Remove the "not_after" validation of policy timestamps

chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc

Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
index a626d90f3ec0ebb88359eb865a528eb40c26f047..6a964fdc039ebded99c08323dbf33f2ba8123f86 100644
--- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
+++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
@@ -199,9 +199,8 @@ void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) {
               new em::PolicyFetchResponse(*policy)),
           background_task_runner_));
 
-  validator->ValidateTimestamp(
-      base::Time(), base::Time::NowFromSystemTime(),
-      CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED);
+  validator->ValidateTimestamp(base::Time(),
+                               CloudPolicyValidatorBase::TIMESTAMP_VALIDATED);

[Thiemo Nagel, 2017/04/19 11:43:09]

Nit: IIUC it would be clearer to set TIMESTAMP_NOT_VALIDATED.

[emaxx, 2017/04/19 20:48:45]

Current code still validates something: it checks that the timestamp is present.
So I'd better leave this in place.

But I updated that the docs for ValidateTimestamp as they were misleading by not
mentioning the check of the _presence_ of the timestamp field.

 
   // If this is re-enrollment, make sure that the new policy matches the
   // previously-enrolled domain.  (Currently only implemented for cloud