1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/x509_certificate.h"
6
7 #include <stdlib.h>
8
9 #include <map>
10 #include <string>
11 #include <vector>
12
13 #include "base/lazy_instance.h"
14 #include "base/logging.h"
15 #include "base/memory/singleton.h"
16 #include "base/metrics/histogram.h"
17 #include "base/pickle.h"
18 #include "base/sha1.h"
19 #include "base/string_piece.h"
20 #include "base/string_util.h"
21 #include "base/time.h"
22 #include "net/base/pem_tokenizer.h"
23
24 namespace net {
25
26 namespace {
27
28 // Returns true if this cert fingerprint is the null (all zero) fingerprint.
29 // We use this as a bogus fingerprint value.
IsNullFingerprint(const SHA1Fingerprint & fingerprint)30 bool IsNullFingerprint(const SHA1Fingerprint& fingerprint) {
31 for (size_t i = 0; i < arraysize(fingerprint.data); ++i) {
32 if (fingerprint.data[i] != 0)
33 return false;
34 }
35 return true;
36 }
37
38 // Indicates the order to use when trying to decode binary data, which is
39 // based on (speculation) as to what will be most common -> least common
40 const X509Certificate::Format kFormatDecodePriority[] = {
41 X509Certificate::FORMAT_SINGLE_CERTIFICATE,
42 X509Certificate::FORMAT_PKCS7
43 };
44
45 // The PEM block header used for DER certificates
46 const char kCertificateHeader[] = "CERTIFICATE";
47 // The PEM block header used for PKCS#7 data
48 const char kPKCS7Header[] = "PKCS7";
49
50 // A thread-safe cache for X509Certificate objects.
51 //
52 // The cache does not hold a reference to the certificate objects. The objects
53 // must |Remove| themselves from the cache upon destruction (or else the cache
54 // will be holding dead pointers to the objects).
55 // TODO(rsleevi): There exists a chance of a use-after-free, due to a race
56 // between Find() and Remove(). See http://crbug.com/49377
57 // ANDROID: we removed Remove(), to attempt to fix this. See http://b/6508448
58 class X509CertificateCache {
59 public:
60 void Insert(X509Certificate* cert);
61 scoped_refptr<X509Certificate> Find(const SHA1Fingerprint& fingerprint);
62
63 private:
64 typedef std::map<SHA1Fingerprint, scoped_refptr<X509Certificate>, SHA1FingerprintLessThan>
65 CertMap;
66
67 // Obtain an instance of X509CertificateCache via a LazyInstance.
X509CertificateCache()68 X509CertificateCache() {}
~X509CertificateCache()69 ~X509CertificateCache() {}
70 friend struct base::DefaultLazyInstanceTraits<X509CertificateCache>;
71
72 // You must acquire this lock before using any private data of this object.
73 // You must not block while holding this lock.
74 base::Lock lock_;
75
76 // The certificate cache. You must acquire |lock_| before using |cache_|.
77 CertMap cache_;
78
79 DISALLOW_COPY_AND_ASSIGN(X509CertificateCache);
80 };
81
82 base::LazyInstance<X509CertificateCache,
83 base::LeakyLazyInstanceTraits<X509CertificateCache> >
84 g_x509_certificate_cache(base::LINKER_INITIALIZED);
85
86 // Insert |cert| into the cache. The cache does NOT AddRef |cert|.
87 // Any existing certificate with the same fingerprint will be replaced.
Insert(X509Certificate * cert)88 void X509CertificateCache::Insert(X509Certificate* cert) {
89 base::AutoLock lock(lock_);
90
91 DCHECK(!IsNullFingerprint(cert->fingerprint())) <<
92 "Only insert certs with real fingerprints.";
93 // Sanity test: never cache more than 50 certs
94 while (cache_.size() >= 50)
95 cache_.erase(cache_.begin());
96
97 cache_[cert->fingerprint()] = cert;
98
99 // Trim the cache if there are unused certs remaining. Aim to hold between
100 // 10 and 20 certs in the cache in normal usage.
101 if (cache_.size() <= 20) // high water mark
102 return;
103
104 for (CertMap::iterator it = cache_.begin(); it != cache_.end(); ++it) {
105 if (it->second->HasOneRef()) {
106 cache_.erase(it);
107 if (cache_.size() <= 10) // low water mark
108 return;
109 }
110 }
111 };
112
113 // Find a certificate in the cache with the given fingerprint. If one does
114 // not exist, this method returns NULL.
Find(const SHA1Fingerprint & fingerprint)115 scoped_refptr<X509Certificate> X509CertificateCache::Find(
116 const SHA1Fingerprint& fingerprint) {
117 base::AutoLock lock(lock_);
118
119 CertMap::iterator pos(cache_.find(fingerprint));
120 if (pos == cache_.end())
121 return NULL;
122
123 return pos->second;
124 };
125
126 // CompareSHA1Hashes is a helper function for using bsearch() with an array of
127 // SHA1 hashes.
CompareSHA1Hashes(const void * a,const void * b)128 static int CompareSHA1Hashes(const void* a, const void* b) {
129 return memcmp(a, b, base::SHA1_LENGTH);
130 }
131
132 } // namespace
133
operator ()(X509Certificate * lhs,X509Certificate * rhs) const134 bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
135 X509Certificate* rhs) const {
136 if (lhs == rhs)
137 return false;
138
139 SHA1FingerprintLessThan fingerprint_functor;
140 return fingerprint_functor(lhs->fingerprint_, rhs->fingerprint_);
141 }
142
X509Certificate(const std::string & subject,const std::string & issuer,base::Time start_date,base::Time expiration_date)143 X509Certificate::X509Certificate(const std::string& subject,
144 const std::string& issuer,
145 base::Time start_date,
146 base::Time expiration_date)
147 : subject_(subject),
148 issuer_(issuer),
149 valid_start_(start_date),
150 valid_expiry_(expiration_date),
151 cert_handle_(NULL),
152 source_(SOURCE_UNUSED) {
153 memset(fingerprint_.data, 0, sizeof(fingerprint_.data));
154 }
155
156 // static
CreateFromHandle(OSCertHandle cert_handle,Source source,const OSCertHandles & intermediates)157 scoped_refptr<X509Certificate> X509Certificate::CreateFromHandle(
158 OSCertHandle cert_handle,
159 Source source,
160 const OSCertHandles& intermediates) {
161 DCHECK(cert_handle);
162 DCHECK(source != SOURCE_UNUSED);
163
164 // Check if we already have this certificate in memory.
165 X509CertificateCache* cache = g_x509_certificate_cache.Pointer();
166 scoped_refptr<X509Certificate> cached_cert =
167 cache->Find(CalculateFingerprint(cert_handle));
168 if (cached_cert) {
169 DCHECK(cached_cert->source_ != SOURCE_UNUSED);
170 if (cached_cert->source_ > source ||
171 (cached_cert->source_ == source &&
172 cached_cert->HasIntermediateCertificates(intermediates))) {
173 // Return the certificate with the same fingerprint from our cache.
174 DHISTOGRAM_COUNTS("X509CertificateReuseCount", 1);
175 return cached_cert;
176 }
177 // Else the new cert is better and will replace the old one in the cache.
178 }
179
180 // Otherwise, allocate and cache a new object.
181 scoped_refptr<X509Certificate> cert = new X509Certificate(cert_handle, source,
182 intermediates);
183 cache->Insert(cert);
184 return cert;
185 }
186
187 #if defined(OS_WIN)
CreateOSCert(base::StringPiece der_cert)188 static X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) {
189 X509Certificate::OSCertHandle cert_handle = NULL;
190 BOOL ok = CertAddEncodedCertificateToStore(
191 X509Certificate::cert_store(), X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
192 reinterpret_cast<const BYTE*>(der_cert.data()), der_cert.size(),
193 CERT_STORE_ADD_USE_EXISTING, &cert_handle);
194 return ok ? cert_handle : NULL;
195 }
196 #else
CreateOSCert(base::StringPiece der_cert)197 static X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) {
198 return X509Certificate::CreateOSCertHandleFromBytes(
199 const_cast<char*>(der_cert.data()), der_cert.size());
200 }
201 #endif
202
203 // static
CreateFromDERCertChain(const std::vector<base::StringPiece> & der_certs)204 scoped_refptr<X509Certificate> X509Certificate::CreateFromDERCertChain(
205 const std::vector<base::StringPiece>& der_certs) {
206 if (der_certs.empty())
207 return NULL;
208
209 X509Certificate::OSCertHandles intermediate_ca_certs;
210 for (size_t i = 1; i < der_certs.size(); i++) {
211 OSCertHandle handle = CreateOSCert(der_certs[i]);
212 DCHECK(handle);
213 intermediate_ca_certs.push_back(handle);
214 }
215
216 OSCertHandle handle = CreateOSCert(der_certs[0]);
217 DCHECK(handle);
218 scoped_refptr<X509Certificate> cert =
219 CreateFromHandle(handle, SOURCE_FROM_NETWORK, intermediate_ca_certs);
220 FreeOSCertHandle(handle);
221 for (size_t i = 0; i < intermediate_ca_certs.size(); i++)
222 FreeOSCertHandle(intermediate_ca_certs[i]);
223
224 return cert;
225 }
226
227 // static
CreateFromBytes(const char * data,int length)228 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytes(const char* data,
229 int length) {
230 OSCertHandle cert_handle = CreateOSCertHandleFromBytes(data, length);
231 if (!cert_handle)
232 return NULL;
233
234 scoped_refptr<X509Certificate> cert = CreateFromHandle(cert_handle,
235 SOURCE_LONE_CERT_IMPORT,
236 OSCertHandles());
237 FreeOSCertHandle(cert_handle);
238 return cert;
239 }
240
241 // static
CreateFromPickle(const Pickle & pickle,void ** pickle_iter,PickleType type)242 scoped_refptr<X509Certificate> X509Certificate::CreateFromPickle(const Pickle& pickle,
243 void** pickle_iter,
244 PickleType type) {
245 OSCertHandle cert_handle = ReadCertHandleFromPickle(pickle, pickle_iter);
246 OSCertHandles intermediates;
247
248 // Even if a certificate fails to parse, whether the server certificate in
249 // |cert_handle| or one of the optional intermediates, continue reading
250 // the data from |pickle| so that |pickle_iter| is kept in sync for any
251 // other reads the caller may perform after this method returns.
