Juan Lang : crypt32/tests: Test wildcards in subject alternative name.

Alexandre Julliard julliard at winehq.org
Thu May 20 11:03:00 CDT 2010 

Module: wine
Branch: master
Commit: 1d79e5de9a1804e3bb23652fa48c6c569ba40136
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=1d79e5de9a1804e3bb23652fa48c6c569ba40136

Author: Juan Lang <juan.lang at gmail.com>
Date:   Wed May 19 18:12:21 2010 -0700

crypt32/tests: Test wildcards in subject alternative name.

---

 dlls/crypt32/tests/chain.c |   89 ++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 89 insertions(+), 0 deletions(-)

diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 900a30d..0484aa1 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -2472,6 +2472,37 @@ static const BYTE chain28_1[] = {
 0x44,0x76,0x66,0x26,0xa7,0x05,0x3c,0x68,0x66,0x1c,0x07,0x4d,0xcf,0x54,0xaa,
 0x5d,0xba,0x7a,0x8f,0x06,0xa7,0x1e,0x86,0xf1,0x5a,0x4b,0x50,0x16,0xad,0x9f,
 0x89 };
+/* A chain whose end certificate is issued to *.winehq.org. */
+static const BYTE chain29_1[] = {
+0x30,0x82,0x01,0xab,0x30,0x82,0x01,0x16,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,
+0x01,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30,
+0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,
+0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,0x30,
+0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,0x30,
+0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,
+0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9d,0x30,0x0b,0x06,0x09,0x2a,
+0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
+0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,0x0e,0x67,0x5f,
+0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,0xb6,0x17,0x8e,
+0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,0x9f,0x6e,0xfe,
+0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,0xd1,0x57,0x71,
+0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,0x72,0xa7,0x87,
+0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,0x80,0x83,0x68,
+0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,0xb5,0x46,0x36,
+0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,0x51,0x9a,0x22,
+0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,0x02,0x03,0x01,
+0x00,0x01,0xa3,0x1b,0x30,0x19,0x30,0x17,0x06,0x03,0x55,0x1d,0x07,0x04,0x10,
+0x30,0x0e,0x82,0x0c,0x2a,0x2e,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,
+0x67,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x03,
+0x81,0x81,0x00,0x65,0xbf,0xfa,0xf7,0xc3,0x09,0x70,0x25,0x8a,0x46,0x69,0xf6,
+0xdc,0x07,0x1e,0x30,0xc9,0xe4,0x58,0x89,0x65,0x3a,0xa8,0xda,0xbd,0x17,0xf8,
+0x1d,0x0d,0x7d,0x47,0xb1,0xb2,0xda,0x17,0x9f,0xf6,0x47,0xe0,0xe4,0x4a,0xeb,
+0x02,0xc9,0x2e,0x69,0x1c,0x57,0x2a,0x80,0xc9,0x01,0x77,0x7b,0x27,0xff,0x2f,
+0xaf,0xdf,0xf3,0x65,0x12,0xd8,0x7d,0xc2,0xbf,0x1b,0x1d,0x18,0x96,0x5c,0xf6,
+0xba,0x43,0xc5,0x43,0x57,0xc0,0xdd,0x97,0x95,0xfb,0x1c,0xad,0x64,0x0f,0x61,
+0x3a,0xe9,0x27,0xa4,0x57,0x27,0x34,0xa7,0x42,0xde,0x78,0x1a,0x71,0x80,0x23,
+0xd6,0xd7,0x22,0xf0,0x24,0x0d,0x71,0xf1,0x2b,0xd0,0xd8,0x76,0x3d,0xef,0x4c,
+0xce,0x1c,0x3b,0x83,0x1b,0x63,0x10,0x6c,0x63,0xe5,0x69 };
 
