Reland of Add CheckOCSPDateValid() to net/cert/internal

net/cert/internal/parse_ocsp.cc

Index: net/cert/internal/parse_ocsp.cc
diff --git a/net/cert/internal/parse_ocsp.cc b/net/cert/internal/parse_ocsp.cc
index 0243d9537b6216cdd4aa2854ee317f60a9bad2fa..21ce878b3cfc78b7b3f9a894850e6024eb579bf2 100644
--- a/net/cert/internal/parse_ocsp.cc
+++ b/net/cert/internal/parse_ocsp.cc
@@ -7,6 +7,7 @@
 #include "base/sha1.h"
 #include "crypto/sha2.h"
 #include "net/cert/internal/parse_ocsp.h"
+#include "net/der/encode_values.h"
 
 namespace net {
 
@@ -529,4 +530,28 @@ bool GetOCSPCertStatus(const OCSPResponseData& response_data,
   return found;
 }
 
+bool CheckOCSPDateValid(const OCSPSingleResponse& response,
+                        const base::Time& verify_time,
+                        const base::TimeDelta& max_age) {
+  der::GeneralizedTime verify_time_der;
+  if (!der::EncodeTimeAsGeneralizedTime(verify_time, &verify_time_der))
+    return false;
+
+  if (response.this_update > verify_time_der)
+    return false;  // Response is not yet valid.
+
+  if (response.has_next_update && (response.next_update <= verify_time_der))
+    return false;  // Response is no longer valid.
+
+  der::GeneralizedTime earliest_this_update;
+  if (!der::EncodeTimeAsGeneralizedTime(verify_time - max_age,
+                                        &earliest_this_update)) {
+    return false;
+  }
+  if (response.this_update < earliest_this_update)
+    return false;  // Response is too old.
+
+  return true;
+}
+
 }  // namespace net