x34,0x32,
0x5a,0x30,0x20,0x02,0x0f,0x24,0x60,0x7a,0x8e,0x0e,0x86,0xa4,0x88,0x68,0xaf,
0xd9,0x0c,0x6b,0xba,0xff,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x30,0x35,
0x31,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x20,0x41,0x73,0xbb,0x72,0x88,
0x6e,0x4b,0x1c,0xb6,0x70,0x02,0x67,0xaa,0x3b,0x3d,0x17,0x0d,0x30,0x32,0x30,
0x39,0x30,0x33,0x31,0x37,0x30,0x36,0x32,0x31,0x5a,0x30,0x21,0x02,0x10,0x20,
0x6e,0x0d,0xdc,0x8c,0xa4,0xac,0xf7,0x08,0x77,0x5c,0x80,0xf9,0xa3,0x68,0x92,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x32,0x30,0x35,0x37,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x21,0xe4,0x6b,0x98,0x47,0x91,0xe6,0x02,0xdf,0xb2,0x45,
0xbc,0x31,0x37,0xa0,0x7c,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x32,0x33,
0x32,0x33,0x31,0x33,0x5a,0x30,0x21,0x02,0x10,0x22,0x00,0x95,0x70,0x79,0xf9,
0x9c,0x34,0x91,0xbb,0x84,0xb9,0x91,0xde,0x22,0x55,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x33,0x30,0x36,0x35,0x39,0x33,0x39,0x5a,0x30,0x21,0x02,0x10,0x22,
0xf9,0x67,0x4f,0xcd,0x29,0xc6,0xdc,0xc8,0x22,0x6e,0xe9,0x0a,0xa1,0x48,0x5a,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x33,0x30,0x30,0x34,0x33,0x32,0x36,0x5a,
0x30,0x21,0x02,0x10,0x24,0xa3,0xa7,0xd0,0xb8,0x1d,0x1c,0xf7,0xe6,0x1f,0x6e,
0xba,0xc9,0x98,0x59,0xed,0x17,0x0d,0x30,0x33,0x30,0x37,0x32,0x34,0x32,0x30,
0x35,0x38,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x24,0xef,0x89,0xa1,0x30,0x4f,
0x51,0x63,0xfe,0xdb,0xdb,0x64,0x6e,0x4c,0x5a,0x81,0x17,0x0d,0x30,0x32,0x30,
0x37,0x30,0x33,0x30,0x39,0x32,0x31,0x31,0x37,0x5a,0x30,0x21,0x02,0x10,0x25,
0x08,0xe5,0xac,0xdd,0x6f,0x74,0x44,0x51,0x1a,0xf5,0xdb,0xf8,0xba,0x25,0xe0,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x39,0x30,0x34,0x31,0x36,0x32,0x32,0x5a,
0x30,0x21,0x02,0x10,0x25,0x81,0xe8,0x18,0x60,0x88,0xbc,0x1a,0xe9,0x14,0x84,
0xed,0xd4,0x62,0xf5,0x47,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x33,0x30,0x31,
0x35,0x37,0x31,0x39,0x5a,0x30,0x21,0x02,0x10,0x26,0xe5,0x5c,0xab,0x16,0xec,
0x61,0x38,0x49,0x2c,0xd2,0xb1,0x48,0x89,0xd5,0x47,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x33,0x31,0x38,0x30,0x30,0x33,0x38,0x5a,0x30,0x21,0x02,0x10,0x27,
0xbe,0xda,0x7f,0x4f,0x1f,0x6c,0x76,0x09,0xc0,0x9a,0xaf,0xd4,0x68,0xe2,0x16,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x30,0x31,0x38,0x33,0x32,0x33,0x30,0x5a,
0x30,0x21,0x02,0x10,0x28,0x89,0xd0,0xb3,0xb5,0xc4,0x56,0x36,0x9b,0x3e,0x81,
0x1a,0x21,0x56,0xaa,0x42,0x17,0x0d,0x30,0x32,0x31,0x31,0x30,0x34,0x31,0x31,
0x30,0x33,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x28,0xab,0x93,0x06,0xb1,0x1e,
0x05,0xe0,0xe1,0x25,0x75,0xc7,0x74,0xcb,0x55,0xa6,0x17,0x0d,0x30,0x33,0x30,
0x31,0x32,0x34,0x31,0x39,0x34,0x38,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x29,
0xe9,0x3b,0x44,0x8d,0xc3,0x4b,0x80,0x17,0xda,0xe4,0x1c,0x43,0x96,0x83,0x59,
0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x37,0x32,0x31,0x34,0x33,0x33,0x39,0x5a,
0x30,0x21,0x02,0x10,0x2a,0x08,0x64,0x2b,0x48,0xe2,0x17,0x89,0x6a,0x0c,0xf9,
0x7e,0x10,0x66,0x8f,0xe7,0x17,0x0d,0x30,0x32,0x30,0x38,0x31,0x39,0x31,0x38,
0x33,0x35,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x2a,0x44,0xee,0x91,0x5d,0xe3,
0xa5,0x2b,0x09,0xf3,0x56,0x59,0xe0,0x8f,0x25,0x22,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x31,0x31,0x39,0x33,0x31,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x2a,
0x8b,0x4e,0xa5,0xb6,0x06,0xc8,0x48,0x3b,0x0e,0x71,0x1e,0x6b,0xf4,0x16,0xc1,
0x17,0x0d,0x30,0x32,0x30,0x34,0x33,0x30,0x30,0x39,0x32,0x31,0x31,0x38,0x5a,
0x30,0x21,0x02,0x10,0x2b,0x03,0xfc,0x2f,0xc2,0x8e,0x38,0x29,0x6f,0xa1,0x0f,
0xe9,0x47,0x1b,0x35,0xd7,0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x34,0x32,0x30,
0x31,0x38,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x2c,0x48,0xf7,0xd6,0xd5,0x71,
0xc0,0xd1,0xbd,0x6a,0x00,0x65,0x1d,0x2d,0xa9,0xdd,0x17,0x0d,0x30,0x32,0x30,
0x33,0x30,0x36,0x31,0x37,0x32,0x30,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x2c,
0xbf,0x84,0x1d,0xe4,0x58,0x32,0x79,0x32,0x10,0x37,0xde,0xd7,0x94,0xff,0x85,
0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x31,0x39,0x30,0x32,0x32,0x35,0x5a,
0x30,0x21,0x02,0x10,0x2d,0x03,0x54,0x35,0x54,0x45,0x2c,0x6d,0x39,0xf0,0x1b,
0x74,0x68,0xde,0xcf,0x93,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x33,0x31,0x33,
0x32,0x33,0x33,0x37,0x5a,0x30,0x21,0x02,0x10,0x2d,0x24,0x94,0x34,0x19,0x92,
0xb1,0xf2,0x37,0x9d,0x6e,0xc5,0x35,0x93,0xdd,0xf0,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x35,0x31,0x37,0x31,0x37,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x2d,
0x47,0x24,0x61,0x87,0x91,0xba,0x2e,0xf2,0xf7,0x92,0x21,0xf3,0x1b,0x8b,0x1e,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x34,0x32,0x33,0x30,0x38,0x32,0x32,0x5a,
0x30,0x21,0x02,0x10,0x2d,0x84,0xc2,0xb1,0x01,0xa1,0x3a,0x6f,0xb0,0x30,0x13,
0x76,0x5a,0x69,0xec,0x41,0x17,0x0d,0x30,0x32,0x30,0x37,0x31,0x35,0x31,0x37,
0x32,0x39,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x2d,0xd5,0x26,0xc3,0xcd,0x01,
0xce,0xfd,0x67,0xb8,0x08,0xac,0x5a,0x70,0xc4,0x34,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x37,0x30,0x34,0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x2e,
0x2b,0x0a,0x94,0x4d,0xf1,0xa4,0x37,0xb7,0xa3,0x9b,0x4b,0x96,0x26,0xa8,0xe3,
0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x39,0x30,0x36,0x32,0x38,0x32,0x38,0x5a,
0x30,0x21,0x02,0x10,0x2e,0x31,0x30,0xc1,0x2e,0x16,0x31,0xd9,0x2b,0x0a,0x70,
0xca,0x3f,0x31,0x73,0x62,0x17,0x0d,0x30,0x33,0x30,0x31,0x32,0x39,0x30,0x31,
0x34,0x39,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x2e,0xbd,0x6d,0xdf,0xce,0x20,
0x6f,0xe7,0xa8,0xf4,0xf3,0x25,0x9c,0xc3,0xc1,0x12,0x17,0x0d,0x30,0x32,0x30,
0x39,0x32,0x30,0x31,0x33,0x35,0x34,0x34,0x32,0x5a,0x30,0x21,0x02,0x10,0x2f,
0x56,0x16,0x22,0xba,0x87,0xd5,0xfd,0xff,0xe6,0xb0,0xdd,0x3c,0x08,0x26,0x2c,
0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x33,0x31,0x37,0x35,0x33,0x31,0x31,0x5a,
0x30,0x21,0x02,0x10,0x30,0x3e,0x77,0x7b,0xec,0xcb,0x89,0x2c,0x15,0x55,0x7f,
0x20,0xf2,0x33,0xc1,0x1e,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x32,0x33,
0x35,0x30,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,0x30,0x59,0x6c,0xaa,0x5f,0xd3,
0xac,0x50,0x86,0x2c,0xc4,0xfa,0x3c,0x48,0x50,0xd1,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x31,0x30,0x34,0x31,0x39,0x33,0x35,0x5a,0x30,0x21,0x02,0x10,0x30,
0xce,0x9a,0xf1,0xfa,0x17,0xfa,0xf5,0x4c,0xbc,0x52,0x8a,0xf4,0x26,0x2b,0x7b,
0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x31,0x31,0x39,0x31,0x32,0x33,0x39,0x5a,
0x30,0x21,0x02,0x10,0x31,0x16,0x4a,0x6a,0x2e,0x6d,0x34,0x4d,0xd2,0x40,0xf0,
0x5f,0x47,0xe6,0x5b,0x47,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x32,0x31,0x37,
0x33,0x38,0x35,0x32,0x5a,0x30,0x21,0x02,0x10,0x31,0xdb,0x97,0x5b,0x06,0x63,
0x0b,0xd8,0xfe,0x06,0xb3,0xf5,0xf9,0x64,0x0a,0x59,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x32,0x31,0x35,0x35,0x39,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x32,
0xbc,0xeb,0x0c,0xca,0x65,0x06,0x3f,0xa4,0xd5,0x4a,0x56,0x46,0x7c,0x22,0x09,
0x17,0x0d,0x30,0x32,0x30,0x38,0x31,0x36,0x30,0x37,0x33,0x33,0x35,0x35,0x5a,
0x30,0x21,0x02,0x10,0x33,0x17,0xef,0xe1,0x89,0xec,0x11,0x25,0x15,0x8f,0x3b,
0x67,0x7a,0x64,0x0b,0x50,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x38,0x31,0x37,
0x30,0x33,0x34,0x36,0x5a,0x30,0x21,0x02,0x10,0x34,0x24,0xa0,0xd2,0x00,0x61,
0xeb,0xd3,0x9a,0xa7,0x2a,0x66,0xb4,0x82,0x23,0x77,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x35,0x32,0x32,0x34,0x33,0x33,0x39,0x5a,0x30,0x21,0x02,0x10,0x34,
0xa8,0x16,0x67,0xa5,0x1b,0xa3,0x31,0x11,0x5e,0x26,0xc8,0x3f,0x21,0x38,0xbe,
0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x31,0x32,0x31,0x31,0x36,0x32,0x31,0x5a,
0x30,0x21,0x02,0x10,0x36,0x3a,0xbe,0x05,0x55,0x52,0x93,0x4f,0x32,0x5f,0x30,
0x63,0xc0,0xd4,0x50,0xdf,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x31,
0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x37,0x19,0xcc,0xa5,0x9d,0x85,
0x05,0x56,0xe1,0x63,0x42,0x4b,0x0d,0x3c,0xbf,0xd6,0x17,0x0d,0x30,0x33,0x30,
0x31,0x30,0x38,0x31,0x38,0x35,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x37,
0x2f,0xfd,0x2b,0xec,0x4d,0x94,0x35,0x51,0xf4,0x07,0x2a,0xf5,0x0b,0x97,0xc4,
0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x31,0x39,0x31,0x38,0x30,0x31,0x5a,
0x30,0x21,0x02,0x10,0x37,0x83,0xf5,0x1e,0x7e,0xf4,0x5f,0xad,0x1f,0x0c,0x55,
0x86,0x30,0x02,0x54,0xc1,0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x38,0x32,0x30,
0x30,0x33,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x38,0x32,0x3e,0x50,0x2b,0x36,
0x93,0x01,0x32,0x0a,0x59,0x8c,0xce,0xad,0xa0,0xeb,0x17,0x0d,0x30,0x32,0x30,
0x34,0x33,0x30,0x32,0x31,0x32,0x34,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x3a,
0x62,0xd8,0x64,0xd3,0x85,0xd5,0x61,0x1d,0x9d,0x3f,0x61,0x25,0xe9,0x3a,0x1d,
0x17,0x0d,0x30,0x32,0x30,0x36,0x31,0x37,0x31,0x35,0x31,0x39,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x3a,0x97,0x36,0xb1,0x26,0x14,0x73,0x50,0xa3,0xcc,0x3f,
0xd0,0x3b,0x83,0x99,0xc9,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x31,0x30,0x33,
0x32,0x39,0x33,0x30,0x5a,0x30,0x21,0x02,0x10,0x3b,0x87,0x3e,0x20,0xbe,0x97,
0xff,0xa7,0x6b,0x2b,0x5f,0xff,0x9a,0x7f,0x4c,0x95,0x17,0x0d,0x30,0x32,0x30,
0x37,0x30,0x33,0x30,0x30,0x33,0x31,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x3b,
0xba,0xe5,0xf2,0x23,0x99,0xc6,0xd7,0xae,0xe2,0x98,0x0d,0xa4,0x13,0x5c,0xd4,
0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x34,0x31,0x39,0x32,0x38,0x34,0x35,0x5a,
0x30,0x21,0x02,0x10,0x3b,0xc2,0x7c,0xf0,0xbd,0xd2,0x9a,0x6f,0x97,0xdd,0x76,
0xbc,0xa9,0x6c,0x45,0x0d,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x30,
0x34,0x32,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x3b,0xc5,0xda,0x41,0x64,0x7a,
0x37,0x8e,0x9f,0x7f,0x1f,0x9b,0x25,0x0a,0xb4,0xda,0x17,0x0d,0x30,0x32,0x30,
0x33,0x30,0x36,0x31,0x33,0x32,0x34,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x3c,
0x1b,0xf1,0x9a,0x48,0xb0,0xb8,0xa0,0x45,0xd5,0x8f,0x0f,0x57,0x90,0xc2,0xcd,
0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x38,0x30,0x36,0x34,0x33,0x32,0x33,0x5a,
0x30,0x21,0x02,0x10,0x3d,0x15,0x48,0x80,0xb4,0xfe,0x51,0x7e,0xed,0x46,0xae,
0x51,0xfd,0x47,0x73,0xde,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x37,0x30,0x39,
0x32,0x30,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x3d,0x61,0x4e,0x87,0xea,0x39,
0x02,0xf3,0x1e,0x3e,0x56,0x5c,0x0e,0x3b,0xa7,0xe3,0x17,0x0d,0x30,0x32,0x31,
0x30,0x32,0x39,0x31,0x39,0x35,0x34,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x3d,
0xdd,0x61,0x92,0x82,0x69,0x6b,0x01,0x79,0x0e,0xef,0x96,0x12,0xa3,0x76,0x80,
0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x31,0x32,0x32,0x32,0x34,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x3e,0x0e,0x14,0x71,0x55,0xf3,0x48,0x09,0x1b,0x56,0x3b,
0x91,0x7a,0x7d,0xec,0xc9,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x31,0x32,0x31,
0x34,0x35,0x35,0x31,0x5a,0x30,0x21,0x02,0x10,0x3e,0x23,0x00,0x1f,0x9b,0xbd,
0xe8,0xb1,0xf0,0x06,0x67,0xa6,0x70,0x42,0x2e,0xc3,0x17,0x0d,0x30,0x32,0x30,
0x38,0x30,0x38,0x31,0x32,0x32,0x31,0x33,0x32,0x5a,0x30,0x21,0x02,0x10,0x41,
0x91,0x1a,0x8c,0xde,0x2d,0xb3,0xeb,0x79,0x1d,0xc7,0x99,0x99,0xbe,0x0c,0x0e,
0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x35,0x31,0x39,0x31,0x38,0x35,0x34,0x5a,
0x30,0x21,0x02,0x10,0x41,0xa8,0xd7,0x9c,0x10,0x5e,0x5a,0xac,0x16,0x7f,0x93,
0xaa,0xd1,0x83,0x34,0x55,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x31,0x32,
0x35,0x33,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x42,0x88,0x96,0xb0,0x7b,0x28,
0xa2,0xfa,0x2f,0x91,0x73,0x58,0xa7,0x1e,0x53,0x7c,0x17,0x0d,0x30,0x33,0x30,
0x33,0x30,0x31,0x30,0x39,0x34,0x33,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,0x42,
0x93,0x2f,0xd2,0x54,0xd3,0x94,0xd0,0x41,0x6a,0x2e,0x33,0x8b,0x81,0xb4,0x3c,
0x17,0x0d,0x30,0x32,0x30,0x38,0x30,0x38,0x30,0x30,0x34,0x38,0x34,0x36,0x5a,
0x30,0x21,0x02,0x10,0x44,0x24,0xdd,0xba,0x85,0xfd,0x3e,0xb2,0xb8,0x17,0x74,
0xfd,0x9d,0x5c,0x0c,0xbd,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x31,0x31,0x36,
0x30,0x39,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x45,0x02,0x18,0x7d,0x39,0x9c,
0xb9,0x14,0xfb,0x10,0x37,0x96,0xf4,0xc1,0xdd,0x2f,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x31,0x31,0x31,0x31,0x31,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,0x45,
0x16,0xbc,0x31,0x0b,0x4e,0x87,0x0a,0xcc,0xe3,0xd5,0x14,0x16,0x33,0x11,0x83,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x32,0x30,0x32,0x32,0x30,0x31,0x37,0x5a,
0x30,0x21,0x02,0x10,0x46,0x16,0x36,0xde,0x3f,0xef,0x8c,0xfa,0x67,0x53,0x12,
0xcc,0x76,0x63,0xd6,0xdd,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x34,0x31,0x36,
0x35,0x39,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x46,0x5f,0x85,0xa3,0xa4,0x98,
0x3c,0x40,0x63,0xf6,0x1c,0xf7,0xc2,0xbe,0xfd,0x0e,0x17,0x0d,0x30,0x32,0x30,
0x34,0x30,0x39,0x31,0x35,0x33,0x30,0x30,0x35,0x5a,0x30,0x21,0x02,0x10,0x47,
0x20,0xc2,0xd8,0x85,0x85,0x54,0x39,0xcd,0xf2,0x10,0xf0,0xa7,0x88,0x52,0x75,
0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x30,0x32,0x32,0x32,0x35,0x32,0x37,0x5a,
0x30,0x21,0x02,0x10,0x47,0x42,0x6e,0xa2,0xab,0xc5,0x33,0x5d,0x50,0x44,0x0b,
0x88,0x97,0x84,0x59,0x4c,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x35,0x31,0x34,
0x30,0x35,0x31,0x39,0x5a,0x30,0x21,0x02,0x10,0x49,0x20,0x3f,0xa8,0x6e,0x81,
0xc8,0x3b,0x26,0x05,0xf4,0xa7,0x9b,0x5a,0x81,0x60,0x17,0x0d,0x30,0x32,0x30,
0x37,0x31,0x31,0x31,0x37,0x35,0x30,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x49,
0x8b,0x6f,0x05,0xfb,0xcb,0xf4,0x5a,0xaf,0x09,0x47,0xb1,0x04,0xc5,0xe3,0x51,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x32,0x31,0x37,0x34,0x38,0x30,0x38,0x5a,
0x30,0x21,0x02,0x10,0x49,0xb2,0xc3,0x7a,0xbf,0x75,0x2a,0xb3,0x13,0xae,0x53,
0xc6,0xcb,0x45,0x5a,0x3e,0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x35,0x32,0x31,
0x33,0x35,0x33,0x37,0x5a,0x30,0x21,0x02,0x10,0x4b,0xca,0xc3,0xab,0x0a,0xc5,
0xcd,0x90,0xa2,0xbe,0x43,0xfe,0xdd,0x06,0xe1,0x45,0x17,0x0d,0x30,0x32,0x30,
0x37,0x32,0x30,0x31,0x37,0x33,0x32,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x4c,
0x00,0xcc,0x73,0xd5,0x74,0x61,0x62,0x92,0x52,0xff,0xde,0x5b,0xc1,0x55,0xbd,
0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x36,0x31,0x34,0x30,0x31,0x35,0x31,0x5a,
0x30,0x21,0x02,0x10,0x4c,0x59,0xc1,0xc3,0x56,0x40,0x27,0xd4,0x22,0x0e,0x37,
0xf6,0x5f,0x26,0x50,0xc5,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x30,0x39,
0x35,0x37,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x4c,0xca,0x12,0x59,0x46,0xf9,
0x2b,0xc6,0x7d,0x33,0x78,0x40,0x2c,0x3b,0x7a,0x0c,0x17,0x0d,0x30,0x32,0x30,
0x35,0x33,0x30,0x32,0x30,0x32,0x34,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x4d,
0x57,0x51,0x35,0x9b,0xe5,0x41,0x2c,0x69,0x66,0xc7,0x21,0xec,0xc6,0x29,0x32,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x30,0x34,0x33,0x35,0x35,0x36,0x5a,
0x30,0x21,0x02,0x10,0x4e,0x85,0xab,0x9e,0x17,0x54,0xe7,0x42,0x0f,0x8c,0xa1,
0x65,0x96,0x88,0x53,0x54,0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x38,0x30,0x30,
0x31,0x38,0x35,0x33,0x5a,0x30,0x21,0x02,0x10,0x50,0x3d,0xed,0xac,0x21,0x86,
0x66,0x5d,0xa5,0x1a,0x13,0xee,0xfc,0xa7,0x0b,0xc6,0x17,0x0d,0x30,0x32,0x30,
0x32,0x31,0x38,0x31,0x33,0x35,0x35,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,0x50,
0xa3,0x81,0x9c,0xcb,0x22,0xe4,0x0f,0x80,0xcb,0x7a,0xec,0x35,0xf8,0x73,0x82,
0x17,0x0d,0x30,0x32,0x31,0x30,0x30,0x35,0x31,0x36,0x35,0x39,0x35,0x39,0x5a,
0x30,0x21,0x02,0x10,0x51,0x28,0x73,0x26,0x17,0xcf,0x10,0x6e,0xeb,0x4a,0x03,
0x74,0xa3,0x35,0xe5,0x60,0x17,0x0d,0x30,0x33,0x30,0x36,0x31,0x33,0x31,0x30,
0x30,0x39,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x51,0x52,0xff,0xdc,0x69,0x6b,
0x1f,0x1f,0xff,0x7c,0xb1,0x7f,0x03,0x90,0xa9,0x6b,0x17,0x0d,0x30,0x32,0x30,
0x36,0x31,0x34,0x31,0x36,0x30,0x34,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x52,
0xd9,0x53,0x69,0x9f,0xec,0xab,0xdd,0x5d,0x2a,0x2f,0xaa,0x57,0x86,0xb9,0x1f,
0x17,0x0d,0x30,0x32,0x30,0x38,0x33,0x30,0x32,0x33,0x34,0x36,0x34,0x33,0x5a,
0x30,0x21,0x02,0x10,0x54,0x46,0xa8,0x8f,0x69,0x2e,0x02,0xf4,0xb4,0xb2,0x69,
0xda,0xbd,0x40,0x02,0xe0,0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x36,0x30,0x31,
0x35,0x36,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x54,0xb5,0x81,0x73,0xb5,0x7c,
0x6d,0xba,0x5c,0x99,0x0d,0xff,0x0a,0x4d,0xee,0xef,0x17,0x0d,0x30,0x32,0x30,
0x37,0x32,0x34,0x31,0x36,0x33,0x39,0x35,0x31,0x5a,0x30,0x21,0x02,0x10,0x57,
0x91,0x41,0x20,0x9f,0x57,0x6f,0x42,0x53,0x4e,0x19,0xcc,0xe4,0xc8,0x52,0x4a,
0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x38,0x32,0x33,0x32,0x34,0x30,0x30,0x5a,
0x30,0x21,0x02,0x10,0x57,0xc6,0xdc,0xa0,0xed,0xbf,0x77,0xdd,0x7e,0x18,0x68,
0x83,0x57,0x0c,0x2a,0x4f,0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x31,0x31,0x34,
0x30,0x36,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x57,0xed,0xe2,0x5b,0xe2,0x62,
0x3f,0x98,0xe1,0xf5,0x4d,0x30,0xa4,0x0e,0xdf,0xdf,0x17,0x0d,0x30,0x32,0x30,
0x36,0x30,0x39,0x30,0x31,0x34,0x37,0x31,0x38,0x5a,0x30,0x21,0x02,0x10,0x58,
0x47,0xd9,0xbd,0x83,0x1a,0x63,0x6f,0xb7,0x63,0x7f,0x4a,0x56,0x5e,0x8e,0x4d,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x35,0x31,0x37,0x32,0x33,0x30,0x33,0x5a,
0x30,0x21,0x02,0x10,0x58,0xc6,0x62,0x99,0x80,0xe6,0x0c,0x4f,0x00,0x8b,0x25,
0x38,0x93,0xe6,0x18,0x10,0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x36,0x30,0x37,
0x30,0x39,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x59,0x52,0x09,0x0e,0x99,0xf3,
0xa9,0xe5,0x2f,0xed,0xa9,0xb2,0xd8,0x61,0xe7,0xea,0x17,0x0d,0x30,0x32,0x30,
0x36,0x32,0x36,0x31,0x34,0x31,0x38,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x59,
0x5c,0xaa,0xfb,0xbe,0xfb,0x73,0xd1,0xf4,0xab,0xc8,0xe3,0x3d,0x01,0x04,0xdd,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x37,0x32,0x32,0x32,0x30,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x59,0x97,0x59,0xa7,0x3d,0xb0,0xd9,0x7e,0xff,0x2a,0xcb,
0x31,0xcc,0x66,0xf3,0x85,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x32,0x30,0x30,
0x35,0x35,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x59,0xdd,0x45,0x36,0x61,0xd9,
0x3e,0xe9,0xff,0xbd,0xad,0x2e,0xbf,0x9a,0x5d,0x98,0x17,0x0d,0x30,0x32,0x30,
0x37,0x30,0x32,0x32,0x30,0x34,0x30,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x5a,
0x4b,0x48,0x18,0xa9,0x2a,0x9c,0xd5,0x91,0x2f,0x4f,0xa4,0xf8,0xb3,0x1b,0x4d,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x34,0x32,0x33,0x33,0x33,0x31,0x32,0x5a,
0x30,0x21,0x02,0x10,0x5a,0xdf,0x32,0x0d,0x64,0xeb,0x9b,0xd2,0x11,0xe2,0x58,
0x50,0xbe,0x93,0x0c,0x65,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x35,0x31,0x37,
0x30,0x37,0x32,0x31,0x5a,0x30,0x21,0x02,0x10,0x5b,0x23,0xbf,0xbb,0xc4,0xb3,
0xf4,0x02,0xe9,0xcb,0x10,0x9e,0xee,0xa5,0x3f,0xcd,0x17,0x0d,0x30,0x32,0x30,
0x33,0x32,0x39,0x31,0x36,0x32,0x36,0x35,0x39,0x5a,0x30,0x21,0x02,0x10,0x5b,
0x51,0xbc,0x38,0xbf,0xaf,0x9f,0x27,0xa9,0xc7,0xed,0x25,0xd0,0x8d,0xec,0x2e,
0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x30,0x32,0x35,0x32,0x30,0x5a,
0x30,0x21,0x02,0x10,0x5c,0x29,0x7f,0x46,0x61,0xdd,0x47,0x90,0x82,0x91,0xbd,
0x79,0x22,0x6a,0x98,0x38,0x17,0x0d,0x30,0x32,0x31,0x31,0x30,0x38,0x31,0x35,
0x35,0x34,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x5e,0x38,0xf7,0x5b,0x00,0xf1,
0xef,0x1c,0xb6,0xff,0xd5,0x5c,0x74,0xfb,0x95,0x5d,0x17,0x0d,0x30,0x32,0x31,
0x31,0x32,0x33,0x30,0x31,0x34,0x39,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x5e,
0x88,0xbe,0xb6,0xb4,0xb2,0xaa,0xb0,0x92,0xf3,0xf6,0xc2,0xbc,0x72,0x21,0xca,
0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x34,0x30,0x37,0x31,0x32,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x5f,0x59,0xa0,0xbb,0xaf,0x26,0xc8,0xc1,0xb4,0x04,0x3a,
0xbb,0xfc,0x4c,0x75,0xa5,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x36,0x31,0x35,
0x35,0x31,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x5f,0x81,0x08,0x0f,0xa0,0xcd,
0x44,0x73,0x23,0x58,0x8e,0x49,0x9f,0xb5,0x08,0x35,0x17,0x0d,0x30,0x32,0x30,
0x36,0x31,0x39,0x31,0x34,0x31,0x37,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x5f,
0xba,0x1f,0x8f,0xb2,0x23,0x56,0xdd,0xbc,0xa6,0x72,0xb0,0x99,0x13,0xb5,0xb2,
0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x36,0x30,0x38,0x34,0x37,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x60,0x09,0xd5,0xb7,0x6b,0xf1,0x16,0x4a,0xfa,0xd0,0xa5,
0x4c,0x8e,0xdd,0x02,0xcb,0x17,0x0d,0x30,0x32,0x30,0x36,0x31,0x37,0x31,0x36,
0x31,0x32,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x60,0x1d,0x19,0xd8,0x55,0xd5,
0x14,0xd5,0xff,0x03,0x0d,0xad,0x5c,0x07,0x4c,0xe7,0x17,0x0d,0x30,0x32,0x30,
0x37,0x31,0x35,0x32,0x33,0x30,0x31,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x60,
0x24,0x67,0xc3,0x0b,0xad,0x53,0x8f,0xce,0x89,0x05,0xb5,0x87,0xaf,0x7c,0xe4,
0x17,0x0d,0x30,0x32,0x31,0x30,0x30,0x38,0x32,0x30,0x33,0x38,0x35,0x32,0x5a,
0x30,0x21,0x02,0x10,0x60,0x5c,0xf3,0x3d,0x22,0x23,0x39,0x3f,0xe6,0x21,0x09,
0xfd,0xdd,0x77,0xc2,0x8f,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x32,0x31,0x37,
0x32,0x37,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x60,0xa2,0x5e,0xbf,0x07,0x83,
0xa3,0x18,0x56,0x18,0x48,0x63,0xa7,0xfd,0xc7,0x63,0x17,0x0d,0x30,0x32,0x30,
0x35,0x30,0x39,0x31,0x39,0x35,0x32,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x60,
0xc2,0xad,0xa8,0x0e,0xf9,0x9a,0x66,0x5d,0xa2,0x75,0x04,0x5e,0x5c,0x71,0xc2,
0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x32,0x31,0x33,0x33,0x36,0x31,0x37,0x5a,
0x30,0x21,0x02,0x10,0x60,0xdb,0x1d,0x37,0x34,0xf6,0x02,0x9d,0x68,0x1b,0x70,
0xf1,0x13,0x00,0x2f,0x80,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x30,0x39,
0x35,0x35,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x61,0xf0,0x38,0xea,0xbc,0x17,
0x0d,0x11,0xd2,0x89,0xee,0x87,0x50,0x57,0xa0,0xed,0x17,0x0d,0x30,0x33,0x30,
0x31,0x32,0x39,0x31,0x37,0x34,0x31,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x61,
0xfa,0x9b,0xeb,0x58,0xf9,0xe5,0xa5,0x9e,0x79,0xa8,0x3d,0x79,0xac,0x35,0x97,
0x17,0x0d,0x30,0x32,0x31,0x30,0x31,0x30,0x32,0x30,0x31,0x36,0x33,0x37,0x5a,
0x30,0x21,0x02,0x10,0x62,0x44,0x57,0x24,0x41,0xc0,0x89,0x3f,0x5b,0xd2,0xbd,
0xe7,0x2f,0x75,0x41,0xfa,0x17,0x0d,0x30,0x32,0x30,0x38,0x30,0x38,0x31,0x38,
0x33,0x30,0x31,0x35,0x5a,0x30,0x21,0x02,0x10,0x62,0x51,0x3a,0x2d,0x8d,0x82,
0x39,0x65,0xfe,0xf6,0x8a,0xc8,0x4e,0x29,0x91,0xfd,0x17,0x0d,0x30,0x32,0x30,
0x39,0x32,0x36,0x30,0x30,0x35,0x34,0x33,0x34,0x5a,0x30,0x21,0x02,0x10,0x62,
0x52,0x49,0x49,0xf2,0x51,0x67,0x7a,0xe2,0xee,0xc9,0x0c,0x23,0x11,0x3d,0xb2,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x37,0x31,0x38,0x30,0x36,0x35,0x35,0x5a,
0x30,0x21,0x02,0x10,0x63,0x52,0xbd,0xdc,0xb7,0xbf,0xbb,0x90,0x6c,0x82,0xee,
0xb5,0xa3,0x9f,0xd8,0xc9,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x31,0x36,
0x33,0x30,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x63,0x5e,0x6b,0xe9,0xea,0x3d,
0xd6,0x3b,0xc3,0x4d,0x09,0xc3,0x13,0xdb,0xdd,0xbc,0x17,0x0d,0x30,0x33,0x30,
0x36,0x30,0x32,0x31,0x34,0x34,0x37,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x63,
0xda,0x0b,0xd5,0x13,0x1e,0x98,0x83,0x32,0xa2,0x3a,0x4b,0xdf,0x8c,0x89,0x86,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x35,0x30,0x38,0x30,0x38,0x31,0x33,0x5a,
0x30,0x21,0x02,0x10,0x64,0xfe,0xf0,0x1a,0x3a,0xed,0x89,0xf8,0xb5,0x34,0xd3,
0x1e,0x0f,0xce,0x0d,0xce,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x38,0x32,0x31,
0x30,0x36,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x65,0xa7,0x49,0xd8,0x37,0x22,
0x4b,0x4a,0xe5,0xcf,0xa3,0xfe,0xd6,0x3b,0xc0,0x67,0x17,0x0d,0x30,0x32,0x31,
0x32,0x30,0x34,0x31,0x37,0x31,0x34,0x31,0x36,0x5a,0x30,0x21,0x02,0x10,0x65,
0xc9,0x9e,0x47,0x76,0x98,0x0d,0x9e,0x57,0xe4,0xae,0xc5,0x1c,0x3e,0xf2,0xe7,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x33,0x31,0x34,0x30,0x38,0x31,0x38,0x5a,
0x30,0x21,0x02,0x10,0x65,0xe0,0x7b,0xc5,0x74,0xe4,0xab,0x01,0x4f,0xa3,0x5e,
0xd6,0xeb,0xcd,0xd5,0x69,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x33,0x31,0x37,
0x32,0x34,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,0x66,0x51,0xb7,0xe5,0x62,0xb7,
0xe3,0x31,0xc0,0xee,0xf2,0xe8,0xfe,0x84,0x6a,0x4e,0x17,0x0d,0x30,0x32,0x30,
0x39,0x30,0x36,0x31,0x33,0x32,0x33,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x67,
0x7c,0x76,0xac,0x66,0x5a,0x6b,0x41,0x5c,0x07,0x83,0x02,0xd6,0xd9,0x63,0xc0,
0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x38,0x31,0x33,0x35,0x35,0x31,0x30,0x5a,
0x30,0x21,0x02,0x10,0x68,0x67,0xde,0xb3,0xaa,0x20,0xcf,0x4b,0x34,0xa5,0xe0,
0xc8,0xc0,0xc5,0xc9,0xa4,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x32,0x30,0x31,
0x30,0x39,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x69,0x23,0x34,0x5d,0x75,0x04,
0xdc,0x99,0xbd,0xce,0x8d,0x21,0xb4,0x6b,0x10,0xfc,0x17,0x0d,0x30,0x32,0x30,
0x39,0x30,0x33,0x31,0x33,0x31,0x39,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x69,
0x9f,0x20,0x31,0xd1,0x3f,0xfa,0x1e,0x70,0x2e,0x37,0xd5,0x9a,0x8c,0x0a,0x16,
0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x30,0x30,0x39,0x30,0x31,0x33,0x35,0x5a,
0x30,0x21,0x02,0x10,0x6a,0x94,0xd6,0x25,0xd0,0x67,0xe4,0x4d,0x79,0x2b,0xc6,
0xd5,0xc9,0x4a,0x7f,0xc6,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x31,0x31,0x39,
0x31,0x35,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x6b,0x5c,0xa4,0x45,0x5b,0xe9,
0xcf,0xe7,0x3b,0x29,0xb1,0x32,0xd7,0xa1,0x04,0x3d,0x17,0x0d,0x30,0x32,0x31,
0x30,0x31,0x38,0x31,0x35,0x34,0x33,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x6b,
0xc0,0x7d,0x4f,0x18,0xfe,0xb7,0x07,0xe8,0x56,0x9a,0x6c,0x40,0x0f,0x36,0x53,
0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x32,0x31,0x30,0x31,0x32,0x36,0x5a,
0x30,0x21,0x02,0x10,0x6b,0xe1,0xdd,0x36,0x3b,0xec,0xe0,0xa9,0xf5,0x92,0x7e,
0x33,0xbf,0xed,0x48,0x46,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x37,0x31,0x34,
0x34,0x32,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,0x6c,0xac,0xeb,0x37,0x2b,0x6a,
0x42,0xe2,0xca,0xc8,0xd2,0xda,0xb8,0xb9,0x82,0x6a,0x17,0x0d,0x30,0x32,0x30,
0x33,0x30,0x31,0x31,0x34,0x32,0x38,0x33,0x34,0x5a,0x30,0x21,0x02,0x10,0x6d,
0x98,0x1b,0xb4,0x76,0xd1,0x62,0x59,0xa1,0x3c,0xee,0xd2,0x21,0xd8,0xdf,0x4c,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x34,0x31,0x37,0x35,0x36,0x31,0x32,0x5a,
0x30,0x21,0x02,0x10,0x6d,0xdd,0x0b,0x5a,0x3c,0x9c,0xab,0xd3,0x3b,0xd9,0x16,
0xec,0x69,0x74,0xfb,0x9a,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x31,0x32,
0x32,0x36,0x33,0x38,0x5a,0x30,0x21,0x02,0x10,0x6e,0xde,0xfd,0x89,0x36,0xae,
0xa0,0x41,0x8d,0x5c,0xec,0x2e,0x90,0x31,0xf8,0x9a,0x17,0x0d,0x30,0x32,0x30,
0x34,0x30,0x38,0x32,0x32,0x33,0x36,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x6f,
0xb2,0x6b,0x4c,0x48,0xca,0xfe,0xe6,0x69,0x9a,0x06,0x63,0xc4,0x32,0x96,0xc1,
0x17,0x0d,0x30,0x33,0x30,0x31,0x31,0x37,0x31,0x37,0x32,0x37,0x32,0x35,0x5a,
0x30,0x21,0x02,0x10,0x70,0x0b,0xe1,0xee,0x44,0x89,0x51,0x52,0x65,0x27,0x2c,
0x2d,0x34,0x7c,0xe0,0x8d,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x38,0x30,0x30,
0x33,0x36,0x30,0x30,0x5a,0x30,0x21,0x02,0x10,0x70,0x2d,0xc0,0xa6,0xb8,0xa5,
0xa0,0xda,0x48,0x59,0xb3,0x96,0x34,0x80,0xc8,0x25,0x17,0x0d,0x30,0x32,0x30,
0x38,0x33,0x30,0x31,0x34,0x30,0x31,0x30,0x31,0x5a,0x30,0x21,0x02,0x10,0x70,
0xe1,0xd9,0x92,0xcd,0x76,0x42,0x63,0x51,0x6e,0xcd,0x8c,0x09,0x29,0x17,0x48,
0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x37,0x31,0x31,0x31,0x30,0x34,0x31,0x5a,
0x30,0x21,0x02,0x10,0x72,0x38,0xe4,0x91,0x6a,0x7a,0x8a,0xf3,0xbf,0xf0,0xd8,
0xe0,0xa4,0x70,0x8d,0xa8,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x34,0x31,0x39,
0x30,0x36,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x72,0x97,0xa1,0xd8,0x9c,0x3b,
0x00,0xc2,0xc4,0x26,0x2d,0x06,0x2b,0x29,0x76,0x4e,0x17,0x0d,0x30,0x32,0x30,
0x36,0x31,0x38,0x31,0x35,0x30,0x39,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x72,
0xd2,0x23,0x9b,0xf2,0x33,0xe9,0x7c,0xcf,0xb6,0xa9,0x41,0xd5,0x0e,0x5c,0x39,
0x17,0x0d,0x30,0x33,0x30,0x34,0x30,0x39,0x31,0x37,0x30,0x32,0x32,0x39,0x5a,
0x30,0x21,0x02,0x10,0x74,0x5c,0x9c,0xf9,0xaa,0xc3,0xfa,0x94,0x3c,0x25,0x39,
0x65,0x44,0x95,0x13,0xf1,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x39,0x32,0x33,
0x35,0x33,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x74,0x98,0x7f,0x68,0xad,0x17,
0x92,0x93,0xf2,0x65,0x94,0x0c,0x33,0xe6,0xbd,0x49,0x17,0x0d,0x30,0x32,0x30,
0x34,0x32,0x33,0x30,0x37,0x34,0x34,0x31,0x38,0x5a,0x30,0x21,0x02,0x10,0x75,
0x0e,0x40,0xff,0x97,0xf0,0x47,0xed,0xf5,0x56,0xc7,0x08,0x4e,0xb1,0xab,0xfd,
0x17,0x0d,0x30,0x31,0x30,0x31,0x33,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,
0x30,0x21,0x02,0x10,0x75,0x26,0x51,0x59,0x65,0xb7,0x33,0x32,0x5f,0xe6,0xcd,
0xaa,0x30,0x65,0x78,0xe0,0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x36,0x31,0x38,
0x32,0x34,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,0x76,0x13,0x6f,0xbf,0xc8,0xde,
0xd9,0x36,0x30,0x39,0xcc,0x85,0x8f,0x00,0x2f,0x19,0x17,0x0d,0x30,0x32,0x30,
0x33,0x31,0x34,0x30,0x39,0x34,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x76,
0x52,0x78,0x89,0x44,0xfa,0xc1,0xb3,0xd7,0xc9,0x4c,0xb3,0x32,0x95,0xaf,0x03,
0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x34,0x31,0x39,0x31,0x35,0x34,0x33,0x5a,
0x30,0x21,0x02,0x10,0x77,0x5d,0x4c,0x40,0xd9,0x8d,0xfa,0xc8,0x9a,0x24,0x8d,
0x47,0x10,0x90,0x4a,0x0a,0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x39,0x30,0x31,
0x31,0x33,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x77,0xe6,0x5a,0x43,0x59,0x93,
0x5d,0x5f,0x7a,0x75,0x80,0x1a,0xcd,0xad,0xc2,0x22,0x17,0x0d,0x30,0x30,0x30,
0x38,0x33,0x31,0x31,0x38,0x32,0x32,0x35,0x30,0x5a,0x30,0x21,0x02,0x10,0x78,
0x19,0xf1,0xb6,0x87,0x83,0xaf,0xdf,0x60,0x8d,0x9a,0x64,0x0d,0xec,0xe0,0x51,
0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x30,0x31,0x37,0x32,0x38,0x31,0x36,0x5a,
0x30,0x21,0x02,0x10,0x78,0x64,0x65,0x8f,0x82,0x79,0xdb,0xa5,0x1c,0x47,0x10,
0x1d,0x72,0x23,0x66,0x52,0x17,0x0d,0x30,0x33,0x30,0x31,0x32,0x34,0x31,0x38,
0x34,0x35,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x78,0x64,0xe1,0xc0,0x69,0x8f,
0x3a,0xc7,0x8b,0x23,0xe3,0x29,0xb1,0xee,0xa9,0x41,0x17,0x0d,0x30,0x32,0x30,
0x35,0x30,0x38,0x31,0x37,0x34,0x36,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x78,
0x79,0x89,0x61,0x12,0x67,0x64,0x14,0xfd,0x08,0xcc,0xb3,0x05,0x55,0xc0,0x67,
0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x32,0x31,0x33,0x31,0x38,0x35,0x33,0x5a,
0x30,0x21,0x02,0x10,0x78,0x8a,0x56,0x22,0x08,0xce,0x42,0xee,0xd1,0xa3,0x79,
0x10,0x14,0xfd,0x3a,0x36,0x17,0x0d,0x30,0x33,0x30,0x32,0x30,0x35,0x31,0x36,
0x35,0x33,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x7a,0xa0,0x6c,0xba,0x33,0x02,
0xac,0x5f,0xf5,0x0b,0xb6,0x77,0x61,0xef,0x77,0x09,0x17,0x0d,0x30,0x32,0x30,
0x32,0x32,0x38,0x31,0x37,0x35,0x35,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x7b,
0x91,0x33,0x66,0x6c,0xf0,0xd4,0xe3,0x9d,0xf6,0x88,0x29,0x9b,0xf7,0xd0,0xea,
0x17,0x0d,0x30,0x32,0x31,0x31,0x32,0x30,0x32,0x32,0x31,0x36,0x34,0x39,0x5a,
0x30,0x21,0x02,0x10,0x7c,0xef,0xf2,0x0a,0x08,0xae,0x10,0x57,0x1e,0xde,0xdc,
0xd6,0x63,0x76,0xb0,0x5d,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x31,0x30,
0x32,0x32,0x33,0x30,0x5a,0x30,0x21,0x02,0x10,0x7f,0x76,0xef,0x69,0xeb,0xf5,
0x3f,0x53,0x2e,0xaa,0xa5,0xed,0xde,0xc0,0xb4,0x06,0x17,0x0d,0x30,0x32,0x30,
0x35,0x30,0x31,0x30,0x33,0x33,0x33,0x30,0x37,0x5a,0x30,0x21,0x02,0x10,0x7f,
0xcb,0x6b,0x99,0x91,0xd0,0x76,0xe1,0x3c,0x0e,0x67,0x15,0xc4,0xd4,0x4d,0x7b,
0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x32,0x31,0x31,0x38,0x34,0x30,0x5a,
0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,
0x03,0x81,0x81,0x00,0x5c,0xb9,0xb3,0xbe,0xd3,0xd6,0x73,0xa3,0xfe,0x4a,0xb2,
0x21,0x80,0xea,0xaa,0x05,0x61,0x14,0x1d,0x67,0xb1,0xdf,0xa6,0xf9,0x42,0x08,
0x0d,0x59,0x62,0x9c,0x11,0x5f,0x0e,0x92,0xc5,0xc6,0xae,0x74,0x64,0xc7,0x84,
0x3e,0x64,0x43,0xd2,0xec,0xbb,0xe1,0x9b,0x52,0x74,0x57,0xcf,0x96,0xef,0x68,
0x02,0x7a,0x7b,0x36,0xb7,0xc6,0x9a,0x5f,0xca,0x9c,0x37,0x47,0xc8,0x3a,0x5c,
0x34,0x35,0x3b,0x4b,0xca,0x20,0x77,0x44,0x68,0x07,0x02,0x34,0x46,0xaa,0x0f,
0xd0,0x4d,0xd9,0x47,0xf4,0xb3,0x2d,0xb1,0x44,0xa5,0x69,0xa9,0x85,0x13,0x43,
0xcd,0xcc,0x1d,0x9a,0xe6,0x2d,0xfd,0x9f,0xdc,0x2f,0x83,0xbb,0x8c,0xe2,0x8c,
0x61,0xc0,0x99,0x16,0x71,0x05,0xb6,0x25,0x14,0x64,0x4f,0x30 };
4519