252 if (type == PICKLETYPE_CERTIFICATE_CHAIN) {
253 size_t num_intermediates;
254 if (!pickle.ReadSize(pickle_iter, &num_intermediates)) {
255 FreeOSCertHandle(cert_handle);
256 return NULL;
257 }
258
259 bool ok = !!cert_handle;
260 for (size_t i = 0; i < num_intermediates; ++i) {
261 OSCertHandle intermediate = ReadCertHandleFromPickle(pickle,
262 pickle_iter);
263 // If an intermediate fails to load, it and any certificates after it
264 // will not be added. However, any intermediates that were successfully
265 // parsed before the failure can be safely returned.
266 ok &= !!intermediate;
267 if (ok) {
268 intermediates.push_back(intermediate);
269 } else if (intermediate) {
270 FreeOSCertHandle(intermediate);
271 }
272 }
273 }
274
275 if (!cert_handle)
276 return NULL;
277 scoped_refptr<X509Certificate> cert = CreateFromHandle(cert_handle, SOURCE_FROM_CACHE,
278 intermediates);
279 FreeOSCertHandle(cert_handle);
280 for (size_t i = 0; i < intermediates.size(); ++i)
281 FreeOSCertHandle(intermediates[i]);
282
283 return cert;
284 }
285
286 // static
CreateCertificateListFromBytes(const char * data,int length,int format)287 CertificateList X509Certificate::CreateCertificateListFromBytes(
288 const char* data, int length, int format) {
289 OSCertHandles certificates;
290
291 // Check to see if it is in a PEM-encoded form. This check is performed
292 // first, as both OS X and NSS will both try to convert if they detect
293 // PEM encoding, except they don't do it consistently between the two.
294 base::StringPiece data_string(data, length);
295 std::vector<std::string> pem_headers;
296
297 // To maintain compatibility with NSS/Firefox, CERTIFICATE is a universally
298 // valid PEM block header for any format.
299 pem_headers.push_back(kCertificateHeader);
300 if (format & FORMAT_PKCS7)
301 pem_headers.push_back(kPKCS7Header);
302
303 PEMTokenizer pem_tok(data_string, pem_headers);
304 while (pem_tok.GetNext()) {
305 std::string decoded(pem_tok.data());
306
307 OSCertHandle handle = NULL;
308 if (format & FORMAT_PEM_CERT_SEQUENCE)
309 handle = CreateOSCertHandleFromBytes(decoded.c_str(), decoded.size());
310 if (handle != NULL) {
311 // Parsed a DER encoded certificate. All PEM blocks that follow must
312 // also be DER encoded certificates wrapped inside of PEM blocks.
313 format = FORMAT_PEM_CERT_SEQUENCE;
314 certificates.push_back(handle);
315 continue;
316 }
317
318 // If the first block failed to parse as a DER certificate, and
319 // formats other than PEM are acceptable, check to see if the decoded
320 // data is one of the accepted formats.
321 if (format & ~FORMAT_PEM_CERT_SEQUENCE) {
322 for (size_t i = 0; certificates.empty() &&
323 i < arraysize(kFormatDecodePriority); ++i) {
324 if (format & kFormatDecodePriority[i]) {
325 certificates = CreateOSCertHandlesFromBytes(decoded.c_str(),
326 decoded.size(), kFormatDecodePriority[i]);
327 }
328 }
329 }
330
331 // Stop parsing after the first block for any format but a sequence of
332 // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE
333 // is handled above, and continues processing until a certificate fails
334 // to parse.
335 break;
336 }
337
338 // Try each of the formats, in order of parse preference, to see if |data|
339 // contains the binary representation of a Format, if it failed to parse
340 // as a PEM certificate/chain.
341 for (size_t i = 0; certificates.empty() &&
342 i < arraysize(kFormatDecodePriority); ++i) {
343 if (format & kFormatDecodePriority[i])
344 certificates = CreateOSCertHandlesFromBytes(data, length,
345 kFormatDecodePriority[i]);
346 }
347
348 CertificateList results;
349 // No certificates parsed.
350 if (certificates.empty())
351 return results;
352
353 for (OSCertHandles::iterator it = certificates.begin();
354 it != certificates.end(); ++it) {
355 scoped_refptr<X509Certificate> result = CreateFromHandle(*it, SOURCE_LONE_CERT_IMPORT,
356 OSCertHandles());
357 results.push_back(scoped_refptr<X509Certificate>(result));
358 FreeOSCertHandle(*it);
359 }
360
361 return results;
362 }
363
Persist(Pickle * pickle)364 void X509Certificate::Persist(Pickle* pickle) {
365 DCHECK(cert_handle_);
366 if (!WriteCertHandleToPickle(cert_handle_, pickle)) {
367 NOTREACHED();
368 return;
369 }
370
371 if (!pickle->WriteSize(intermediate_ca_certs_.size())) {
372 NOTREACHED();
373 return;
374 }
375
376 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
377 if (!WriteCertHandleToPickle(intermediate_ca_certs_[i], pickle)) {
378 NOTREACHED();
379 return;
380 }
381 }
382 }
383
HasExpired() const384 bool X509Certificate::HasExpired() const {
385 return base::Time::Now() > valid_expiry();
386 }
387
Equals(const X509Certificate * other) const388 bool X509Certificate::Equals(const X509Certificate* other) const {
389 return IsSameOSCert(cert_handle_, other->cert_handle_);
390 }
391
HasIntermediateCertificate(OSCertHandle cert)392 bool X509Certificate::HasIntermediateCertificate(OSCertHandle cert) {
393 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
394 if (IsSameOSCert(cert, intermediate_ca_certs_[i]))
395 return true;
396 }
397 return false;
398 }
399
HasIntermediateCertificates(const OSCertHandles & certs)400 bool X509Certificate::HasIntermediateCertificates(const OSCertHandles& certs) {
401 for (size_t i = 0; i < certs.size(); ++i) {
402 if (!HasIntermediateCertificate(certs[i]))
403 return false;
404 }
405 return true;
406 }
407
408 // static
VerifyHostname(const std::string & hostname,const std::vector<std::string> & cert_names)409 bool X509Certificate::VerifyHostname(
410 const std::string& hostname,
411 const std::vector<std::string>& cert_names) {
412 DCHECK(!hostname.empty());
413
414 // Simple host name validation. A valid domain name must only contain
415 // alpha, digits, hyphens, and dots. An IP address may have digits and dots,
416 // and also square braces and colons for IPv6 addresses.
417 std::string reference_name;
418 reference_name.reserve(hostname.length());
419
420 bool found_alpha = false;
421 bool found_ip6_chars = false;
422 bool found_hyphen = false;
423 int dot_count = 0;
424
425 size_t first_dot_index = std::string::npos;
426 for (std::string::const_iterator it = hostname.begin();
427 it != hostname.end(); ++it) {
428 char c = *it;
429 if (IsAsciiAlpha(c)) {
430 found_alpha = true;
431 c = base::ToLowerASCII(c);
432 } else if (c == '.') {
433 ++dot_count;
434 if (first_dot_index == std::string::npos)
435 first_dot_index = reference_name.length();
436 } else if (c == ':') {
437 found_ip6_chars = true;
438 } else if (c == '-') {
439 found_hyphen = true;
440 } else if (!IsAsciiDigit(c)) {
441 LOG(WARNING) << "Invalid char " << c << " in hostname " << hostname;
442 return false;
443 }
444 reference_name.push_back(c);
445 }
446 DCHECK(!reference_name.empty());
447
448 if (found_ip6_chars || !found_alpha) {
449 // For now we just do simple localhost IP address support, primarily as
450 // it's needed by the test server. TODO(joth): Replace this with full IP
451 // address support. See http://crbug.com/62973
452 if (hostname == "127.0.0.1") {
453 for (size_t index = 0; index < cert_names.size(); ++index) {
454 if (cert_names[index] == hostname) {
455 DVLOG(1) << "Allowing localhost IP certificate: " << hostname;
456 return true;
457 }
458 }
459 }
460 NOTIMPLEMENTED() << hostname; // See comment above.
461 return false;
462 }
463
464 // |wildcard_domain| is the remainder of |host| after the leading host
465 // component is stripped off, but includes the leading dot e.g.
466 // "www.f.com" -> ".f.com".
