Reland of Add CheckOCSPDateValid() to net/cert/internal

net/cert/internal/parse_ocsp.h

Index: net/cert/internal/parse_ocsp.h
diff --git a/net/cert/internal/parse_ocsp.h b/net/cert/internal/parse_ocsp.h
index b9052aee9f6df9c4e4797a928b5c7024a917ba4e..af5541d8785b565ce9f9da3c2ffb4097bda1830d 100644
--- a/net/cert/internal/parse_ocsp.h
+++ b/net/cert/internal/parse_ocsp.h
@@ -17,6 +17,10 @@
 #include "net/der/parser.h"
 #include "net/der/tag.h"
 
+namespace base {
+class Time;

[Lei Zhang, 2016/07/14 10:39:50]

Luckily, TimeDelta is declared somewhere.

[dadrian, 2016/07/14 17:37:29]

Done.

+}
+
 namespace net {
 
 // OCSPCertID contains a representation of a DER-encoded RFC 6960 "CertID".
@@ -278,6 +282,15 @@ NET_EXPORT_PRIVATE bool GetOCSPCertStatus(
     const der::Input& cert_tbs_certificate_tlv,
     OCSPCertStatus* out);
 
+// Returns true if |response|, a valid OCSP response with a thisUpdate field and
+// potentially a nextUpdate field, is valid at |verify_time| and not older than
+// |max_age|. Expressed differently, returns true if |response.thisUpdate| <=
+// |verify_time| < response.nextUpdate, and |response.thisUpdate| >=
+// |verify_time| - |max_age|.
+NET_EXPORT_PRIVATE bool CheckOCSPDateValid(const OCSPSingleResponse& response,
+                                           const base::Time& verify_time,
+                                           const base::TimeDelta& max_age);
+
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_PARSE_OCSP_H_