4520 4521 4522 4523 4524 4525 4526 4527 4528
static void test_decodeCRLToBeSigned(DWORD dwEncoding)
{
    static const BYTE *corruptCRLs[] = { v1CRL, v2CRL };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0, i;

    for (i = 0; i < sizeof(corruptCRLs) / sizeof(corruptCRLs[0]); i++)
    {
4529
        ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4530
         corruptCRLs[i], corruptCRLs[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
4531
         &buf, &size);
4532 4533 4534 4535
        ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
         GetLastError() == OSS_DATA_ERROR /* Win9x */),
         "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
         GetLastError());
4536 4537
    }
    /* at a minimum, a CRL must contain an issuer: */
4538
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4539
     v1CRLWithIssuer, v1CRLWithIssuer[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
4540
     &buf, &size);
4541
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4542
    if (ret)
4543 4544 4545
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4546 4547
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 0, "Expected 0 CRL entries, got %d\n",
4548 4549
         info->cCRLEntry);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
4550
         "Wrong issuer size %d\n", info->Issuer.cbData);
4551 4552 4553 4554 4555
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
        LocalFree(buf);
    }
    /* check decoding with an empty CRL entry */
4556
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4557
     v1CRLWithIssuerAndEmptyEntry, v1CRLWithIssuerAndEmptyEntry[1] + 2,
4558
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4559 4560 4561 4562
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
4563
    /* with a real CRL entry */
4564
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4565
     v1CRLWithIssuerAndEntry, v1CRLWithIssuerAndEntry[1] + 2,
4566
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4567
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4568
    if (ret)
4569 4570 4571 4572
    {
        CRL_INFO *info = (CRL_INFO *)buf;
        CRL_ENTRY *entry;

