Implement cloud policy invalidations using the invalidation service framework.

chrome/browser/policy/cloud/cloud_policy_validator.cc

Index: chrome/browser/policy/cloud/cloud_policy_validator.cc
diff --git a/chrome/browser/policy/cloud/cloud_policy_validator.cc b/chrome/browser/policy/cloud/cloud_policy_validator.cc
index c6e6dedc9fcbdbe62ac82129f0573f51a6c7b29a..585c182ab95c0cd33eb387dd6238026656fa475e 100644
--- a/chrome/browser/policy/cloud/cloud_policy_validator.cc
+++ b/chrome/browser/policy/cloud/cloud_policy_validator.cc
@@ -5,6 +5,7 @@
 #include "chrome/browser/policy/cloud/cloud_policy_validator.h"
 
 #include "base/bind_helpers.h"
+#include "base/hash.h"
 #include "base/message_loop/message_loop.h"
 #include "base/stl_util.h"
 #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
@@ -95,6 +96,10 @@ void CloudPolicyValidatorBase::ValidateInitialKey() {
   validation_flags_ |= VALIDATE_INITIAL_KEY;
 }
 
+void CloudPolicyValidatorBase::ValidateHashValue() {
+  validation_flags_ |= VALIDATE_HASH_VALUE;
+}
+
 void CloudPolicyValidatorBase::ValidateAgainstCurrentPolicy(
     const em::PolicyData* policy_data,
     ValidateTimestampOption timestamp_option,
@@ -118,6 +123,7 @@ CloudPolicyValidatorBase::CloudPolicyValidatorBase(
     : status_(VALIDATION_OK),
       policy_(policy_response.Pass()),
       payload_(payload),
+      hash_value_(0),
       validation_flags_(0),
       timestamp_not_before_(0),
       timestamp_not_after_(0),
@@ -197,6 +203,7 @@ void CloudPolicyValidatorBase::RunChecks() {
     { VALIDATE_DOMAIN,      &CloudPolicyValidatorBase::CheckDomain },
     { VALIDATE_TIMESTAMP,   &CloudPolicyValidatorBase::CheckTimestamp },
     { VALIDATE_PAYLOAD,     &CloudPolicyValidatorBase::CheckPayload },
+    { VALIDATE_HASH_VALUE,  &CloudPolicyValidatorBase::CheckHashValue },
   };
 
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kCheckFunctions); ++i) {
@@ -352,6 +359,11 @@ CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckPayload() {
   return VALIDATION_OK;
 }
 
+CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckHashValue() {
+  hash_value_ = base::Hash(policy_data_->policy_value());

[Joao da Silva, 2013/07/23 20:44:47]

This isn't a validation of the policy (it can't fail).

I think this can be done on the CloudPolicyStore, see the comments there.

[Steve Condie, 2013/07/24 01:42:04]

I agree the way you suggested is cleaner. The only reason I put it here in the
first place was so that the hash computation would be performed on the file
thread, just in case for a large policy we didn't want to do that computation on
the UI thread.

+  return VALIDATION_OK;
+}
+
 // static
 bool CloudPolicyValidatorBase::VerifySignature(const std::string& data,
                                                const std::string& key,