Provide method for returning certificate expiration timestamp.

webrtc/base/sslidentity.h

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 50 matching lines @@
 
   // Gets the name of the digest algorithm that was used to compute this
   // certificate's signature.
   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const = 0;
 
   // Compute the digest of the certificate given algorithm
   virtual bool ComputeDigest(const std::string& algorithm,
                              unsigned char* digest,
                              size_t size,
                              size_t* length) const = 0;
+
+  // Returns the time in milliseconds relative to epoch.
+  virtual int64_t CertificateExpirationTime() const = 0;
 };
 
 // SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
 // primarily to ensure proper memory management (especially deletion) of the
 // SSLCertificate pointers.
 class SSLCertChain {
  public:
   // These constructors copy the provided SSLCertificate(s), so the caller
   // retains ownership.
   explicit SSLCertChain(const std::vector<SSLCertificate*>& certs);
@@ skipping 80 matching lines @@
 // TODO(hbos): Remove once rtc::KeyType (to be modified) and
 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
 // appropriately we can change KeyType enum -> class without breaking Chromium.
 KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
 
 // Parameters for generating a certificate. If |common_name| is non-empty, it
 // will be used for the certificate's subject and issuer name, otherwise a
 // random string will be used.
 struct SSLIdentityParams {
   std::string common_name;
-  int not_before;  // offset from current time in seconds.
-  int not_after;   // offset from current time in seconds.
+  bool absolute_time;  // How to interpret |not_before| and |not_after|.
+  int64_t not_before;  // Offset from current time or absolute time in seconds.
+  int64_t not_after;   // Offset from current time or absolute time in seconds.

[hbos, 2015/11/25 11:18:31]

Is this necessary? Now any code that use these have to understand two
interpretations of the same variables.

I see you changed from int to int64_t. Is this the correct type?

Here's a usage case of not_before and not_after:
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/webrtc...

Which calls: ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj).
long may be int32.

[torbjorng (webrtc), 2015/11/25 14:27:11]

I changed the logic around this to always use time in epoch (i.e., "absolute"
time.)

   KeyParams key_params;
 };
 
 // Our identity in an SSL negotiation: a keypair and certificate (both
 // with the same public key).
 // This too is pretty much immutable once created.
 class SSLIdentity {
  public:
   // Generates an identity (keypair and self-signed certificate). If
   // common_name is non-empty, it will be used for the certificate's
@@ skipping 34 matching lines @@
                               size_t length);
 };
 
 extern const char kPemTypeCertificate[];
 extern const char kPemTypeRsaPrivateKey[];
 extern const char kPemTypeEcPrivateKey[];
 
 }  // namespace rtc
 
 #endif  // WEBRTC_BASE_SSLIDENTITY_H_