4573 4574
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %d\n",
4575 4576 4577 4578
         info->cCRLEntry);
        ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
        entry = info->rgCRLEntry;
        ok(entry->SerialNumber.cbData == 1,
4579
         "Expected serial number size 1, got %d\n",
4580 4581 4582 4583 4584
         entry->SerialNumber.cbData);
        ok(*entry->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *entry->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
4585
         "Wrong issuer size %d\n", info->Issuer.cbData);
4586 4587
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
4588
        LocalFree(buf);
4589
    }
4590
    /* a real CRL from verisign that has extensions */
4591
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4592
     verisignCRL, sizeof(verisignCRL), CRYPT_DECODE_ALLOC_FLAG,
4593
     NULL, &buf, &size);
4594
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4595
    if (ret)
4596 4597 4598
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4599 4600
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 3, "Expected 3 CRL entries, got %d\n",
4601 4602
         info->cCRLEntry);
        ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
4603
        ok(info->cExtension == 2, "Expected 2 extensions, got %d\n",
4604
         info->cExtension);
4605 4606 4607
        LocalFree(buf);
    }
    /* another real CRL from verisign that has lots of entries */
4608
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4609
     verisignCRLWithLotsOfEntries, sizeof(verisignCRLWithLotsOfEntries),
4610
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4611
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4612
    if (ret)
4613 4614 4615
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4616
        ok(size >= sizeof(CRL_INFO), "Got size %d\n", size);
4617
        ok(info->cCRLEntry == 209, "Expected 209 CRL entries, got %d\n",
4618
         info->cCRLEntry);
4619
        ok(info->cExtension == 0, "Expected 0 extensions, got %d\n",
4620 4621
         info->cExtension);
        LocalFree(buf);
4622
    }
4623
    /* and finally, with an extension */
4624
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4625
     v1CRLWithExt, sizeof(v1CRLWithExt), CRYPT_DECODE_ALLOC_FLAG,
4626
     NULL, &buf, &size);
4627
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4628
    if (ret)
4629 4630 4631 4632
    {
        CRL_INFO *info = (CRL_INFO *)buf;
        CRL_ENTRY *entry;

4633 4634
        ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
        ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %d\n",
4635 4636 4637 4638
         info->cCRLEntry);
        ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
        entry = info->rgCRLEntry;
        ok(entry->SerialNumber.cbData == 1,
4639
         "Expected serial number size 1, got %d\n",
4640 4641 4642 4643 4644
         entry->SerialNumber.cbData);
        ok(*entry->SerialNumber.pbData == *serialNum,
         "Expected serial number %d, got %d\n", *serialNum,
         *entry->SerialNumber.pbData);
        ok(info->Issuer.cbData == sizeof(encodedCommonName),
4645
         "Wrong issuer size %d\n", info->Issuer.cbData);
4646 4647
        ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
         "Unexpected issuer\n");
4648
        ok(info->cExtension == 1, "Expected 1 extensions, got %d\n",
4649
         info->cExtension);
4650
        LocalFree(buf);
4651
    }
4652
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4653
     v2CRLWithExt, sizeof(v2CRLWithExt), CRYPT_DECODE_ALLOC_FLAG,
4654
     NULL, &buf, &size);
4655
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4656
    if (ret)
4657 4658 4659
    {
        CRL_INFO *info = (CRL_INFO *)buf;

4660
        ok(info->cExtension == 1, "Expected 1 extensions, got %d\n",
4661 4662 4663
         info->cExtension);
        LocalFree(buf);
    }
4664 4665
}

4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681
static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
static const BYTE encodedUsage[] = {
 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03,
 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09,
 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };

static void test_encodeEnhancedKeyUsage(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CERT_ENHKEY_USAGE usage;

    /* Test with empty usage */
    usage.cUsageIdentifier = 0;
4682
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
4683
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4684
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4685
    if (ret)
4686
    {
4687
        ok(size == sizeof(emptySequence), "Wrong size %d\n", size);
4688 4689 4690 4691 4692 4693
        ok(!memcmp(buf, emptySequence, size), "Got unexpected value\n");
        LocalFree(buf);
    }
    /* Test with a few usages */
    usage.cUsageIdentifier = sizeof(keyUsages) / sizeof(keyUsages[0]);
    usage.rgpszUsageIdentifier = (LPSTR *)keyUsages;
4694
    ret = pCryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
4695
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4696
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4697
    if (ret)
4698
    {
4699
        ok(size == sizeof(encodedUsage), "Wrong size %d\n", size);
4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710
        ok(!memcmp(buf, encodedUsage, size), "Got unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeEnhancedKeyUsage(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

4711
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
4712
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4713
     &buf, &size);
4714
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4715
    if (ret)
4716 4717 4718 4719
    {
        CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;

        ok(size >= sizeof(CERT_ENHKEY_USAGE),
4720 4721
         "Wrong size %d\n", size);
        ok(usage->cUsageIdentifier == 0, "Expected 0 CRL entries, got %d\n",
4722 4723 4724
         usage->cUsageIdentifier);
        LocalFree(buf);
    }
4725
    ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
4726
     encodedUsage, sizeof(encodedUsage), CRYPT_DECODE_ALLOC_FLAG, NULL,
4727
     &buf, &size);
4728
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4729
    if (ret)
4730 4731 4732 4733 4734
    {
        CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;
        DWORD i;

        ok(size >= sizeof(CERT_ENHKEY_USAGE),
4735
         "Wrong size %d\n", size);
4736
        ok(usage->cUsageIdentifier == sizeof(keyUsages) / sizeof(keyUsages[0]),
4737
         "Wrong CRL entries count %d\n", usage->cUsageIdentifier);
4738 4739 4740 4741 4742 4743 4744 4745
        for (i = 0; i < usage->cUsageIdentifier; i++)
            ok(!strcmp(usage->rgpszUsageIdentifier[i], keyUsages[i]),
             "Expected OID %s, got %s\n", keyUsages[i],
             usage->rgpszUsageIdentifier[i]);
        LocalFree(buf);
    }
}

4746 4747 4748
static BYTE keyId[] = { 1,2,3,4 };
static const BYTE authorityKeyIdWithId[] = {
 0x30,0x06,0x80,0x04,0x01,0x02,0x03,0x04 };
4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 4760 4761
static const BYTE authorityKeyIdWithIssuer[] = { 0x30,0x19,0xa1,0x17,0x30,0x15,
 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
 0x20,0x4c,0x61,0x6e,0x67,0x00 };
static const BYTE authorityKeyIdWithSerial[] = { 0x30,0x03,0x82,0x01,0x01 };

static void test_encodeAuthorityKeyId(DWORD dwEncoding)
{
    CERT_AUTHORITY_KEY_ID_INFO info = { { 0 } };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

    /* Test with empty id */
4762
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4763
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4764
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4765
    if (ret)
4766
    {
4767
        ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
4768 4769 4770 4771
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a key id */
4772 4773
    info.KeyId.cbData = sizeof(keyId);
    info.KeyId.pbData = keyId;
4774
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4775
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4776
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4777
    if (ret)
4778
    {
4779
        ok(size == sizeof(authorityKeyIdWithId), "Unexpected size %d\n", size);
4780 4781 4782 4783 4784 4785 4786
        ok(!memcmp(buf, authorityKeyIdWithId, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just an issuer */
    info.KeyId.cbData = 0;
    info.CertIssuer.cbData = sizeof(encodedCommonName);
    info.CertIssuer.pbData = (BYTE *)encodedCommonName;
4787
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4788
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4789
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4790
    if (ret)
4791
    {
4792
        ok(size == sizeof(authorityKeyIdWithIssuer), "Unexpected size %d\n",
4793 4794 4795 4796 4797 4798 4799 4800
         size);
        ok(!memcmp(buf, authorityKeyIdWithIssuer, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a serial number */
    info.CertIssuer.cbData = 0;
    info.CertSerialNumber.cbData = sizeof(serialNum);
    info.CertSerialNumber.pbData = (BYTE *)serialNum;
4801
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4802
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4803
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4804
    if (ret)
4805
    {
4806
        ok(size == sizeof(authorityKeyIdWithSerial), "Unexpected size %d\n",
4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818
         size);
        ok(!memcmp(buf, authorityKeyIdWithSerial, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeAuthorityKeyId(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

4819
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4820
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4821
     &buf, &size);
4822
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4823
    if (ret)
4824 4825 4826
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4827
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4828 4829 4830 4831 4832 4833
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
        ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
        LocalFree(buf);
    }
4834
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4835
     authorityKeyIdWithId, sizeof(authorityKeyIdWithId),
4836
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4837
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4838
    if (ret)
4839 4840 4841
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4842
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4843
         size);
4844 4845
        ok(info->KeyId.cbData == sizeof(keyId), "Unexpected key id len\n");
        ok(!memcmp(info->KeyId.pbData, keyId, sizeof(keyId)),
4846 4847 4848 4849 4850
         "Unexpected key id\n");
        ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
        ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
        LocalFree(buf);
    }
4851
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4852
     authorityKeyIdWithIssuer, sizeof(authorityKeyIdWithIssuer),
4853
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4854
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4855
    if (ret)
4856 4857 4858
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4859
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4860 4861 4862 4863 4864 4865 4866 4867 4868
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->CertIssuer.cbData == sizeof(encodedCommonName),
         "Unexpected issuer len\n");
        ok(!memcmp(info->CertIssuer.pbData, encodedCommonName,
         sizeof(encodedCommonName)), "Unexpected issuer\n");
        ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
        LocalFree(buf);
    }
4869
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4870
     authorityKeyIdWithSerial, sizeof(authorityKeyIdWithSerial),
4871
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4872
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4873
    if (ret)
4874 4875 4876
    {
        CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;

4877
        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
        ok(info->CertSerialNumber.cbData == sizeof(serialNum),
         "Unexpected serial number len\n");
        ok(!memcmp(info->CertSerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected serial number\n");
        LocalFree(buf);
    }
}

4889 4890 4891 4892 4893 4894 4895 4896 4897 4898 4899 4900 4901
static const BYTE authorityKeyIdWithIssuerUrl[] = { 0x30,0x15,0xa1,0x13,0x86,
 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
 0x6f,0x72,0x67 };

static void test_encodeAuthorityKeyId2(DWORD dwEncoding)
{
    CERT_AUTHORITY_KEY_ID2_INFO info = { { 0 } };
    CERT_ALT_NAME_ENTRY entry = { 0 };
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;

    /* Test with empty id */
4902
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4903
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4904
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4905
    if (ret)
4906 4907 4908 4909 4910 4911
    {
        ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a key id */
4912 4913
    info.KeyId.cbData = sizeof(keyId);
    info.KeyId.pbData = keyId;
4914
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4915
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4916
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4917
    if (ret)
4918 4919 4920 4921 4922 4923 4924 4925 4926 4927
    {
        ok(size == sizeof(authorityKeyIdWithId), "Unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityKeyIdWithId, size), "Unexpected value\n");
        LocalFree(buf);
    }
    /* With a bogus issuer name */
    info.KeyId.cbData = 0;
    info.AuthorityCertIssuer.cAltEntry = 1;
    info.AuthorityCertIssuer.rgAltEntry = &entry;
4928
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4929
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4930 4931 4932 4933
    ok(!ret && GetLastError() == E_INVALIDARG,
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
    /* With an issuer name */
    entry.dwAltNameChoice = CERT_ALT_NAME_URL;
4934
    U(entry).pwszURL = (LPWSTR)url;
4935
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4936
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4937
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4938
    if (ret)
4939 4940 4941 4942 4943 4944 4945 4946 4947 4948 4949
    {
        ok(size == sizeof(authorityKeyIdWithIssuerUrl), "Unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityKeyIdWithIssuerUrl, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    /* With just a serial number */
    info.AuthorityCertIssuer.cAltEntry = 0;
    info.AuthorityCertSerialNumber.cbData = sizeof(serialNum);
    info.AuthorityCertSerialNumber.pbData = (BYTE *)serialNum;
4950
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4951
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
4952
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4953
    if (ret)
4954 4955 4956 4957 4958 4959 4960 4961 4962 4963 4964 4965 4966 4967
    {
        ok(size == sizeof(authorityKeyIdWithSerial), "Unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityKeyIdWithSerial, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeAuthorityKeyId2(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

4968
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
4969
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4970
     &buf, &size);
4971
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4972
    if (ret)
4973 4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 0,
         "Expected no issuer name entries\n");
        ok(info->AuthorityCertSerialNumber.cbData == 0,
         "Expected no serial number\n");
        LocalFree(buf);
    }
4985
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
4986
     authorityKeyIdWithId, sizeof(authorityKeyIdWithId),
4987
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
4988
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4989
    if (ret)
4990 4991 4992 4993 4994
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
4995 4996
        ok(info->KeyId.cbData == sizeof(keyId), "Unexpected key id len\n");
        ok(!memcmp(info->KeyId.pbData, keyId, sizeof(keyId)),
4997 4998 4999 5000 5001 5002 5003
         "Unexpected key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 0,
         "Expected no issuer name entries\n");
        ok(info->AuthorityCertSerialNumber.cbData == 0,
         "Expected no serial number\n");
        LocalFree(buf);
    }
5004
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
5005
     authorityKeyIdWithIssuerUrl, sizeof(authorityKeyIdWithIssuerUrl),
5006
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5007
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5008
    if (ret)
5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019 5020
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 1,
         "Expected 1 issuer entry, got %d\n",
         info->AuthorityCertIssuer.cAltEntry);
        ok(info->AuthorityCertIssuer.rgAltEntry[0].dwAltNameChoice ==
         CERT_ALT_NAME_URL, "Expected CERT_ALT_NAME_URL, got %d\n",
         info->AuthorityCertIssuer.rgAltEntry[0].dwAltNameChoice);
5021
        ok(!lstrcmpW(U(info->AuthorityCertIssuer.rgAltEntry[0]).pwszURL,
5022 5023 5024 5025 5026
         url), "Unexpected URL\n");
        ok(info->AuthorityCertSerialNumber.cbData == 0,
         "Expected no serial number\n");
        LocalFree(buf);
    }
5027
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
5028
     authorityKeyIdWithSerial, sizeof(authorityKeyIdWithSerial),
5029
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5030
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5031
    if (ret)
5032 5033 5034 5035 5036 5037 5038 5039 5040 5041 5042 5043 5044 5045 5046 5047
    {
        CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;

        ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
         size);
        ok(info->KeyId.cbData == 0, "Expected no key id\n");
        ok(info->AuthorityCertIssuer.cAltEntry == 0,
         "Expected no issuer name entries\n");
        ok(info->AuthorityCertSerialNumber.cbData == sizeof(serialNum),
         "Unexpected serial number len\n");
        ok(!memcmp(info->AuthorityCertSerialNumber.pbData, serialNum,
         sizeof(serialNum)), "Unexpected serial number\n");
        LocalFree(buf);
    }
}

5048 5049 5050 5051 5052 5053 5054 5055 5056 5057 5058 5059 5060 5061 5062 5063 5064 5065 5066 5067 5068 5069
static const BYTE authorityInfoAccessWithUrl[] = {
0x30,0x19,0x30,0x17,0x06,0x02,0x2a,0x03,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,
0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static const BYTE authorityInfoAccessWithUrlAndIPAddr[] = {
0x30,0x29,0x30,0x17,0x06,0x02,0x2a,0x03,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,
0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67,0x30,0x0e,0x06,
0x02,0x2d,0x06,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,0x01 };

static void test_encodeAuthorityInfoAccess(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CERT_ACCESS_DESCRIPTION accessDescription[2];
    CERT_AUTHORITY_INFO_ACCESS aia;

    memset(accessDescription, 0, sizeof(accessDescription));
    aia.cAccDescr = 0;
    aia.rgAccDescr = NULL;
    /* Having no access descriptions is allowed */
5070
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5071
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5072
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5073
    if (ret)
5074 5075 5076 5077 5078 5079 5080 5081 5082
    {
        ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    /* It can't have an empty access method */
    aia.cAccDescr = 1;
    aia.rgAccDescr = accessDescription;
5083
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5084
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5085 5086 5087
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
5088 5089 5090
    /* It can't have an empty location */
    accessDescription[0].pszAccessMethod = oid1;
    SetLastError(0xdeadbeef);
5091
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5092
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5093 5094 5095
    ok(!ret && GetLastError() == E_INVALIDARG,
     "expected E_INVALIDARG, got %08x\n", GetLastError());
    accessDescription[0].AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
5096
    U(accessDescription[0].AccessLocation).pwszURL = (LPWSTR)url;
5097
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5098
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5099
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5100
    if (ret)
5101 5102 5103 5104 5105 5106 5107 5108 5109 5110 5111
    {
        ok(size == sizeof(authorityInfoAccessWithUrl), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, authorityInfoAccessWithUrl, size),
         "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    accessDescription[1].pszAccessMethod = oid2;
    accessDescription[1].AccessLocation.dwAltNameChoice =
     CERT_ALT_NAME_IP_ADDRESS;
5112
    U(accessDescription[1].AccessLocation).IPAddress.cbData =
5113
     sizeof(encodedIPAddr);
5114
    U(accessDescription[1].AccessLocation).IPAddress.pbData =
5115 5116
     (LPBYTE)encodedIPAddr;
    aia.cAccDescr = 2;
5117
    ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
5118
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5119
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5120
    if (ret)
5121 5122 5123 5124 5125 5126 5127 5128 5129 5130 5131 5132 5133 5134 5135 5136 5137 5138 5139 5140 5141 5142 5143 5144 5145 5146 5147 5148 5149 5150 5151 5152 5153 5154 5155 5156 5157 5158
    {
        ok(size == sizeof(authorityInfoAccessWithUrlAndIPAddr),
         "unexpected size %d\n", size);
        ok(!memcmp(buf, authorityInfoAccessWithUrlAndIPAddr, size),
         "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
}

static void compareAuthorityInfoAccess(LPCSTR header,
 const CERT_AUTHORITY_INFO_ACCESS *expected,
 const CERT_AUTHORITY_INFO_ACCESS *got)
{
    DWORD i;

    ok(expected->cAccDescr == got->cAccDescr,
     "%s: expected %d access descriptions, got %d\n", header,
     expected->cAccDescr, got->cAccDescr);
    for (i = 0; i < expected->cAccDescr; i++)
    {
        ok(!strcmp(expected->rgAccDescr[i].pszAccessMethod,
         got->rgAccDescr[i].pszAccessMethod), "%s[%d]: expected %s, got %s\n",
         header, i, expected->rgAccDescr[i].pszAccessMethod,
         got->rgAccDescr[i].pszAccessMethod);
        compareAltNameEntry(&expected->rgAccDescr[i].AccessLocation,
         &got->rgAccDescr[i].AccessLocation);
    }
}

static void test_decodeAuthorityInfoAccess(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;

