Add CheckOCSPDateValid() to net/cert/internal

net/cert/internal/parse_ocsp.h

Index: net/cert/internal/parse_ocsp.h
diff --git a/net/cert/internal/parse_ocsp.h b/net/cert/internal/parse_ocsp.h
index b9052aee9f6df9c4e4797a928b5c7024a917ba4e..ac9eabec49b3defe6ce23e348286ba337be436ad 100644
--- a/net/cert/internal/parse_ocsp.h
+++ b/net/cert/internal/parse_ocsp.h
@@ -17,6 +17,10 @@
 #include "net/der/parser.h"
 #include "net/der/tag.h"
 
+namespace base {
+class Time;
+}
+
 namespace net {
 
 // OCSPCertID contains a representation of a DER-encoded RFC 6960 "CertID".
@@ -278,6 +282,13 @@ NET_EXPORT_PRIVATE bool GetOCSPCertStatus(
     const der::Input& cert_tbs_certificate_tlv,
     OCSPCertStatus* out);
 
+// Checks that thisUpdate <= verify_time, and that verify_time <=
+// thisUpdate + max_age. If |response| has a nextUpdate, then this also enforces
+// that |verify_time| < nextUpdate.
+NET_EXPORT_PRIVATE bool CheckOCSPDateValid(const OCSPSingleResponse& response,
+                                           const base::Time& verify_time,
+                                           const base::TimeDelta& max_age);
+
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_PARSE_OCSP_H_