Commit 1d79e5de authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32/tests: Test wildcards in subject alternative name.

parent fbd3a1dd
...@@ -2472,6 +2472,37 @@ static const BYTE chain28_1[] = { ...@@ -2472,6 +2472,37 @@ static const BYTE chain28_1[] = {
0x44,0x76,0x66,0x26,0xa7,0x05,0x3c,0x68,0x66,0x1c,0x07,0x4d,0xcf,0x54,0xaa, 0x44,0x76,0x66,0x26,0xa7,0x05,0x3c,0x68,0x66,0x1c,0x07,0x4d,0xcf,0x54,0xaa,
0x5d,0xba,0x7a,0x8f,0x06,0xa7,0x1e,0x86,0xf1,0x5a,0x4b,0x50,0x16,0xad,0x9f, 0x5d,0xba,0x7a,0x8f,0x06,0xa7,0x1e,0x86,0xf1,0x5a,0x4b,0x50,0x16,0xad,0x9f,
0x89 }; 0x89 };
/* A chain whose end certificate is issued to *.winehq.org. */
static const BYTE chain29_1[] = {
0x30,0x82,0x01,0xab,0x30,0x82,0x01,0x16,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,
0x01,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30,
0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,
0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,0x30,
0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,0x30,
0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,
0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9d,0x30,0x0b,0x06,0x09,0x2a,
0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,0x0e,0x67,0x5f,
0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,0xb6,0x17,0x8e,
0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,0x9f,0x6e,0xfe,
0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,0xd1,0x57,0x71,
0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,0x72,0xa7,0x87,
0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,0x80,0x83,0x68,
0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,0xb5,0x46,0x36,
0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,0x51,0x9a,0x22,
0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,0x02,0x03,0x01,
0x00,0x01,0xa3,0x1b,0x30,0x19,0x30,0x17,0x06,0x03,0x55,0x1d,0x07,0x04,0x10,
0x30,0x0e,0x82,0x0c,0x2a,0x2e,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,
0x67,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x03,
0x81,0x81,0x00,0x65,0xbf,0xfa,0xf7,0xc3,0x09,0x70,0x25,0x8a,0x46,0x69,0xf6,
0xdc,0x07,0x1e,0x30,0xc9,0xe4,0x58,0x89,0x65,0x3a,0xa8,0xda,0xbd,0x17,0xf8,
0x1d,0x0d,0x7d,0x47,0xb1,0xb2,0xda,0x17,0x9f,0xf6,0x47,0xe0,0xe4,0x4a,0xeb,
0x02,0xc9,0x2e,0x69,0x1c,0x57,0x2a,0x80,0xc9,0x01,0x77,0x7b,0x27,0xff,0x2f,
0xaf,0xdf,0xf3,0x65,0x12,0xd8,0x7d,0xc2,0xbf,0x1b,0x1d,0x18,0x96,0x5c,0xf6,
0xba,0x43,0xc5,0x43,0x57,0xc0,0xdd,0x97,0x95,0xfb,0x1c,0xad,0x64,0x0f,0x61,
0x3a,0xe9,0x27,0xa4,0x57,0x27,0x34,0xa7,0x42,0xde,0x78,0x1a,0x71,0x80,0x23,
0xd6,0xd7,0x22,0xf0,0x24,0x0d,0x71,0xf1,0x2b,0xd0,0xd8,0x76,0x3d,0xef,0x4c,
0xce,0x1c,0x3b,0x83,0x1b,0x63,0x10,0x6c,0x63,0xe5,0x69 };
typedef struct _CONST_DATA_BLOB typedef struct _CONST_DATA_BLOB
{ {
...@@ -3069,6 +3100,18 @@ static const CERT_TRUST_STATUS elementStatus28[] = { ...@@ -3069,6 +3100,18 @@ static const CERT_TRUST_STATUS elementStatus28[] = {
static const SimpleChainStatusCheck simpleStatus28[] = { static const SimpleChainStatusCheck simpleStatus28[] = {
{ sizeof(elementStatus28) / sizeof(elementStatus28[0]), elementStatus28 }, { sizeof(elementStatus28) / sizeof(elementStatus28[0]), elementStatus28 },
}; };
static CONST_DATA_BLOB chain29[] = {
{ sizeof(chain0_0), chain0_0 },
{ sizeof(chain29_1), chain29_1 },
};
static const CERT_TRUST_STATUS elementStatus29[] = {
{ CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT,
CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER },
};
static const SimpleChainStatusCheck simpleStatus29[] = {
{ sizeof(elementStatus29) / sizeof(elementStatus29[0]), elementStatus29 },
};
static CONST_DATA_BLOB selfSignedChain[] = { static CONST_DATA_BLOB selfSignedChain[] = {
{ sizeof(selfSignedCert), selfSignedCert } { sizeof(selfSignedCert), selfSignedCert }
}; };
...@@ -3354,6 +3397,7 @@ static ChainCheck chainCheck[] = { ...@@ -3354,6 +3397,7 @@ static ChainCheck chainCheck[] = {
CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT, 0 }, CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT, 0 },
