Index: net/cert/internal/parse_ocsp.cc |
diff --git a/net/cert/internal/parse_ocsp.cc b/net/cert/internal/parse_ocsp.cc |
index 0243d9537b6216cdd4aa2854ee317f60a9bad2fa..32ef1aa23bab5b781ba3d0498d5a81b10f1a4395 100644 |
--- a/net/cert/internal/parse_ocsp.cc |
+++ b/net/cert/internal/parse_ocsp.cc |
@@ -529,4 +529,30 @@ bool GetOCSPCertStatus(const OCSPResponseData& response_data, |
return found; |
} |
+bool CheckOCSPDateValid(const OCSPSingleResponse& response, |
+ const base::Time& verify_time, |
+ const base::TimeDelta& max_age) { |
+ if (response.has_next_update && |
+ (response.next_update <= response.this_update)) { |
+ return false; |
+ } |
+ |
+ // Place |verify_time| in the bounds. |
+ der::GeneralizedTime verify_time_der = der::ConvertBaseUTCTime(verify_time); |
+ if (response.this_update > verify_time_der) { |
+ return false; |
+ } |
+ if (response.has_next_update && (response.next_update <= verify_time_der)) { |
+ return false; |
+ } |
+ |
+ // Enforce |max_age|. |
+ der::GeneralizedTime lower_bound = |
+ der::ConvertBaseUTCTime(verify_time - max_age); |
+ if (response.this_update < lower_bound) { |
+ return false; |
+ } |
+ return true; |
+} |
+ |
} // namespace net |