467 // If there is no meaningful domain part to |host| (e.g. it is an IP address
468 // or contains no dots) then |wildcard_domain| will be empty.
469 // We required at least 3 components (i.e. 2 dots) as a basic protection
470 // against too-broad wild-carding.
471 base::StringPiece wildcard_domain;
472 if (found_alpha && !found_ip6_chars && dot_count >= 2) {
473 DCHECK(first_dot_index != std::string::npos);
474 wildcard_domain = reference_name;
475 wildcard_domain.remove_prefix(first_dot_index);
476 DCHECK(wildcard_domain.starts_with("."));
477 }
478
479 for (std::vector<std::string>::const_iterator it = cert_names.begin();
480 it != cert_names.end(); ++it) {
481 // Catch badly corrupt cert names up front.
482 if (it->empty() || it->find('\0') != std::string::npos) {
483 LOG(WARNING) << "Bad name in cert: " << *it;
484 continue;
485 }
486 const std::string cert_name_string(StringToLowerASCII(*it));
487 base::StringPiece cert_match(cert_name_string);
488
489 // Remove trailing dot, if any.
490 if (cert_match.ends_with("."))
491 cert_match.remove_suffix(1);
492
493 // The hostname must be at least as long as the cert name it is matching,
494 // as we require the wildcard (if present) to match at least one character.
495 if (cert_match.length() > reference_name.length())
496 continue;
497
498 if (cert_match == reference_name)
499 return true;
500
501 // Next see if this cert name starts with a wildcard, so long as the
502 // hostname we're matching against has a valid 'domain' part to match.
503 // Note the "-10" version of draft-saintandre-tls-server-id-check allows
504 // the wildcard to appear anywhere in the leftmost label, rather than
505 // requiring it to be the only character. See also http://crbug.com/60719
506 if (wildcard_domain.empty() || !cert_match.starts_with("*"))
507 continue;
508
509 // Erase the * but not the . from the domain, as we need to include the dot
510 // in the comparison.
511 cert_match.remove_prefix(1);
512
513 // Do character by character comparison on the remainder to see
514 // if we have a wildcard match. This intentionally does no special handling
515 // for any other wildcard characters in |domain|; alternatively it could
516 // detect these and skip those candidate cert names.
517 if (cert_match == wildcard_domain)
518 return true;
519 }
520 DVLOG(1) << "Could not find any match for " << hostname
521 << " (canonicalized as " << reference_name
522 << ") in cert names " << JoinString(cert_names, '|');
523 return false;
524 }
525
526 #if !defined(USE_NSS)
VerifyNameMatch(const std::string & hostname) const527 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {
528 std::vector<std::string> dns_names;
529 GetDNSNames(&dns_names);
530 return VerifyHostname(hostname, dns_names);
531 }
532 #endif
533
X509Certificate(OSCertHandle cert_handle,Source source,const OSCertHandles & intermediates)534 X509Certificate::X509Certificate(OSCertHandle cert_handle,
535 Source source,
536 const OSCertHandles& intermediates)
537 : cert_handle_(DupOSCertHandle(cert_handle)),
538 source_(source) {
539 // Copy/retain the intermediate cert handles.
540 for (size_t i = 0; i < intermediates.size(); ++i)
541 intermediate_ca_certs_.push_back(DupOSCertHandle(intermediates[i]));
542 // Platform-specific initialization.
543 Initialize();
544 }
545
~X509Certificate()546 X509Certificate::~X509Certificate() {
547 // We might not be in the cache, but it is safe to remove ourselves anyway.
548 if (cert_handle_)
549 FreeOSCertHandle(cert_handle_);
550 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i)
551 FreeOSCertHandle(intermediate_ca_certs_[i]);
552 }
553
IsBlacklisted() const554 bool X509Certificate::IsBlacklisted() const {
555 static const unsigned kNumSerials = 256;
556 static const unsigned kSerialBytes = 16;
557 static const uint8 kSerials[kNumSerials][kSerialBytes] = {
558 // Not a real certificate. For testing only.
559 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,0x1c},
560
561 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
562 // Some serial numbers actually have a leading 0x00 byte required to
563 // encode a positive integer in DER if the most significant bit is 0.
564 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
565
566 // Subject: CN=mail.google.com
567 // subjectAltName dNSName: mail.google.com, www.mail.google.com
568 {0x04,0x7e,0xcb,0xe9,0xfc,0xa5,0x5f,0x7b,0xd0,0x9e,0xae,0x36,0xe1,0x0c,0xae,0x1e},
569 // Subject: CN=global trustee
570 // subjectAltName dNSName: global trustee
571 // Note: not a CA certificate.
572 {0xd8,0xf3,0x5f,0x4e,0xb7,0x87,0x2b,0x2d,0xab,0x06,0x92,0xe3,0x15,0x38,0x2f,0xb0},
573 // Subject: CN=login.live.com
574 // subjectAltName dNSName: login.live.com, www.login.live.com
575 {0xb0,0xb7,0x13,0x3e,0xd0,0x96,0xf9,0xb5,0x6f,0xae,0x91,0xc8,0x74,0xbd,0x3a,0xc0},
576 // Subject: CN=addons.mozilla.org
577 // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
578 {0x92,0x39,0xd5,0x34,0x8f,0x40,0xd1,0x69,0x5a,0x74,0x54,0x70,0xe1,0xf2,0x3f,0x43},
579 // Subject: CN=login.skype.com
580 // subjectAltName dNSName: login.skype.com, www.login.skype.com
581 {0xe9,0x02,0x8b,0x95,0x78,0xe4,0x15,0xdc,0x1a,0x71,0x0a,0x2b,0x88,0x15,0x44,0x47},
582 // Subject: CN=login.yahoo.com
583 // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
584 {0xd7,0x55,0x8f,0xda,0xf5,0xf1,0x10,0x5b,0xb2,0x13,0x28,0x2b,0x70,0x77,0x29,0xa3},
585 // Subject: CN=www.google.com
586 // subjectAltName dNSName: www.google.com, google.com
587 {0xf5,0xc8,0x6a,0xf3,0x61,0x62,0xf1,0x3a,0x64,0xf5,0x4f,0x6d,0xc9,0x58,0x7c,0x06},
588 // Subject: CN=login.yahoo.com
589 // subjectAltName dNSName: login.yahoo.com
590 {0x39,0x2a,0x43,0x4f,0x0e,0x07,0xdf,0x1f,0x8a,0xa3,0x05,0xde,0x34,0xe0,0xc2,0x29},
591 // Subject: CN=login.yahoo.com
592 // subjectAltName dNSName: login.yahoo.com
593 {0x3e,0x75,0xce,0xd4,0x6b,0x69,0x30,0x21,0x21,0x88,0x30,0xae,0x86,0xa8,0x2a,0x71},
594
595 // Bad DigiNotar leaf certificates for non-Google sites.
596 {0x95,0x32,0x18,0xb7,0x04,0xcc,0x62,0xb2,0x40,0xa4,0xd0,0x18,0x0e,0x81,0x93,0xf2},
597 {0x5f,0x41,0xfe,0x52,0x93,0x75,0xb1,0x4b,0xd1,0x56,0x37,0x53,0xa2,0xc9,0xc6,0x49},
598 {0x22,0xec,0x36,0x83,0x9f,0x44,0x65,0xe7,0xa1,0x34,0x7b,0xae,0x69,0x2f,0x5d,0x2a},
599 {0x46,0xaf,0xa2,0x75,0x58,0x2e,0x27,0x34,0xe2,0xa5,0x22,0xfc,0x6c,0x2e,0x80,0x55},
600 {0xc8,0x63,0x14,0x89,0xc3,0xa6,0xaf,0xde,0xdc,0x70,0xd6,0xc1,0xb5,0x81,0xc0,0x19},
601 {0x26,0xf6,0x2a,0xee,0x2b,0xae,0x06,0xee,0x71,0xe7,0xc4,0x8a,0x2b,0x4d,0x60,0xfe},
602 {0xb6,0x73,0x9c,0x1a,0xdd,0x2b,0x52,0x19,0x6c,0x53,0x36,0xef,0xb6,0x7b,0x26,0x0f},
603 {0x9e,0x4e,0x87,0x07,0x55,0xd9,0x4c,0xf5,0xc4,0x67,0x81,0xe6,0x83,0x49,0xe3,0xd3},
604 {0x7e,0x82,0x25,0xf6,0xb4,0xbe,0x3d,0x1c,0x13,0x72,0xbb,0xc3,0x65,0xf5,0xf6,0xb6},
605 {0xff,0x2e,0x1b,0xda,0xa2,0xf4,0xc9,0x51,0x02,0x65,0xf7,0x26,0x11,0xdd,0x0c,0x44},
606 {0x1f,0xe8,0x4c,0xbe,0x99,0xe5,0xd2,0x68,0x4c,0x67,0x8d,0xef,0x7f,0xc0,0xbd,0xaa},
607 {0x4b,0x72,0xe8,0x49,0x97,0x38,0x82,0x99,0xf5,0x83,0xcb,0x37,0x60,0xab,0x1b,0x20},
608 {0xcf,0x61,0x90,0x78,0xde,0x6c,0x9d,0x9a,0x50,0x72,0xb5,0xe3,0xb1,0x3c,0xa9,0x9f},
609 {0xa8,0x22,0xeb,0x37,0xb7,0x35,0xa6,0x3e,0x6c,0xa9,0xa9,0x96,0x80,0x08,0x21,0xfc},
610 {0xe3,0xb6,0x00,0xb1,0x07,0x39,0xb0,0x94,0xab,0x47,0x4c,0x88,0x8d,0x97,0x25,0x0d},
611 {0x36,0xe8,0x57,0x1d,0x39,0x46,0x34,0x2c,0x74,0x20,0x81,0xc0,0xfa,0xab,0x34,0x3a},
612 {0x77,0x17,0x07,0x87,0x3d,0xa4,0x91,0xa8,0xd5,0xcc,0x5b,0x07,0xdc,0x50,0x8c,0x72},
613 {0x1e,0x94,0xcf,0x79,0x06,0x58,0x7b,0xdf,0x45,0xc4,0x61,0xfb,0xdd,0x74,0x3e,0x25},
614 {0x58,0x7c,0xd9,0xe3,0xd9,0xa8,0xab,0x10,0xfd,0xb0,0xc7,0x0b,0xcd,0x8a,0xe7,0x28},
615 {0x7e,0xd8,0x0b,0x93,0x20,0x50,0x8d,0xa6,0xcf,0x5d,0x96,0xba,0x53,0x30,0x43,0xd7},
616 {0xf8,0x6d,0x1e,0x22,0xbd,0x20,0x68,0x47,0x1e,0x20,0x13,0x6b,0x30,0x21,0x0e,0xae},
617 {0x2c,0x86,0x94,0x86,0xec,0x04,0x75,0x97,0x82,0x91,0x6e,0x68,0x04,0xdb,0x48,0xfd},
618 {0x35,0x19,0x81,0x98,0xd1,0xbc,0xaf,0xcf,0x43,0x86,0xe6,0xb8,0x87,0xba,0xe6,0x1b},
619 {0x4a,0x66,0x2b,0xa9,0xe4,0x5d,0x06,0xff,0xc5,0x0d,0x1d,0xbb,0xe2,0x25,0xa8,0xbb},
620 {0x89,0x9a,0xe1,0x20,0xcd,0x44,0xfc,0xec,0x0f,0xfc,0xd6,0x2f,0x6f,0xc4,0xbb,0x81},
621 {0x7d,0xd1,0x6c,0x03,0xdf,0x04,0x38,0xb2,0xbe,0x5f,0xc1,0xd3,0xe1,0x9f,0x13,0x8b},
622 {0xaf,0xe2,0x66,0x30,0x8f,0x50,0x1d,0x49,0x37,0xc1,0xaa,0xf0,0x00,0xc5,0x68,0x97},
623 {0x53,0xd9,0xf7,0x50,0x84,0xf2,0x62,0xfb,0x40,0x91,0x27,0xab,0x1e,0x04,0x44,0x2e},
624 {0x35,0xec,0x66,0x4c,0xbd,0x19,0x42,0xa2,0x36,0xc3,0xba,0x0e,0xb2,0xc6,0x81,0x3f},
625 {0x5c,0x94,0xc8,0xbd,0x9d,0x50,0x4a,0xd8,0x8d,0x96,0x59,0x36,0xef,0x5f,0xa0,0x21},
626 {0x88,0x82,0xc0,0xa1,0xd6,0x4b,0xab,0xb7,0xdb,0x82,0x07,0x3e,0xcd,0x77,0x72,0x2f},
627 {0x81,0xc4,0x84,0x5a,0x97,0x2f,0x37,0x4d,0x1c,0xe5,0x83,0x08,0x44,0x54,0xdd,0x50},
628 {0x04,0x1d,0x36,0xbb,0x4d,0xd3,0x9e,0x4a,0xce,0x8c,0x5b,0x4e,0x72,0x27,0x79,0xa4},
629 {0xe6,0xc0,0xb6,0x11,0xb2,0x84,0x0a,0xac,0xc4,0x00,0xd0,0x3f,0xf2,0x7c,0x86,0xb7},
630 {0xb5,0x94,0xa1,0x02,0xf8,0x9a,0xe2,0x9a,0xf6,0x2d,0x68,0x96,0x5f,0x49,0x0d,0x65},
631 {0xa5,0xbe,0x65,0x4d,0xcc,0xf8,0xaa,0x3b,0xd3,0x15,0x64,0x8d,0x95,0x79,0x12,0x29},
632 {0x5b,0x1d,0xd6,0x43,0xb9,0x80,0xa8,0x17,0xf7,0x86,0x71,0x16,0x97,0xd2,0x84,0x0d},
633 {0x4c,0x06,0x16,0x26,0x9a,0x64,0xa3,0xe5,0x7b,0xe9,0xd0,0xeb,0x9d,0x1b,0x59,0x97},
634 {0x10,0x2c,0x47,0x9d,0x70,0x61,0xdb,0x7e,0xf1,0x55,0xba,0xa6,0x41,0x0b,0x11,0x20},
635 {0xd1,0x62,0x65,0x70,0x77,0x9a,0x69,0x32,0x66,0x28,0x2f,0x9f,0xdc,0x5a,0x72,0x3f},
636 {0x0f,0x50,0x0a,0xe6,0x0b,0xf8,0x69,0x67,0x16,0xf2,0x67,0xc8,0x0e,0x13,0xdc,0x09},
637 {0x8b,0x22,0xbf,0xf4,0x66,0xe4,0x15,0x26,0x65,0x8a,0x56,0x8d,0x40,0x00,0x70,0xfd},
638 {0x4e,0xf7,0x05,0xc3,0x1e,0xff,0xc8,0x5a,0x0f,0x6f,0x74,0x52,0x8c,0x84,0xa7,0x72},
639 {0x77,0x1d,0x89,0xbc,0xa1,0xd2,0x53,0xd1,0xb5,0x6a,0x61,0x41,0xcf,0x29,0xe1,0xbb},
640 {0x33,0x73,0x97,0x6f,0xb7,0xe8,0x21,0xdc,0x3d,0x68,0xf9,0x47,0xfa,0xed,0xb2,0xb0},
641 {0x30,0xc2,0x0f,0xff,0x9b,0xe7,0xc3,0xd5,0x82,0xc8,0x0b,0xc2,0xcb,0xeb,0x04,0x62},
642 {0xc5,0x2e,0xde,0x8f,0x68,0xb3,0x98,0x38,0x83,0x34,0x44,0x25,0x2c,0xb6,0x4f,0x73},
643 {0x94,0x53,0x95,0x11,0x88,0x67,0x56,0x53,0x13,0xa2,0x66,0x98,0xb9,0x5f,0x1e,0x3e},
644 {0xc3,0xac,0x62,0x96,0xff,0x90,0xf0,0x9b,0xf1,0x82,0xfb,0x81,0xf8,0x65,0x00,0xda},
645 {0x92,0x72,0xf9,0x8c,0xfe,0x35,0x00,0x00,0xd6,0xbc,0xaf,0x30,0x63,0x74,0x72,0x98},
646 {0x36,0x9a,0xaa,0x6a,0x97,0x3d,0x0f,0x76,0x32,0x1c,0x53,0x2d,0xed,0xb3,0xbf,0xc6},
647 {0x73,0x02,0x4e,0x7c,0x99,0x8b,0x3d,0xdd,0x24,0x4c,0xfd,0x31,0x3d,0x5e,0x43,0xb6},
648 {0xd7,0xfb,0x96,0xe0,0x29,0x1e,0xbe,0x3e,0x01,0x5e,0x93,0xe5,0x86,0xcf,0xc7,0xd1},
649 {0xb0,0x1d,0x8c,0x6f,0x2d,0x53,0x73,0xea,0xbf,0x0c,0x00,0x31,0x9e,0x92,0xae,0x95},
650 {0xd7,0x06,0x98,0xd2,0x7e,0x7c,0xfa,0xfd,0x81,0x8d,0xe7,0xe2,0xea,0x31,0x9f,0x7f},
651 {0x96,0x43,0x10,0xa7,0xec,0x83,0x47,0x6c,0xcd,0x99,0xd8,0x89,0x63,0x6a,0xc2,0xba},
652 {0x54,0x17,0x57,0xb5,0x43,0x6f,0x1d,0x0b,0x3e,0xea,0x7d,0xce,0x49,0x8f,0x8a,0x0a},
653 {0x89,0x86,0xa0,0xfc,0x6f,0xd1,0xe6,0x1b,0xef,0x2f,0xc7,0x45,0x64,0xa7,0x0b,0x18},
654 {0x57,0x38,0x70,0x4f,0x75,0xa3,0xff,0x3b,0x86,0xa6,0x0a,0x55,0x96,0xed,0x09,0xb3},
655 {0x09,0xe1,0xc3,0xd2,0x6b,0xaf,0x74,0xe6,0xf9,0xa1,0x2f,0x9f,0x3f,0x2d,0xe9,0xa5},
656 {0x81,0xf7,0xb1,0x28,0xcd,0x71,0xbd,0x1a,0x59,0x50,0x74,0x45,0x00,0xc7,0x25,0xd4},
657 {0x26,0xc6,0x83,0xa0,0x88,0x71,0x2b,0x79,0x3f,0xf4,0x1d,0x8a,0x0c,0x0e,0xc0,0x45},
658 {0xd0,0x37,0xe2,0x1b,0x2f,0xe6,0xf1,0x9c,0x00,0x74,0x6e,0xb5,0xd6,0x32,0x9a,0xa2},
659 {0x06,0xdb,0x21,0x87,0x57,0x84,0xe5,0x35,0x6a,0x5b,0x97,0x99,0x15,0x0f,0x84,0x4c},
660 {0x2b,0x33,0xcb,0x52,0xae,0xff,0xb2,0x2e,0x23,0x30,0x9d,0x8b,0xc1,0x97,0x66,0x85},
661 {0xb9,0xb4,0x53,0x1c,0xf7,0x1c,0xb2,0x60,0x72,0x8e,0x42,0x43,0x85,0xcd,0x5c,0x7e},
662 {0xc4,0xfb,0xd4,0xa1,0x4c,0x59,0x5a,0xdf,0xb3,0xd2,0x44,0xfd,0x6d,0x46,0x9a,0x53},
663 {0xe6,0x56,0xed,0x4a,0xa2,0x98,0xed,0xb4,0x91,0xb0,0xb7,0x20,0x86,0x8a,0x11,0x2b},
664 {0x75,0x07,0x6e,0xc6,0xa2,0x1d,0x7e,0x4d,0xa8,0x7a,0x30,0x4e,0x9e,0xdd,0x02,0x62},
665 {0x27,0xdf,0x84,0xc1,0x2b,0xf8,0x37,0xac,0x68,0x1f,0xfd,0x26,0x63,0x93,0x88,0xf7},
666 {0x94,0xc7,0x5f,0x32,0xf1,0x00,0xa3,0xc3,0x2d,0x47,0xd0,0x1a,0xa9,0x8c,0xf9,0xa8},
667 {0x83,0x51,0x2c,0xc6,0x89,0x5b,0x44,0x15,0x14,0xa0,0xa4,0x15,0xf3,0x14,0x2a,0x6c},
668 {0x37,0x47,0xfe,0x8b,0x81,0xcb,0x6e,0x65,0x29,0x87,0x2d,0xe5,0x07,0x5c,0x3b,0xcb},
669 {0x33,0x87,0x0a,0xc7,0x1c,0x7a,0x8e,0xc6,0x68,0xcd,0x68,0x65,0xb1,0x15,0x84,0xb6},
670 {0x8a,0xa4,0x4a,0x11,0x84,0xdc,0x25,0xf9,0xa5,0x44,0x2c,0xd6,0xe1,0x39,0x16,0x5d},
671 {0xdc,0x7e,0x23,0xb3,0x8c,0x34,0xea,0x5c,0xd1,0x24,0xc6,0x74,0x00,0x46,0xd4,0x3c},
672 {0xdb,0x8f,0x84,0x41,0x38,0x05,0x89,0xf4,0x49,0xef,0xb9,0xe8,0xf0,0x8e,0x21,0x0c},
673 {0x86,0x63,0x3b,0x95,0x72,0x80,0xbc,0x65,0xa5,0xad,0xfd,0x1d,0x15,0x3b,0xde,0x52},
674 {0xb0,0x62,0x55,0xfa,0xe2,0x88,0xba,0xa6,0x6c,0x83,0xcb,0xf0,0x3f,0x5d,0x16,0x09},
675 {0x1a,0x07,0xd8,0xd6,0xdd,0xc7,0xe6,0x23,0xe7,0x12,0x05,0x07,0x4a,0x05,0xce,0xa2},
676 {0x97,0x00,0x4b,0x3d,0x85,0x6f,0x36,0x2c,0x3d,0x7c,0xd6,0x46,0xf6,0x05,0xcf,0xa5},
677 {0x2c,0xd3,0xaa,0x47,0x3e,0x64,0x48,0x1a,0xbd,0x68,0xe0,0xb1,0x0d,0x28,0x70,0xdf},
678 {0x3e,0x83,0x78,0xf1,0xe2,0x48,0x4c,0xe2,0x31,0x91,0x06,0x16,0xe4,0xb9,0x10,0x30},
679 {0xd4,0x48,0x44,0xe3,0x38,0xa1,0x02,0x53,0x6c,0x0c,0x23,0x8f,0x76,0xe0,0x7e,0xd2},
680 {0xed,0x52,0x13,0x57,0xb7,0x34,0x2f,0xb6,0xb5,0x6e,0x6b,0x7e,0x03,0xec,0xec,0x21},
681 {0x7f,0x3d,0x39,0x52,0x19,0xc7,0xb9,0xb8,0xc6,0x0e,0x4f,0x52,0xd9,0x33,0x50,0xb2},
682 {0xbe,0x69,0x1e,0x23,0x68,0x70,0xd9,0x01,0x4e,0xda,0x67,0xd3,0x9b,0x3f,0x80,0xa9},
683 {0x4b,0xf3,0x02,0x0d,0x00,0xff,0xb8,0x31,0xf3,0x8a,0xf3,0x1e,0x26,0xb9,0x04,0x9a},
684 {0x44,0x0e,0xea,0x70,0x5a,0x9f,0x79,0x15,0x35,0x60,0xbf,0xc4,0x4a,0x13,0x5d,0x99},
685 {0xe9,0x92,0x00,0x82,0x28,0x03,0xad,0x53,0x65,0x27,0xb5,0x90,0x4d,0xac,0x04,0x6f},
686 {0x63,0xf8,0x79,0x61,0x7a,0x3d,0x48,0xc0,0xc9,0x39,0x06,0xb6,0xa5,0xc9,0x99,0x8f},
687 {0xd6,0xbe,0x78,0x3f,0x1f,0x34,0x35,0x79,0x63,0x0a,0xa4,0xbe,0x60,0xc8,0xb4,0xc8},
688 {0xbb,0x83,0x3b,0x51,0xa8,0x2f,0x7e,0xb9,0xab,0x5c,0xff,0x4b,0x6f,0x0a,0x58,0x9e},
689 {0x85,0x36,0x66,0x57,0x3c,0xdb,0xc6,0x80,0x74,0x0c,0xad,0x26,0x25,0x05,0x4a,0x22},
690 {0xd6,0x2c,0x3d,0x36,0xc3,0xa9,0xa5,0xd8,0xcf,0xcb,0x76,0x0d,0x5b,0xcb,0xb1,0xf2},
691 {0x46,0x0c,0x33,0x8e,0x89,0xba,0xa1,0x45,0x26,0x1f,0x2a,0x06,0x6c,0x56,0x86,0x2e},
692 {0x5d,0x27,0x8c,0x8f,0xcd,0x78,0x9e,0xda,0x9d,0xef,0x09,0x6c,0x91,0xe1,0x15,0xe1},
693 {0xcb,0xae,0xad,0xd5,0x76,0x4b,0x56,0x91,0xa1,0xb0,0xef,0x87,0xae,0x2b,0xb7,0xc6},
694 {0x33,0x1e,0x3c,0x0b,0x5b,0x8e,0xd3,0xac,0xbf,0x72,0x7a,0x27,0x4c,0xf9,0xd4,0x32},
695 {0xe5,0x66,0xe1,0x8a,0x28,0xc6,0xc4,0x4c,0xb1,0x29,0x55,0x23,0x9a,0x38,0x08,0xe3},
696 {0x51,0x68,0xf4,0x42,0xbd,0xd4,0xc4,0x24,0x95,0xdb,0xb1,0xd5,0xaf,0x23,0xf5,0xf1},
697 {0xb8,0x05,0x89,0x79,0xa8,0x42,0x6d,0x1b,0xbc,0x23,0x3d,0xa0,0xf7,0x6d,0x59,0x88},
698 {0x88,0x60,0xfc,0xbf,0xda,0x75,0xf4,0x3e,0x6f,0x9a,0x1c,0x57,0x6b,0x27,0x23,0x3a},
699 {0x39,0x83,0xdf,0x8b,0x4f,0xc3,0x30,0xb5,0x87,0x32,0x9f,0x62,0xab,0x8a,0xbb,0x13},
700 {0x79,0xc8,0xe8,0xb7,0xde,0x36,0x53,0x9f,0xfc,0x4b,0x2b,0x58,0x25,0x30,0x53,0x24},
701 {0x06,0xcb,0xb1,0xcc,0x51,0x15,0x6c,0x6d,0x46,0x5f,0x14,0x82,0x94,0x53,0xdd,0x68},
702 {0x51,0x49,0xe0,0xbb,0xa2,0xc4,0x69,0x3b,0xde,0xe4,0xfe,0x90,0xc1,0x22,0x76,0x27},
703 {0xf8,0xe5,0xe0,0xe2,0x02,0x50,0x9a,0x1a,0x21,0x7e,0x72,0x2f,0x14,0xd9,0x0e,0xf2},
704 {0x8b,0x10,0x97,0x63,0xa2,0xc5,0x2b,0x0f,0x86,0x04,0x6d,0x18,0xf1,0xba,0x97,0x81},
705 {0x49,0x68,0xf4,0xbd,0x42,0x6a,0x68,0xfa,0xd9,0xde,0x67,0x63,0x9c,0xcc,0x63,0x9a},