5159
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
5160
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
5161
     &buf, &size);
5162
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5163
    if (ret)
5164 5165 5166 5167 5168 5169 5170 5171
    {
        CERT_AUTHORITY_INFO_ACCESS aia = { 0, NULL };

        compareAuthorityInfoAccess("empty AIA", &aia,
         (CERT_AUTHORITY_INFO_ACCESS *)buf);
        LocalFree(buf);
        buf = NULL;
    }
5172
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
5173
     authorityInfoAccessWithUrl, sizeof(authorityInfoAccessWithUrl),
5174
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5175
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5176
    if (ret)
5177 5178 5179 5180 5181 5182
    {
        CERT_ACCESS_DESCRIPTION accessDescription;
        CERT_AUTHORITY_INFO_ACCESS aia;

        accessDescription.pszAccessMethod = oid1;
        accessDescription.AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
5183
        U(accessDescription.AccessLocation).pwszURL = (LPWSTR)url;
5184 5185 5186 5187 5188 5189 5190
        aia.cAccDescr = 1;
        aia.rgAccDescr = &accessDescription;
        compareAuthorityInfoAccess("AIA with URL", &aia,
         (CERT_AUTHORITY_INFO_ACCESS *)buf);
        LocalFree(buf);
        buf = NULL;
    }
5191
    ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
5192 5193
     authorityInfoAccessWithUrlAndIPAddr,
     sizeof(authorityInfoAccessWithUrlAndIPAddr), CRYPT_DECODE_ALLOC_FLAG,
5194
     NULL, &buf, &size);
5195
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5196
    if (ret)
5197 5198 5199 5200 5201 5202
    {
        CERT_ACCESS_DESCRIPTION accessDescription[2];
        CERT_AUTHORITY_INFO_ACCESS aia;

        accessDescription[0].pszAccessMethod = oid1;
        accessDescription[0].AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
5203
        U(accessDescription[0].AccessLocation).pwszURL = (LPWSTR)url;
5204 5205 5206
        accessDescription[1].pszAccessMethod = oid2;
        accessDescription[1].AccessLocation.dwAltNameChoice =
         CERT_ALT_NAME_IP_ADDRESS;
5207
        U(accessDescription[1].AccessLocation).IPAddress.cbData =
5208
         sizeof(encodedIPAddr);
5209
        U(accessDescription[1].AccessLocation).IPAddress.pbData =
5210 5211 5212 5213 5214 5215 5216 5217 5218 5219
         (LPBYTE)encodedIPAddr;
        aia.cAccDescr = 2;
        aia.rgAccDescr = accessDescription;
        compareAuthorityInfoAccess("AIA with URL and IP addr", &aia,
         (CERT_AUTHORITY_INFO_ACCESS *)buf);
        LocalFree(buf);
        buf = NULL;
    }
}

5220 5221 5222 5223 5224 5225 5226 5227 5228 5229 5230 5231 5232 5233 5234 5235 5236 5237 5238 5239 5240 5241 5242 5243 5244 5245 5246 5247 5248 5249 5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264 5265 5266 5267 5268 5269 5270 5271 5272 5273 5274
static const BYTE emptyCTL[] = {
0x30,0x17,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE emptyCTLWithVersion1[] = {
0x30,0x1a,0x02,0x01,0x01,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithUsageIdentifier[] = {
0x30,0x1b,0x30,0x04,0x06,0x02,0x2a,0x03,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,
0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithListIdentifier[] = {
0x30,0x1a,0x30,0x00,0x04,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithSequenceNumber[] = {
0x30,0x1a,0x30,0x00,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithThisUpdate[] = {
0x30,0x15,0x30,0x00,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithThisAndNextUpdate[] = {
0x30,0x24,0x30,0x00,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
static const BYTE ctlWithAlgId[] = {
0x30,0x1b,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x06,0x06,0x02,0x2d,0x06,0x05,0x00 };
static const BYTE ctlWithBogusEntry[] = {
0x30,0x29,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x10,0x30,0x0e,0x04,
0x01,0x01,0x31,0x09,0x30,0x07,0x06,0x02,0x2a,0x03,0x31,0x01,0x01 };
static const BYTE ctlWithOneEntry[] = {
0x30,0x2a,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x11,0x30,0x0f,0x04,
0x01,0x01,0x31,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x31,0x02,0x30,0x00 };
static const BYTE ctlWithTwoEntries[] = {
0x30,0x41,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x28,0x30,0x0f,0x04,
0x01,0x01,0x31,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x31,0x02,0x30,0x00,0x30,
0x15,0x04,0x01,0x01,0x31,0x10,0x30,0x0e,0x06,0x02,0x2d,0x06,0x31,0x08,0x30,
0x06,0x87,0x04,0x7f,0x00,0x00,0x01 };

static void test_encodeCTL(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    char *pOid1 = oid1;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CTL_INFO info;
    SYSTEMTIME thisUpdate = { 2005, 6, 1, 6, 16, 10, 0, 0 };
    CTL_ENTRY ctlEntry[2];
    CRYPT_ATTRIBUTE attr1, attr2;
    CRYPT_ATTR_BLOB value1, value2;

    memset(&info, 0, sizeof(info));
5275
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5276
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5277
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5278
    if (ret)
5279 5280 5281 5282 5283 5284 5285
    {
        ok(size == sizeof(emptyCTL), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptyCTL, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 1;
5286
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5287
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5288
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5289
    if (ret)
5290 5291 5292 5293 5294 5295 5296 5297 5298
    {
        ok(size == sizeof(emptyCTLWithVersion1), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptyCTLWithVersion1, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 0;
    info.SubjectUsage.cUsageIdentifier = 1;
    info.SubjectUsage.rgpszUsageIdentifier = &pOid1;
5299
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5300
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5301
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5302
    if (ret)
5303 5304 5305 5306 5307 5308 5309 5310 5311 5312
    {
        ok(size == sizeof(ctlWithUsageIdentifier), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, ctlWithUsageIdentifier, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.SubjectUsage.cUsageIdentifier = 0;
    info.ListIdentifier.cbData = sizeof(serialNum);
    info.ListIdentifier.pbData = (LPBYTE)serialNum;
5313
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5314
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5315
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5316
    if (ret)
5317 5318 5319 5320 5321 5322 5323 5324 5325
    {
        ok(size == sizeof(ctlWithListIdentifier), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithListIdentifier, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.ListIdentifier.cbData = 0;
    info.SequenceNumber.cbData = sizeof(serialNum);
    info.SequenceNumber.pbData = (LPBYTE)serialNum;
5326
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5327
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5328
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5329
    if (ret)
5330 5331 5332 5333 5334 5335 5336 5337 5338
    {
        ok(size == sizeof(ctlWithSequenceNumber), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, ctlWithSequenceNumber, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.SequenceNumber.cbData = 0;
    SystemTimeToFileTime(&thisUpdate, &info.ThisUpdate);
5339
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5340
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5341
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5342
    if (ret)
5343 5344 5345 5346 5347 5348 5349
    {
        ok(size == sizeof(ctlWithThisUpdate), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithThisUpdate, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    SystemTimeToFileTime(&thisUpdate, &info.NextUpdate);
5350
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5351
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5352
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5353
    if (ret)
5354 5355 5356 5357 5358 5359 5360 5361 5362 5363
    {
        ok(size == sizeof(ctlWithThisAndNextUpdate), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, ctlWithThisAndNextUpdate, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
    info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
    info.SubjectAlgorithm.pszObjId = oid2;
5364
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5365
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5366
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5367
    if (ret)
5368 5369 5370 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 5386 5387 5388
    {
        ok(size == sizeof(ctlWithAlgId), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithAlgId, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    /* The value is supposed to be asn.1 encoded, so this'll fail to decode
     * (see tests below) but it'll encode fine.
     */
    info.SubjectAlgorithm.pszObjId = NULL;
    value1.cbData = sizeof(serialNum);
    value1.pbData = (LPBYTE)serialNum;
    attr1.pszObjId = oid1;
    attr1.cValue = 1;
    attr1.rgValue = &value1;
    ctlEntry[0].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[0].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[0].cAttribute = 1;
    ctlEntry[0].rgAttribute = &attr1;
    info.cCTLEntry = 1;
    info.rgCTLEntry = ctlEntry;
5389
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5390
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5391
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5392
    if (ret)
5393 5394 5395 5396 5397 5398 5399 5400
    {
        ok(size == sizeof(ctlWithBogusEntry), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithBogusEntry, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    value1.cbData = sizeof(emptySequence);
    value1.pbData = (LPBYTE)emptySequence;
5401
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5402
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5403
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5404
    if (ret)
5405 5406 5407 5408 5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419 5420
    {
        ok(size == sizeof(ctlWithOneEntry), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithOneEntry, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
    value2.cbData = sizeof(encodedIPAddr);
    value2.pbData = (LPBYTE)encodedIPAddr;
    attr2.pszObjId = oid2;
    attr2.cValue = 1;
    attr2.rgValue = &value2;
    ctlEntry[1].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[1].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[1].cAttribute = 1;
    ctlEntry[1].rgAttribute = &attr2;
    info.cCTLEntry = 2;
5421
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5422
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5423
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5424
    if (ret)
5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 5444 5445 5446 5447 5448 5449 5450 5451 5452 5453 5454 5455 5456 5457 5458 5459 5460 5461 5462 5463 5464 5465 5466 5467 5468 5469 5470 5471 5472 5473 5474 5475 5476 5477 5478 5479 5480 5481 5482 5483 5484 5485 5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511 5512 5513 5514 5515 5516 5517 5518 5519 5520 5521 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 5532 5533 5534 5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 5554 5555 5556 5557 5558
    {
        ok(size == sizeof(ctlWithTwoEntries), "unexpected size %d\n", size);
        ok(!memcmp(buf, ctlWithTwoEntries, size), "unexpected value\n");
        LocalFree(buf);
        buf = NULL;
    }
}

static void compareCTLInfo(LPCSTR header, const CTL_INFO *expected,
 const CTL_INFO *got)
{
    DWORD i, j, k;

    ok(expected->dwVersion == got->dwVersion,
     "%s: expected version %d, got %d\n", header, expected->dwVersion,
     got->dwVersion);
    ok(expected->SubjectUsage.cUsageIdentifier ==
     got->SubjectUsage.cUsageIdentifier,
     "%s: expected %d usage identifiers, got %d\n", header,
     expected->SubjectUsage.cUsageIdentifier,
     got->SubjectUsage.cUsageIdentifier);
    for (i = 0; i < expected->SubjectUsage.cUsageIdentifier; i++)
        ok(!strcmp(expected->SubjectUsage.rgpszUsageIdentifier[i],
         got->SubjectUsage.rgpszUsageIdentifier[i]),
         "%s[%d]: expected %s, got %s\n", header, i,
         expected->SubjectUsage.rgpszUsageIdentifier[i],
         got->SubjectUsage.rgpszUsageIdentifier[i]);
    ok(expected->ListIdentifier.cbData == got->ListIdentifier.cbData,
     "%s: expected list identifier of %d bytes, got %d\n", header,
     expected->ListIdentifier.cbData, got->ListIdentifier.cbData);
    if (expected->ListIdentifier.cbData)
        ok(!memcmp(expected->ListIdentifier.pbData, got->ListIdentifier.pbData,
         expected->ListIdentifier.cbData),
         "%s: unexpected list identifier value\n", header);
    ok(expected->SequenceNumber.cbData == got->SequenceNumber.cbData,
     "%s: expected sequence number of %d bytes, got %d\n", header,
     expected->SequenceNumber.cbData, got->SequenceNumber.cbData);
    if (expected->SequenceNumber.cbData)
        ok(!memcmp(expected->SequenceNumber.pbData, got->SequenceNumber.pbData,
         expected->SequenceNumber.cbData),
         "%s: unexpected sequence number value\n", header);
    ok(!memcmp(&expected->ThisUpdate, &got->ThisUpdate, sizeof(FILETIME)),
     "%s: expected this update = (%d, %d), got (%d, %d)\n", header,
     expected->ThisUpdate.dwLowDateTime, expected->ThisUpdate.dwHighDateTime,
     got->ThisUpdate.dwLowDateTime, got->ThisUpdate.dwHighDateTime);
    ok(!memcmp(&expected->NextUpdate, &got->NextUpdate, sizeof(FILETIME)),
     "%s: expected next update = (%d, %d), got (%d, %d)\n", header,
     expected->NextUpdate.dwLowDateTime, expected->NextUpdate.dwHighDateTime,
     got->NextUpdate.dwLowDateTime, got->NextUpdate.dwHighDateTime);
    if (expected->SubjectAlgorithm.pszObjId &&
     *expected->SubjectAlgorithm.pszObjId && !got->SubjectAlgorithm.pszObjId)
        ok(0, "%s: expected subject algorithm %s, got NULL\n", header,
         expected->SubjectAlgorithm.pszObjId);
    if (expected->SubjectAlgorithm.pszObjId && got->SubjectAlgorithm.pszObjId)
        ok(!strcmp(expected->SubjectAlgorithm.pszObjId,
         got->SubjectAlgorithm.pszObjId),
         "%s: expected subject algorithm %s, got %s\n", header,
         expected->SubjectAlgorithm.pszObjId, got->SubjectAlgorithm.pszObjId);
    ok(expected->SubjectAlgorithm.Parameters.cbData ==
     got->SubjectAlgorithm.Parameters.cbData,
     "%s: expected subject algorithm parameters of %d bytes, got %d\n", header,
     expected->SubjectAlgorithm.Parameters.cbData,
     got->SubjectAlgorithm.Parameters.cbData);
    if (expected->SubjectAlgorithm.Parameters.cbData)
        ok(!memcmp(expected->SubjectAlgorithm.Parameters.pbData,
         got->SubjectAlgorithm.Parameters.pbData,
         expected->SubjectAlgorithm.Parameters.cbData),
         "%s: unexpected subject algorithm parameter value\n", header);
    ok(expected->cCTLEntry == got->cCTLEntry,
     "%s: expected %d CTL entries, got %d\n", header, expected->cCTLEntry,
     got->cCTLEntry);
    for (i = 0; i < expected->cCTLEntry; i++)
    {
        ok(expected->rgCTLEntry[i].SubjectIdentifier.cbData ==
         got->rgCTLEntry[i].SubjectIdentifier.cbData,
         "%s[%d]: expected subject identifier of %d bytes, got %d\n",
         header, i, expected->rgCTLEntry[i].SubjectIdentifier.cbData,
         got->rgCTLEntry[i].SubjectIdentifier.cbData);
        if (expected->rgCTLEntry[i].SubjectIdentifier.cbData)
            ok(!memcmp(expected->rgCTLEntry[i].SubjectIdentifier.pbData,
             got->rgCTLEntry[i].SubjectIdentifier.pbData,
             expected->rgCTLEntry[i].SubjectIdentifier.cbData),
             "%s[%d]: unexpected subject identifier value\n",
             header, i);
        for (j = 0; j < expected->rgCTLEntry[i].cAttribute; j++)
        {
            ok(!strcmp(expected->rgCTLEntry[i].rgAttribute[j].pszObjId,
             got->rgCTLEntry[i].rgAttribute[j].pszObjId),
             "%s[%d][%d]: expected attribute OID %s, got %s\n", header, i, j,
             expected->rgCTLEntry[i].rgAttribute[j].pszObjId,
             got->rgCTLEntry[i].rgAttribute[j].pszObjId);
            for (k = 0; k < expected->rgCTLEntry[i].rgAttribute[j].cValue; k++)
            {
                ok(expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData ==
                 got->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData,
                 "%s[%d][%d][%d]: expected value of %d bytes, got %d\n",
                 header, i, j, k,
                 expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData,
                 got->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData);
                if (expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData)
                    ok(!memcmp(
                     expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].pbData,
                     got->rgCTLEntry[i].rgAttribute[j].rgValue[k].pbData,
                     expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData),
                     "%s[%d][%d][%d]: unexpected value\n",
                     header, i, j, k);
            }
        }
    }
    ok(expected->cExtension == got->cExtension,
     "%s: expected %d extensions, got %d\n", header, expected->cExtension,
     got->cExtension);
    for (i = 0; i < expected->cExtension; i++)
    {
        ok(!strcmp(expected->rgExtension[i].pszObjId,
         got->rgExtension[i].pszObjId), "%s[%d]: expected %s, got %s\n",
         header, i, expected->rgExtension[i].pszObjId,
         got->rgExtension[i].pszObjId);
        ok(expected->rgExtension[i].fCritical == got->rgExtension[i].fCritical,
         "%s[%d]: expected fCritical = %d, got %d\n", header, i,
         expected->rgExtension[i].fCritical, got->rgExtension[i].fCritical);
        ok(expected->rgExtension[i].Value.cbData ==
         got->rgExtension[i].Value.cbData,
         "%s[%d]: expected extension value to have %d bytes, got %d\n",
         header, i, expected->rgExtension[i].Value.cbData,
         got->rgExtension[i].Value.cbData);
        if (expected->rgExtension[i].Value.cbData)
            ok(!memcmp(expected->rgExtension[i].Value.pbData,
             got->rgExtension[i].Value.pbData,
             expected->rgExtension[i].Value.cbData),
             "%s[%d]: unexpected extension value\n", header, i);
    }
}

5559 5560 5561 5562 5563 5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576 5577 5578 5579 5580 5581 5582 5583 5584 5585 5586 5587 5588 5589 5590 5591 5592 5593 5594
static const BYTE signedCTL[] = {
0x30,0x81,0xc7,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,0xa0,
0x81,0xb9,0x30,0x81,0xb6,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,
0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x28,0x06,0x09,0x2a,0x86,
0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x1b,0x04,0x19,0x30,0x17,0x30,0x00,
0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x30,0x02,0x06,0x00,0x31,0x77,0x30,0x75,0x02,0x01,0x01,0x30,0x1a,
0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,
0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x04,0x06,0x00,0x05,
0x00,0x04,0x40,0xca,0xd8,0x32,0xd1,0xbd,0x97,0x61,0x54,0xd6,0x80,0xcf,0x0d,
0xbd,0xa2,0x42,0xc7,0xca,0x37,0x91,0x7d,0x9d,0xac,0x8c,0xdf,0x05,0x8a,0x39,
0xc6,0x07,0xc1,0x37,0xe6,0xb9,0xd1,0x0d,0x26,0xec,0xa5,0xb0,0x8a,0x51,0x26,
0x2b,0x4f,0x73,0x44,0x86,0x83,0x5e,0x2b,0x6e,0xcc,0xf8,0x1b,0x85,0x53,0xe9,
0x7a,0x80,0x8f,0x6b,0x42,0x19,0x93 };
static const BYTE signedCTLWithCTLInnerContent[] = {
0x30,0x82,0x01,0x0f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,
0xa0,0x82,0x01,0x00,0x30,0x81,0xfd,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,
0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x30,0x06,0x09,
0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x0a,0x01,0xa0,0x23,0x30,0x21,0x30,0x00,
0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
0x30,0x5a,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,
0x00,0x31,0x81,0xb5,0x30,0x81,0xb2,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,
0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,
0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,
0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0xa0,0x3b,0x30,0x18,0x06,0x09,0x2a,0x86,
0x48,0x86,0xf7,0x0d,0x01,0x09,0x03,0x31,0x0b,0x06,0x09,0x2b,0x06,0x01,0x04,
0x01,0x82,0x37,0x0a,0x01,0x30,0x1f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
0x01,0x09,0x04,0x31,0x12,0x04,0x10,0x54,0x71,0xbc,0xe1,0x56,0x31,0xa2,0xf9,
0x65,0x70,0x34,0xf8,0xe2,0xe9,0xb4,0xf4,0x30,0x04,0x06,0x00,0x05,0x00,0x04,
0x40,0x2f,0x1b,0x9f,0x5a,0x4a,0x15,0x73,0xfa,0xb1,0x93,0x3d,0x09,0x52,0xdf,
0x6b,0x98,0x4b,0x13,0x5e,0xe7,0xbf,0x65,0xf4,0x9c,0xc2,0xb1,0x77,0x09,0xb1,
0x66,0x4d,0x72,0x0d,0xb1,0x1a,0x50,0x20,0xe0,0x57,0xa2,0x39,0xc7,0xcd,0x7f,
0x8e,0xe7,0x5f,0x76,0x2b,0xd1,0x6a,0x82,0xb3,0x30,0x25,0x61,0xf6,0x25,0x23,
0x57,0x6c,0x0b,0x47,0xb8 };

5595 5596 5597 5598 5599 5600 5601 5602 5603 5604 5605 5606 5607 5608 5609 5610
static void test_decodeCTL(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3";
    static char oid2[] = "1.5.6";
    static BYTE nullData[] = { 5,0 };
    char *pOid1 = oid1;
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CTL_INFO info;
    SYSTEMTIME thisUpdate = { 2005, 6, 1, 6, 16, 10, 0, 0 };
    CTL_ENTRY ctlEntry[2];
    CRYPT_ATTRIBUTE attr1, attr2;
    CRYPT_ATTR_BLOB value1, value2;

    memset(&info, 0, sizeof(info));
5611
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, emptyCTL, sizeof(emptyCTL),
5612
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5613
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5614
    if (ret)
5615 5616 5617 5618 5619 5620
    {
        compareCTLInfo("empty CTL", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 1;
5621
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, emptyCTLWithVersion1,
5622
     sizeof(emptyCTLWithVersion1), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
5623 5624
     &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5625
    if (ret)
5626 5627 5628 5629 5630 5631 5632 5633
    {
        compareCTLInfo("v1 CTL", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.dwVersion = 0;
    info.SubjectUsage.cUsageIdentifier = 1;
    info.SubjectUsage.rgpszUsageIdentifier = &pOid1;
5634
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithUsageIdentifier,
5635
     sizeof(ctlWithUsageIdentifier), CRYPT_DECODE_ALLOC_FLAG, NULL,
5636
     &buf, &size);
5637
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5638
    if (ret)
5639 5640 5641 5642 5643 5644 5645 5646
    {
        compareCTLInfo("CTL with usage identifier", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.SubjectUsage.cUsageIdentifier = 0;
    info.ListIdentifier.cbData = sizeof(serialNum);
    info.ListIdentifier.pbData = (LPBYTE)serialNum;
5647
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithListIdentifier,
5648
     sizeof(ctlWithListIdentifier), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5649
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5650
    if (ret)
5651 5652 5653 5654 5655 5656 5657 5658
    {
        compareCTLInfo("CTL with list identifier", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.ListIdentifier.cbData = 0;
    info.SequenceNumber.cbData = sizeof(serialNum);
    info.SequenceNumber.pbData = (LPBYTE)serialNum;
5659
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithSequenceNumber,
5660
     sizeof(ctlWithSequenceNumber), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5661
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5662
    if (ret)
5663 5664 5665 5666 5667 5668 5669
    {
        compareCTLInfo("CTL with sequence number", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.SequenceNumber.cbData = 0;
    SystemTimeToFileTime(&thisUpdate, &info.ThisUpdate);
5670
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithThisUpdate,
5671
     sizeof(ctlWithThisUpdate), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5672
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5673
    if (ret)
5674 5675 5676 5677 5678 5679
    {
        compareCTLInfo("CTL with this update", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    SystemTimeToFileTime(&thisUpdate, &info.NextUpdate);
5680
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithThisAndNextUpdate,
5681
     sizeof(ctlWithThisAndNextUpdate), CRYPT_DECODE_ALLOC_FLAG, NULL,
5682
     &buf, &size);
5683
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5684
    if (ret)
5685 5686 5687 5688 5689 5690 5691 5692 5693 5694
    {
        compareCTLInfo("CTL with this and next update", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
    info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
    info.SubjectAlgorithm.pszObjId = oid2;
    info.SubjectAlgorithm.Parameters.cbData = sizeof(nullData);
    info.SubjectAlgorithm.Parameters.pbData = nullData;
5695
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithAlgId,
5696
     sizeof(ctlWithAlgId), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5697
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5698
    if (ret)
5699 5700 5701 5702 5703 5704
    {
        compareCTLInfo("CTL with algorithm identifier", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    SetLastError(0xdeadbeef);
5705
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithBogusEntry,
5706
     sizeof(ctlWithBogusEntry), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5707
    ok(!ret &&
5708 5709 5710
     (GetLastError() == CRYPT_E_ASN1_EOD ||
      GetLastError() == CRYPT_E_ASN1_CORRUPT ||
      GetLastError() == OSS_MORE_INPUT), /* Win9x */
5711 5712
     "expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT, got %08x\n",
     GetLastError());
5713 5714 5715 5716 5717 5718 5719 5720 5721 5722 5723 5724 5725 5726 5727 5728 5729
    info.SubjectAlgorithm.Parameters.cbData = 0;
    info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
    info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
    info.SubjectAlgorithm.pszObjId = oid2;
    info.SubjectAlgorithm.pszObjId = NULL;
    value1.cbData = sizeof(emptySequence);
    value1.pbData = (LPBYTE)emptySequence;
    attr1.pszObjId = oid1;
    attr1.cValue = 1;
    attr1.rgValue = &value1;
    ctlEntry[0].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[0].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[0].cAttribute = 1;
    ctlEntry[0].rgAttribute = &attr1;
    info.cCTLEntry = 1;
    info.rgCTLEntry = ctlEntry;
    SetLastError(0xdeadbeef);
5730
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithOneEntry,
5731
     sizeof(ctlWithOneEntry), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5732
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5733
    if (ret)
5734 5735 5736 5737 5738 5739 5740 5741 5742 5743 5744 5745 5746 5747 5748
    {
        compareCTLInfo("CTL with one entry", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
    value2.cbData = sizeof(encodedIPAddr);
    value2.pbData = (LPBYTE)encodedIPAddr;
    attr2.pszObjId = oid2;
    attr2.cValue = 1;
    attr2.rgValue = &value2;
    ctlEntry[1].SubjectIdentifier.cbData = sizeof(serialNum);
    ctlEntry[1].SubjectIdentifier.pbData = (LPBYTE)serialNum;
    ctlEntry[1].cAttribute = 1;
    ctlEntry[1].rgAttribute = &attr2;
    info.cCTLEntry = 2;
5749
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithTwoEntries,
5750
     sizeof(ctlWithTwoEntries), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5751
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5752
    if (ret)
5753 5754 5755 5756 5757
    {
        compareCTLInfo("CTL with two entries", &info, (CTL_INFO *)buf);
        LocalFree(buf);
        buf = NULL;
    }
5758 5759
    /* A signed CTL isn't decodable, even if the inner content is a CTL */
    SetLastError(0xdeadbeef);
5760
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, signedCTL,
5761
     sizeof(signedCTL), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5762 5763 5764 5765
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "expected CRYPT_E_ASN1_BADTAG or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
5766
    SetLastError(0xdeadbeef);
5767
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL,
5768
     signedCTLWithCTLInnerContent, sizeof(signedCTLWithCTLInnerContent),
5769
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5770 5771 5772 5773
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_BADTAG ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "expected CRYPT_E_ASN1_BADTAG or OSS_DATA_ERROR, got %08x\n",
     GetLastError());
5774 5775
}

