[PATCH 1/2] crypt32: Support up to date subject and issuer alt names OIDs.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/crypt32/str.c | 215 +++++++++++++++++---------------------- dlls/crypt32/tests/str.c | 160 +++++++++++++++++++++++++---- 2 files changed, 230 insertions(+), 145 deletions(-)

diff --git a/dlls/crypt32/str.c b/dlls/crypt32/str.c index 2c667542dc8..0906ad883db 100644 --- a/dlls/crypt32/str.c +++ b/dlls/crypt32/str.c @@ -914,31 +914,32 @@ DWORD WINAPI CertGetNameStringA(PCCERT_CONTEXT cert, DWORD type, * The return value is a pointer within *info, so don't free *info before * you're done with the return value. */ -static PCERT_ALT_NAME_ENTRY cert_find_alt_name_entry(PCCERT_CONTEXT cert, - LPCSTR altNameOID, DWORD entryType, PCERT_ALT_NAME_INFO *info) +static PCERT_ALT_NAME_ENTRY cert_find_alt_name_entry(PCCERT_CONTEXT cert, BOOL alt_name_issuer, + DWORD entryType, PCERT_ALT_NAME_INFO *info) { - PCERT_ALT_NAME_ENTRY entry = NULL; - PCERT_EXTENSION ext = CertFindExtension(altNameOID, - cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); - - if (ext) + static const char *oids[][2] = { - DWORD bytes = 0; - - if (CryptDecodeObjectEx(cert->dwCertEncodingType, X509_ALTERNATE_NAME, - ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, - info, &bytes)) - { - DWORD i; - - for (i = 0; !entry && i < (*info)->cAltEntry; i++) - if ((*info)->rgAltEntry[i].dwAltNameChoice == entryType) - entry = &(*info)->rgAltEntry[i]; - } - } - else - *info = NULL; - return entry; + { szOID_SUBJECT_ALT_NAME2, szOID_SUBJECT_ALT_NAME }, + { szOID_ISSUER_ALT_NAME2, szOID_ISSUER_ALT_NAME }, + }; + PCERT_EXTENSION ext; + DWORD bytes = 0; + unsigned int i; + + ext = CertFindExtension(oids[!!alt_name_issuer][0], cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + if (!ext) + ext = CertFindExtension(oids[!!alt_name_issuer][1], cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + if (!ext) return NULL; + + if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_ALTERNATE_NAME, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, info, &bytes)) + return NULL; + + for (i = 0; i < (*info)->cAltEntry; ++i) + if ((*info)->rgAltEntry[i].dwAltNameChoice == entryType) + return &(*info)->rgAltEntry[i]; + + return NULL; }

static DWORD cert_get_name_from_rdn_attr(DWORD encodingType, @@ -974,172 +975,138 @@ static DWORD copy_output_str(WCHAR *dst, const WCHAR *src, DWORD dst_size) return len + 1; }

-DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType, - DWORD dwFlags, void *pvTypePara, LPWSTR pszNameString, DWORD cchNameString) +DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT cert, DWORD type, DWORD flags, void *type_para, + LPWSTR name_string, DWORD name_len) { - DWORD ret = 0; + CERT_ALT_NAME_INFO *info = NULL; + PCERT_ALT_NAME_ENTRY entry; + BOOL alt_name_issuer; PCERT_NAME_BLOB name; - LPCSTR altNameOID; + DWORD ret = 0;

- TRACE("(%p, %ld, %08lx, %p, %p, %ld)\n", pCertContext, dwType, - dwFlags, pvTypePara, pszNameString, cchNameString); + TRACE("(%p, %ld, %08lx, %p, %p, %ld)\n", cert, type, flags, type_para, name_string, name_len);

- if (!pCertContext) + if (!cert) goto done;

- if (dwFlags & CERT_NAME_ISSUER_FLAG) - { - name = &pCertContext->pCertInfo->Issuer; - altNameOID = szOID_ISSUER_ALT_NAME; - } - else - { - name = &pCertContext->pCertInfo->Subject; - altNameOID = szOID_SUBJECT_ALT_NAME; - } + alt_name_issuer = flags & CERT_NAME_ISSUER_FLAG; + name = alt_name_issuer ? &cert->pCertInfo->Issuer : &cert->pCertInfo->Subject;