706 {0x09,0xf7,0x2a,0x16,0xcf,0x28,0xd8,0x20,0xb5,0x34,0x8f,0x22,0x9e,0x1b,0x9e,0x51},
707 {0x39,0x1d,0xde,0x64,0x85,0x6b,0xee,0xe6,0x9d,0x3b,0x39,0x16,0xcc,0x9a,0x00,0xdb},
708 {0x50,0x6f,0xc2,0xc4,0x67,0x9a,0x8f,0x41,0x07,0x19,0x85,0x1b,0xa5,0xaf,0x10,0x6c},
709 {0xfa,0x8d,0x23,0xab,0x7f,0x1d,0x4e,0x6b,0xbf,0xd5,0x1b,0x11,0x23,0x62,0x8b,0xe0},
710 {0xb0,0xf8,0x09,0xbe,0x90,0xab,0xad,0xb2,0x49,0x64,0x5b,0x46,0x33,0x4d,0x46,0xcf},
711 {0x35,0xab,0x29,0xcc,0x8d,0xd8,0xf9,0x5a,0x04,0x75,0x16,0xec,0xbe,0x30,0xa0,0x4f},
712 {0x95,0x59,0xb1,0x04,0x8c,0xcd,0x7f,0xf7,0xbe,0x62,0xb7,0xad,0xc2,0x3c,0xd4,0xf2},
713 {0x64,0xb2,0xfd,0xad,0x1c,0xd1,0xc7,0xcb,0x5a,0x07,0x87,0x4e,0x50,0xc8,0x44,0xf7},
714 {0x2b,0x37,0x47,0x59,0x3e,0x64,0xf7,0xf2,0xfc,0x71,0x37,0x6e,0x94,0x11,0x86,0xd5},
715 {0x94,0xcf,0xf9,0x1e,0x95,0x05,0xcb,0xfc,0x51,0x6c,0xcc,0x58,0xd6,0x7e,0x5c,0x5d},
716 {0x90,0x59,0x1a,0x1f,0xb8,0x9f,0x19,0x3e,0x47,0x5f,0x65,0xe8,0xbf,0x00,0x8e,0x4c},
717 {0xe7,0xd6,0x44,0x11,0xac,0x8d,0xc6,0x4c,0x98,0xaa,0x3b,0x50,0x2f,0xe9,0x11,0x37},
718 {0x41,0x5c,0xa8,0xd0,0xe2,0x87,0x10,0x04,0x51,0xc5,0x8e,0xa6,0xf1,0xa9,0xbe,0xb6},
719 {0x3f,0x1b,0x34,0xf0,0x9f,0x8b,0x4a,0x1e,0xad,0xb4,0x90,0xbe,0x47,0xa8,0xd0,0x62},
720 {0x89,0xdb,0xb9,0x5e,0x30,0xdd,0x1f,0xe8,0x37,0xed,0xc5,0x05,0x89,0x7b,0x65,0x02},
721 {0xa4,0x13,0xd7,0x25,0xf5,0x67,0xfa,0xc9,0x93,0x74,0xa6,0x89,0xb6,0xce,0xd8,0x68},
722 {0x8c,0xdd,0xef,0x7b,0x6b,0x7d,0x7c,0xc9,0x2f,0x87,0xee,0x79,0x98,0x10,0x13,0xc1},
723 {0x07,0xfc,0x7a,0x1e,0x11,0x5e,0x83,0xee,0x65,0xd5,0x8d,0x3d,0x81,0x9a,0xb4,0x1e},
724 {0x64,0xdc,0x17,0x7e,0x6d,0xf5,0x33,0x40,0x1e,0x74,0xff,0xe8,0xce,0x4a,0x9f,0x40},
725 {0x81,0x94,0xde,0x4d,0xbc,0xc9,0xe6,0x18,0x00,0x5e,0x5d,0x50,0x27,0x9f,0xfd,0xe9},
726 {0xfd,0x3e,0x6f,0x62,0xbe,0x93,0xf5,0x2a,0x34,0x39,0x67,0x47,0x7a,0x3c,0xe8,0x95},
727 {0xb7,0x28,0x7e,0x92,0x5d,0xae,0x57,0x1c,0xb5,0x3a,0xbb,0xa8,0x1c,0xd4,0x72,0x1b},
728 {0x1a,0xc1,0x24,0xbd,0xc1,0x67,0xce,0x45,0x55,0x50,0x40,0xe4,0xfe,0xc1,0x5a,0x85},
729 {0xe7,0x44,0xb2,0x33,0xa1,0xfb,0x1e,0x84,0x9b,0x58,0x73,0xca,0x2c,0x6d,0xcd,0x0b},
730 {0x96,0x17,0x8d,0x5a,0x67,0xb1,0x0a,0x91,0x62,0xb2,0x48,0x01,0x96,0x9f,0x21,0xf5},
731 {0x6b,0xcd,0x5f,0xf3,0x5a,0x6c,0x8f,0xbe,0xff,0x86,0x82,0x22,0xbf,0x93,0x93,0x3e},
732 {0x3f,0x2a,0x5e,0xd2,0x6d,0x98,0xd8,0x6b,0x0a,0xe7,0xe8,0x76,0x67,0x11,0xdb,0x80},
733 {0x7c,0x70,0x1a,0x08,0x98,0xd1,0xb2,0xbf,0xe9,0x10,0xde,0xb5,0xec,0x5f,0x90,0x95},
734 {0x4b,0x50,0x25,0xd8,0xdf,0xad,0x34,0x47,0xf1,0x47,0x41,0x9a,0x3f,0x91,0x56,0x1a},
735 {0x03,0x87,0x4a,0x58,0xe3,0x65,0xef,0x78,0x44,0xfb,0x92,0x42,0xb4,0x41,0xe9,0xea},
736 {0x94,0xaf,0xcb,0xaa,0xa3,0x65,0x5c,0xb1,0x4e,0x34,0xc9,0x2b,0xdd,0xa3,0xf7,0x86},
737 {0x13,0x22,0x01,0xd8,0x0c,0x07,0xe9,0xe2,0x99,0xb5,0x3b,0xc3,0x52,0xca,0x15,0x3b},
738 {0xc5,0x7f,0x2c,0x1e,0xc6,0xb1,0x34,0x9c,0x6a,0x7e,0x92,0x04,0x43,0xac,0x5e,0x3a},
739 {0x2d,0x2b,0xd9,0x79,0x3e,0xde,0x74,0x82,0x05,0x8d,0xb6,0xf7,0xdf,0xb1,0x25,0x90},
740 {0x6f,0xf9,0xc0,0x8b,0xfc,0x8c,0x81,0xe7,0x05,0x1e,0x07,0xef,0x4f,0xe7,0x26,0x7f},
741 {0x3a,0xa3,0x46,0xa0,0xa7,0xbb,0x0c,0x3d,0xce,0x13,0x16,0x19,0xb5,0x22,0x5d,0x8f},
742 {0x89,0xe6,0xdd,0xfa,0x63,0x34,0xd3,0x32,0xdd,0x7f,0x98,0x48,0xee,0xd8,0x2d,0xf5},
743 {0xed,0xd4,0xae,0x23,0xa3,0x34,0x95,0xcc,0x5d,0x77,0xae,0x7b,0xa7,0x99,0xc0,0x44},
744 {0xe4,0x19,0x5f,0x34,0xb8,0x7b,0x27,0xef,0x7e,0x24,0x45,0x67,0x01,0x84,0xb0,0xe9},
745 {0x8f,0x1a,0xf7,0xa6,0xb8,0xd3,0x3a,0x34,0x05,0xcb,0xd4,0x50,0xbd,0x13,0xad,0x75},
746 {0x67,0xd9,0xb8,0x1d,0xe5,0x2d,0x00,0x80,0x0a,0x41,0x9b,0x1f,0x0c,0xe7,0x2b,0x8a},
747 {0x18,0x09,0x91,0xac,0x8e,0xf5,0xbe,0x23,0x5f,0x14,0x5d,0xfb,0xf1,0xc1,0xe1,0x0f},
748 {0x24,0x70,0x94,0xde,0x01,0x5a,0xb4,0xd7,0x66,0xe2,0x09,0x1e,0x4d,0x28,0xfd,0xde},
749 {0x90,0x5d,0x96,0x0b,0xb9,0x2a,0x4e,0x49,0xd9,0xda,0xb2,0xba,0x00,0x85,0x0e,0x3e},
750 {0xce,0x48,0x54,0xb3,0x78,0xd4,0xc3,0xda,0xf0,0x96,0xa5,0xaf,0x24,0x67,0x47,0x6c},
751 {0xd7,0xf6,0x3e,0xf0,0x30,0x80,0x17,0x2a,0xd4,0x18,0x2c,0x6d,0xe1,0x18,0x54,0x19},
752 {0x1b,0x95,0x59,0x42,0x14,0x96,0x53,0xee,0xc3,0xf4,0xf0,0x94,0xfa,0x96,0x14,0xbe},
753 {0x4e,0xa9,0x43,0x41,0xaa,0x3f,0x59,0x09,0x10,0xc7,0x5d,0xca,0x63,0x2b,0x40,0x36},
754 {0x1b,0x67,0x00,0xb7,0xc6,0x1d,0x0b,0xe5,0x25,0x47,0xdb,0x19,0x19,0xb7,0xcc,0x0e},
755 {0x9b,0x2a,0x3b,0xaa,0xaa,0x00,0x5c,0xa4,0x8b,0xd1,0x39,0xc3,0xa4,0xb1,0xb9,0x39},
756 {0x88,0x6b,0x5a,0x1e,0x93,0x22,0x84,0xed,0x20,0x37,0x9d,0x37,0xf7,0xef,0x7a,0xa6},
757 {0x89,0x1e,0x8a,0xa7,0x40,0xe0,0x41,0xad,0xe3,0xa2,0xd2,0x20,0x9f,0x0f,0x6c,0x7e},
758 {0xb7,0x76,0x75,0x39,0x44,0x08,0x68,0x9d,0xb4,0xb0,0xb7,0x84,0x94,0x5c,0x0f,0xea},
759 {0xd6,0x32,0x73,0x2d,0xa5,0x5e,0x9a,0xc7,0x7f,0xfa,0xb9,0x46,0x11,0x35,0x8b,0x9d},
760 {0x12,0xf7,0x4f,0x60,0x7b,0x9a,0xdd,0x06,0x20,0x35,0x31,0xfa,0x47,0xfc,0x03,0xd6},
761 {0xc4,0x9b,0x60,0x13,0xc5,0x48,0xcc,0xdc,0x49,0x58,0x0a,0x79,0x55,0xfc,0x2a,0x7e},
762 {0x53,0x1d,0x22,0x6b,0x47,0x88,0x72,0xbd,0x69,0xc0,0xa6,0x5a,0x36,0x4e,0xb0,0x8c},
763 {0x53,0x82,0xcd,0x4c,0xfc,0xe9,0x97,0xc1,0xf4,0x55,0x5f,0x1a,0x08,0x04,0x4d,0x07},
764 {0x10,0x37,0x4c,0x98,0x9e,0x1d,0xf5,0x58,0x53,0x15,0x20,0x71,0x06,0x3e,0x3a,0x73},
765 {0x6c,0x12,0xb4,0x08,0xf7,0xf1,0x6d,0x2c,0x71,0x6b,0x67,0x02,0xd0,0x55,0x7b,0xcd},
766 {0x34,0xd5,0xd1,0x5d,0x36,0x44,0xf5,0x0e,0x0b,0x3e,0xea,0xf0,0x76,0xb5,0xe9,0xee},
767 {0xc8,0xa1,0x0c,0xf3,0x34,0xc2,0xae,0x63,0x60,0xb5,0xa3,0x0b,0x3d,0x86,0x41,0x7d},
768 {0xa3,0xdc,0x0f,0x15,0x87,0x65,0x4d,0x4b,0xc5,0x12,0x0f,0x91,0x49,0x64,0xdb,0x48},
769 {0xee,0x4d,0xcf,0xf5,0x83,0xab,0xba,0x8e,0xec,0x61,0x6e,0xaa,0x11,0x1f,0x86,0x0a},
770 {0xc3,0x10,0xca,0x83,0x40,0x19,0xf9,0xac,0xa7,0xce,0xad,0x19,0x75,0xc9,0x50,0xb5},
771 {0x79,0x89,0x76,0xb4,0x17,0x6e,0x91,0x66,0xc9,0xdf,0x6b,0xaf,0x07,0xdb,0x4c,0x85},
772 {0xf8,0x4e,0x88,0x6c,0xbc,0x5c,0xc3,0x24,0x27,0x16,0xf1,0xcf,0xb0,0x23,0x93,0xf3},
773 {0x79,0x51,0x2f,0x7c,0xd7,0x0c,0xe4,0xd7,0xb9,0x2e,0x0c,0x65,0xbd,0xda,0xae,0xa4},
774 {0xdb,0xea,0xda,0xdd,0x40,0x68,0x2f,0xb5,0x5d,0x81,0x84,0xfe,0x00,0x73,0xa2,0xd9},
775 {0xf5,0x88,0x10,0x6b,0xaf,0x63,0xc5,0x70,0x11,0xd4,0x63,0x93,0x58,0x71,0xba,0x1c},
776 {0x6f,0xed,0x44,0x67,0x7e,0x59,0x37,0xdc,0xda,0x85,0x57,0x9f,0xc9,0xdd,0x0e,0xb5},
777 {0x32,0x97,0x51,0x8c,0x51,0xd4,0x64,0x5a,0x73,0x50,0xfb,0x90,0xb9,0x3c,0x2d,0xd8},
778 {0xe5,0x08,0x0a,0x59,0xb3,0xc4,0xfc,0x10,0x15,0x38,0x35,0xdd,0x45,0xdc,0x55,0x52},
779 {0xfe,0xd3,0x7d,0xda,0xbb,0xb0,0xf5,0x07,0x05,0x1f,0x8d,0x86,0x46,0xf1,0x69,0x43},
780 {0xd1,0x60,0x46,0xdc,0x2e,0x78,0xcf,0x18,0xce,0xe0,0x1f,0x1d,0x97,0x0e,0xe4,0xb1},
781 {0x10,0xb0,0xec,0x09,0xea,0x45,0xe9,0xd1,0xd1,0xf8,0x73,0x72,0xe2,0xd4,0xc6,0x4a},
782 {0xf0,0x66,0x18,0xb2,0x79,0x00,0xab,0x31,0x5c,0x8a,0x24,0x6d,0x3c,0xfd,0x11,0x06},
783 {0xaf,0x77,0x28,0xb1,0x4d,0x47,0xa6,0xff,0x74,0x30,0x80,0x74,0xe6,0x7b,0x75,0xdc},
784 {0xab,0x9f,0xfc,0xb0,0xf7,0xc3,0xe2,0xb6,0xaa,0x06,0x32,0xde,0xe9,0x7f,0xf0,0x4e},
785 {0x67,0x91,0x59,0x6f,0x76,0x99,0x7f,0xe1,0xec,0x23,0x53,0xd3,0x21,0xe4,0x3a,0x4a},
786 {0xc2,0xfd,0x99,0x93,0x4b,0x0d,0x76,0x77,0x10,0xd1,0x03,0x9e,0x35,0xec,0xaf,0xc4},
787 {0x2c,0x26,0x15,0x2c,0xf9,0x93,0x38,0x9b,0x02,0x69,0xe5,0xf5,0xb7,0x63,0xc8,0x7d},
788 {0x97,0x6e,0x07,0x58,0xc6,0x22,0x62,0xf5,0x9e,0x97,0xf4,0x20,0x33,0xdc,0x8e,0x1d},
789 {0x8b,0x74,0x09,0xd0,0x97,0x91,0x51,0x4d,0x21,0xd4,0xa6,0xf6,0x91,0xeb,0x76,0x58},
790 {0x0c,0x01,0xdf,0x15,0xc2,0x9d,0xb4,0x8e,0xe2,0xc5,0xf1,0xda,0x3d,0xab,0x74,0x6d},
791 {0xa1,0x79,0x93,0x3b,0x61,0xe9,0x0e,0x45,0xf1,0x32,0xec,0x17,0x80,0x34,0x8f,0x8b},
792 {0x41,0x7d,0x99,0xce,0xab,0xbc,0x1a,0xad,0xe3,0x58,0xbf,0x53,0xe1,0x92,0xa6,0xb4},
793 {0xd6,0xf3,0x71,0x0a,0x57,0xac,0x0d,0xa9,0xae,0x72,0xf4,0xb8,0x29,0xbd,0x5f,0xe5},
794 {0xa0,0xae,0x10,0xca,0x41,0x0d,0x93,0x32,0x9b,0x19,0xb7,0x65,0x5a,0xa3,0x18,0xed},
795 {0x91,0xd0,0xa3,0x45,0x4e,0x9d,0xfc,0xeb,0xc4,0xa0,0x3d,0x4c,0xc6,0x67,0x62,0x3b},
796 {0x5a,0xa1,0xa1,0x13,0x62,0x69,0x19,0xbb,0x5b,0x62,0x37,0x08,0xc5,0xb2,0x34,0xca},
797 {0xd1,0x0c,0x08,0x0d,0xdf,0x1e,0xca,0xda,0x21,0xa0,0xb9,0xdd,0x4e,0x40,0x17,0x1c},
798 {0x0f,0x87,0x02,0x6f,0x9f,0x9e,0xa5,0xaa,0x24,0xda,0x79,0x18,0x4e,0x46,0xbe,0x95},
799 {0x54,0x32,0xfc,0x98,0x14,0x18,0x83,0xf7,0x80,0x89,0x7b,0xc8,0x29,0xeb,0x90,0x80},
800 {0x57,0x44,0x26,0xc4,0x44,0x01,0x25,0x44,0x6f,0xd2,0xd3,0x04,0xcf,0x13,0x37,0x99},
801 {0x70,0x71,0x2d,0x06,0x80,0x6d,0x26,0x93,0x60,0x7d,0xf9,0x69,0x79,0xa3,0x95,0xf2},
802 {0x0f,0xac,0x31,0x7d,0xd9,0xf9,0x58,0xce,0xac,0x7f,0x42,0xad,0x3c,0xde,0x3e,0x3e},
803 {0x23,0x30,0x77,0xd9,0xfd,0x64,0xf6,0xa7,0xff,0x4b,0xad,0x3f,0xa9,0x61,0xd1,0x4d},
804 {0x38,0x68,0x36,0x7a,0xd1,0x7a,0x77,0x07,0xed,0x7e,0x19,0xb3,0x71,0x56,0x7e,0xdb},
805 {0x0a,0x75,0x86,0x4a,0x93,0xb8,0xaf,0x71,0x09,0xae,0xa3,0x57,0xcc,0x45,0xb6,0x38},
806 {0xed,0x15,0xbc,0xce,0x02,0x64,0x46,0x8a,0x58,0xc2,0xef,0xdb,0xc4,0x57,0xa6,0x0f},
807 {0xd9,0x13,0xc8,0xae,0xf9,0x7a,0xc7,0x62,0x66,0x4f,0xe0,0x91,0xab,0xdb,0x0b,0x5b},
808 {0xa2,0xcb,0xd5,0x32,0xed,0x71,0x07,0x63,0x25,0x59,0xfb,0x06,0xfa,0xb0,0xbd,0x70},
809 {0x6e,0x23,0x5e,0x65,0x9c,0xc6,0xcd,0x89,0xba,0x68,0xa2,0x92,0x28,0xb3,0x74,0x10},
810 {0x50,0x0d,0x88,0x2a,0x93,0x19,0x9b,0xf0,0x97,0x0e,0x96,0x62,0xbe,0x94,0x6d,0x02},
811 {0x0c,0xc7,0x0a,0xc8,0xb1,0xad,0xbf,0xda,0xce,0x8b,0x51,0x34,0x16,0x85,0x8a,0xf2},
812 {0xff,0x78,0x96,0x32,0xb8,0xd4,0xae,0xcd,0x94,0xa0,0xaa,0xb3,0x30,0x74,0xa0,0x58},
813 {0x8a,0xd2,0x35,0xc1,0x09,0x65,0x23,0x39,0xbd,0xea,0x3a,0xc8,0x32,0x55,0xb2,0x88},
814 {0x45,0xcf,0x0b,0x3f,0x9d,0xa8,0xd2,0x17,0x6e,0x5c,0x53,0x0c,0xe2,0xa7,0x4e,0xe6},
815 {0xec,0x35,0x8a,0x4b,0xaa,0x38,0x45,0xeb,0x24,0xaf,0x6c,0x0c,0x34,0xef,0xb2,0xeb},