5776
static const BYTE emptyPKCSContentInfo[] = { 0x30,0x04,0x06,0x02,0x2a,0x03 };
5777 5778
static const BYTE emptyPKCSContentInfoExtraBytes[] = { 0x30,0x04,0x06,0x02,0x2a,
 0x03,0,0,0,0,0,0 };
5779 5780 5781 5782 5783 5784 5785 5786 5787 5788 5789 5790 5791 5792
static const BYTE bogusPKCSContentInfo[] = { 0x30,0x07,0x06,0x02,0x2a,0x03,
 0xa0,0x01,0x01 };
static const BYTE intPKCSContentInfo[] = { 0x30,0x09,0x06,0x02,0x2a,0x03,0xa0,
 0x03,0x02,0x01,0x01 };
static BYTE bogusDER[] = { 1 };

static void test_encodePKCSContentInfo(DWORD dwEncoding)
{
    BOOL ret;
    BYTE *buf = NULL;
    DWORD size = 0;
    CRYPT_CONTENT_INFO info = { 0 };
    char oid1[] = "1.2.3";

5793 5794 5795 5796 5797
    if (0)
    {
        /* Crashes on win9x */
        SetLastError(0xdeadbeef);
        ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, NULL,
5798
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5799 5800 5801
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %x\n", GetLastError());
    }
5802
    SetLastError(0xdeadbeef);
5803
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5804
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5805 5806 5807
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %x\n", GetLastError());
5808
    info.pszObjId = oid1;
5809
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5810
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5811
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5812
    if (ret)
5813 5814 5815 5816 5817 5818 5819
    {
        ok(size == sizeof(emptyPKCSContentInfo), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptyPKCSContentInfo, size), "Unexpected value\n");
        LocalFree(buf);
    }
    info.Content.pbData = bogusDER;
    info.Content.cbData = sizeof(bogusDER);
5820
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5821
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5822
    ok(ret, "CryptEncodeObjectEx failed; %x\n", GetLastError());
5823
    if (ret)
5824 5825 5826 5827 5828 5829 5830
    {
        ok(size == sizeof(bogusPKCSContentInfo), "Unexpected size %d\n", size);
        ok(!memcmp(buf, bogusPKCSContentInfo, size), "Unexpected value\n");
        LocalFree(buf);
    }
    info.Content.pbData = (BYTE *)ints[0].encoded;
    info.Content.cbData = ints[0].encoded[1] + 2;
5831
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5832
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5833
    if (ret)
5834 5835 5836 5837 5838 5839 5840
    {
        ok(size == sizeof(intPKCSContentInfo), "Unexpected size %d\n", size);
        ok(!memcmp(buf, intPKCSContentInfo, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

5841 5842 5843 5844 5845 5846 5847 5848 5849 5850 5851 5852 5853 5854 5855 5856 5857 5858 5859 5860 5861 5862 5863 5864 5865 5866 5867 5868 5869 5870
static const BYTE indefiniteSignedPKCSContent[] = {
0x30,0x80,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,0xa0,0x80,
0x30,0x80,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,
0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x80,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
0x0d,0x01,0x07,0x01,0xa0,0x80,0x24,0x80,0x04,0x04,0x01,0x02,0x03,0x04,0x04,
0x04,0x01,0x02,0x03,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0xa0,0x81,0xd2,0x30,
0x81,0xcf,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
0x00,0x30,0x5c,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
0x01,0x05,0x00,0x03,0x4b,0x00,0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,
0x83,0xb1,0x27,0x14,0x3e,0x59,0xbb,0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,
0x68,0xad,0x85,0x53,0xdb,0x6b,0x1e,0xeb,0x65,0x97,0x03,0x86,0x60,0xde,0xf3,
0x6c,0x38,0x75,0xe0,0x4c,0x61,0xbb,0xbc,0x62,0x17,0xa9,0xcd,0x79,0x3f,0x21,
0x4e,0x96,0xcb,0x0e,0xdc,0x61,0x94,0x30,0x18,0x10,0x6b,0xd0,0x1c,0x10,0x79,
0x02,0x03,0x01,0x00,0x01,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,
0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0x31,
0x77,0x30,0x75,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,
0x05,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,0x40,0x57,0xba,0xe0,0xad,
0xfe,0x36,0x8d,0xb3,0x88,0xa2,0x8d,0x84,0x82,0x52,0x09,0x09,0xd9,0xf0,0xb8,
0x04,0xfa,0xb5,0x51,0x0b,0x2b,0x2e,0xd5,0x72,0x3e,0x3d,0x13,0x8a,0x51,0xc3,
0x71,0x65,0x9a,0x52,0xf2,0x8f,0xb2,0x5b,0x39,0x28,0xb3,0x29,0x36,0xa5,0x8d,
0xe3,0x55,0x71,0x91,0xf9,0x2a,0xd1,0xb8,0xaa,0x52,0xb8,0x22,0x3a,0xeb,0x61,
0x00,0x00,0x00,0x00,0x00,0x00 };

5871 5872 5873 5874 5875 5876 5877
static void test_decodePKCSContentInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_CONTENT_INFO *info;

5878
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5879
     emptyPKCSContentInfo, sizeof(emptyPKCSContentInfo),
5880
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5881
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5882
    if (ret)
5883 5884 5885 5886 5887 5888 5889 5890 5891
    {
        info = (CRYPT_CONTENT_INFO *)buf;

        ok(!strcmp(info->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         info->pszObjId);
        ok(info->Content.cbData == 0, "Expected no data, got %d\n",
         info->Content.cbData);
        LocalFree(buf);
    }
5892
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5893 5894 5895
     emptyPKCSContentInfoExtraBytes, sizeof(emptyPKCSContentInfoExtraBytes),
     0, NULL, NULL, &size);
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5896
    SetLastError(0xdeadbeef);
5897
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5898
     bogusPKCSContentInfo, sizeof(bogusPKCSContentInfo),
5899
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5900 5901 5902
    /* Native fails with CRYPT_E_ASN1_EOD, accept also CRYPT_E_ASN1_CORRUPT as
     * I doubt an app depends on that.
     */
5903 5904
    ok((!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
     GetLastError() == CRYPT_E_ASN1_CORRUPT)) || broken(ret),
5905 5906
     "Expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT, got %x\n",
     GetLastError());
5907
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5908
     intPKCSContentInfo, sizeof(intPKCSContentInfo),
5909
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5910
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5911
    if (ret)
5912 5913 5914 5915 5916 5917 5918 5919 5920
    {
        info = (CRYPT_CONTENT_INFO *)buf;

        ok(!strcmp(info->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         info->pszObjId);
        ok(info->Content.cbData == ints[0].encoded[1] + 2,
         "Unexpected size %d\n", info->Content.cbData);
        ok(!memcmp(info->Content.pbData, ints[0].encoded,
         info->Content.cbData), "Unexpected value\n");
5921 5922
        LocalFree(buf);
    }
5923
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5924
     indefiniteSignedPKCSContent, sizeof(indefiniteSignedPKCSContent),
5925
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
5926
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5927
    if (ret)
5928 5929 5930 5931 5932 5933 5934 5935
    {
        info = (CRYPT_CONTENT_INFO *)buf;

        ok(!strcmp(info->pszObjId, szOID_RSA_signedData),
         "Expected %s, got %s\n", szOID_RSA_signedData, info->pszObjId);
        ok(info->Content.cbData == 392, "Expected 392, got %d\n",
         info->Content.cbData);
        LocalFree(buf);
5936 5937 5938
    }
}

5939 5940 5941 5942 5943 5944 5945 5946 5947 5948 5949 5950 5951 5952 5953 5954
static const BYTE emptyPKCSAttr[] = { 0x30,0x06,0x06,0x02,0x2a,0x03,0x31,
 0x00 };
static const BYTE bogusPKCSAttr[] = { 0x30,0x07,0x06,0x02,0x2a,0x03,0x31,0x01,
 0x01 };
static const BYTE intPKCSAttr[] = { 0x30,0x09,0x06,0x02,0x2a,0x03,0x31,0x03,
 0x02,0x01,0x01 };

static void test_encodePKCSAttribute(DWORD dwEncoding)
{
    CRYPT_ATTRIBUTE attr = { 0 };
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_ATTR_BLOB blob;
    char oid[] = "1.2.3";

5955 5956 5957 5958 5959
    if (0)
    {
        /* Crashes on win9x */
        SetLastError(0xdeadbeef);
        ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, NULL,
5960
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5961 5962 5963
        ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
         "Expected STATUS_ACCESS_VIOLATION, got %x\n", GetLastError());
    }
5964
    SetLastError(0xdeadbeef);
5965
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5966
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5967 5968 5969
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %x\n", GetLastError());
5970
    attr.pszObjId = oid;
5971
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5972
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5973
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5974
    if (ret)
5975 5976 5977 5978 5979 5980 5981 5982 5983
    {
        ok(size == sizeof(emptyPKCSAttr), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptyPKCSAttr, size), "Unexpected value\n");
        LocalFree(buf);
    }
    blob.cbData = sizeof(bogusDER);
    blob.pbData = bogusDER;
    attr.cValue = 1;
    attr.rgValue = &blob;
5984
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5985
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5986
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5987
    if (ret)
5988 5989 5990 5991 5992 5993 5994
    {
        ok(size == sizeof(bogusPKCSAttr), "Unexpected size %d\n", size);
        ok(!memcmp(buf, bogusPKCSAttr, size), "Unexpected value\n");
        LocalFree(buf);
    }
    blob.pbData = (BYTE *)ints[0].encoded;
    blob.cbData = ints[0].encoded[1] + 2;
5995
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5996
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
5997
    if (ret)
5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6008 6009 6010 6011
    {
        ok(size == sizeof(intPKCSAttr), "Unexpected size %d\n", size);
        ok(!memcmp(buf, intPKCSAttr, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodePKCSAttribute(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_ATTRIBUTE *attr;

6012
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
6013
     emptyPKCSAttr, sizeof(emptyPKCSAttr),
6014
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6015
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6016
    if (ret)
6017 6018 6019 6020 6021 6022 6023 6024 6025
    {
        attr = (CRYPT_ATTRIBUTE *)buf;

        ok(!strcmp(attr->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         attr->pszObjId);
        ok(attr->cValue == 0, "Expected no value, got %d\n", attr->cValue);
        LocalFree(buf);
    }
    SetLastError(0xdeadbeef);
6026
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
6027
     bogusPKCSAttr, sizeof(bogusPKCSAttr),
6028
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6029 6030 6031 6032
    /* Native fails with CRYPT_E_ASN1_EOD, accept also CRYPT_E_ASN1_CORRUPT as
     * I doubt an app depends on that.
     */
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
6033 6034
     GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_MORE_INPUT /* Win9x */),
6035
     "Expected CRYPT_E_ASN1_EOD, CRYPT_E_ASN1_CORRUPT, or OSS_MORE_INPUT, got %x\n",
6036
     GetLastError());
6037
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
6038
     intPKCSAttr, sizeof(intPKCSAttr),
6039
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6040
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6041
    if (ret)
6042 6043 6044 6045 6046 6047 6048 6049 6050 6051
    {
        attr = (CRYPT_ATTRIBUTE *)buf;

        ok(!strcmp(attr->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
         attr->pszObjId);
        ok(attr->cValue == 1, "Expected 1 value, got %d\n", attr->cValue);
        ok(attr->rgValue[0].cbData == ints[0].encoded[1] + 2,
         "Unexpected size %d\n", attr->rgValue[0].cbData);
        ok(!memcmp(attr->rgValue[0].pbData, ints[0].encoded,
         attr->rgValue[0].cbData), "Unexpected value\n");
6052
        LocalFree(buf);
6053 6054
    }
}
6055 6056 6057 6058 6059 6060 6061 6062 6063 6064 6065 6066 6067 6068 6069 6070 6071

static const BYTE emptyPKCSAttributes[] = { 0x31,0x00 };
static const BYTE singlePKCSAttributes[] = { 0x31,0x08,0x30,0x06,0x06,0x02,
 0x2a,0x03,0x31,0x00 };
static const BYTE doublePKCSAttributes[] = { 0x31,0x13,0x30,0x06,0x06,0x02,
 0x2a,0x03,0x31,0x00,0x30,0x09,0x06,0x02,0x2d,0x06,0x31,0x03,0x02,0x01,0x01 };

static void test_encodePKCSAttributes(DWORD dwEncoding)
{
    CRYPT_ATTRIBUTES attributes = { 0 };
    CRYPT_ATTRIBUTE attr[2] = { { 0 } };
    CRYPT_ATTR_BLOB blob;
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    char oid1[] = "1.2.3", oid2[] = "1.5.6";

6072
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6073
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6074
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6075
    if (ret)
6076 6077 6078 6079 6080 6081 6082 6083
    {
        ok(size == sizeof(emptyPKCSAttributes), "Unexpected size %d\n", size);
        ok(!memcmp(buf, emptyPKCSAttributes, size), "Unexpected value\n");
        LocalFree(buf);
    }
    attributes.cAttr = 1;
    attributes.rgAttr = attr;
    SetLastError(0xdeadbeef);
6084
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6085
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6086 6087 6088
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
6089
    attr[0].pszObjId = oid1;
6090
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6091
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6092
    if (ret)
6093 6094 6095 6096 6097 6098 6099 6100 6101 6102 6103
    {
        ok(size == sizeof(singlePKCSAttributes), "Unexpected size %d\n", size);
        ok(!memcmp(buf, singlePKCSAttributes, size), "Unexpected value\n");
        LocalFree(buf);
    }
    attr[1].pszObjId = oid2;
    attr[1].cValue = 1;
    attr[1].rgValue = &blob;
    blob.pbData = (BYTE *)ints[0].encoded;
    blob.cbData = ints[0].encoded[1] + 2;
    attributes.cAttr = 2;
6104
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
6105
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6106
    ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6107
    if (ret)
6108 6109 6110 6111 6112 6113 6114 6115 6116 6117 6118 6119 6120 6121
    {
        ok(size == sizeof(doublePKCSAttributes), "Unexpected size %d\n", size);
        ok(!memcmp(buf, doublePKCSAttributes, size), "Unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodePKCSAttributes(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_ATTRIBUTES *attributes;

6122
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
6123
     emptyPKCSAttributes, sizeof(emptyPKCSAttributes),
6124
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6125
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6126
    if (ret)
6127 6128 6129 6130 6131 6132
    {
        attributes = (CRYPT_ATTRIBUTES *)buf;
        ok(attributes->cAttr == 0, "Expected no attributes, got %d\n",
         attributes->cAttr);
        LocalFree(buf);
    }
6133
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
6134
     singlePKCSAttributes, sizeof(singlePKCSAttributes),
6135
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6136
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6137
    if (ret)
6138 6139 6140 6141 6142 6143 6144 6145 6146 6147
    {
        attributes = (CRYPT_ATTRIBUTES *)buf;
        ok(attributes->cAttr == 1, "Expected 1 attribute, got %d\n",
         attributes->cAttr);
        ok(!strcmp(attributes->rgAttr[0].pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", attributes->rgAttr[0].pszObjId);
        ok(attributes->rgAttr[0].cValue == 0,
         "Expected no attributes, got %d\n", attributes->rgAttr[0].cValue);
        LocalFree(buf);
    }
6148
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
6149
     doublePKCSAttributes, sizeof(doublePKCSAttributes),
6150
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6151
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6152
    if (ret)
6153 6154 6155 6156 6157 6158 6159 6160 6161
    {
        attributes = (CRYPT_ATTRIBUTES *)buf;
        ok(attributes->cAttr == 2, "Expected 2 attributes, got %d\n",
         attributes->cAttr);
        ok(!strcmp(attributes->rgAttr[0].pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", attributes->rgAttr[0].pszObjId);
        ok(attributes->rgAttr[0].cValue == 0,
         "Expected no attributes, got %d\n", attributes->rgAttr[0].cValue);
        ok(!strcmp(attributes->rgAttr[1].pszObjId, "1.5.6"),
6162
         "Expected 1.5.6, got %s\n", attributes->rgAttr[1].pszObjId);
6163 6164 6165 6166 6167 6168 6169 6170 6171 6172
        ok(attributes->rgAttr[1].cValue == 1,
         "Expected 1 attribute, got %d\n", attributes->rgAttr[1].cValue);
        ok(attributes->rgAttr[1].rgValue[0].cbData == ints[0].encoded[1] + 2,
         "Unexpected size %d\n", attributes->rgAttr[1].rgValue[0].cbData);
        ok(!memcmp(attributes->rgAttr[1].rgValue[0].pbData, ints[0].encoded,
         attributes->rgAttr[1].rgValue[0].cbData), "Unexpected value\n");
        LocalFree(buf);
    }
}

6173 6174 6175 6176 6177 6178 6179 6180 6181 6182 6183 6184 6185 6186 6187 6188 6189 6190
static const BYTE singleCapability[] = {
0x30,0x06,0x30,0x04,0x06,0x02,0x2d,0x06 };
static const BYTE twoCapabilities[] = {
0x30,0x0c,0x30,0x04,0x06,0x02,0x2d,0x06,0x30,0x04,0x06,0x02,0x2a,0x03 };
static const BYTE singleCapabilitywithNULL[] = {
0x30,0x08,0x30,0x06,0x06,0x02,0x2d,0x06,0x05,0x00 };

static void test_encodePKCSSMimeCapabilities(DWORD dwEncoding)
{
    static char oid1[] = "1.5.6", oid2[] = "1.2.3";
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CRYPT_SMIME_CAPABILITY capability[2];
    CRYPT_SMIME_CAPABILITIES capabilities;

    /* An empty capabilities is allowed */
    capabilities.cCapability = 0;
6191
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6192
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6193
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6194
    if (ret)
6195 6196 6197 6198 6199 6200 6201 6202 6203 6204 6205 6206 6207
    {
        ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
    }
    /* A non-empty capabilities with an empty capability (lacking an OID) is
     * not allowed
     */
    capability[0].pszObjId = NULL;
    capability[0].Parameters.cbData = 0;
    capabilities.cCapability = 1;
    capabilities.rgCapability = capability;
    SetLastError(0xdeadbeef);
6208
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6209
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6210 6211 6212
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
6213
    capability[0].pszObjId = oid1;
6214
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6215
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6216
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6217
    if (ret)
6218 6219 6220 6221 6222 6223 6224 6225
    {
        ok(size == sizeof(singleCapability), "unexpected size %d\n", size);
        ok(!memcmp(buf, singleCapability, size), "unexpected value\n");
        LocalFree(buf);
    }
    capability[1].pszObjId = oid2;
    capability[1].Parameters.cbData = 0;
    capabilities.cCapability = 2;
6226
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6227
     &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6228
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6229
    if (ret)
6230 6231 6232 6233 6234 6235 6236 6237 6238 6239 6240 6241 6242 6243 6244 6245 6246 6247 6248 6249 6250 6251 6252 6253 6254 6255 6256 6257 6258 6259 6260 6261 6262 6263 6264 6265 6266 6267 6268 6269 6270 6271 6272
    {
        ok(size == sizeof(twoCapabilities), "unexpected size %d\n", size);
        ok(!memcmp(buf, twoCapabilities, size), "unexpected value\n");
        LocalFree(buf);
    }
}

static void compareSMimeCapabilities(LPCSTR header,
 const CRYPT_SMIME_CAPABILITIES *expected, const CRYPT_SMIME_CAPABILITIES *got)
{
    DWORD i;

    ok(got->cCapability == expected->cCapability,
     "%s: expected %d capabilities, got %d\n", header, expected->cCapability,
     got->cCapability);
    for (i = 0; i < expected->cCapability; i++)
    {
        ok(!strcmp(expected->rgCapability[i].pszObjId,
         got->rgCapability[i].pszObjId), "%s[%d]: expected %s, got %s\n",
         header, i, expected->rgCapability[i].pszObjId,
         got->rgCapability[i].pszObjId);
        ok(expected->rgCapability[i].Parameters.cbData ==
         got->rgCapability[i].Parameters.cbData,
         "%s[%d]: expected %d bytes, got %d\n", header, i,
         expected->rgCapability[i].Parameters.cbData,
         got->rgCapability[i].Parameters.cbData);
        if (expected->rgCapability[i].Parameters.cbData)
            ok(!memcmp(expected->rgCapability[i].Parameters.pbData,
             got->rgCapability[i].Parameters.pbData,
             expected->rgCapability[i].Parameters.cbData),
             "%s[%d]: unexpected value\n", header, i);
    }
}

static void test_decodePKCSSMimeCapabilities(DWORD dwEncoding)
{
    static char oid1[] = "1.5.6", oid2[] = "1.2.3";
    BOOL ret;
    DWORD size = 0;
    CRYPT_SMIME_CAPABILITY capability[2];
    CRYPT_SMIME_CAPABILITIES capabilities, *ptr;

