Module: wine Branch: master Commit: 1d79e5de9a1804e3bb23652fa48c6c569ba40136 URL: http://source.winehq.org/git/wine.git/?a=commit;h=1d79e5de9a1804e3bb23652fa4...
Author: Juan Lang juan.lang@gmail.com Date: Wed May 19 18:12:21 2010 -0700
crypt32/tests: Test wildcards in subject alternative name.
---
dlls/crypt32/tests/chain.c | 89 ++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 89 insertions(+), 0 deletions(-)
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 900a30d..0484aa1 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -2472,6 +2472,37 @@ static const BYTE chain28_1[] = { 0x44,0x76,0x66,0x26,0xa7,0x05,0x3c,0x68,0x66,0x1c,0x07,0x4d,0xcf,0x54,0xaa, 0x5d,0xba,0x7a,0x8f,0x06,0xa7,0x1e,0x86,0xf1,0x5a,0x4b,0x50,0x16,0xad,0x9f, 0x89 }; +/* A chain whose end certificate is issued to *.winehq.org. */ +static const BYTE chain29_1[] = { +0x30,0x82,0x01,0xab,0x30,0x82,0x01,0x16,0xa0,0x03,0x02,0x01,0x02,0x02,0x01, +0x01,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30, +0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72, +0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,0x30, +0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,0x30, +0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03, +0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9d,0x30,0x0b,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, +0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,0x0e,0x67,0x5f, +0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,0xb6,0x17,0x8e, +0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,0x9f,0x6e,0xfe, +0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,0xd1,0x57,0x71, +0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,0x72,0xa7,0x87, +0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,0x80,0x83,0x68, +0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,0xb5,0x46,0x36, +0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,0x51,0x9a,0x22, +0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,0x02,0x03,0x01, +0x00,0x01,0xa3,0x1b,0x30,0x19,0x30,0x17,0x06,0x03,0x55,0x1d,0x07,0x04,0x10, +0x30,0x0e,0x82,0x0c,0x2a,0x2e,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72, +0x67,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x03, +0x81,0x81,0x00,0x65,0xbf,0xfa,0xf7,0xc3,0x09,0x70,0x25,0x8a,0x46,0x69,0xf6, +0xdc,0x07,0x1e,0x30,0xc9,0xe4,0x58,0x89,0x65,0x3a,0xa8,0xda,0xbd,0x17,0xf8, +0x1d,0x0d,0x7d,0x47,0xb1,0xb2,0xda,0x17,0x9f,0xf6,0x47,0xe0,0xe4,0x4a,0xeb, +0x02,0xc9,0x2e,0x69,0x1c,0x57,0x2a,0x80,0xc9,0x01,0x77,0x7b,0x27,0xff,0x2f, +0xaf,0xdf,0xf3,0x65,0x12,0xd8,0x7d,0xc2,0xbf,0x1b,0x1d,0x18,0x96,0x5c,0xf6, +0xba,0x43,0xc5,0x43,0x57,0xc0,0xdd,0x97,0x95,0xfb,0x1c,0xad,0x64,0x0f,0x61, +0x3a,0xe9,0x27,0xa4,0x57,0x27,0x34,0xa7,0x42,0xde,0x78,0x1a,0x71,0x80,0x23, +0xd6,0xd7,0x22,0xf0,0x24,0x0d,0x71,0xf1,0x2b,0xd0,0xd8,0x76,0x3d,0xef,0x4c, +0xce,0x1c,0x3b,0x83,0x1b,0x63,0x10,0x6c,0x63,0xe5,0x69 };
typedef struct _CONST_DATA_BLOB { @@ -3069,6 +3100,18 @@ static const CERT_TRUST_STATUS elementStatus28[] = { static const SimpleChainStatusCheck simpleStatus28[] = { { sizeof(elementStatus28) / sizeof(elementStatus28[0]), elementStatus28 }, }; +static CONST_DATA_BLOB chain29[] = { + { sizeof(chain0_0), chain0_0 }, + { sizeof(chain29_1), chain29_1 }, +}; +static const CERT_TRUST_STATUS elementStatus29[] = { + { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER }, + { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT, + CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER }, +}; +static const SimpleChainStatusCheck simpleStatus29[] = { + { sizeof(elementStatus29) / sizeof(elementStatus29[0]), elementStatus29 }, +}; static CONST_DATA_BLOB selfSignedChain[] = { { sizeof(selfSignedCert), selfSignedCert } }; @@ -3354,6 +3397,7 @@ static ChainCheck chainCheck[] = { CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT, 0 }, 1, simpleStatus28 }, 0 }, + /* chain29 is handled separately elsewhere */ { { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, @@ -3772,6 +3816,16 @@ static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = { { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0 };
+static const ChainPolicyCheck winehqPolicyCheckWithMatchingName = { + { sizeof(chain29) / sizeof(chain29[0]), chain29 }, + { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR +}; + +static const ChainPolicyCheck winehqPolicyCheckWithoutMatchingName = { + { sizeof(chain29) / sizeof(chain29[0]), chain29 }, + { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0 +}; + static const ChainPolicyCheck stanfordPolicyCheckWithMatchingName = { { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain }, { 0, 0, -1, -1, NULL}, NULL, 0 @@ -4000,6 +4054,13 @@ static void check_ssl_policy(void) 's','t','a','n','f','o','r','d','.','e','d','u',0 }; WCHAR a_dot_cs_dot_stanford_dot_edu[] = { 'a','.','c','s','.', 's','t','a','n','f','o','r','d','.','e','d','u',0 }; + WCHAR test_dot_winehq_dot_org[] = { 't','e','s','t','.', + 'w','i','n','e','h','q','.','o','r','g',0 }; + WCHAR a_dot_b_dot_winehq_dot_org[] = { 'a','.','b','.', + 'w','i','n','e','h','q','.','o','r','g',0 }; + HCERTSTORE testRoot; + CERT_CHAIN_ENGINE_CONFIG engineConfig = { sizeof(engineConfig), 0 }; + HCERTCHAINENGINE engine;
/* Check ssl policy with no parameter */ for (i = 0; @@ -4111,6 +4172,34 @@ static void check_ssl_policy(void) sslPolicyPara.pwszServerName = a_dot_cs_dot_stanford_dot_edu; checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, &stanfordPolicyCheckWithoutMatchingName, 0, &oct2009, &policyPara); + /* Check chain29, which has a wildcard in its subject alternative name, + * but not in its distinguished name. + * Step 1: create a chain engine that trusts chain29's root. + */ + testRoot = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + CertAddEncodedCertificateToStore(testRoot, X509_ASN_ENCODING, chain0_0, + sizeof(chain0_0), CERT_STORE_ADD_ALWAYS, NULL); + engineConfig.hExclusiveRoot = testRoot; + if (!CertCreateCertificateChainEngine(&engineConfig, &engine)) + { + skip("Couldn't create chain engine\n"); + return; + } + /* With "winehq.org": no match */ + sslPolicyPara.pwszServerName = winehq; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine, + &winehqPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara); + /* With "test.winehq.org": match */ + sslPolicyPara.pwszServerName = test_dot_winehq_dot_org; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine, + &winehqPolicyCheckWithMatchingName, 0, &oct2007, &policyPara); + /* With "a.b.winehq.org": no match */ + sslPolicyPara.pwszServerName = a_dot_b_dot_winehq_dot_org; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine, + &winehqPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara); + CertFreeCertificateChainEngine(engine); + CertCloseStore(testRoot, 0); }
static void testVerifyCertChainPolicy(void)