[PATCH 4/5] cryptnet/tests: Clean up and expand tests for CertDllVerifyRevocation.

Zebediah Figura zfigura at codeweavers.com
Thu Jul 15 11:25:19 CDT 2021


Signed-off-by: Zebediah Figura <zfigura at codeweavers.com>
---
 dlls/cryptnet/tests/cryptnet.c | 360 +++++++++++++++++++--------------
 1 file changed, 210 insertions(+), 150 deletions(-)

diff --git a/dlls/cryptnet/tests/cryptnet.c b/dlls/cryptnet/tests/cryptnet.c
index 3eca9e43f2e..b37a5e698f3 100644
--- a/dlls/cryptnet/tests/cryptnet.c
+++ b/dlls/cryptnet/tests/cryptnet.c
@@ -593,200 +593,260 @@ static SYSTEMTIME may2007 = { 2007, 5, 2, 1, 0, 0, 0, 0 };
 
 static void test_verifyRevocation(void)
 {
-    HMODULE hCryptNet = GetModuleHandleA("cryptnet.dll");
-    BOOL ret;
-    CERT_REVOCATION_STATUS status = { sizeof(status), 0 };
-    PCCERT_CONTEXT certs[2];
-    CERT_REVOCATION_PARA revPara = { sizeof(revPara), 0 };
+    CERT_REVOCATION_STATUS status = {sizeof(status)};
+    CERT_REVOCATION_PARA params = {sizeof(params)};
+    const CERT_CONTEXT *certs[2];
     FILETIME time;
+    BOOL ret;
+
+    pCertVerifyRevocation = (void *)GetProcAddress(GetModuleHandleA("cryptnet.dll"), "CertDllVerifyRevocation");
 