816 {0x73,0xfd,0xd6,0xc7,0x65,0x3c,0xde,0xdc,0x9a,0xda,0x88,0xc8,0xe9,0x7e,0x5e,0x77},
817 {0xf0,0x88,0x2a,0x36,0x10,0xa5,0xe8,0x5f,0x8a,0x17,0x49,0xb9,0x77,0x9d,0xb7,0x3c},
818 {0xfe,0x73,0x90,0xdb,0x0d,0x7f,0x6c,0x64,0xba,0x20,0xfa,0xb8,0x98,0x6b,0x07,0xac},
819 {0x87,0x07,0x70,0x09,0xd7,0x96,0xf7,0x0f,0xc1,0x79,0xf3,0x98,0xbc,0x94,0x7a,0x0d},
820 {0x44,0x08,0x71,0x99,0x1c,0xf0,0x1e,0x3d,0x7f,0x58,0xc4,0x5e,0x20,0x3e,0xa5,0xed},
821 {0x64,0xd2,0x35,0x96,0x94,0x7a,0xe5,0x1a,0xcb,0xc8,0xa2,0x4f,0xaf,0x22,0xd4,0x83},
822 {0x8b,0x01,0x1d,0xaa,0x9f,0x3b,0x72,0xda,0x93,0x67,0x03,0x6c,0x8a,0x89,0xe8,0x0d},
823 {0x61,0xd3,0x0f,0x6b,0x8a,0x2a,0x10,0x3d,0xcf,0x37,0x1d,0xa4,0xc0,0x04,0x60,0x02},
824 {0x66,0xe4,0x6e,0x5b,0x8d,0x57,0x42,0x81,0xc9,0x35,0xe6,0x34,0x03,0x8e,0x87,0x7b},
825 {0xf8,0x4b,0x75,0xfc,0xe8,0xbd,0x1f,0xf1,0x3f,0xa0,0x79,0xcc,0x39,0xd4,0x51,0x64},
826 {0x62,0xf0,0x91,0x47,0xb1,0xac,0x01,0x4d,0x88,0x92,0xc0,0xf8,0x29,0x4d,0x0b,0x66},
827 {0xe7,0xf5,0x86,0x83,0x06,0x61,0x12,0xdc,0x5e,0xb2,0x44,0xfc,0xf2,0x08,0xe8,0x50},
828 {0x97,0x0c,0x55,0xe7,0x2e,0x6a,0x7b,0xfc,0x51,0x12,0xd8,0xa0,0xb5,0x7f,0x2e,0x18},
829 {0x19,0xf1,0xf7,0xdf,0xba,0xfd,0xd3,0xf1,0x20,0x75,0xb0,0xa2,0xfa,0x78,0x84,0x8d},
830 {0x9e,0xaf,0xe6,0xd3,0x83,0x69,0x72,0x39,0x64,0xbe,0x9f,0x4f,0x19,0x8e,0x36,0x16},
831 {0x35,0x80,0x30,0xbc,0x92,0xa9,0x9b,0x61,0xe9,0x6a,0xee,0x63,0x0e,0x32,0xa9,0xc3},
832 {0x2e,0x34,0xe5,0x92,0xca,0xbd,0xe8,0x9b,0xde,0x01,0xe7,0xfb,0xd4,0x25,0xcc,0x93},
833 {0x83,0xef,0x75,0x79,0x05,0xde,0xcd,0x9f,0x97,0x3c,0x60,0x2f,0x4b,0x1e,0x1a,0x96},
834 {0x5b,0xec,0xea,0x91,0x8f,0x7a,0x1a,0xe9,0xe8,0xd7,0xc7,0xa4,0xc0,0x25,0x65,0xe1},
835 {0x32,0x50,0xb9,0xbe,0x0d,0xd0,0x0a,0x10,0x64,0xab,0xc9,0xbf,0xb3,0xba,0x56,0x92},
836 {0x31,0x4b,0xc4,0xfb,0x88,0x16,0x17,0xd7,0x5b,0x7f,0xcc,0x8a,0xbe,0xd1,0xf9,0x19},
837 {0x10,0x34,0x3e,0x96,0x72,0x69,0x92,0x7b,0x5d,0x8f,0x92,0xdc,0xae,0x4b,0xf6,0x55},
838 {0x65,0x7e,0xfa,0xec,0x2e,0xdf,0x76,0x0b,0x9d,0x59,0xe2,0xd0,0x0b,0x1b,0xb9,0x8a},
839 {0xb0,0x31,0x6b,0xd2,0x63,0xb0,0x28,0x79,0xb3,0x64,0x5f,0x45,0xdc,0x98,0x58,0xa0},
840 {0xed,0x1a,0x10,0x08,0x19,0x0a,0x5d,0x16,0x54,0xd1,0x38,0xeb,0x8f,0xd1,0x15,0x4a},
841 {0xad,0x7c,0x7f,0x0c,0xfe,0x66,0x6f,0xbe,0xde,0xf2,0x0a,0xa9,0x5f,0x22,0xf9,0x0b},
842 };
843
844 if (serial_number_.size() == kSerialBytes) {
845 for (unsigned i = 0; i < kNumSerials; i++) {
846 if (memcmp(kSerials[i], serial_number_.data(), kSerialBytes) == 0) {
847 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i, kNumSerials + 1);
848 return true;
849 }
850 }
851 }
852
853 // Special case for DigiNotar: this serial number had a leading 0x00 byte
854 static const uint8 kDigiNotarLeadingZero[15] = {
855 0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05
856 };
857
858 if (serial_number_.size() == sizeof(kDigiNotarLeadingZero) &&
859 memcmp(serial_number_.data(), kDigiNotarLeadingZero,
860 sizeof(kDigiNotarLeadingZero)) == 0) {
861 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", kNumSerials,
862 kNumSerials + 1);
863 return true;
864 }
865
866 return false;
867 }
868
869 // static
IsPublicKeyBlacklisted(const std::vector<SHA1Fingerprint> & public_key_hashes)870 bool X509Certificate::IsPublicKeyBlacklisted(
871 const std::vector<SHA1Fingerprint>& public_key_hashes) {
872 static const unsigned kNumHashes = 3;
873 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = {
874 // Subject: CN=DigiNotar Root CA
875 // Issuer: CN=Entrust.net x2 and self-signed
876 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,
877 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
878 // Subject: CN=DigiNotar Cyber CA
879 // Issuer: CN=GTE CyberTrust Global Root
880 {0xba, 0x3e, 0x7b, 0xd3, 0x8c, 0xd7, 0xe1, 0xe6, 0xb9, 0xcd,
881 0x4c, 0x21, 0x99, 0x62, 0xe5, 0x9d, 0x7a, 0x2f, 0x4e, 0x37},
882 // Subject: CN=DigiNotar Services 1024 CA
883 // Issuer: CN=Entrust.net
884 {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9,
885 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6},
886 };
887
888 for (unsigned i = 0; i < kNumHashes; i++) {
889 for (std::vector<SHA1Fingerprint>::const_iterator
890 j = public_key_hashes.begin(); j != public_key_hashes.end(); ++j) {
891 if (memcmp(j->data, kHashes[i], base::SHA1_LENGTH) == 0)
892 return true;
893 }
894 }
895
896 return false;
897 }
898
899 // static
IsSHA1HashInSortedArray(const SHA1Fingerprint & hash,const uint8 * array,size_t array_byte_len)900 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash,
901 const uint8* array,
902 size_t array_byte_len) {
903 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH);
904 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH;
905 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH,
906 CompareSHA1Hashes);
907 }
908
909 } // namespace net
910