| Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| index 245ed810c231954a2092e7fa4a080863a496fd84..1f98da2ba9a6f1990ba8cc5be4fcaf014ef7b900 100644
|
| --- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| +++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| @@ -278,10 +278,9 @@ void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
|
| validator->ValidateInitialKey(GetPolicyVerificationKey(),
|
| ExtractDomain(account_id_.GetUserEmail()));
|
| } else {
|
| - const bool allow_rotation = true;
|
| - validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(),
|
| - ExtractDomain(account_id_.GetUserEmail()),
|
| - allow_rotation);
|
| + validator->ValidateSignatureAllowingRotation(
|
| + policy_key_, GetPolicyVerificationKey(),
|
| + ExtractDomain(account_id_.GetUserEmail()));
|
| }
|
|
|
| // Start validation. The Validator will delete itself once validation is
|
| @@ -564,15 +563,10 @@ UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
|
| std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
|
| std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);
|
| validator->ValidateUsername(account_id_.GetUserEmail(), true);
|
| - const bool allow_rotation = false;
|
| - const std::string empty_key = std::string();
|
| // The policy loaded from session manager need not be validated using the
|
| // verification key since it is secure, and since there may be legacy policy
|
| - // data that was stored without a verification key. Hence passing an empty
|
| - // value for the verification key.
|
| - validator->ValidateSignature(policy_key_, empty_key,
|
| - ExtractDomain(account_id_.GetUserEmail()),
|
| - allow_rotation);
|
| + // data that was stored without a verification key.
|
| + validator->ValidateSignature(policy_key_);
|
| return validator;
|
| }
|
| } // namespace policy
|
|
|