Don't disable extensions immediately if verification is out of date

chrome/browser/extensions/install_signer.cc

Index: chrome/browser/extensions/install_signer.cc
diff --git a/chrome/browser/extensions/install_signer.cc b/chrome/browser/extensions/install_signer.cc
index 8e6da408cfe385614c3656a898b27f153c84560a..9078da395b667bfd9a30a1c28bc02e956f7c3de1 100644
--- a/chrome/browser/extensions/install_signer.cc
+++ b/chrome/browser/extensions/install_signer.cc
@@ -48,6 +48,7 @@ const char kInvalidIdsKey[] = "invalid_ids";
 const char kProtocolVersionKey[] = "protocol_version";
 const char kSaltKey[] = "salt";
 const char kSignatureKey[] = "signature";
+const char kTimestampKey[] = "timestamp";
 
 const size_t kSaltBytes = 32;
 
@@ -133,6 +134,8 @@ void InstallSignature::ToValue(base::DictionaryValue* value) const {
   base::Base64Encode(signature, &signature_base64);
   value->SetString(kSaltKey, salt_base64);
   value->SetString(kSignatureKey, signature_base64);
+  value->SetString(kTimestampKey,
+                   base::Int64ToString(timestamp.ToInternalValue()));
 }
 
 // static
@@ -152,6 +155,19 @@ scoped_ptr<InstallSignature> InstallSignature::FromValue(
     return result.Pass();
   }
 
+  // Note: earlier versions of the code did not write out a timestamp value
+  // so older entries will not necessarily have this.
+  if (value.HasKey(kTimestampKey)) {
+    std::string timestamp;
+    int64 timestamp_value = 0;
+    if (!value.GetString(kTimestampKey, &timestamp) ||
+        !base::StringToInt64(timestamp, &timestamp_value)) {
+      result.reset();
+      return result.Pass();
+    }
+    result->timestamp = base::Time::FromInternalValue(timestamp_value);
+  }
+
   const base::ListValue* ids = NULL;
   if (!value.GetList(kIdsKey, &ids)) {
     result.reset();
@@ -437,6 +453,7 @@ void InstallSigner::HandleSignatureResult(const std::string& signature,
     result->salt = salt_;
     result->signature = signature;
     result->expire_date = expire_date;
+    result->timestamp = base::Time::Now();

[Finnur, 2014/02/12 13:54:57]

The timestamp you want is when you sent the request, not when you received a
reply, right? What happens if an extension gets installed in between sending and
receiving a reply?

[asargent_no_longer_on_chrome, 2014/02/12 16:27:56]

This is technically correct about the timestamp, and I've fixed it to avoid any
future problems. 

(It turns out not to matter in the current code since the act of installing an
extension will trigger another signature request to be queued up). 

     bool verified = VerifySignature(*result);
     UMA_HISTOGRAM_BOOLEAN("ExtensionInstallSigner.ResultWasValid", verified);
     UMA_HISTOGRAM_COUNTS_100("ExtensionInstallSigner.InvalidCount",