Mark DigiNotar as untrusted

net/base/x509_certificate.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_X509_CERTIFICATE_H_
 #define NET_BASE_X509_CERTIFICATE_H_
 #pragma once
 
 #include <string.h>
 
@@ skipping 410 matching lines @@
   // NOTE: keep this method private, used by IsBlacklisted only.  To simplify
   // IsBlacklisted, we strip the leading 0 byte of a serial number, used to
   // encode a positive DER INTEGER (a signed type) with a most significant bit
   // of 1.  Other code must not use this method for general purpose until this
   // is fixed.
   const std::string& serial_number() const { return serial_number_; }
 
   // IsBlacklisted returns true if this certificate is explicitly blacklisted.
   bool IsBlacklisted() const;
 
+  // IsPublicKeyBlacklisted returns true iff one of |public_key_hashes| (which
+  // are SHA1 hashes of SubjectPublicKeyInfo structures) is explicitly blocked.
+  static bool IsPublicKeyBlacklisted(
+      const std::vector<SHA1Fingerprint>& public_key_hashes);
+
   // IsSHA1HashInSortedArray returns true iff |hash| is in |array|, a sorted
   // array of SHA1 hashes.
   static bool IsSHA1HashInSortedArray(const SHA1Fingerprint& hash,
                                       const uint8* array,
                                       size_t array_byte_len);
 
   // Reads a single certificate from |pickle| and returns a platform-specific
   // certificate handle. The format of the certificate stored in |pickle| is
   // not guaranteed to be the same across different underlying cryptographic
   // libraries, nor acceptable to CreateFromBytes(). Returns an invalid
@@ skipping 34 matching lines @@
   // (Marked mutable because it's used in a const method.)
   mutable base::Lock verification_lock_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_X509_CERTIFICATE_H_