-    pCertVerifyRevocation = (void *)GetProcAddress(hCryptNet,
-     "CertDllVerifyRevocation");
-    if (!pCertVerifyRevocation)
-    {
-        win_skip("no CertDllVerifyRevocation\n");
-        return;
-    }
     if (0)
     {
         /* Crash */
         pCertVerifyRevocation(0, 0, 0, NULL, 0, NULL, NULL);
     }
+
     SetLastError(0xdeadbeef);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
     ret = pCertVerifyRevocation(0, 0, 0, NULL, 0, NULL, &status);
-    ok(!ret && GetLastError() == E_INVALIDARG,
-     "expected E_INVALIDARG, got %08x\n", GetLastError());
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == E_INVALIDARG, "got error %#x\n", GetLastError());
+    todo_wine ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    todo_wine ok(status.dwError == E_INVALIDARG, "got error %#x\n", status.dwError);
+    todo_wine ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(X509_ASN_ENCODING, 0, 0, NULL, 0, NULL,
-     &status);
-    ok(!ret && GetLastError() == E_INVALIDARG,
-     "expected E_INVALIDARG, got %08x\n", GetLastError());
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, 0, 0, NULL, 0, NULL, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == E_INVALIDARG, "got error %#x\n", GetLastError());
+    todo_wine ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    todo_wine ok(status.dwError == E_INVALIDARG, "got error %#x\n", status.dwError);
+    todo_wine ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 0, NULL, 0,
-     NULL, &status);
-    ok(!ret && GetLastError() == E_INVALIDARG,
-     "expected E_INVALIDARG, got %08x\n", GetLastError());
-    certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
-     sizeof(bigCert));
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 0, NULL, 0, NULL, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == E_INVALIDARG, "got error %#x\n", GetLastError());
+    todo_wine ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    todo_wine ok(status.dwError == E_INVALIDARG, "got error %#x\n", status.dwError);
+    todo_wine ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
+
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)certs, 0, NULL, &status);
-    ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)certs, 0, NULL, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     CertFreeCertificateContext(certs[0]);
-    certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING,
-     rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
-    certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING,
-     revokedCert, sizeof(revokedCert));
+
+    certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
+    certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING, revokedCert, sizeof(revokedCert));
+
     /* The root cert itself can't be checked for revocation */
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)certs, 0, NULL, &status);
-    ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certs[0], 0, NULL, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     /* Neither can the end cert */
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, NULL, &status);
-    ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certs[1], 0, NULL, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     /* Both certs together can't, either (they're not CRLs) */
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
-     2, (void **)certs, 0, NULL, &status);
-    ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
-    /* Now add a CRL to the hCrlStore */
-    revPara.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
-     CERT_STORE_CREATE_NEW_FLAG, NULL);
-    CertAddEncodedCRLToStore(revPara.hCrlStore, X509_ASN_ENCODING,
-     rootSignedCRLWithBadAKI, sizeof(rootSignedCRLWithBadAKI),
-     CERT_STORE_ADD_ALWAYS, NULL);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE, 2, (void **)certs, 0, NULL, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    /* Test with an invalid CRL */
+
+    params.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
+    ret = CertAddEncodedCRLToStore(params.hCrlStore, X509_ASN_ENCODING, rootSignedCRLWithBadAKI,
+            sizeof(rootSignedCRLWithBadAKI), CERT_STORE_ADD_ALWAYS, NULL);
+    ok(ret, "failed to add CRL, error %u\n", GetLastError());
+
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
-     2, (void **)certs, 0, &revPara, &status);
-    ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            2, (void **)certs, 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     /* Specifying CERT_VERIFY_REV_CHAIN_FLAG doesn't change things either */
     SetLastError(0xdeadbeef);
-    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
-     2, (void **)certs, CERT_VERIFY_REV_CHAIN_FLAG, &revPara, &status);
-    ok(!ret && GetLastError() == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK,
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            2, (void **)certs, CERT_VERIFY_REV_CHAIN_FLAG, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     /* Again, specifying the issuer cert: no change */
-    revPara.pIssuerCert = certs[0];
+    params.pIssuerCert = certs[0];
     SetLastError(0xdeadbeef);
-    ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    /* Win2k thinks the cert is revoked, and it is, except the CRL contains a
-     * bad authority key ID extension and can't be matched with the issuer
-     * cert, hence the revocation status should be unknown.
-     */
-    if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
-    {
-        win_skip("CERT_CONTEXT_REVOCATION_TYPE unsupported, skipping\n");
-        return;
-    }
-    ok(!ret && (GetLastError() == CRYPT_E_NO_REVOCATION_CHECK ||
-     broken(GetLastError() == CRYPT_E_REVOKED /* Win2k */)),
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK ||
-     broken(status.dwError == CRYPT_E_REVOKED /* Win2k */),
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     /* Specifying the time to check: still no change */
     SystemTimeToFileTime(&oct2007, &time);
-    revPara.pftTimeToUse = &time;
+    params.pftTimeToUse = &time;
+
+    SetLastError(0xdeadbeef);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
     ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    ok(!ret, "Expected failure\n");
-    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK ||
-     broken(GetLastError() == CRYPT_E_REVOKED), /* W2K SP3/SP4 */
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", GetLastError());
-    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK ||
-     broken(GetLastError() == CRYPT_E_REVOKED), /* W2K SP3/SP4 */
-     "expected CRYPT_E_NO_REVOCATION_CHECK, got %08x\n", status.dwError);
-    ok(status.dwIndex == 0, "expected index 0, got %d\n", status.dwIndex);
-    CertCloseStore(revPara.hCrlStore, 0);
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    CertCloseStore(params.hCrlStore, 0);
+
     /* Test again with a valid CRL.  This time, the cert should be revoked when
      * the time is after the validity period of the CRL, or considered
      * "revocation offline" when the checked time precedes the validity
      * period of the CRL.
      */
-    revPara.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
-     CERT_STORE_CREATE_NEW_FLAG, NULL);
-    ret = CertAddEncodedCRLToStore(revPara.hCrlStore, X509_ASN_ENCODING,
-     rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
-    ok(ret, "CertAddEncodedCRLToStore failed: %08x\n", GetLastError());
-    revPara.pftTimeToUse = NULL;
+    params.hCrlStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
+    ret = CertAddEncodedCRLToStore(params.hCrlStore, X509_ASN_ENCODING,
+            rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
+    ok(ret, "failed to add CRL, error %u\n", GetLastError());
+
+    params.pftTimeToUse = NULL;
+
     SetLastError(0xdeadbeef);
-    ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    ok(!ret && (GetLastError() == CRYPT_E_REVOKED ||
-     broken(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* NT4 */)),
-     "expected CRYPT_E_REVOKED, got %08x\n", GetLastError());
-    revPara.pftTimeToUse = &time;
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_REVOKED, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_REVOKED, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    SystemTimeToFileTime(&oct2007, &time);
+    params.pftTimeToUse = &time;
     SetLastError(0xdeadbeef);
-    ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    ok(!ret && (GetLastError() == CRYPT_E_REVOKED ||
-     broken(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* NT4 */)),
-     "expected CRYPT_E_REVOKED, got %08x\n", GetLastError());
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_REVOKED, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_REVOKED, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     SystemTimeToFileTime(&may2007, &time);
     SetLastError(0xdeadbeef);
-    ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    ok(!ret && (GetLastError() == CRYPT_E_REVOCATION_OFFLINE ||
-     broken(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* NT4 */)),
-     "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     CertFreeCertificateContext(certs[1]);
+
     /* Test again with a valid CRL and an un-revoked cert.  No matter the
      * time checked, it's reported as revocation offline.
      */
-    certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING,
-     unRevokedCert, sizeof(unRevokedCert));
-    ok(certs[1] != NULL, "CertCreateCertificateContext failed: %08x\n",
-     GetLastError());
-    revPara.pftTimeToUse = NULL;
+    certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING, unRevokedCert, sizeof(unRevokedCert));
+
+    params.pftTimeToUse = NULL;
     SetLastError(0xdeadbeef);
-    ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    ok(!ret && (GetLastError() == CRYPT_E_REVOCATION_OFFLINE ||
-     broken(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* NT4 */)),
-     "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
-    revPara.pftTimeToUse = &time;
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    SystemTimeToFileTime(&oct2007, &time);
+    params.pftTimeToUse = &time;
     SetLastError(0xdeadbeef);
-    ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    ok(!ret && (GetLastError() == CRYPT_E_REVOCATION_OFFLINE ||
-     broken(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* NT4 */)),
-     "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
     SystemTimeToFileTime(&may2007, &time);
     SetLastError(0xdeadbeef);
-    ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
-     1, (void **)&certs[1], 0, &revPara, &status);
-    ok(!ret && (GetLastError() == CRYPT_E_REVOCATION_OFFLINE ||
-     broken(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK /* NT4 */)),
-     "expected CRYPT_E_REVOCATION_OFFLINE, got %08x\n", GetLastError());
-    CertCloseStore(revPara.hCrlStore, 0);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_REVOCATION_OFFLINE, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    params.pftTimeToUse = NULL;
+
+    /* Test with the wrong encoding type. */
+    SetLastError(0xdeadbeef);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(0, CERT_CONTEXT_REVOCATION_TYPE,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    todo_wine ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    todo_wine ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    /* Test with the wrong context type. */
+    SetLastError(0xdeadbeef);
+    memset(&status.dwIndex, 0xcc, sizeof(status) - offsetof(CERT_REVOCATION_STATUS, dwIndex));
+    ret = pCertVerifyRevocation(X509_ASN_ENCODING, 0xdeadbeef,
+            1, (void **)&certs[1], 0, &params, &status);
+    ok(!ret, "expected failure\n");
+    ok(GetLastError() == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", GetLastError());
+    ok(!status.dwIndex, "got index %u\n", status.dwIndex);
+    ok(status.dwError == CRYPT_E_NO_REVOCATION_CHECK, "got error %#x\n", status.dwError);
+    ok(!status.dwReason, "got reason %u\n", status.dwReason);
+
+    CertCloseStore(params.hCrlStore, 0);
     CertFreeCertificateContext(certs[1]);
     CertFreeCertificateContext(certs[0]);
 }
-- 
2.30.2




More information about the wine-devel mailing list