    SetLastError(0xdeadbeef);
6273
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6274
     emptySequence, sizeof(emptySequence),
6275
     CRYPT_DECODE_ALLOC_FLAG, NULL, &ptr, &size);
6276 6277 6278 6279 6280 6281 6282 6283
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        capabilities.cCapability = 0;
        compareSMimeCapabilities("empty capabilities", &capabilities, ptr);
        LocalFree(ptr);
    }
    SetLastError(0xdeadbeef);
6284
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6285
     singleCapability, sizeof(singleCapability), CRYPT_DECODE_ALLOC_FLAG, NULL,
6286
     &ptr, &size);
6287 6288 6289 6290 6291 6292 6293 6294 6295 6296 6297
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        capability[0].pszObjId = oid1;
        capability[0].Parameters.cbData = 0;
        capabilities.cCapability = 1;
        capabilities.rgCapability = capability;
        compareSMimeCapabilities("single capability", &capabilities, ptr);
        LocalFree(ptr);
    }
    SetLastError(0xdeadbeef);
6298
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6299
     singleCapabilitywithNULL, sizeof(singleCapabilitywithNULL),
6300
     CRYPT_DECODE_ALLOC_FLAG, NULL, &ptr, &size);
6301 6302 6303 6304 6305 6306 6307 6308 6309 6310 6311 6312 6313 6314
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        BYTE NULLparam[] = {0x05, 0x00};
        capability[0].pszObjId = oid1;
        capability[0].Parameters.cbData = 2;
        capability[0].Parameters.pbData = NULLparam;
        capabilities.cCapability = 1;
        capabilities.rgCapability = capability;
        compareSMimeCapabilities("single capability with NULL", &capabilities,
         ptr);
        LocalFree(ptr);
    }
    SetLastError(0xdeadbeef);
6315
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6316
    twoCapabilities, sizeof(twoCapabilities), CRYPT_DECODE_ALLOC_FLAG, NULL,
6317
    &ptr, &size);
6318 6319 6320 6321 6322 6323 6324 6325 6326 6327 6328 6329
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        capability[0].Parameters.cbData = 0;
        capability[1].pszObjId = oid2;
        capability[1].Parameters.cbData = 0;
        capabilities.cCapability = 2;
        compareSMimeCapabilities("two capabilities", &capabilities, ptr);
        LocalFree(ptr);
    }
}

6330 6331 6332 6333 6334 6335 6336 6337 6338 6339 6340 6341 6342 6343 6344 6345 6346 6347 6348 6349 6350 6351 6352 6353 6354 6355 6356 6357
static BYTE encodedCommonNameNoNull[] = { 0x30,0x14,0x31,0x12,0x30,0x10,
 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
 0x67 };
static const BYTE minimalPKCSSigner[] = {
 0x30,0x2b,0x02,0x01,0x00,0x30,0x18,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,0x00 };
static const BYTE PKCSSignerWithSerial[] = {
 0x30,0x2c,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x04,0x06,0x00,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,
 0x00 };
static const BYTE PKCSSignerWithHashAlgo[] = {
 0x30,0x2e,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x04,0x06,0x00,0x05,
 0x00,0x04,0x00 };
static const BYTE PKCSSignerWithHashAndEncryptionAlgo[] = {
 0x30,0x30,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x06,0x06,0x02,0x2d,
 0x06,0x05,0x00,0x04,0x00 };
static const BYTE PKCSSignerWithHash[] = {
 0x30,0x40,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x06,0x06,0x02,0x2d,
 0x06,0x05,0x00,0x04,0x10,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
6358 6359 6360 6361 6362 6363 6364 6365
static const BYTE PKCSSignerWithAuthAttr[] = {
0x30,0x62,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0xa0,0x20,0x30,0x1e,0x06,
0x03,0x55,0x04,0x03,0x31,0x17,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,
0x06,0x06,0x02,0x2d,0x06,0x05,0x00,0x04,0x10,0x00,0x01,0x02,0x03,0x04,0x05,
0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
6366 6367 6368 6369 6370 6371 6372 6373

static void test_encodePKCSSignerInfo(DWORD dwEncoding)
{
    static char oid1[] = "1.2.3", oid2[] = "1.5.6";
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_SIGNER_INFO info = { 0 };
6374 6375 6376 6377
    char oid_common_name[] = szOID_COMMON_NAME;
    CRYPT_ATTR_BLOB commonName = { sizeof(encodedCommonName),
     (LPBYTE)encodedCommonName };
    CRYPT_ATTRIBUTE attr = { oid_common_name, 1, &commonName };
6378 6379

    SetLastError(0xdeadbeef);
6380
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6381
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6382 6383 6384 6385 6386
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no PKCS7_SIGNER_INFO encode support\n");
        return;
    }
6387 6388 6389
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x */),
     "Expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
6390 6391 6392 6393 6394 6395 6396
    /* To be encoded, a signer must have an issuer at least, and the encoding
     * must include PKCS_7_ASN_ENCODING.  (That isn't enough to be decoded,
     * see decoding tests.)
     */
    info.Issuer.cbData = sizeof(encodedCommonNameNoNull);
    info.Issuer.pbData = encodedCommonNameNoNull;
    SetLastError(0xdeadbeef);
6397
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6398
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6399 6400 6401 6402 6403
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
6404 6405
        ok(ret || broken(GetLastError() == OSS_LIMITED /* Win9x */),
         "CryptEncodeObjectEx failed: %x\n", GetLastError());
6406
        if (ret)
6407
        {
6408
            ok(size == sizeof(minimalPKCSSigner), "Unexpected size %d\n", size);
6409 6410 6411 6412 6413 6414 6415 6416 6417 6418
            if (size == sizeof(minimalPKCSSigner))
                ok(!memcmp(buf, minimalPKCSSigner, size), "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.SerialNumber.cbData = sizeof(serialNum);
    info.SerialNumber.pbData = (BYTE *)serialNum;
    SetLastError(0xdeadbeef);
6419
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6420
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6421 6422 6423 6424 6425
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
6426 6427
        ok(ret || broken(GetLastError() == OSS_LIMITED /* Win9x */),
         "CryptEncodeObjectEx failed: %x\n", GetLastError());
6428
        if (ret)
6429
        {
6430
            ok(size == sizeof(PKCSSignerWithSerial), "Unexpected size %d\n",
6431 6432 6433 6434 6435 6436 6437 6438 6439 6440 6441
             size);
            if (size == sizeof(PKCSSignerWithSerial))
                ok(!memcmp(buf, PKCSSignerWithSerial, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.HashAlgorithm.pszObjId = oid1;
    SetLastError(0xdeadbeef);
6442
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6443
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6444 6445 6446 6447 6448
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
6449 6450
        ok(ret || broken(GetLastError() == OSS_LIMITED /* Win9x */),
         "CryptEncodeObjectEx failed: %x\n", GetLastError());
6451
        if (ret)
6452
        {
6453 6454
            ok(size == sizeof(PKCSSignerWithHashAlgo), "Unexpected size %d\n",
             size);
6455 6456 6457 6458 6459 6460 6461 6462 6463 6464
            if (size == sizeof(PKCSSignerWithHashAlgo))
                ok(!memcmp(buf, PKCSSignerWithHashAlgo, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.HashEncryptionAlgorithm.pszObjId = oid2;
    SetLastError(0xdeadbeef);
6465
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6466
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6467 6468 6469 6470 6471 6472
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6473
        if (ret)
6474
        {
6475
            ok(size == sizeof(PKCSSignerWithHashAndEncryptionAlgo),
6476 6477 6478 6479 6480 6481 6482 6483 6484 6485 6486 6487
             "Unexpected size %d\n", size);
            if (size == sizeof(PKCSSignerWithHashAndEncryptionAlgo))
                ok(!memcmp(buf, PKCSSignerWithHashAndEncryptionAlgo, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.EncryptedHash.cbData = sizeof(hash);
    info.EncryptedHash.pbData = (BYTE *)hash;
    SetLastError(0xdeadbeef);
6488
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6489
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6490 6491 6492 6493 6494 6495
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6496
        if (ret)
6497
        {
6498
            ok(size == sizeof(PKCSSignerWithHash), "Unexpected size %d\n",
6499 6500 6501 6502 6503 6504 6505 6506 6507
             size);
            if (size == sizeof(PKCSSignerWithHash))
                ok(!memcmp(buf, PKCSSignerWithHash, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
6508 6509 6510
    info.AuthAttrs.cAttr = 1;
    info.AuthAttrs.rgAttr = &attr;
    SetLastError(0xdeadbeef);
6511
    ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6512
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6513 6514 6515 6516 6517 6518
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6519
        if (ret)
6520 6521 6522 6523 6524 6525 6526 6527 6528 6529 6530
        {
            ok(size == sizeof(PKCSSignerWithAuthAttr), "Unexpected size %d\n",
             size);
            if (size == sizeof(PKCSSignerWithAuthAttr))
                ok(!memcmp(buf, PKCSSignerWithAuthAttr, size),
                 "Unexpected value\n");
            else
                ok(0, "Unexpected value\n");
            LocalFree(buf);
        }
    }
6531 6532 6533 6534 6535 6536 6537 6538 6539 6540 6541
}

static void test_decodePKCSSignerInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_SIGNER_INFO *info;

    /* A PKCS signer can't be decoded without a serial number. */
    SetLastError(0xdeadbeef);
6542
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6543
     minimalPKCSSigner, sizeof(minimalPKCSSigner),
6544
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6545 6546 6547 6548
    ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT ||
     GetLastError() == OSS_DATA_ERROR /* Win9x */),
     "Expected CRYPT_E_ASN1_CORRUPT or OSS_DATA_ERROR, got %x\n",
     GetLastError());
6549
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6550
     PKCSSignerWithSerial, sizeof(PKCSSignerWithSerial),
6551
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6552 6553
    ok(ret || broken(GetLastError() == OSS_DATA_ERROR),
     "CryptDecodeObjectEx failed: %x\n", GetLastError());
6554
    if (ret)
6555 6556 6557 6558 6559 6560 6561 6562 6563 6564 6565 6566 6567 6568
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        LocalFree(buf);
    }
6569
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6570
     PKCSSignerWithHashAlgo, sizeof(PKCSSignerWithHashAlgo),
6571
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6572
    if (ret)
6573 6574 6575 6576 6577 6578 6579 6580 6581 6582 6583 6584 6585 6586 6587 6588
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
        LocalFree(buf);
    }
6589
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6590 6591
     PKCSSignerWithHashAndEncryptionAlgo,
     sizeof(PKCSSignerWithHashAndEncryptionAlgo), CRYPT_DECODE_ALLOC_FLAG,
6592
     NULL, &buf, &size);
6593
    if (ret)
6594 6595 6596 6597 6598 6599 6600 6601 6602 6603 6604 6605 6606 6607 6608 6609 6610 6611
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, "1.5.6"),
         "Expected 1.5.6, got %s\n", info->HashEncryptionAlgorithm.pszObjId);
        LocalFree(buf);
    }
6612
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6613
     PKCSSignerWithHash, sizeof(PKCSSignerWithHash),
6614
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6615
    if (ret)
6616 6617 6618 6619 6620 6621 6622 6623 6624 6625 6626 6627 6628 6629 6630 6631 6632 6633 6634 6635 6636 6637
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
         "Unexpected size %d\n", info->Issuer.cbData);
        ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
         info->Issuer.cbData), "Unexpected value\n");
        ok(info->SerialNumber.cbData == sizeof(serialNum),
         "Unexpected size %d\n", info->SerialNumber.cbData);
        ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
         "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
         "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, "1.5.6"),
         "Expected 1.5.6, got %s\n", info->HashEncryptionAlgorithm.pszObjId);
        ok(info->EncryptedHash.cbData == sizeof(hash), "Unexpected size %d\n",
         info->EncryptedHash.cbData);
        ok(!memcmp(info->EncryptedHash.pbData, hash, sizeof(hash)),
         "Unexpected value\n");
        LocalFree(buf);
    }
6638
    ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6639
     PKCSSignerWithAuthAttr, sizeof(PKCSSignerWithAuthAttr),
6640
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6641
    if (ret)
6642 6643 6644 6645 6646 6647 6648 6649 6650 6651 6652 6653 6654 6655 6656 6657
    {
        info = (CMSG_SIGNER_INFO *)buf;
        ok(info->AuthAttrs.cAttr == 1, "Expected 1 attribute, got %d\n",
         info->AuthAttrs.cAttr);
        ok(!strcmp(info->AuthAttrs.rgAttr[0].pszObjId, szOID_COMMON_NAME),
         "Expected %s, got %s\n", szOID_COMMON_NAME,
         info->AuthAttrs.rgAttr[0].pszObjId);
        ok(info->AuthAttrs.rgAttr[0].cValue == 1, "Expected 1 value, got %d\n",
         info->AuthAttrs.rgAttr[0].cValue);
        ok(info->AuthAttrs.rgAttr[0].rgValue[0].cbData ==
         sizeof(encodedCommonName), "Unexpected size %d\n",
         info->AuthAttrs.rgAttr[0].rgValue[0].cbData);
        ok(!memcmp(info->AuthAttrs.rgAttr[0].rgValue[0].pbData,
         encodedCommonName, sizeof(encodedCommonName)), "Unexpected value\n");
        LocalFree(buf);
    }
6658 6659
}

6660 6661 6662 6663 6664 6665 6666 6667 6668 6669 6670 6671 6672
static const BYTE CMSSignerWithKeyId[] = {
0x30,0x14,0x02,0x01,0x00,0x80,0x01,0x01,0x30,0x04,0x06,0x00,0x05,0x00,0x30,
0x04,0x06,0x00,0x05,0x00,0x04,0x00 };

static void test_encodeCMSSignerInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_CMS_SIGNER_INFO info = { 0 };
    static char oid1[] = "1.2.3", oid2[] = "1.5.6";

    SetLastError(0xdeadbeef);
6673
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6674
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6675
    ok(!ret, "Expected failure, got %d\n", ret);
6676 6677 6678 6679 6680
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no CMS_SIGNER_INFO encode support\n");
        return;
    }
6681 6682
    ok(GetLastError() == E_INVALIDARG,
       "Expected E_INVALIDARG, got %08x\n", GetLastError());
6683 6684 6685
    info.SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
    SetLastError(0xdeadbeef);
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6686
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6687 6688 6689 6690 6691 6692 6693 6694
    ok(!ret, "Expected failure, got %d\n", ret);
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no CMS_SIGNER_INFO encode support\n");
        return;
    }
    ok(GetLastError() == E_INVALIDARG,
       "Expected E_INVALIDARG, got %08x\n", GetLastError());
6695 6696 6697 6698 6699
    /* To be encoded, a signer must have a valid cert ID, where a valid ID may
     * be a key id or a issuer serial number with at least the issuer set, and
     * the encoding must include PKCS_7_ASN_ENCODING.
     * (That isn't enough to be decoded, see decoding tests.)
     */
6700
    U(info.SignerId).IssuerSerialNumber.Issuer.cbData =
6701
     sizeof(encodedCommonNameNoNull);
6702
    U(info.SignerId).IssuerSerialNumber.Issuer.pbData = encodedCommonNameNoNull;
6703
    SetLastError(0xdeadbeef);
6704
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6705
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6706 6707 6708 6709 6710 6711
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6712
        if (ret)
6713 6714 6715 6716 6717 6718
        {
            ok(size == sizeof(minimalPKCSSigner), "Unexpected size %d\n", size);
            ok(!memcmp(buf, minimalPKCSSigner, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
6719 6720
    U(info.SignerId).IssuerSerialNumber.SerialNumber.cbData = sizeof(serialNum);
    U(info.SignerId).IssuerSerialNumber.SerialNumber.pbData = (BYTE *)serialNum;
6721
    SetLastError(0xdeadbeef);
6722
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6723
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6724 6725 6726 6727 6728 6729
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6730
        if (ret)
6731 6732 6733 6734 6735 6736 6737 6738
        {
            ok(size == sizeof(PKCSSignerWithSerial), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, PKCSSignerWithSerial, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.SignerId.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
6739 6740
    U(info.SignerId).KeyId.cbData = sizeof(serialNum);
    U(info.SignerId).KeyId.pbData = (BYTE *)serialNum;
6741
    SetLastError(0xdeadbeef);
6742
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6743
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6744 6745 6746 6747 6748 6749
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6750
        if (ret)
6751 6752 6753 6754 6755 6756 6757 6758 6759 6760 6761 6762
        {
            ok(size == sizeof(CMSSignerWithKeyId), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, CMSSignerWithKeyId, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
    /* While a CERT_ID can have a hash type, that's not allowed in CMS, where
     * only the IssuerAndSerialNumber and SubjectKeyIdentifier types are allowed
     * (see RFC 3852, section 5.3.)
     */
    info.SignerId.dwIdChoice = CERT_ID_SHA1_HASH;
6763 6764
    U(info.SignerId).HashId.cbData = sizeof(hash);
    U(info.SignerId).HashId.pbData = (BYTE *)hash;
6765
    SetLastError(0xdeadbeef);
6766
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6767
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6768 6769 6770 6771
    ok(!ret && GetLastError() == E_INVALIDARG,
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
    /* Now with a hash algo */
    info.SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
6772
    U(info.SignerId).IssuerSerialNumber.Issuer.cbData =
6773
     sizeof(encodedCommonNameNoNull);
6774
    U(info.SignerId).IssuerSerialNumber.Issuer.pbData = encodedCommonNameNoNull;
6775 6776
    info.HashAlgorithm.pszObjId = oid1;
    SetLastError(0xdeadbeef);
6777
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6778
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6779 6780 6781 6782 6783 6784
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6785
        if (ret)
6786 6787 6788 6789 6790 6791 6792 6793 6794 6795
        {
            ok(size == sizeof(PKCSSignerWithHashAlgo), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, PKCSSignerWithHashAlgo, size),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.HashEncryptionAlgorithm.pszObjId = oid2;
    SetLastError(0xdeadbeef);
6796
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6797
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6798 6799 6800 6801 6802 6803
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6804
        if (ret)
6805 6806 6807 6808 6809 6810 6811 6812 6813 6814 6815
        {
            ok(size == sizeof(PKCSSignerWithHashAndEncryptionAlgo),
             "Unexpected size %d\n", size);
            ok(!memcmp(buf, PKCSSignerWithHashAndEncryptionAlgo, size),
             "Unexpected value\n");
            LocalFree(buf);
        }
    }
    info.EncryptedHash.cbData = sizeof(hash);
    info.EncryptedHash.pbData = (BYTE *)hash;
    SetLastError(0xdeadbeef);
6816
    ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6817
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
6818 6819 6820 6821 6822 6823
    if (!(dwEncoding & PKCS_7_ASN_ENCODING))
        ok(!ret && GetLastError() == E_INVALIDARG,
         "Expected E_INVALIDARG, got %08x\n", GetLastError());
    else
    {
        ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6824
        if (ret)
6825 6826 6827 6828 6829 6830 6831 6832 6833 6834 6835 6836 6837 6838 6839 6840 6841 6842 6843
        {
            ok(size == sizeof(PKCSSignerWithHash), "Unexpected size %d\n",
             size);
            ok(!memcmp(buf, PKCSSignerWithHash, size), "Unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeCMSSignerInfo(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf = NULL;
    DWORD size = 0;
    CMSG_CMS_SIGNER_INFO *info;
    static char oid1[] = "1.2.3", oid2[] = "1.5.6";

    /* A CMS signer can't be decoded without a serial number. */
    SetLastError(0xdeadbeef);
6844
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6845
     minimalPKCSSigner, sizeof(minimalPKCSSigner),
6846
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6847 6848 6849 6850 6851 6852 6853
    ok(!ret, "expected failure\n");
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no CMS_SIGNER_INFO decode support\n");
        return;
    }
    ok(GetLastError() == CRYPT_E_ASN1_CORRUPT,
6854
     "Expected CRYPT_E_ASN1_CORRUPT, got %x\n", GetLastError());
6855
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6856
     PKCSSignerWithSerial, sizeof(PKCSSignerWithSerial),
6857
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6858
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6859
    if (ret)
6860 6861 6862 6863 6864 6865 6866
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
6867
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6868
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6869 6870
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6871
         encodedCommonNameNoNull,
6872
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6873
         "Unexpected value\n");
6874
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6875
         sizeof(serialNum), "Unexpected size %d\n",
6876 6877
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6878 6879 6880
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        LocalFree(buf);
    }
6881
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6882
     PKCSSignerWithHashAlgo, sizeof(PKCSSignerWithHashAlgo),
6883
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6884
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6885
    if (ret)
6886 6887 6888 6889 6890 6891 6892
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
6893
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6894
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6895 6896
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6897
         encodedCommonNameNoNull,
6898
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6899
         "Unexpected value\n");
6900
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6901
         sizeof(serialNum), "Unexpected size %d\n",
6902 6903
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6904 6905 6906 6907 6908
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
         "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
        LocalFree(buf);
    }
6909
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6910 6911
     PKCSSignerWithHashAndEncryptionAlgo,
     sizeof(PKCSSignerWithHashAndEncryptionAlgo), CRYPT_DECODE_ALLOC_FLAG,
6912
     NULL, &buf, &size);
6913
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6914
    if (ret)
6915 6916 6917 6918 6919 6920 6921
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
6922
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6923
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6924 6925
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6926
         encodedCommonNameNoNull,
6927
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6928
         "Unexpected value\n");
6929
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6930
         sizeof(serialNum), "Unexpected size %d\n",
6931 6932
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6933 6934 6935 6936 6937 6938 6939
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
         "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, oid2),
         "Expected %s, got %s\n", oid2, info->HashEncryptionAlgorithm.pszObjId);
        LocalFree(buf);
    }
6940
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6941
     PKCSSignerWithHash, sizeof(PKCSSignerWithHash),
6942
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6943
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6944
    if (ret)
6945 6946 6947 6948 6949 6950 6951
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
         "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
         info->SignerId.dwIdChoice);
6952
        ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6953
         sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6954 6955
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6956
         encodedCommonNameNoNull,
6957
         U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6958
         "Unexpected value\n");
6959
        ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6960
         sizeof(serialNum), "Unexpected size %d\n",
6961 6962
         U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
        ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6963 6964 6965 6966 6967 6968 6969 6970 6971 6972 6973
         serialNum, sizeof(serialNum)), "Unexpected value\n");
        ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
         "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
        ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, oid2),
         "Expected %s, got %s\n", oid2, info->HashEncryptionAlgorithm.pszObjId);
        ok(info->EncryptedHash.cbData == sizeof(hash), "Unexpected size %d\n",
         info->EncryptedHash.cbData);
        ok(!memcmp(info->EncryptedHash.pbData, hash, sizeof(hash)),
         "Unexpected value\n");
        LocalFree(buf);
    }
6974
    ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6975
     CMSSignerWithKeyId, sizeof(CMSSignerWithKeyId),
6976
     CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &size);
6977
    ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6978
    if (ret)
6979 6980 6981 6982 6983 6984 6985
    {
        info = (CMSG_CMS_SIGNER_INFO *)buf;
        ok(info->dwVersion == 0, "Expected version 0, got %d\n",
         info->dwVersion);
        ok(info->SignerId.dwIdChoice == CERT_ID_KEY_IDENTIFIER,
         "Expected CERT_ID_KEY_IDENTIFIER, got %d\n",
         info->SignerId.dwIdChoice);
6986 6987 6988
        ok(U(info->SignerId).KeyId.cbData == sizeof(serialNum),
         "Unexpected size %d\n", U(info->SignerId).KeyId.cbData);
        ok(!memcmp(U(info->SignerId).KeyId.pbData, serialNum, sizeof(serialNum)),
6989 6990 6991 6992 6993
         "Unexpected value\n");
        LocalFree(buf);
    }
}

