GitLab

This patch lets SignedExchangeSignatureVerifier ignore signature
timestamp errors if the Signed Exchange's main certificate is listed in
--ignore-certificate-errors-spki-list flag, and ContentBrowserClient::
CanIgnoreCertificateErrorIfNeeded() returns true.

This enables us to write layout tests and web-platform-tests for signed
exchange loading, without using UA-specific testing API that overrides
signature verification time.

This patch also removes setSignedExchangeVerificationTime() calls from
existing layout tests, because they already run with
--ignore-certificate-errors-spki-list flag. This means we lose layout
test coverage for expired SXG loading, so I added a test case in
signed_exchange_request_handler_browsertest.cc.

Bug: 803774
Change-Id: Ia2f9dc5f28036c30e76acc344137ab8873bfb7c6
Reviewed-on: https://chromium-review.googlesource.com/c/1253167
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Cr-Commit-Position: refs/heads/master@{#597045}