Bug 1665715 - (1/2) revert e8f2720c8254 (bug 1593141) because it's no longer necessary r=jcj

Bug 1593141 added the certificate's notBefore field as an argument to
TrustDomain::CheckRevocation so that Firefox could use it with CRLite.
However, since CAs can backdate that field, we need to use the earliest
embedded SCT timestamp instead.

Differential Revision: https://phabricator.services.mozilla.com/D90595

6 files changed, 12 insertions, 32 deletions

diff --git a/gtests/mozpkix_gtest/pkixbuild_tests.cpp b/gtests/mozpkix_gtest/pkixbuild_tests.cpp
index c1c81b3a7..e17321075 100644
--- a/gtests/mozpkix_gtest/pkixbuild_tests.cpp
+++ b/gtests/mozpkix_gtest/pkixbuild_tests.cpp
@@ -152,14 +152,10 @@ private:
     return Success;
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
-                         Time validityBeginning, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*, /*optional*/ const Input*)
                          override
   {
-    // All of the certificates in this test for which this is called have a
-    // validity period that begins "one day before now".
-    EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
     return Success;
   }
 
@@ -305,14 +301,10 @@ public:
     return Success;
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
-                         Time validityBeginning, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*, /*optional*/ const Input*)
                          override
   {
-    // All of the certificates in this test for which this is called have a
-    // validity period that begins "one day before now".
-    EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
     return Success;
   }
 
@@ -329,7 +321,7 @@ public:
   {
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*, /*optional*/ const Input*)
                          override
   {
@@ -450,14 +442,10 @@ public:
     return Success;
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
-                         Time validityBeginning, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*, /*optional*/ const Input*)
                          override
   {
-    // All of the certificates in this test for which this is called have a
-    // validity period that begins "one day before now".
-    EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
     return Success;
   }
 
@@ -677,14 +665,10 @@ private:
     return Success;
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
-                         Time validityBeginning, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*,
                          /*optional*/ const Input*) override
   {
-    // All of the certificates in this test for which this is called have a
-    // validity period that begins "one day before now".
-    EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
     return Success;
   }
 
@@ -739,7 +723,7 @@ class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain
 {
 public:
   Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time,
-                         Time, Duration, /*optional*/ const Input*,
+                         Duration, /*optional*/ const Input*,
                          /*optional*/ const Input*) override
   {
     if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) {
@@ -844,14 +828,10 @@ private:
     return Success;
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
-                         Time validityBeginning, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*, /*optional*/ const Input*)
                          override
   {
-    // All of the certificates in this test for which this is called have a
-    // validity period that begins "one day before now".
-    EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
     return Success;
   }
 
diff --git a/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp b/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
index 71399a26b..762fac146 100644
--- a/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
+++ b/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
@@ -70,7 +70,7 @@ private:
     return Success;
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*, /*optional*/ const Input*)
                          override
   {
diff --git a/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp b/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
index 54e19fc3d..00ccffb04 100644
--- a/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
+++ b/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
@@ -92,7 +92,7 @@ private:
     return checker.Check(issuerCert, nullptr, keepGoing);
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          const Input*, const Input*) override
   {
     return Success;
diff --git a/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp b/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
index 9fd1e52f1..0aef3d5c1 100644
--- a/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
+++ b/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
@@ -558,7 +558,7 @@ private:
     return checker.Check(derCert, nullptr, keepGoing);
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          const Input*, const Input*) override
   {
     return Success;
diff --git a/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp b/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
index e1f35e5b4..70e6fd410 100644
--- a/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
+++ b/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
@@ -302,7 +302,7 @@ public:
     return Success;
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*,
                          /*optional*/ const Input*) override
   {
diff --git a/gtests/mozpkix_gtest/pkixgtest.h b/gtests/mozpkix_gtest/pkixgtest.h
index 0a203c5e1..bb3491d44 100644
--- a/gtests/mozpkix_gtest/pkixgtest.h
+++ b/gtests/mozpkix_gtest/pkixgtest.h
@@ -100,7 +100,7 @@ class EverythingFailsByDefaultTrustDomain : public TrustDomain {
                       Result::FATAL_ERROR_LIBRARY_FAILURE);
   }
 
-  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
+  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
                          /*optional*/ const Input*,
                          /*optional*/ const Input*) override {
     ADD_FAILURE();