Commit e611a839 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Test verifying the enhanced key usage of a chain.

parent d963e97f
...@@ -3606,6 +3606,9 @@ static void testGetCertChain(void) ...@@ -3606,6 +3606,9 @@ static void testGetCertChain(void)
CERT_TRUST_IS_REVOKED | CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_REVOKED | CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
CERT_TRUST_IS_OFFLINE_REVOCATION; CERT_TRUST_IS_OFFLINE_REVOCATION;
HCERTSTORE store; HCERTSTORE store;
static char one_two_three[] = "1.2.3";
static char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH;
LPSTR oids[2];
/* Basic parameter checks */ /* Basic parameter checks */
if (0) if (0)
...@@ -3829,6 +3832,70 @@ static void testGetCertChain(void) ...@@ -3829,6 +3832,70 @@ static void testGetCertChain(void)
CertCloseStore(store, 0); CertCloseStore(store, 0);
CertFreeCertificateContext(cert); CertFreeCertificateContext(cert);
/* Test usage match with Google's cert */
store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
verisignCA, sizeof(verisignCA), CERT_STORE_ADD_ALWAYS, NULL);
CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
thawte_sgc_ca, sizeof(thawte_sgc_ca), CERT_STORE_ADD_ALWAYS, NULL);
cert = CertCreateCertificateContext(X509_ASN_ENCODING,
google, sizeof(google));
SystemTimeToFileTime(&oct2009, &fileTime);
memset(&para, 0, sizeof(para));
para.cbSize = sizeof(para);
oids[0] = one_two_three;
para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
para.RequestedUsage.Usage.rgpszUsageIdentifier = oids;
para.RequestedUsage.Usage.cUsageIdentifier = 1;
ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para,
0, NULL, &chain);
ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError());
if (ret)
{
todo_wine
ok(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_VALID_FOR_USAGE,
"expected CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
CertFreeCertificateChain(chain);
}
oids[0] = oid_server_auth;
ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para,
0, NULL, &chain);
ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError());
if (ret)
{
ok(!(chain->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_NOT_VALID_FOR_USAGE),
"didn't expect CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
CertFreeCertificateChain(chain);
}
oids[1] = one_two_three;
para.RequestedUsage.Usage.cUsageIdentifier = 2;
para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para,
0, NULL, &chain);
ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError());
if (ret)
{
todo_wine
ok(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_VALID_FOR_USAGE,
"expected CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
CertFreeCertificateChain(chain);
}
para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR;
ret = pCertGetCertificateChain(NULL, cert, &fileTime, store, &para,
0, NULL, &chain);
ok(ret, "CertGetCertificateChain failed: %08x\n", GetLastError());
if (ret)
{
ok(!(chain->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_NOT_VALID_FOR_USAGE),
"didn't expect CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
CertFreeCertificateChain(chain);
}
CertCloseStore(store, 0);
CertFreeCertificateContext(cert);
for (i = 0; i < sizeof(chainCheck) / sizeof(chainCheck[0]); i++) for (i = 0; i < sizeof(chainCheck) / sizeof(chainCheck[0]); i++)
{ {
chain = getChain(&chainCheck[i].certs, 0, TRUE, &oct2007, chain = getChain(&chainCheck[i].certs, 0, TRUE, &oct2007,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment