Don't disable extensions immediately if verification is out of date

chrome/browser/extensions/install_verifier.h

Index: chrome/browser/extensions/install_verifier.h
diff --git a/chrome/browser/extensions/install_verifier.h b/chrome/browser/extensions/install_verifier.h
index 522c508a0e5e4a6e971948c75fe628974f7274c7..21fea180d226ba0f0f1be2943ece8aaa5881fbf7 100644
--- a/chrome/browser/extensions/install_verifier.h
+++ b/chrome/browser/extensions/install_verifier.h
@@ -53,6 +53,9 @@ class InstallVerifier : public ManagementPolicy::Provider {
   // an initial one so that MustRemainDisabled can actually check against it.
   bool NeedsBootstrap();
 
+  // Returns the timestamp of our InstallSignature, if we have one.
+  base::Time signature_timestamp();

[Finnur, 2014/02/12 13:54:57]

Shouldn't this technically be SignatureTimestamp()?

[asargent_no_longer_on_chrome, 2014/02/12 16:27:56]

Yes, good catch. Fixed.

+
   // A callback for indicating success/failure of adding new ids.
   typedef base::Callback<void(bool)> AddResultCallback;
 
@@ -107,6 +110,10 @@ class InstallVerifier : public ManagementPolicy::Provider {
   // Returns whether the given |id| is included in our verified signature.
   bool IsVerified(const std::string& id) const;
 
+  // Returns true if the extension with |id| was installed later than the
+  // timestamp of our signature.
+  bool WasInstalledAfterSignature(const std::string& id) const;
+
   // Begins the process of fetching a new signature, based on applying the
   // operation at the head of the queue to the current set of ids in
   // |signature_| (if any) and then sending a request to sign that.