From 50ad3939242885b1a1a11688abd0c9756631747f Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 11 Apr 2014 10:22:14 -0400
Subject: Code to blacklist authority signing keys

(I need a list of actual signing keys to blacklist.)
---
 src/or/routerlist.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'src/or/routerlist.c')

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c39e362d..e993e138e 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -458,6 +458,28 @@ authority_cert_dl_failed(const char *id_digest, int status)
   download_status_failed(&cl->dl_status, status);
 }
 
+static const char *BAD_SIGNING_KEYS[] = {
+  "----------------------------------------",
+  NULL,
+};
+
+/** DOCDOC */
+int
+authority_cert_is_blacklisted(const authority_cert_t *cert)
+{
+  char hex_digest[HEX_DIGEST_LEN+1];
+  int i;
+  base16_encode(hex_digest, sizeof(hex_digest),
+                cert->signing_key_digest, sizeof(cert->signing_key_digest));
+
+  for (i = 0; BAD_SIGNING_KEYS[i]; ++i) {
+    if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) {
+      return 1;
+    }
+  }
+  return 0;
+}
+
 /** Return true iff when we've been getting enough failures when trying to
  * download the certificate with ID digest <b>id_digest</b> that we're willing
  * to start bugging the user about it. */
-- 
cgit v1.2.3