Remove disable-policy-key-verification command line flag

components/policy/core/common/cloud/cloud_policy_validator.cc

Index: components/policy/core/common/cloud/cloud_policy_validator.cc
diff --git a/components/policy/core/common/cloud/cloud_policy_validator.cc b/components/policy/core/common/cloud/cloud_policy_validator.cc
index d824ba2396c51f547e4aae7fe2e30de5f8740e3e..81b98b26a0cd57c5d81b704dba0e5965ecda1b34 100644
--- a/components/policy/core/common/cloud/cloud_policy_validator.cc
+++ b/components/policy/core/common/cloud/cloud_policy_validator.cc
@@ -33,6 +33,7 @@ const int kTimestampGraceIntervalHours = 2;
 const char kMetricPolicyKeyVerification[] = "Enterprise.PolicyKeyVerification";
 
 enum MetricPolicyKeyVerification {
+  // Obsolete. Kept to avoid reuse, as this is used in histograms.
   // UMA metric recorded when the client has no verification key.
   METRIC_POLICY_KEY_VERIFICATION_KEY_MISSING,

[pastarmovj, 2017/01/04 10:36:17]

You can still rename it with a _DEPRECATED suffix.

[pmarko, 2017/01/04 13:50:22]

Done.

   // Recorded when the policy being verified has no key signature (e.g. policy
@@ -180,7 +181,9 @@ CloudPolicyValidatorBase::CloudPolicyValidatorBase(
       canonicalize_user_(false),
       verification_key_(GetPolicyVerificationKey()),
       allow_key_rotation_(false),
-      background_task_runner_(background_task_runner) {}
+      background_task_runner_(background_task_runner) {
+  DCHECK(!verification_key_.empty());
+}
 
 void CloudPolicyValidatorBase::PostValidationTask(
     const base::Closure& completion_callback) {
@@ -269,14 +272,6 @@ void CloudPolicyValidatorBase::RunChecks() {
 // Verifies the |new_public_key_verification_signature_deprecated| for the
 // |new_public_key| in the policy blob.
 bool CloudPolicyValidatorBase::CheckNewPublicKeyVerificationSignature() {
-  // Skip verification if the key is empty (disabled via command line).
-  if (verification_key_.empty()) {
-    UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification,
-                              METRIC_POLICY_KEY_VERIFICATION_KEY_MISSING,
-                              METRIC_POLICY_KEY_VERIFICATION_SIZE);
-    return true;
-  }
-
   if (!policy_->has_new_public_key_verification_signature_deprecated()) {
     // Policy does not contain a verification signature, so log an error.
     LOG(ERROR) << "Policy is missing public_key_verification_signature";
@@ -392,8 +387,7 @@ CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckInitialKey() {
 }
 
 CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckCachedKey() {
-  if (!verification_key_.empty() &&
-      !CheckVerificationKeySignature(cached_key_, verification_key_,
+  if (!CheckVerificationKeySignature(cached_key_, verification_key_,
                                      cached_key_signature_)) {
     LOG(ERROR) << "Cached key signature verification failed";
     return VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE;