Provide method for returning certificate expiration timestamp.

webrtc/base/sslidentity.h

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 50 matching lines @@
 
   // Gets the name of the digest algorithm that was used to compute this
   // certificate's signature.
   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const = 0;
 
   // Compute the digest of the certificate given algorithm
   virtual bool ComputeDigest(const std::string& algorithm,
                              unsigned char* digest,
                              size_t size,
                              size_t* length) const = 0;
+
+  // Returns the time in milliseconds relative to epoch.

[hbos, 2015/11/25 15:21:45]

Is it unambiguous what "epoch" means? Could you write out the datetime and zone
in the comment?

[torbjorng (webrtc), 2015/11/25 19:14:09]

https://en.wikipedia.org/wiki/Unix_time

+  virtual int64_t CertificateExpirationTime() const = 0;
 };
 
 // SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
 // primarily to ensure proper memory management (especially deletion) of the
 // SSLCertificate pointers.
 class SSLCertChain {
  public:
   // These constructors copy the provided SSLCertificate(s), so the caller
   // retains ownership.
   explicit SSLCertChain(const std::vector<SSLCertificate*>& certs);
@@ skipping 80 matching lines @@
 // TODO(hbos): Remove once rtc::KeyType (to be modified) and
 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
 // appropriately we can change KeyType enum -> class without breaking Chromium.
 KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
 
 // Parameters for generating a certificate. If |common_name| is non-empty, it
 // will be used for the certificate's subject and issuer name, otherwise a
 // random string will be used.
 struct SSLIdentityParams {
   std::string common_name;
-  int not_before;  // offset from current time in seconds.
-  int not_after;   // offset from current time in seconds.
+  int not_before;      // Absolute time since epoch in seconds.
+  int not_after;       // Absolute time since epoch in seconds.

[hbos, 2015/11/25 15:21:45]

What happens at the wrap-around date (code using this)?

[torbjorng (webrtc), 2015/11/25 19:14:09]

I'll change this to time_t, which is more kosher (but still has problems after
2038 on older systems).

   KeyParams key_params;
 };
 
 // Our identity in an SSL negotiation: a keypair and certificate (both
 // with the same public key).
 // This too is pretty much immutable once created.
 class SSLIdentity {
  public:
   // Generates an identity (keypair and self-signed certificate). If
   // common_name is non-empty, it will be used for the certificate's
@@ skipping 34 matching lines @@
                               size_t length);
 };
 
 extern const char kPemTypeCertificate[];
 extern const char kPemTypeRsaPrivateKey[];
 extern const char kPemTypeEcPrivateKey[];
 
 }  // namespace rtc
 
 #endif  // WEBRTC_BASE_SSLIDENTITY_H_