- switch (dwType) + switch (type) { case CERT_NAME_EMAIL_TYPE: { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_RFC822_NAME, &info); - - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszRfc822Name, cchNameString); - if (info) - LocalFree(info); - if (!ret) + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_RFC822_NAME, &info); + + if (entry) { - ret = cert_get_name_from_rdn_attr(pCertContext->dwCertEncodingType, - name, szOID_RSA_emailAddr, pszNameString, cchNameString); - } + ret = copy_output_str(name_string, entry->u.pwszRfc822Name, name_len); + break; + } + ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, szOID_RSA_emailAddr, + name_string, name_len); break; } case CERT_NAME_RDN_TYPE: { - DWORD type = pvTypePara ? *(DWORD *)pvTypePara : 0; + DWORD param = type_para ? *(DWORD *)type_para : 0;

if (name->cbData) - ret = CertNameToStrW(pCertContext->dwCertEncodingType, name, - type, pszNameString, cchNameString); + { + ret = CertNameToStrW(cert->dwCertEncodingType, name, param, name_string, name_len); + } else { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_DIRECTORY_NAME, &info); + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_DIRECTORY_NAME, &info);

if (entry) - ret = CertNameToStrW(pCertContext->dwCertEncodingType, - &entry->u.DirectoryName, type, pszNameString, cchNameString); - if (info) - LocalFree(info); + ret = CertNameToStrW(cert->dwCertEncodingType, &entry->u.DirectoryName, + param, name_string, name_len); } break; } case CERT_NAME_ATTR_TYPE: - ret = cert_get_name_from_rdn_attr(pCertContext->dwCertEncodingType, - name, pvTypePara, pszNameString, cchNameString); - if (!ret) - { - CERT_ALT_NAME_INFO *altInfo; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_DIRECTORY_NAME, &altInfo); + ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, type_para, + name_string, name_len); + if (ret) break;

- if (entry) - ret = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, - &entry->u.DirectoryName, 0, pszNameString, cchNameString); - if (altInfo) - LocalFree(altInfo); - } + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_DIRECTORY_NAME, &info); + + if (entry) + ret = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, &entry->u.DirectoryName, + 0, name_string, name_len); break; case CERT_NAME_SIMPLE_DISPLAY_TYPE: { - static const LPCSTR simpleAttributeOIDs[] = { szOID_COMMON_NAME, - szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, - szOID_RSA_emailAddr }; + static const LPCSTR simpleAttributeOIDs[] = + { + szOID_COMMON_NAME, szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, szOID_RSA_emailAddr + }; CERT_NAME_INFO *nameInfo = NULL; DWORD bytes = 0, i;

- if (CryptDecodeObjectEx(pCertContext->dwCertEncodingType, X509_NAME, - name->pbData, name->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo, - &bytes)) + if (CryptDecodeObjectEx(cert->dwCertEncodingType, X509_NAME, name->pbData, name->cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo, &bytes)) { PCERT_RDN_ATTR nameAttr = NULL;

for (i = 0; !nameAttr && i < ARRAY_SIZE(simpleAttributeOIDs); i++) nameAttr = CertFindRDNAttr(simpleAttributeOIDs[i], nameInfo); if (nameAttr) - ret = rdn_value_to_strW(nameAttr->dwValueType, - &nameAttr->Value, pszNameString, cchNameString, TRUE); + ret = rdn_value_to_strW(nameAttr->dwValueType, &nameAttr->Value, name_string, name_len, TRUE); LocalFree(nameInfo); } - if (!ret) - { - CERT_ALT_NAME_INFO *altInfo; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_RFC822_NAME, &altInfo); - - if (altInfo) - { - if (!entry && altInfo->cAltEntry) - entry = &altInfo->rgAltEntry[0]; - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszRfc822Name, cchNameString); - LocalFree(altInfo); - } - } + if (ret) break; + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_RFC822_NAME, &info); + if (!info) break; + if (!entry && info->cAltEntry) + entry = &info->rgAltEntry[0]; + if (entry) ret = copy_output_str(name_string, entry->u.pwszRfc822Name, name_len); break; } case CERT_NAME_FRIENDLY_DISPLAY_TYPE: { - DWORD cch = cchNameString; + DWORD len = name_len;

- if (CertGetCertificateContextProperty(pCertContext, - CERT_FRIENDLY_NAME_PROP_ID, pszNameString, &cch)) - ret = cch; + if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, name_string, &len)) + ret = len; else - ret = CertGetNameStringW(pCertContext, - CERT_NAME_SIMPLE_DISPLAY_TYPE, dwFlags, pvTypePara, pszNameString, - cchNameString); + ret = CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, flags, + type_para, name_string, name_len); break; } case CERT_NAME_DNS_TYPE: { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_DNS_NAME, &info); - - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszDNSName, cchNameString); + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_DNS_NAME, &info);

- if (info) - LocalFree(info); - if (!ret) - ret = cert_get_name_from_rdn_attr(pCertContext->dwCertEncodingType, - name, szOID_COMMON_NAME, pszNameString, cchNameString); + if (entry) + { + ret = copy_output_str(name_string, entry->u.pwszDNSName, name_len); + break; + } + ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, szOID_COMMON_NAME, + name_string, name_len); break; } case CERT_NAME_URL_TYPE: { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_URL, &info); - - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszURL, cchNameString); - - if (info) - LocalFree(info); + if ((entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_URL, &info))) + ret = copy_output_str(name_string, entry->u.pwszURL, name_len); break; } default: - FIXME("unimplemented for type %ld\n", dwType); + FIXME("unimplemented for type %lu.\n", type); ret = 0; break; } done: + if (info) + LocalFree(info); + if (!ret) { ret = 1; - if (pszNameString && cchNameString) pszNameString[0] = 0; + if (name_string && name_len) name_string[0] = 0; } return ret; } diff --git a/dlls/crypt32/tests/str.c b/dlls/crypt32/tests/str.c index d2106b728a9..9fa9efff6b9 100644 --- a/dlls/crypt32/tests/str.c +++ b/dlls/crypt32/tests/str.c @@ -113,6 +113,103 @@ static const BYTE cert[] = 0x65,0xd3,0xce,0xae,0x26,0x19,0x3,0x2e,0x4f,0x78,0xa5,0xa,0x97,0x7e,0x4f,0xc4, 0x91,0x8a,0xf8,0x5,0xef,0x5b,0x3b,0x49,0xbf,0x5f,0x2b};

+/* +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5d:79:35:fd:d3:8f:6b:e2:28:3e:94:f4:14:bf:d4:b5:c2:3a:ac:38 + Signature Algorithm: md5WithRSAEncryption + Issuer: C = US, ST = Minnesota, L = Minneapolis, O = CodeWeavers, CN = server_cn.org, emailAddress = test@codeweavers.com + Validity + Not Before: Apr 14 18:56:22 2022 GMT + Not After : Apr 11 18:56:22 2032 GMT + Subject: C = US, ST = Minnesota, L = Minneapolis, O = CodeWeavers, CN = server_cn.org, emailAddress = test@codeweavers.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: +... + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:ex1.org, DNS:*.ex2.org + X509v3 Issuer Alternative Name: + DNS:ex3.org, DNS:*.ex4.org + Signature Algorithm: md5WithRSAEncryption +... +*/ +static BYTE cert_v3[] = { + 0x30, 0x82, 0x02, 0xdf, 0x30, 0x82, 0x02, 0x48, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x5d, 0x79, 0x35, 0xfd, 0xd3, 0x8f, 0x6b, 0xe2, 0x28, + 0x3e, 0x94, 0xf4, 0x14, 0xbf, 0xd4, 0xb5, 0xc2, 0x3a, 0xac, 0x38, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, + 0x05, 0x00, 0x30, 0x81, 0x8a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x09, 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x73, 0x6f, + 0x74, 0x61, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x0b, 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, 0x70, 0x6f, 0x6c, 0x69, 0x73, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0b, 0x43, + 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x31, 0x16, + 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0d, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x5f, 0x63, 0x6e, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x23, + 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + 0x01, 0x16, 0x14, 0x74, 0x65, 0x73, 0x74, 0x40, 0x63, 0x6f, 0x64, 0x65, + 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x34, 0x31, 0x38, 0x35, + 0x36, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x34, 0x31, 0x31, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x32, 0x5a, 0x30, 0x81, 0x8a, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x4d, 0x69, + 0x6e, 0x6e, 0x65, 0x73, 0x6f, 0x74, 0x61, 0x31, 0x14, 0x30, 0x12, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0b, 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, + 0x70, 0x6f, 0x6c, 0x69, 0x73, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x43, 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61, 0x76, + 0x65, 0x72, 0x73, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x6e, 0x2e, + 0x6f, 0x72, 0x67, 0x31, 0x23, 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x14, 0x74, 0x65, 0x73, 0x74, + 0x40, 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, + 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, + 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcd, 0x7c, 0x05, + 0xba, 0xad, 0xd0, 0xb0, 0x43, 0xcc, 0x47, 0x7d, 0x87, 0xaa, 0xb5, 0x89, + 0x9f, 0x43, 0x94, 0xa0, 0x84, 0xc0, 0xc0, 0x5e, 0x05, 0x6d, 0x2f, 0x05, + 0x21, 0x6b, 0x20, 0x39, 0x88, 0x06, 0x4e, 0xce, 0x76, 0xa7, 0x24, 0x77, + 0x13, 0x71, 0x9b, 0x2a, 0x53, 0x04, 0x4f, 0x0f, 0xfc, 0x3f, 0x4f, 0xb1, + 0x4e, 0xdc, 0xed, 0x96, 0xd4, 0x55, 0xbd, 0xcf, 0x25, 0xa6, 0x7c, 0xe3, + 0x35, 0xbf, 0xeb, 0x30, 0xec, 0xef, 0x7f, 0x8e, 0xa1, 0xc6, 0xd3, 0xb2, + 0x03, 0x62, 0x0a, 0x92, 0x87, 0x17, 0x52, 0x2d, 0x45, 0x2a, 0xdc, 0xdb, + 0x87, 0xa5, 0x32, 0x4a, 0x78, 0x28, 0x4a, 0x51, 0xff, 0xdb, 0xd5, 0x20, + 0x47, 0x7e, 0xc5, 0xbe, 0x1d, 0x01, 0x55, 0x13, 0x9f, 0xfb, 0x8e, 0x39, + 0xd9, 0x1b, 0xe0, 0x34, 0x93, 0x43, 0x9c, 0x02, 0xa3, 0x0f, 0xb5, 0xdc, + 0x9d, 0x86, 0x45, 0xc5, 0x4d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x40, + 0x30, 0x3e, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x11, /* Subject Alternative Name OID */ + 0x04, 0x16, 0x30, 0x14, 0x82, 0x07, 0x65, 0x78, 0x31, 0x2e, 0x6f, 0x72, + 0x67, 0x82, 0x09, 0x2a, 0x2e, 0x65, 0x78, 0x32, 0x2e, 0x6f, 0x72, 0x67, + 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x12, /* Issuer Alternative Name OID */ + 0x04, 0x16, 0x30, 0x14, 0x82, 0x07, 0x65, 0x78, 0x33, 0x2e, 0x6f, 0x72, + 0x67, 0x82, 0x09, 0x2a, 0x2e, 0x65, 0x78, 0x34, 0x2e, 0x6f, 0x72, 0x67, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x04, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xcc, 0xa3, 0x75, 0x67, 0x61, + 0x63, 0x1d, 0x99, 0x16, 0xc6, 0x93, 0x35, 0xa4, 0x31, 0xb6, 0x05, 0x05, + 0x77, 0x12, 0x15, 0x16, 0x78, 0xb3, 0xba, 0x6e, 0xde, 0xfc, 0x73, 0x7c, + 0x5c, 0xdd, 0xdf, 0x92, 0xde, 0xa0, 0x86, 0xff, 0x77, 0x60, 0x99, 0x8f, + 0x4a, 0x40, 0xa8, 0x6a, 0xdb, 0x6f, 0x30, 0xe5, 0xce, 0x82, 0x2f, 0xf7, + 0x09, 0x17, 0xb2, 0xd3, 0x3a, 0x29, 0x9a, 0xd0, 0x73, 0x9c, 0x44, 0xa2, + 0x19, 0xf3, 0x1d, 0x16, 0x1a, 0x45, 0x2c, 0x4b, 0x94, 0xf1, 0xb8, 0xb6, + 0xc9, 0x82, 0x6c, 0x1f, 0xae, 0xbc, 0xd1, 0xbe, 0x78, 0xc9, 0x23, 0xf5, + 0x51, 0x6c, 0x90, 0xbf, 0xa3, 0x5c, 0xa1, 0x3a, 0xd8, 0xe3, 0xcf, 0x82, + 0x31, 0x78, 0x2b, 0xda, 0x99, 0xff, 0x23, 0x5b, 0xea, 0x59, 0xe0, 0x6d, + 0xd1, 0x30, 0xfd, 0x96, 0x6a, 0x4d, 0x36, 0x72, 0x96, 0xd7, 0x4f, 0x01, + 0xa9, 0x4d, 0x8f +}; + +#define CERT_V3_SAN_OID_OFFSET 534 +#define CERT_V3_IAN_OID_OFFSET 565 + static char issuerStr[] = "US, Minnesota, Minneapolis, CodeWeavers, Wine Development, localhost, aric@codeweavers.com"; static char issuerStrSemicolon[] = @@ -746,9 +843,9 @@ static void test_CertStrToNameW(void) } }