1, simpleStatus28 }, 1, simpleStatus28 },
0 }, 0 },
/* chain29 is handled separately elsewhere */
{ { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain }, { { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, { CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
...@@ -3772,6 +3816,16 @@ static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = { ...@@ -3772,6 +3816,16 @@ static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = {
{ 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0 { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0
}; };
static const ChainPolicyCheck winehqPolicyCheckWithMatchingName = {
{ sizeof(chain29) / sizeof(chain29[0]), chain29 },
{ 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
};
static const ChainPolicyCheck winehqPolicyCheckWithoutMatchingName = {
{ sizeof(chain29) / sizeof(chain29[0]), chain29 },
{ 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0
};
static const ChainPolicyCheck stanfordPolicyCheckWithMatchingName = { static const ChainPolicyCheck stanfordPolicyCheckWithMatchingName = {
{ sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain }, { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain },
{ 0, 0, -1, -1, NULL}, NULL, 0 { 0, 0, -1, -1, NULL}, NULL, 0
...@@ -4000,6 +4054,13 @@ static void check_ssl_policy(void) ...@@ -4000,6 +4054,13 @@ static void check_ssl_policy(void)
's','t','a','n','f','o','r','d','.','e','d','u',0 }; 's','t','a','n','f','o','r','d','.','e','d','u',0 };
WCHAR a_dot_cs_dot_stanford_dot_edu[] = { 'a','.','c','s','.', WCHAR a_dot_cs_dot_stanford_dot_edu[] = { 'a','.','c','s','.',
's','t','a','n','f','o','r','d','.','e','d','u',0 }; 's','t','a','n','f','o','r','d','.','e','d','u',0 };
WCHAR test_dot_winehq_dot_org[] = { 't','e','s','t','.',
'w','i','n','e','h','q','.','o','r','g',0 };
WCHAR a_dot_b_dot_winehq_dot_org[] = { 'a','.','b','.',
'w','i','n','e','h','q','.','o','r','g',0 };
HCERTSTORE testRoot;
CERT_CHAIN_ENGINE_CONFIG engineConfig = { sizeof(engineConfig), 0 };
HCERTCHAINENGINE engine;
/* Check ssl policy with no parameter */ /* Check ssl policy with no parameter */
for (i = 0; for (i = 0;
...@@ -4111,6 +4172,34 @@ static void check_ssl_policy(void) ...@@ -4111,6 +4172,34 @@ static void check_ssl_policy(void)
sslPolicyPara.pwszServerName = a_dot_cs_dot_stanford_dot_edu; sslPolicyPara.pwszServerName = a_dot_cs_dot_stanford_dot_edu;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&stanfordPolicyCheckWithoutMatchingName, 0, &oct2009, &policyPara); &stanfordPolicyCheckWithoutMatchingName, 0, &oct2009, &policyPara);
/* Check chain29, which has a wildcard in its subject alternative name,
* but not in its distinguished name.
* Step 1: create a chain engine that trusts chain29's root.
*/
testRoot = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
CertAddEncodedCertificateToStore(testRoot, X509_ASN_ENCODING, chain0_0,
sizeof(chain0_0), CERT_STORE_ADD_ALWAYS, NULL);
engineConfig.hExclusiveRoot = testRoot;
if (!CertCreateCertificateChainEngine(&engineConfig, &engine))
{
skip("Couldn't create chain engine\n");
return;
}
/* With "winehq.org": no match */
sslPolicyPara.pwszServerName = winehq;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine,
&winehqPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara);
/* With "test.winehq.org": match */
sslPolicyPara.pwszServerName = test_dot_winehq_dot_org;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine,
&winehqPolicyCheckWithMatchingName, 0, &oct2007, &policyPara);
/* With "a.b.winehq.org": no match */
sslPolicyPara.pwszServerName = a_dot_b_dot_winehq_dot_org;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine,
&winehqPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara);
CertFreeCertificateChainEngine(engine);
CertCloseStore(testRoot, 0);
} }
static void testVerifyCertChainPolicy(void) static void testVerifyCertChainPolicy(void)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment