Revert 138795 - Revert "nss: revert encrypted and origin bound certificates support."

net/base/transport_security_state_static_generate.go

Index: net/base/transport_security_state_static_generate.go
===================================================================
--- net/base/transport_security_state_static_generate.go	(revision 138795)
+++ net/base/transport_security_state_static_generate.go	(working copy)
@@ -38,7 +38,7 @@
 	name         string
 	cert         *x509.Certificate
 	spkiHash     []byte
-	spkiHashFunc string  // i.e. "sha1"
+	spkiHashFunc string // i.e. "sha1"
 }
 
 // preloaded represents the information contained in the
@@ -59,7 +59,7 @@
 type hsts struct {
 	Name       string `json:"name"`
 	Subdomains bool   `json:"include_subdomains"`
-	Mode       string   `json:"mode"`
+	Mode       string `json:"mode"`
 	Pins       string `json:"pins"`
 	SNIOnly    bool   `json:"snionly"`
 }
@@ -283,13 +283,21 @@
 	if strings.HasSuffix(firstWord, ",") {
 		firstWord = firstWord[:len(firstWord)-1]
 	}
+	if strings.HasPrefix(firstWord, "*.") {
+		firstWord = firstWord[2:]
+	}
 	if pos := strings.Index(firstWord, "."); pos != -1 {
 		firstWord = firstWord[:pos]
 	}
 	if pos := strings.Index(firstWord, "-"); pos != -1 {
 		firstWord = firstWord[:pos]
 	}
-	if !strings.HasPrefix(v, firstWord) {
+	if len(firstWord) == 0 {
+		return errors.New("first word of certificate name is empty")
+	}
+	firstWord = strings.ToLower(firstWord)
+	lowerV := strings.ToLower(v)
+	if !strings.HasPrefix(lowerV, firstWord) {
 		return errors.New("the first word of the certificate name isn't a prefix of the variable name")
 	}
 
@@ -456,7 +464,7 @@
 		name += label
 		l += len(label) + 1
 	}
-	l += 1  // For the length of the root label.
+	l += 1 // For the length of the root label.
 
 	return name, l
 }