-#define test_CertGetNameString_value(a, b, c, d) test_CertGetNameString_value_(__LINE__, a, b, c, d) -static void test_CertGetNameString_value_(unsigned int line, PCCERT_CONTEXT context, DWORD type, void *type_para, - const char *expected) +#define test_CertGetNameString_value(a, b, c, d, e) test_CertGetNameString_value_(__LINE__, a, b, c, d, e) +static void test_CertGetNameString_value_(unsigned int line, PCCERT_CONTEXT context, DWORD type, DWORD flags, + void *type_para, const char *expected) { WCHAR expectedW[512]; DWORD len, retlen; @@ -760,31 +857,32 @@ static void test_CertGetNameString_value_(unsigned int line, PCCERT_CONTEXT cont expectedW[i] = expected[i]; expectedW[i] = 0;

- len = CertGetNameStringA(context, type, 0, type_para, NULL, 0); + len = CertGetNameStringA(context, type, flags, type_para, NULL, 0); ok(len == strlen(expected) + 1, "line %u: unexpected length %ld.\n", line, len); - retlen = CertGetNameStringA(context, type, 0, type_para, str, len); + retlen = CertGetNameStringA(context, type, flags, type_para, str, len); ok(retlen == len, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, len); ok(!strcmp(str, expected), "line %u: unexpected value %s.\n", line, str); str[0] = str[1] = 0xcc; - retlen = CertGetNameStringA(context, type, 0, type_para, str, len - 1); + retlen = CertGetNameStringA(context, type, flags, type_para, str, len - 1); ok(retlen == 1, "line %u: Unexpected len %lu, expected 1.\n", line, retlen); + if (len == 1) return; ok(!str[0], "line %u: unexpected str[0] %#x.\n", line, str[0]); ok(str[1] == expected[1], "line %u: unexpected str[1] %#x.\n", line, str[1]);

- retlen = CertGetNameStringA(context, type, 0, type_para, str, 0); + retlen = CertGetNameStringA(context, type, flags, type_para, str, 0); ok(retlen == len, "line %u: Unexpected len %lu, expected 1.\n", line, retlen);