6994 6995 6996 6997 6998 6999 7000 7001 7002 7003 7004 7005 7006 7007 7008 7009 7010 7011 7012 7013 7014 7015 7016 7017 7018 7019 7020 7021 7022
static BYTE emptyDNSPermittedConstraints[] = {
0x30,0x06,0xa0,0x04,0x30,0x02,0x82,0x00 };
static BYTE emptyDNSExcludedConstraints[] = {
0x30,0x06,0xa1,0x04,0x30,0x02,0x82,0x00 };
static BYTE DNSExcludedConstraints[] = {
0x30,0x17,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static BYTE permittedAndExcludedConstraints[] = {
0x30,0x25,0xa0,0x0c,0x30,0x0a,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
0x01,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static BYTE permittedAndExcludedWithMinConstraints[] = {
0x30,0x28,0xa0,0x0f,0x30,0x0d,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
0x01,0x80,0x01,0x05,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,
0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
static BYTE permittedAndExcludedWithMinMaxConstraints[] = {
0x30,0x2b,0xa0,0x12,0x30,0x10,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
0x01,0x80,0x01,0x05,0x81,0x01,0x03,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,
0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };

static void test_encodeNameConstraints(DWORD dwEncoding)
{
    BOOL ret;
    CERT_NAME_CONSTRAINTS_INFO constraints = { 0 };
    CERT_GENERAL_SUBTREE permitted = { { 0 } };
    CERT_GENERAL_SUBTREE excluded = { { 0 } };
    LPBYTE buf;
    DWORD size;

7023
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7024
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7025 7026 7027 7028 7029
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_NAME_CONSTRAINTS encode support\n");
        return;
    }
7030 7031 7032 7033 7034 7035 7036 7037 7038 7039
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(emptySequence), "Unexpected size\n");
        ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
        LocalFree(buf);
    }
    constraints.cPermittedSubtree = 1;
    constraints.rgPermittedSubtree = &permitted;
    SetLastError(0xdeadbeef);
7040
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7041
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7042 7043 7044
    ok(!ret && GetLastError() == E_INVALIDARG,
     "Expected E_INVALIDARG, got %08x\n", GetLastError());
    permitted.Base.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
7045
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7046
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7047 7048 7049 7050 7051 7052 7053 7054 7055 7056 7057 7058
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(emptyDNSPermittedConstraints), "Unexpected size\n");
        ok(!memcmp(buf, emptyDNSPermittedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    constraints.cPermittedSubtree = 0;
    constraints.cExcludedSubtree = 1;
    constraints.rgExcludedSubtree = &excluded;
    excluded.Base.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
7059
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7060
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7061 7062 7063 7064 7065 7066 7067 7068
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(emptyDNSExcludedConstraints), "Unexpected size\n");
        ok(!memcmp(buf, emptyDNSExcludedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
7069
    U(excluded.Base).pwszURL = (LPWSTR)url;
7070
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7071
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7072 7073 7074 7075 7076 7077 7078 7079 7080
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(DNSExcludedConstraints), "Unexpected size\n");
        ok(!memcmp(buf, DNSExcludedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    permitted.Base.dwAltNameChoice = CERT_ALT_NAME_IP_ADDRESS;
7081 7082
    U(permitted.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(permitted.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
7083
    constraints.cPermittedSubtree = 1;
7084
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7085
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7086 7087 7088 7089 7090 7091 7092 7093 7094 7095
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(permittedAndExcludedConstraints),
         "Unexpected size\n");
        ok(!memcmp(buf, permittedAndExcludedConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    permitted.dwMinimum = 5;
7096
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7097
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7098 7099 7100 7101 7102 7103 7104 7105 7106 7107 7108 7109
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(permittedAndExcludedWithMinConstraints),
         "Unexpected size\n");
        ok(!memcmp(buf, permittedAndExcludedWithMinConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
    permitted.fMaximum = TRUE;
    permitted.dwMaximum = 3;
    SetLastError(0xdeadbeef);
7110
    ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
7111
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7112 7113 7114 7115 7116 7117 7118 7119 7120 7121 7122 7123 7124 7125 7126 7127 7128 7129 7130 7131 7132 7133 7134 7135 7136 7137 7138 7139
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(permittedAndExcludedWithMinMaxConstraints),
         "Unexpected size\n");
        ok(!memcmp(buf, permittedAndExcludedWithMinMaxConstraints, size),
         "Unexpected value\n");
        LocalFree(buf);
    }
}

struct EncodedNameConstraints
{
    CRYPT_DATA_BLOB            encoded;
    CERT_NAME_CONSTRAINTS_INFO constraints;
};

static CERT_GENERAL_SUBTREE emptyDNSSubtree = {
 { CERT_ALT_NAME_DNS_NAME, { 0 } }, 0 };
static CERT_GENERAL_SUBTREE DNSSubtree = {
 { CERT_ALT_NAME_DNS_NAME, { 0 } }, 0 };
static CERT_GENERAL_SUBTREE IPAddressSubtree = {
 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 0 };
static CERT_GENERAL_SUBTREE IPAddressWithMinSubtree = {
 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 5, 0 };
static CERT_GENERAL_SUBTREE IPAddressWithMinMaxSubtree = {
 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 5, TRUE, 3 };

7140
static const struct EncodedNameConstraints encodedNameConstraints[] = {
7141 7142 7143 7144 7145 7146 7147 7148 7149 7150 7151 7152 7153 7154 7155 7156 7157 7158 7159 7160 7161 7162 7163
 { { sizeof(emptySequence), (LPBYTE)emptySequence }, { 0 } },
 { { sizeof(emptyDNSPermittedConstraints), emptyDNSPermittedConstraints },
   { 1, &emptyDNSSubtree, 0, NULL } },
 { { sizeof(emptyDNSExcludedConstraints), emptyDNSExcludedConstraints },
   { 0, NULL, 1, &emptyDNSSubtree } },
 { { sizeof(DNSExcludedConstraints), DNSExcludedConstraints },
   { 0, NULL, 1, &DNSSubtree } },
 { { sizeof(permittedAndExcludedConstraints), permittedAndExcludedConstraints },
   { 1, &IPAddressSubtree, 1, &DNSSubtree } },
 { { sizeof(permittedAndExcludedWithMinConstraints),
     permittedAndExcludedWithMinConstraints },
   { 1, &IPAddressWithMinSubtree, 1, &DNSSubtree } },
 { { sizeof(permittedAndExcludedWithMinMaxConstraints),
     permittedAndExcludedWithMinMaxConstraints },
   { 1, &IPAddressWithMinMaxSubtree, 1, &DNSSubtree } },
};

static void test_decodeNameConstraints(DWORD dwEncoding)
{
    BOOL ret;
    DWORD i;
    CERT_NAME_CONSTRAINTS_INFO *constraints;

7164 7165 7166 7167 7168 7169 7170
    U(DNSSubtree.Base).pwszURL = (LPWSTR)url;
    U(IPAddressSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(IPAddressSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
    U(IPAddressWithMinSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(IPAddressWithMinSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
    U(IPAddressWithMinMaxSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
    U(IPAddressWithMinMaxSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
7171 7172 7173 7174 7175 7176
    for (i = 0;
     i < sizeof(encodedNameConstraints) / sizeof(encodedNameConstraints[0]);
     i++)
    {
        DWORD size;

7177
        ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS,
7178 7179 7180
         encodedNameConstraints[i].encoded.pbData,
         encodedNameConstraints[i].encoded.cbData,
         CRYPT_DECODE_ALLOC_FLAG, NULL, &constraints, &size);
7181 7182 7183 7184 7185
        if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
        {
            skip("no X509_NAME_CONSTRAINTS decode support\n");
            return;
        }
7186 7187 7188 7189 7190 7191 7192 7193 7194 7195 7196 7197 7198 7199 7200 7201 7202 7203 7204 7205 7206 7207 7208 7209 7210 7211 7212 7213 7214 7215 7216 7217 7218 7219 7220 7221 7222 7223
        ok(ret, "%d: CryptDecodeObjectEx failed: %08x\n", i, GetLastError());
        if (ret)
        {
            DWORD j;

            if (constraints->cPermittedSubtree !=
             encodedNameConstraints[i].constraints.cPermittedSubtree)
                fprintf(stderr, "%d: expected %d permitted, got %d\n", i,
                 encodedNameConstraints[i].constraints.cPermittedSubtree,
                 constraints->cPermittedSubtree);
            if (constraints->cPermittedSubtree ==
             encodedNameConstraints[i].constraints.cPermittedSubtree)
            {
                for (j = 0; j < constraints->cPermittedSubtree; j++)
                {
                    compareAltNameEntry(&constraints->rgPermittedSubtree[j].Base,
                     &encodedNameConstraints[i].constraints.rgPermittedSubtree[j].Base);
                }
            }
            if (constraints->cExcludedSubtree !=
             encodedNameConstraints[i].constraints.cExcludedSubtree)
                fprintf(stderr, "%d: expected %d excluded, got %d\n", i,
                 encodedNameConstraints[i].constraints.cExcludedSubtree,
                 constraints->cExcludedSubtree);
            if (constraints->cExcludedSubtree ==
             encodedNameConstraints[i].constraints.cExcludedSubtree)
            {
                for (j = 0; j < constraints->cExcludedSubtree; j++)
                {
                    compareAltNameEntry(&constraints->rgExcludedSubtree[j].Base,
                     &encodedNameConstraints[i].constraints.rgExcludedSubtree[j].Base);
                }
            }
            LocalFree(constraints);
        }
    }
}

7224 7225 7226 7227 7228 7229 7230 7231 7232 7233 7234 7235 7236 7237 7238 7239 7240 7241 7242 7243 7244 7245 7246 7247 7248 7249 7250 7251
static WCHAR noticeText[] = { 'T','h','i','s',' ','i','s',' ','a',' ',
 'n','o','t','i','c','e',0 };
static const BYTE noticeWithDisplayText[] = {
 0x30,0x22,0x1e,0x20,0x00,0x54,0x00,0x68,0x00,0x69,0x00,0x73,0x00,0x20,0x00,
 0x69,0x00,0x73,0x00,0x20,0x00,0x61,0x00,0x20,0x00,0x6e,0x00,0x6f,0x00,0x74,
 0x00,0x69,0x00,0x63,0x00,0x65
};
static char org[] = "Wine";
static int noticeNumbers[] = { 2,3 };
static BYTE noticeWithReference[] = {
 0x30,0x32,0x30,0x0e,0x16,0x04,0x57,0x69,0x6e,0x65,0x30,0x06,0x02,0x01,0x02,
 0x02,0x01,0x03,0x1e,0x20,0x00,0x54,0x00,0x68,0x00,0x69,0x00,0x73,0x00,0x20,
 0x00,0x69,0x00,0x73,0x00,0x20,0x00,0x61,0x00,0x20,0x00,0x6e,0x00,0x6f,0x00,
 0x74,0x00,0x69,0x00,0x63,0x00,0x65
};

static void test_encodePolicyQualifierUserNotice(DWORD dwEncoding)
{
    BOOL ret;
    LPBYTE buf;
    DWORD size;
    CERT_POLICY_QUALIFIER_USER_NOTICE notice;
    CERT_POLICY_QUALIFIER_NOTICE_REFERENCE reference;

    memset(&notice, 0, sizeof(notice));
    ret = pCryptEncodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE, &notice, CRYPT_ENCODE_ALLOC_FLAG,
     NULL, &buf, &size);
7252 7253 7254 7255 7256
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_PKIX_POLICY_QUALIFIER_USERNOTICE encode support\n");
        return;
    }
7257 7258 7259 7260 7261 7262 7263 7264 7265 7266 7267 7268 7269 7270 7271 7272 7273 7274 7275 7276 7277 7278 7279 7280 7281 7282 7283 7284 7285 7286 7287 7288 7289 7290 7291 7292 7293 7294 7295 7296 7297 7298 7299 7300
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(emptySequence) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
    }
    notice.pszDisplayText = noticeText;
    ret = pCryptEncodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE, &notice, CRYPT_ENCODE_ALLOC_FLAG,
     NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(noticeWithDisplayText) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, noticeWithDisplayText, size), "unexpected value\n");
        LocalFree(buf);
    }
    reference.pszOrganization = org;
    reference.cNoticeNumbers = 2;
    reference.rgNoticeNumbers = noticeNumbers;
    notice.pNoticeReference = &reference;
    ret = pCryptEncodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE, &notice, CRYPT_ENCODE_ALLOC_FLAG,
     NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(noticeWithReference) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, noticeWithReference, size), "unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodePolicyQualifierUserNotice(DWORD dwEncoding)
{
    BOOL ret;
    CERT_POLICY_QUALIFIER_USER_NOTICE *notice;
    DWORD size;

    ret = pCryptDecodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE,
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
     &notice, &size);
7301 7302 7303 7304 7305
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        skip("no X509_PKIX_POLICY_QUALIFIER_USERNOTICE decode support\n");
        return;
    }
7306 7307 7308 7309 7310 7311 7312 7313 7314 7315 7316 7317 7318 7319 7320 7321 7322 7323 7324 7325 7326 7327 7328 7329 7330 7331 7332 7333 7334 7335 7336 7337
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(notice->pszDisplayText == NULL, "unexpected display text\n");
        ok(notice->pNoticeReference == NULL, "unexpected notice reference\n");
        LocalFree(notice);
    }
    ret = pCryptDecodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE,
     noticeWithDisplayText, sizeof(noticeWithDisplayText),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &notice, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(!lstrcmpW(notice->pszDisplayText, noticeText),
         "unexpected display text\n");
        ok(notice->pNoticeReference == NULL, "unexpected notice reference\n");
        LocalFree(notice);
    }
    ret = pCryptDecodeObjectEx(dwEncoding,
     X509_PKIX_POLICY_QUALIFIER_USERNOTICE,
     noticeWithReference, sizeof(noticeWithReference),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &notice, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(!lstrcmpW(notice->pszDisplayText, noticeText),
         "unexpected display text\n");
        ok(notice->pNoticeReference != NULL, "expected a notice reference\n");
        if (notice->pNoticeReference)
        {
            ok(!strcmp(notice->pNoticeReference->pszOrganization, org),
7338 7339
             "unexpected organization %s\n",
             notice->pNoticeReference->pszOrganization);
7340 7341 7342 7343 7344 7345 7346 7347 7348 7349 7350 7351 7352 7353
            ok(notice->pNoticeReference->cNoticeNumbers == 2,
             "expected 2 notice numbers, got %d\n",
             notice->pNoticeReference->cNoticeNumbers);
            ok(notice->pNoticeReference->rgNoticeNumbers[0] == noticeNumbers[0],
             "unexpected notice number %d\n",
             notice->pNoticeReference->rgNoticeNumbers[0]);
            ok(notice->pNoticeReference->rgNoticeNumbers[1] == noticeNumbers[1],
             "unexpected notice number %d\n",
             notice->pNoticeReference->rgNoticeNumbers[1]);
        }
        LocalFree(notice);
    }
}

7354 7355 7356 7357 7358 7359 7360 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 7383 7384 7385 7386 7387 7388 7389 7390 7391 7392
static char oid_any_policy[] = "2.5.29.32.0";
static const BYTE policiesWithAnyPolicy[] = {
 0x30,0x08,0x30,0x06,0x06,0x04,0x55,0x1d,0x20,0x00
};
static char oid1[] = "1.2.3";
static char oid_user_notice[] = "1.3.6.1.5.5.7.2.2";
static const BYTE twoPolicies[] = {
 0x30,0x50,0x30,0x06,0x06,0x04,0x55,0x1d,0x20,0x00,0x30,0x46,0x06,0x02,0x2a,
 0x03,0x30,0x40,0x30,0x3e,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x02,0x02,
 0x30,0x32,0x30,0x0e,0x16,0x04,0x57,0x69,0x6e,0x65,0x30,0x06,0x02,0x01,0x02,
 0x02,0x01,0x03,0x1e,0x20,0x00,0x54,0x00,0x68,0x00,0x69,0x00,0x73,0x00,0x20,
 0x00,0x69,0x00,0x73,0x00,0x20,0x00,0x61,0x00,0x20,0x00,0x6e,0x00,0x6f,0x00,
 0x74,0x00,0x69,0x00,0x63,0x00,0x65
};

static void test_encodeCertPolicies(DWORD dwEncoding)
{
    BOOL ret;
    CERT_POLICIES_INFO info;
    CERT_POLICY_INFO policy[2];
    CERT_POLICY_QUALIFIER_INFO qualifier;
    LPBYTE buf;
    DWORD size;

    memset(&info, 0, sizeof(info));
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(emptySequence) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
        LocalFree(buf);
    }
    memset(policy, 0, sizeof(policy));
    info.cPolicyInfo = 1;
    info.rgPolicyInfo = policy;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7393 7394 7395
    ok(!ret && (GetLastError() == E_INVALIDARG ||
     GetLastError() == OSS_LIMITED /* Win9x/NT4 */),
     "expected E_INVALIDARG or OSS_LIMITED, got %08x\n", GetLastError());
7396 7397 7398 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 7436 7437 7438 7439 7440 7441 7442 7443 7444 7445 7446 7447 7448 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 7463 7464 7465 7466 7467 7468 7469 7470 7471 7472 7473 7474 7475 7476 7477 7478 7479 7480 7481 7482 7483 7484 7485 7486 7487 7488 7489 7490 7491
    policy[0].pszPolicyIdentifier = oid_any_policy;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(policiesWithAnyPolicy) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, policiesWithAnyPolicy, size), "unexpected value\n");
        LocalFree(buf);
    }
    policy[1].pszPolicyIdentifier = oid1;
    memset(&qualifier, 0, sizeof(qualifier));
    qualifier.pszPolicyQualifierId = oid_user_notice;
    qualifier.Qualifier.cbData = sizeof(noticeWithReference);
    qualifier.Qualifier.pbData = noticeWithReference;
    policy[1].cPolicyQualifier = 1;
    policy[1].rgPolicyQualifier = &qualifier;
    info.cPolicyInfo = 2;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_POLICIES, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(sizeof(twoPolicies) == size, "unexpected size %d\n", size);
        ok(!memcmp(buf, twoPolicies, size), "unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeCertPolicies(DWORD dwEncoding)
{
    BOOL ret;
    CERT_POLICIES_INFO *info;
    DWORD size;

    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
     &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->cPolicyInfo == 0, "unexpected policy info %d\n",
         info->cPolicyInfo);
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
     policiesWithAnyPolicy, sizeof(policiesWithAnyPolicy),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->cPolicyInfo == 1, "unexpected policy info %d\n",
         info->cPolicyInfo);
        ok(!strcmp(info->rgPolicyInfo[0].pszPolicyIdentifier, oid_any_policy),
         "unexpected policy id %s\n",
         info->rgPolicyInfo[0].pszPolicyIdentifier);
        ok(info->rgPolicyInfo[0].cPolicyQualifier == 0,
         "unexpected policy qualifier count %d\n",
         info->rgPolicyInfo[0].cPolicyQualifier);
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_POLICIES,
     twoPolicies, sizeof(twoPolicies),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->cPolicyInfo == 2, "unexpected policy info %d\n",
         info->cPolicyInfo);
        ok(!strcmp(info->rgPolicyInfo[0].pszPolicyIdentifier, oid_any_policy),
         "unexpected policy id %s\n",
         info->rgPolicyInfo[0].pszPolicyIdentifier);
        ok(info->rgPolicyInfo[0].cPolicyQualifier == 0,
         "unexpected policy qualifier count %d\n",
         info->rgPolicyInfo[0].cPolicyQualifier);
        ok(!strcmp(info->rgPolicyInfo[1].pszPolicyIdentifier, oid1),
         "unexpected policy id %s\n",
         info->rgPolicyInfo[1].pszPolicyIdentifier);
        ok(info->rgPolicyInfo[1].cPolicyQualifier == 1,
         "unexpected policy qualifier count %d\n",
         info->rgPolicyInfo[1].cPolicyQualifier);
        ok(!strcmp(
         info->rgPolicyInfo[1].rgPolicyQualifier[0].pszPolicyQualifierId,
         oid_user_notice), "unexpected policy qualifier id %s\n",
         info->rgPolicyInfo[1].rgPolicyQualifier[0].pszPolicyQualifierId);
        ok(info->rgPolicyInfo[1].rgPolicyQualifier[0].Qualifier.cbData ==
         sizeof(noticeWithReference), "unexpected qualifier size %d\n",
         info->rgPolicyInfo[1].rgPolicyQualifier[0].Qualifier.cbData);
        ok(!memcmp(
         info->rgPolicyInfo[1].rgPolicyQualifier[0].Qualifier.pbData,
         noticeWithReference, sizeof(noticeWithReference)),
         "unexpected qualifier value\n");
        LocalFree(info);
    }
}

7492 7493 7494 7495 7496 7497 7498 7499 7500 7501 7502 7503 7504 7505 7506 7507 7508 7509 7510 7511 7512 7513 7514 7515 7516
static const BYTE policyMappingWithOneMapping[] = {
0x30,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x06,0x02,0x53,0x04 };
static const BYTE policyMappingWithTwoMappings[] = {
0x30,0x14,0x30,0x08,0x06,0x02,0x2a,0x03,0x06,0x02,0x53,0x04,0x30,0x08,0x06,
0x02,0x2b,0x04,0x06,0x02,0x55,0x06 };
static const LPCSTR mappingOids[] = { X509_POLICY_MAPPINGS,
 szOID_POLICY_MAPPINGS, szOID_LEGACY_POLICY_MAPPINGS };

static void test_encodeCertPolicyMappings(DWORD dwEncoding)
{
    static char oid2[] = "2.3.4";
    static char oid3[] = "1.3.4";
    static char oid4[] = "2.5.6";
    BOOL ret;
    CERT_POLICY_MAPPINGS_INFO info = { 0 };
    CERT_POLICY_MAPPING mapping[2];
    LPBYTE buf;
    DWORD size, i;