 typedef struct _CONST_DATA_BLOB
 {
@@ -3069,6 +3100,18 @@ static const CERT_TRUST_STATUS elementStatus28[] = {
 static const SimpleChainStatusCheck simpleStatus28[] = {
  { sizeof(elementStatus28) / sizeof(elementStatus28[0]), elementStatus28 },
 };
+static CONST_DATA_BLOB chain29[] = {
+ { sizeof(chain0_0), chain0_0 },
+ { sizeof(chain29_1), chain29_1 },
+};
+static const CERT_TRUST_STATUS elementStatus29[] = {
+ { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
+ { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT,
+   CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER },
+};
+static const SimpleChainStatusCheck simpleStatus29[] = {
+ { sizeof(elementStatus29) / sizeof(elementStatus29[0]), elementStatus29 },
+};
 static CONST_DATA_BLOB selfSignedChain[] = {
  { sizeof(selfSignedCert), selfSignedCert }
 };
@@ -3354,6 +3397,7 @@ static ChainCheck chainCheck[] = {
        CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT, 0 },
      1, simpleStatus28 },
    0 },
+ /* chain29 is handled separately elsewhere */
  { { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain },
    { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
      { CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
@@ -3772,6 +3816,16 @@ static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = {
  { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0
 };
 
+static const ChainPolicyCheck winehqPolicyCheckWithMatchingName = {
+ { sizeof(chain29) / sizeof(chain29[0]), chain29 },
+ { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
+};
+
+static const ChainPolicyCheck winehqPolicyCheckWithoutMatchingName = {
+ { sizeof(chain29) / sizeof(chain29[0]), chain29 },
+ { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0
+};
+
 static const ChainPolicyCheck stanfordPolicyCheckWithMatchingName = {
  { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain },
  { 0, 0, -1, -1, NULL}, NULL, 0
@@ -4000,6 +4054,13 @@ static void check_ssl_policy(void)
      's','t','a','n','f','o','r','d','.','e','d','u',0 };
     WCHAR a_dot_cs_dot_stanford_dot_edu[] = { 'a','.','c','s','.',
      's','t','a','n','f','o','r','d','.','e','d','u',0 };
+    WCHAR test_dot_winehq_dot_org[] = { 't','e','s','t','.',
+     'w','i','n','e','h','q','.','o','r','g',0 };
+    WCHAR a_dot_b_dot_winehq_dot_org[] = { 'a','.','b','.',
+     'w','i','n','e','h','q','.','o','r','g',0 };
+    HCERTSTORE testRoot;
+    CERT_CHAIN_ENGINE_CONFIG engineConfig = { sizeof(engineConfig), 0 };
+    HCERTCHAINENGINE engine;
 
     /* Check ssl policy with no parameter */
     for (i = 0;
@@ -4111,6 +4172,34 @@ static void check_ssl_policy(void)
     sslPolicyPara.pwszServerName = a_dot_cs_dot_stanford_dot_edu;
     checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
      &stanfordPolicyCheckWithoutMatchingName, 0, &oct2009, &policyPara);
+    /* Check chain29, which has a wildcard in its subject alternative name,
+     * but not in its distinguished name.
+     * Step 1: create a chain engine that trusts chain29's root.
+     */
+    testRoot = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+     CERT_STORE_CREATE_NEW_FLAG, NULL);
+    CertAddEncodedCertificateToStore(testRoot, X509_ASN_ENCODING, chain0_0,
+     sizeof(chain0_0), CERT_STORE_ADD_ALWAYS, NULL);
+    engineConfig.hExclusiveRoot = testRoot;
+    if (!CertCreateCertificateChainEngine(&engineConfig, &engine))
+    {
+        skip("Couldn't create chain engine\n");
+        return;
+    }
+    /* With "winehq.org": no match */
+    sslPolicyPara.pwszServerName = winehq;
+    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine,
+     &winehqPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara);
+    /* With "test.winehq.org": match */
+    sslPolicyPara.pwszServerName = test_dot_winehq_dot_org;
+    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine,
+     &winehqPolicyCheckWithMatchingName, 0, &oct2007, &policyPara);
+    /* With "a.b.winehq.org": no match */
+    sslPolicyPara.pwszServerName = a_dot_b_dot_winehq_dot_org;
+    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine,
+     &winehqPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara);
+    CertFreeCertificateChainEngine(engine);
+    CertCloseStore(testRoot, 0);
 }
 
 static void testVerifyCertChainPolicy(void)

More information about the wine-cvs mailing list