- retlen = CertGetNameStringW(context, type, 0, type_para, strW, len); + retlen = CertGetNameStringW(context, type, flags, type_para, strW, len); ok(retlen == len, "line %u: unexpected len %lu, expected 1.\n", line, retlen); ok(!wcscmp(strW, expectedW), "line %u: unexpected value %s.\n", line, debugstr_w(strW)); strW[0] = strW[1] = 0xcccc; - retlen = CertGetNameStringW(context, type, 0, type_para, strW, len - 1); + retlen = CertGetNameStringW(context, type, flags, type_para, strW, len - 1); ok(retlen == len - 1, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, len - 1); ok(!wcsncmp(strW, expectedW, retlen - 1), "line %u: string data mismatch.\n", line); ok(!strW[retlen - 1], "line %u: string is not zero terminated.\n", line); - retlen = CertGetNameStringA(context, type, 0, type_para, NULL, len - 1); + retlen = CertGetNameStringA(context, type, flags, type_para, NULL, len - 1); ok(retlen == len, "line %u: unexpected len %lu, expected %lu\n", line, retlen, len); - retlen = CertGetNameStringW(context, type, 0, type_para, NULL, len - 1); + retlen = CertGetNameStringW(context, type, flags, type_para, NULL, len - 1); ok(retlen == len, "line %u: unexpected len %lu, expected %lu\n", line, retlen, len); }

@@ -814,19 +912,39 @@ static void test_CertGetNameString(void) len = CertGetNameStringW(context, CERT_NAME_URL_TYPE, 0, NULL, NULL, 0); ok(len == 1, "expected 1, got %lu\n", len);

- test_CertGetNameString_value(context, CERT_NAME_EMAIL_TYPE, NULL, aric); - test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, NULL, issuerStr); + test_CertGetNameString_value(context, CERT_NAME_EMAIL_TYPE, 0, NULL, aric); + test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, 0, NULL, issuerStr); type = 0; - test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, &type, issuerStr); + test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, 0, &type, issuerStr); type = CERT_OID_NAME_STR; - test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, &type, subjectStr); - test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, NULL, aric); - test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, (void *)szOID_RSA_emailAddr, aric); - test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, (void *)szOID_COMMON_NAME, localhost); - test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, NULL, localhost); - test_CertGetNameString_value(context, CERT_NAME_FRIENDLY_DISPLAY_TYPE, NULL, localhost); - test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, NULL, localhost); + test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, 0, &type, subjectStr); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, NULL, aric); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, (void *)szOID_RSA_emailAddr, aric); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, (void *)szOID_COMMON_NAME, localhost); + test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, localhost); + test_CertGetNameString_value(context, CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, NULL, localhost); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, 0, NULL, localhost); + + CertFreeCertificateContext(context);

+ ok(cert_v3[CERT_V3_SAN_OID_OFFSET] == 0x55, "Incorrect CERT_V3_SAN_OID_OFFSET.\n"); + ok(cert_v3[CERT_V3_IAN_OID_OFFSET] == 0x55, "Incorrect CERT_V3_IAN_OID_OFFSET.\n"); + cert_v3[CERT_V3_SAN_OID_OFFSET + 2] = 7; /* legacy OID_SUBJECT_ALT_NAME */ + cert_v3[CERT_V3_IAN_OID_OFFSET + 2] = 8; /* legacy OID_ISSUER_ALT_NAME */ + context = CertCreateCertificateContext(X509_ASN_ENCODING, cert_v3, sizeof(cert_v3)); + ok(!!context, "CertCreateCertificateContext failed, err %lu\n", GetLastError()); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, 0, NULL, "ex1.org"); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_ISSUER_FLAG, NULL, "ex3.org"); + CertFreeCertificateContext(context); + + cert_v3[CERT_V3_SAN_OID_OFFSET + 2] = 17; /* OID_SUBJECT_ALT_NAME2 */ + cert_v3[CERT_V3_IAN_OID_OFFSET + 2] = 18; /* OID_ISSUER_ALT_NAME2 */ + context = CertCreateCertificateContext(X509_ASN_ENCODING, cert_v3, sizeof(cert_v3)); + ok(!!context, "CertCreateCertificateContext failed, err %lu\n", GetLastError()); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, 0, NULL, "ex1.org"); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_ISSUER_FLAG, NULL, "ex3.org"); + test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, "server_cn.org"); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, (void *)szOID_SUR_NAME, ""); CertFreeCertificateContext(context); }