Juan Lang : crypt32: Add tests for encoding/ decoding cert policy constraints.
Alexandre Julliard
julliard at winehq.org
Mon Nov 9 15:14:17 CST 2009
Module: wine
Branch: master
Commit: ae32f7bffcd3ec1a6084fe8532e0879b00546509
URL: http://source.winehq.org/git/wine.git/?a=commit;h=ae32f7bffcd3ec1a6084fe8532e0879b00546509
Author: Juan Lang <juan.lang at gmail.com>
Date: Fri Nov 6 12:28:43 2009 -0800
crypt32: Add tests for encoding/decoding cert policy constraints.
---
dlls/crypt32/tests/encode.c | 149 +++++++++++++++++++++++++++++++++++++++++++
1 files changed, 149 insertions(+), 0 deletions(-)
diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
index dd898c6..3a1d05b 100644
--- a/dlls/crypt32/tests/encode.c
+++ b/dlls/crypt32/tests/encode.c
@@ -7557,6 +7557,153 @@ static void test_decodeCertPolicyMappings(DWORD dwEncoding)
}
}
+static const BYTE policyConstraintsWithRequireExplicit[] = {
+0x30,0x03,0x80,0x01,0x00 };
+static const BYTE policyConstraintsWithInhibitMapping[] = {
+0x30,0x03,0x81,0x01,0x01 };
+static const BYTE policyConstraintsWithBoth[] = {
+0x30,0x06,0x80,0x01,0x01,0x81,0x01,0x01 };
+
+static void test_encodeCertPolicyConstraints(DWORD dwEncoding)
+{
+ CERT_POLICY_CONSTRAINTS_INFO info = { 0 };
+ LPBYTE buf;
+ DWORD size;
+ BOOL ret;
+
+ /* Even though RFC 5280 explicitly states CAs must not issue empty
+ * policy constraints (section 4.2.1.11), the API doesn't prevent it.
+ */
+ ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
+ CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
+ todo_wine {
+ ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
+ ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
+ "unexpected value\n");
+ LocalFree(buf);
+ }
+ /* If fRequireExplicitPolicy is set but dwRequireExplicitPolicySkipCerts
+ * is not, then a skip of 0 is encoded.
+ */
+ info.fRequireExplicitPolicy = TRUE;
+ ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
+ CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
+ ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(size == sizeof(policyConstraintsWithRequireExplicit),
+ "unexpected size %d\n", size);
+ ok(!memcmp(buf, policyConstraintsWithRequireExplicit,
+ sizeof(policyConstraintsWithRequireExplicit)), "unexpected value\n");
+ LocalFree(buf);
+ }
+ /* With inhibit policy mapping */
+ info.fRequireExplicitPolicy = FALSE;
+ info.dwRequireExplicitPolicySkipCerts = 0;
+ info.fInhibitPolicyMapping = TRUE;
+ info.dwInhibitPolicyMappingSkipCerts = 1;
+ ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
+ CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
+ ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(size == sizeof(policyConstraintsWithInhibitMapping),
+ "unexpected size %d\n", size);
+ ok(!memcmp(buf, policyConstraintsWithInhibitMapping,
+ sizeof(policyConstraintsWithInhibitMapping)), "unexpected value\n");
+ LocalFree(buf);
+ }
+ /* And with both */
+ info.fRequireExplicitPolicy = TRUE;
+ info.dwRequireExplicitPolicySkipCerts = 1;
+ ret = pCryptEncodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS, &info,
+ CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
+ ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(size == sizeof(policyConstraintsWithBoth), "unexpected size %d\n",
+ size);
+ ok(!memcmp(buf, policyConstraintsWithBoth,
+ sizeof(policyConstraintsWithBoth)), "unexpected value\n");
+ LocalFree(buf);
+ }
+ }
+}
+
+static void test_decodeCertPolicyConstraints(DWORD dwEncoding)
+{
+ CERT_POLICY_CONSTRAINTS_INFO *info;
+ DWORD size;
+ BOOL ret;
+
+ /* Again, even though CAs must not issue such constraints, they can be
+ * decoded.
+ */
+ ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
+ emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
+ &info, &size);
+ todo_wine {
+ ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(!info->fRequireExplicitPolicy,
+ "expected require explicit = FALSE\n");
+ ok(!info->fInhibitPolicyMapping,
+ "expected implicit mapping = FALSE\n");
+ LocalFree(info);
+ }
+ ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
+ policyConstraintsWithRequireExplicit,
+ sizeof(policyConstraintsWithRequireExplicit), CRYPT_DECODE_ALLOC_FLAG,
+ NULL, &info, &size);
+ ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(info->fRequireExplicitPolicy,
+ "expected require explicit = TRUE\n");
+ ok(info->dwRequireExplicitPolicySkipCerts == 0, "expected 0, got %d\n",
+ info->dwRequireExplicitPolicySkipCerts);
+ ok(!info->fInhibitPolicyMapping,
+ "expected implicit mapping = FALSE\n");
+ LocalFree(info);
+ }
+ ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
+ policyConstraintsWithInhibitMapping,
+ sizeof(policyConstraintsWithInhibitMapping), CRYPT_DECODE_ALLOC_FLAG,
+ NULL, &info, &size);
+ ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(!info->fRequireExplicitPolicy,
+ "expected require explicit = FALSE\n");
+ ok(info->fInhibitPolicyMapping,
+ "expected implicit mapping = TRUE\n");
+ ok(info->dwInhibitPolicyMappingSkipCerts == 1, "expected 1, got %d\n",
+ info->dwInhibitPolicyMappingSkipCerts);
+ LocalFree(info);
+ }
+ ret = pCryptDecodeObjectEx(dwEncoding, X509_POLICY_CONSTRAINTS,
+ policyConstraintsWithBoth, sizeof(policyConstraintsWithBoth),
+ CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
+ ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
+ if (ret)
+ {
+ ok(info->fRequireExplicitPolicy,
+ "expected require explicit = TRUE\n");
+ ok(info->dwRequireExplicitPolicySkipCerts == 1, "expected 1, got %d\n",
+ info->dwRequireExplicitPolicySkipCerts);
+ ok(info->fInhibitPolicyMapping,
+ "expected implicit mapping = TRUE\n");
+ ok(info->dwInhibitPolicyMappingSkipCerts == 1, "expected 1, got %d\n",
+ info->dwInhibitPolicyMappingSkipCerts);
+ LocalFree(info);
+ }
+ }
+}
+
/* Free *pInfo with HeapFree */
static void testExportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO *pInfo)
{
@@ -7829,6 +7976,8 @@ START_TEST(encode)
test_decodeCertPolicies(encodings[i]);
test_encodeCertPolicyMappings(encodings[i]);
test_decodeCertPolicyMappings(encodings[i]);
+ test_encodeCertPolicyConstraints(encodings[i]);
+ test_decodeCertPolicyConstraints(encodings[i]);
}
testPortPublicKeyInfo();
}
More information about the wine-cvs
mailing list