    /* Each of the mapping OIDs is equivalent, so check with all of them */
    for (i = 0; i < sizeof(mappingOids) / sizeof(mappingOids[0]); i++)
    {
        memset(&info, 0, sizeof(info));
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7517 7518 7519 7520 7521 7522 7523
        ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
         "CryptEncodeObjectEx failed: %08x\n", GetLastError());
        if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
        {
            win_skip("no policy mappings support\n");
            return;
        }
7524 7525 7526 7527 7528 7529 7530 7531 7532 7533 7534 7535 7536 7537 7538 7539 7540 7541 7542 7543 7544 7545 7546 7547 7548 7549 7550 7551 7552 7553 7554 7555 7556 7557 7558 7559 7560 7561 7562 7563 7564 7565 7566 7567 7568 7569 7570 7571 7572 7573 7574 7575 7576 7577 7578 7579 7580 7581
        if (ret)
        {
            ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
            ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
             "unexpected value\n");
            LocalFree(buf);
        }
        mapping[0].pszIssuerDomainPolicy = NULL;
        mapping[0].pszSubjectDomainPolicy = NULL;
        info.cPolicyMapping = 1;
        info.rgPolicyMapping = mapping;
        SetLastError(0xdeadbeef);
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
        ok(!ret && GetLastError() == E_INVALIDARG,
         "expected E_INVALIDARG, got %08x\n", GetLastError());
        mapping[0].pszIssuerDomainPolicy = oid1;
        mapping[0].pszSubjectDomainPolicy = oid2;
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(size == sizeof(policyMappingWithOneMapping),
             "unexpected size %d\n", size);
            ok(!memcmp(buf, policyMappingWithOneMapping, size),
             "unexpected value\n");
            LocalFree(buf);
        }
        mapping[1].pszIssuerDomainPolicy = oid3;
        mapping[1].pszSubjectDomainPolicy = oid4;
        info.cPolicyMapping = 2;
        ret = pCryptEncodeObjectEx(dwEncoding, mappingOids[i], &info,
         CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
        ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(size == sizeof(policyMappingWithTwoMappings),
             "unexpected size %d\n", size);
            ok(!memcmp(buf, policyMappingWithTwoMappings, size),
             "unexpected value\n");
            LocalFree(buf);
        }
    }
}

static void test_decodeCertPolicyMappings(DWORD dwEncoding)
{
    DWORD size, i;
    CERT_POLICY_MAPPINGS_INFO *info;
    BOOL ret;

    /* Each of the mapping OIDs is equivalent, so check with all of them */
    for (i = 0; i < sizeof(mappingOids) / sizeof(mappingOids[0]); i++)
    {
        ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
         emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
         &info, &size);
7582 7583 7584 7585 7586 7587 7588
        ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
         "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
        {
            win_skip("no policy mappings support\n");
            return;
        }
7589 7590 7591 7592 7593 7594 7595 7596 7597 7598 7599 7600 7601 7602 7603 7604 7605 7606 7607 7608 7609 7610 7611 7612 7613 7614 7615 7616 7617 7618 7619 7620 7621 7622 7623 7624 7625 7626 7627 7628 7629 7630 7631 7632 7633 7634 7635
        if (ret)
        {
            ok(info->cPolicyMapping == 0,
             "expected 0 policy mappings, got %d\n", info->cPolicyMapping);
            LocalFree(info);
        }
        ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
         policyMappingWithOneMapping, sizeof(policyMappingWithOneMapping),
         CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(info->cPolicyMapping == 1,
             "expected 1 policy mappings, got %d\n", info->cPolicyMapping);
            ok(!strcmp(info->rgPolicyMapping[0].pszIssuerDomainPolicy, "1.2.3"),
             "unexpected issuer policy %s\n",
             info->rgPolicyMapping[0].pszIssuerDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[0].pszSubjectDomainPolicy,
             "2.3.4"), "unexpected subject policy %s\n",
             info->rgPolicyMapping[0].pszSubjectDomainPolicy);
            LocalFree(info);
        }
        ret = pCryptDecodeObjectEx(dwEncoding, mappingOids[i],
         policyMappingWithTwoMappings, sizeof(policyMappingWithTwoMappings),
         CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
        ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
        if (ret)
        {
            ok(info->cPolicyMapping == 2,
             "expected 2 policy mappings, got %d\n", info->cPolicyMapping);
            ok(!strcmp(info->rgPolicyMapping[0].pszIssuerDomainPolicy, "1.2.3"),
             "unexpected issuer policy %s\n",
             info->rgPolicyMapping[0].pszIssuerDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[0].pszSubjectDomainPolicy,
             "2.3.4"), "unexpected subject policy %s\n",
             info->rgPolicyMapping[0].pszSubjectDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[1].pszIssuerDomainPolicy, "1.3.4"),
             "unexpected issuer policy %s\n",
             info->rgPolicyMapping[1].pszIssuerDomainPolicy);
            ok(!strcmp(info->rgPolicyMapping[1].pszSubjectDomainPolicy,
             "2.5.6"), "unexpected subject policy %s\n",
             info->rgPolicyMapping[1].pszSubjectDomainPolicy);
            LocalFree(info);
        }
    }
}

7636 7637 7638 7639 7640 7641 7642 7643 7644 7645 7646 7647 7648 7649 7650 7651 7652 7653 7654
static const BYTE policyConstraintsWithRequireExplicit[] = {
0x30,0x03,0x80,0x01,0x00 };
static const BYTE policyConstraintsWithInhibitMapping[] = {
0x30,0x03,0x81,0x01,0x01 };
static const BYTE policyConstraintsWithBoth[] = {
0x30,0x06,0x80,0x01,0x01,0x81,0x01,0x01 };

static void test_encodeCertPolicyConstraints(DWORD dwEncoding)
{
    CERT_POLICY_CONSTRAINTS_INFO info = { 0 };
    LPBYTE buf;
    DWORD size;
    BOOL ret;

    /* Even though RFC 5280 explicitly states CAs must not issue empty
     * policy constraints (section 4.2.1.11), the API doesn't prevent it.
     */
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
7655 7656 7657 7658 7659 7660 7661
    ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
     "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        win_skip("no policy constraints support\n");
        return;
    }
7662 7663 7664 7665 7666 7667 7668 7669 7670 7671 7672 7673 7674 7675 7676 7677 7678 7679 7680 7681 7682 7683 7684 7685 7686 7687 7688 7689 7690 7691 7692 7693 7694 7695 7696 7697 7698 7699 7700 7701 7702 7703 7704 7705 7706 7707 7708 7709 7710 7711 7712 7713 7714 7715 7716 7717 7718 7719 7720 7721 7722 7723 7724 7725 7726 7727
    if (ret)
    {
        ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
        ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
         "unexpected value\n");
        LocalFree(buf);
    }
    /* If fRequireExplicitPolicy is set but dwRequireExplicitPolicySkipCerts
     * is not, then a skip of 0 is encoded.
     */
    info.fRequireExplicitPolicy = TRUE;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(policyConstraintsWithRequireExplicit),
         "unexpected size %d\n", size);
        ok(!memcmp(buf, policyConstraintsWithRequireExplicit,
         sizeof(policyConstraintsWithRequireExplicit)), "unexpected value\n");
        LocalFree(buf);
    }
    /* With inhibit policy mapping */
    info.fRequireExplicitPolicy = FALSE;
    info.dwRequireExplicitPolicySkipCerts = 0;
    info.fInhibitPolicyMapping = TRUE;
    info.dwInhibitPolicyMappingSkipCerts = 1;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(policyConstraintsWithInhibitMapping),
         "unexpected size %d\n", size);
        ok(!memcmp(buf, policyConstraintsWithInhibitMapping,
         sizeof(policyConstraintsWithInhibitMapping)), "unexpected value\n");
        LocalFree(buf);
    }
    /* And with both */
    info.fRequireExplicitPolicy = TRUE;
    info.dwRequireExplicitPolicySkipCerts = 1;
    ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
     CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
    ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(size == sizeof(policyConstraintsWithBoth), "unexpected size %d\n",
         size);
        ok(!memcmp(buf, policyConstraintsWithBoth,
         sizeof(policyConstraintsWithBoth)), "unexpected value\n");
        LocalFree(buf);
    }
}

static void test_decodeCertPolicyConstraints(DWORD dwEncoding)
{
    CERT_POLICY_CONSTRAINTS_INFO *info;
    DWORD size;
    BOOL ret;

    /* Again, even though CAs must not issue such constraints, they can be
     * decoded.
     */
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
     &info, &size);
7728 7729 7730 7731 7732 7733 7734
    ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND),
     "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
    {
        win_skip("no policy mappings support\n");
        return;
    }
7735 7736 7737 7738 7739 7740 7741 7742 7743 7744 7745 7746 7747 7748 7749 7750 7751 7752 7753 7754 7755 7756 7757 7758 7759 7760 7761 7762 7763 7764 7765 7766 7767 7768 7769 7770 7771 7772 7773 7774 7775 7776 7777 7778 7779 7780 7781 7782 7783 7784 7785 7786 7787 7788 7789 7790
    if (ret)
    {
        ok(!info->fRequireExplicitPolicy,
         "expected require explicit = FALSE\n");
        ok(!info->fInhibitPolicyMapping,
         "expected implicit mapping = FALSE\n");
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     policyConstraintsWithRequireExplicit,
     sizeof(policyConstraintsWithRequireExplicit), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->fRequireExplicitPolicy,
         "expected require explicit = TRUE\n");
        ok(info->dwRequireExplicitPolicySkipCerts == 0, "expected 0, got %d\n",
         info->dwRequireExplicitPolicySkipCerts);
        ok(!info->fInhibitPolicyMapping,
         "expected implicit mapping = FALSE\n");
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     policyConstraintsWithInhibitMapping,
     sizeof(policyConstraintsWithInhibitMapping), CRYPT_DECODE_ALLOC_FLAG,
     NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(!info->fRequireExplicitPolicy,
         "expected require explicit = FALSE\n");
        ok(info->fInhibitPolicyMapping,
         "expected implicit mapping = TRUE\n");
        ok(info->dwInhibitPolicyMappingSkipCerts == 1, "expected 1, got %d\n",
         info->dwInhibitPolicyMappingSkipCerts);
        LocalFree(info);
    }
    ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
     policyConstraintsWithBoth, sizeof(policyConstraintsWithBoth),
     CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
    ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
    if (ret)
    {
        ok(info->fRequireExplicitPolicy,
         "expected require explicit = TRUE\n");
        ok(info->dwRequireExplicitPolicySkipCerts == 1, "expected 1, got %d\n",
         info->dwRequireExplicitPolicySkipCerts);
        ok(info->fInhibitPolicyMapping,
         "expected implicit mapping = TRUE\n");
        ok(info->dwInhibitPolicyMappingSkipCerts == 1, "expected 1, got %d\n",
         info->dwInhibitPolicyMappingSkipCerts);
        LocalFree(info);
    }
}

7791 7792 7793 7794 7795 7796 7797 7798 7799 7800 7801 7802
/* Free *pInfo with HeapFree */
static void testExportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO *pInfo)
{
    BOOL ret;
    DWORD size = 0;
    HCRYPTKEY key;

    /* This crashes
    ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, NULL);
     */
    ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7803
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7804 7805 7806
    ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, 0, NULL, 0, NULL, NULL,
     &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7807
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7808 7809 7810
    ret = CryptExportPublicKeyInfoEx(0, 0, X509_ASN_ENCODING, NULL, 0, NULL,
     NULL, &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7811
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7812 7813 7814
    ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
     0, NULL, NULL, &size);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7815
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7816 7817 7818
    /* Test with no key */
    ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
     0, NULL, NULL, &size);
7819
    ok(!ret && GetLastError() == NTE_NO_KEY, "Expected NTE_NO_KEY, got %08x\n",
7820 7821
     GetLastError());
    ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
7822
    ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
7823 7824 7825 7826
    if (ret)
    {
        ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
         NULL, 0, NULL, NULL, &size);
7827
        ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
7828 7829 7830 7831 7832
        *pInfo = HeapAlloc(GetProcessHeap(), 0, size);
        if (*pInfo)
        {
            ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
             X509_ASN_ENCODING, NULL, 0, NULL, *pInfo, &size);
7833
            ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n",
7834 7835 7836 7837 7838 7839 7840 7841 7842 7843 7844 7845
             GetLastError());
            if (ret)
            {
                /* By default (we passed NULL as the OID) the OID is
                 * szOID_RSA_RSA.
                 */
                ok(!strcmp((*pInfo)->Algorithm.pszObjId, szOID_RSA_RSA),
                 "Expected %s, got %s\n", szOID_RSA_RSA,
                 (*pInfo)->Algorithm.pszObjId);
            }
        }
    }
Juan Lang's avatar
Juan Lang committed
7846
    CryptDestroyKey(key);
7847 7848
}

7849 7850 7851 7852 7853 7854 7855 7856 7857 7858 7859 7860 7861 7862 7863 7864 7865 7866 7867 7868 7869 7870 7871 7872 7873 7874
static const BYTE expiredCert[] = { 0x30, 0x82, 0x01, 0x33, 0x30, 0x81, 0xe2,
 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xc4, 0xd7, 0x7f, 0x0e, 0x6f, 0xa6,
 0x8c, 0xaa, 0x47, 0x47, 0x40, 0xe7, 0xb7, 0x0b, 0x4a, 0x7f, 0x30, 0x09, 0x06,
 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d, 0x30,
 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x36, 0x39, 0x30, 0x31, 0x30, 0x31, 0x30,
 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30,
 0x31, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30,
 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
 0x00, 0xa1, 0xaf, 0x4a, 0xea, 0xa7, 0x83, 0x57, 0xc0, 0x37, 0x33, 0x7e, 0x29,
 0x5e, 0x0d, 0xfc, 0x44, 0x74, 0x3a, 0x1d, 0xc3, 0x1b, 0x1d, 0x96, 0xed, 0x4e,
 0xf4, 0x1b, 0x98, 0xec, 0x69, 0x1b, 0x04, 0xea, 0x25, 0xcf, 0xb3, 0x2a, 0xf5,
 0xd9, 0x22, 0xd9, 0x8d, 0x08, 0x39, 0x81, 0xc6, 0xe0, 0x4f, 0x12, 0x37, 0x2a,
 0x3f, 0x80, 0xa6, 0x6c, 0x67, 0x43, 0x3a, 0xdd, 0x95, 0x0c, 0xbb, 0x2f, 0x6b,
 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x8f, 0xa2, 0x5b, 0xd6, 0xdf, 0x34, 0xd0,
 0xa2, 0xa7, 0x47, 0xf1, 0x13, 0x79, 0xd3, 0xf3, 0x39, 0xbd, 0x4e, 0x2b, 0xa3,
 0xf4, 0x63, 0x37, 0xac, 0x5a, 0x0c, 0x5e, 0x4d, 0x0d, 0x54, 0x87, 0x4f, 0x31,
 0xfb, 0xa0, 0xce, 0x8f, 0x9a, 0x2f, 0x4d, 0x48, 0xc6, 0x84, 0x8d, 0xf5, 0x70,
 0x74, 0x17, 0xa5, 0xf3, 0x66, 0x47, 0x06, 0xd6, 0x64, 0x45, 0xbc, 0x52, 0xef,
 0x49, 0xe5, 0xf9, 0x65, 0xf3 };

7875 7876 7877 7878
static void testImportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO info)
{
    BOOL ret;
    HCRYPTKEY key;
7879
    PCCERT_CONTEXT context;
7880 7881
    DWORD dwSize;
    ALG_ID ai;
7882 7883 7884 7885 7886 7887 7888 7889 7890 7891

    /* These crash
    ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, NULL);
    ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, &key);
    ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, NULL);
    ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
     NULL);
     */
    ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, &key);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
7892
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
7893 7894
    ret = CryptImportPublicKeyInfoEx(csp, 0, info, 0, 0, NULL, &key);
    ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
7895
     "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
7896 7897 7898
    ret = CryptImportPublicKeyInfoEx(0, X509_ASN_ENCODING, info, 0, 0, NULL,
     &key);
    ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7899
     "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7900 7901

    /* Export key with standard algorithm (CALG_RSA_KEYX) */
7902 7903
    ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
     &key);
7904
    ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());
7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 7921 7922 7923 7924 7925 7926 7927 7928 7929 7930

    dwSize = sizeof(ai);
    CryptGetKeyParam(key, KP_ALGID, (LPVOID)&ai, &dwSize, 0);
    ok(ret, "CryptGetKeyParam failed: %08x\n", GetLastError());
    if(ret)
    {
      ok(dwSize == sizeof(ai), "CryptGetKeyParam returned size %d\n",dwSize);
      ok(ai == CALG_RSA_KEYX, "Default ALG_ID is %04x (expected CALG_RSA_KEYX)\n", ai);
    }

    CryptDestroyKey(key);

    /* Repeat with forced algorithm */
    ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, CALG_RSA_SIGN, 0, NULL,
     &key);
    ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());

    dwSize = sizeof(ai);
    CryptGetKeyParam(key, KP_ALGID, (LPVOID)&ai, &dwSize, 0);
    ok(ret, "CryptGetKeyParam failed: %08x\n", GetLastError());
    if(ret)
    {
      ok(dwSize == sizeof(ai), "CryptGetKeyParam returned size %d\n",dwSize);
      ok(ai == CALG_RSA_SIGN, "ALG_ID is %04x (expected CALG_RSA_SIGN)\n", ai);
    }

7931
    CryptDestroyKey(key);
7932 7933 7934 7935

    /* Test importing a public key from a certificate context */
    context = CertCreateCertificateContext(X509_ASN_ENCODING, expiredCert,
     sizeof(expiredCert));
7936
    ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
7937 7938 7939 7940 7941 7942 7943 7944 7945
     GetLastError());
    if (context)
    {
        ok(!strcmp(szOID_RSA_RSA,
         context->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId),
         "Expected %s, got %s\n", szOID_RSA_RSA,
         context->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId);
        ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING,
         &context->pCertInfo->SubjectPublicKeyInfo, 0, 0, NULL, &key);
7946
        ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());
7947 7948 7949
        CryptDestroyKey(key);
        CertFreeCertificateContext(context);
    }
7950 7951 7952 7953 7954 7955 7956 7957 7958 7959 7960 7961 7962 7963 7964
}

static const char cspName[] = "WineCryptTemp";

static void testPortPublicKeyInfo(void)
{
    HCRYPTPROV csp;
    BOOL ret;
    PCERT_PUBLIC_KEY_INFO info = NULL;

    /* Just in case a previous run failed, delete this thing */
    CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
     CRYPT_DELETEKEYSET);
    ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
     CRYPT_NEWKEYSET);
7965
    ok(ret,"CryptAcquireContextA failed\n");
7966 7967 7968 7969 7970 7971 7972 7973

    testExportPublicKey(csp, &info);
    testImportPublicKey(csp, info);

    HeapFree(GetProcessHeap(), 0, info);
    CryptReleaseContext(csp, 0);
    ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
     CRYPT_DELETEKEYSET);
7974
    ok(ret,"CryptAcquireContextA failed\n");
7975 7976
}

7977 7978
START_TEST(encode)
{
7979 7980
    static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
     X509_ASN_ENCODING | PKCS_7_ASN_ENCODING };
7981
    HMODULE hCrypt32;
7982 7983
    DWORD i;

7984 7985 7986 7987 7988
    hCrypt32 = GetModuleHandleA("crypt32.dll");
    pCryptDecodeObjectEx = (void*)GetProcAddress(hCrypt32, "CryptDecodeObjectEx");
    pCryptEncodeObjectEx = (void*)GetProcAddress(hCrypt32, "CryptEncodeObjectEx");
    if (!pCryptDecodeObjectEx || !pCryptEncodeObjectEx)
    {
7989
        win_skip("CryptDecodeObjectEx() is not available\n");
7990 7991 7992
        return;
    }

7993 7994
    for (i = 0; i < sizeof(encodings) / sizeof(encodings[0]); i++)
    {
7995 7996
        test_encodeInt(encodings[i]);
        test_decodeInt(encodings[i]);
7997 7998
        test_encodeEnumerated(encodings[i]);
        test_decodeEnumerated(encodings[i]);
7999 8000 8001 8002
        test_encodeFiletime(encodings[i]);
        test_decodeFiletime(encodings[i]);
        test_encodeName(encodings[i]);
        test_decodeName(encodings[i]);
8003 8004
        test_encodeUnicodeName(encodings[i]);
        test_decodeUnicodeName(encodings[i]);
8005 8006
        test_encodeNameValue(encodings[i]);
        test_decodeNameValue(encodings[i]);
8007 8008
        test_encodeUnicodeNameValue(encodings[i]);
        test_decodeUnicodeNameValue(encodings[i]);
8009 8010
        test_encodeAltName(encodings[i]);
        test_decodeAltName(encodings[i]);
8011 8012 8013 8014
        test_encodeOctets(encodings[i]);
        test_decodeOctets(encodings[i]);
        test_encodeBits(encodings[i]);
        test_decodeBits(encodings[i]);
8015 8016
        test_encodeBasicConstraints(encodings[i]);
        test_decodeBasicConstraints(encodings[i]);
8017 8018
        test_encodeRsaPublicKey(encodings[i]);
        test_decodeRsaPublicKey(encodings[i]);
8019 8020
        test_encodeSequenceOfAny(encodings[i]);
        test_decodeSequenceOfAny(encodings[i]);
8021 8022
        test_encodeExtensions(encodings[i]);
        test_decodeExtensions(encodings[i]);
8023 8024
        test_encodePublicKeyInfo(encodings[i]);
        test_decodePublicKeyInfo(encodings[i]);
8025 8026
        test_encodeCertToBeSigned(encodings[i]);
        test_decodeCertToBeSigned(encodings[i]);
8027 8028
        test_encodeCert(encodings[i]);
        test_decodeCert(encodings[i]);
8029 8030
        test_encodeCRLDistPoints(encodings[i]);
        test_decodeCRLDistPoints(encodings[i]);
8031 8032
        test_encodeCRLIssuingDistPoint(encodings[i]);
        test_decodeCRLIssuingDistPoint(encodings[i]);
8033 8034
        test_encodeCRLToBeSigned(encodings[i]);
        test_decodeCRLToBeSigned(encodings[i]);
8035 8036
        test_encodeEnhancedKeyUsage(encodings[i]);
        test_decodeEnhancedKeyUsage(encodings[i]);
8037 8038
        test_encodeAuthorityKeyId(encodings[i]);
        test_decodeAuthorityKeyId(encodings[i]);
8039 8040
        test_encodeAuthorityKeyId2(encodings[i]);
        test_decodeAuthorityKeyId2(encodings[i]);
8041 8042
        test_encodeAuthorityInfoAccess(encodings[i]);
        test_decodeAuthorityInfoAccess(encodings[i]);
8043 8044
        test_encodeCTL(encodings[i]);
        test_decodeCTL(encodings[i]);
8045 8046
        test_encodePKCSContentInfo(encodings[i]);
        test_decodePKCSContentInfo(encodings[i]);
8047 8048
        test_encodePKCSAttribute(encodings[i]);
        test_decodePKCSAttribute(encodings[i]);
8049 8050
        test_encodePKCSAttributes(encodings[i]);
        test_decodePKCSAttributes(encodings[i]);
8051 8052
        test_encodePKCSSMimeCapabilities(encodings[i]);
        test_decodePKCSSMimeCapabilities(encodings[i]);
8053 8054
        test_encodePKCSSignerInfo(encodings[i]);
        test_decodePKCSSignerInfo(encodings[i]);
8055 8056
        test_encodeCMSSignerInfo(encodings[i]);
        test_decodeCMSSignerInfo(encodings[i]);
8057 8058
        test_encodeNameConstraints(encodings[i]);
        test_decodeNameConstraints(encodings[i]);
8059 8060
        test_encodePolicyQualifierUserNotice(encodings[i]);
        test_decodePolicyQualifierUserNotice(encodings[i]);
8061 8062
        test_encodeCertPolicies(encodings[i]);
        test_decodeCertPolicies(encodings[i]);
8063 8064
        test_encodeCertPolicyMappings(encodings[i]);
        test_decodeCertPolicyMappings(encodings[i]);
8065 8066
        test_encodeCertPolicyConstraints(encodings[i]);
        test_decodeCertPolicyConstraints(encodings[i]);
8067
    }
8068
    testPortPublicKeyInfo();
8069
}