Use {To/From}JavaTime for policy timestamps

Use base::Time::ToJavaTime() and base::Time::FromJavaTime() for
conversions between base::Time and timestamps in the policy protos.

No change of behavior should be introduced, it's just a refactoring.

BUG=701045
TEST=existing tests

Review-Url: https://codereview.chromium.org/2830033003
Cr-Commit-Position: refs/heads/master@{#466325}
diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos_unittest.cc b/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos_unittest.cc
index d7da00c..fb1afc0 100644
--- a/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos_unittest.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos_unittest.cc
@@ -430,8 +430,7 @@
     // Set up test data.
     device_policy_.SetDefaultNewSigningKey();
     device_policy_.policy_data().set_timestamp(
-        (base::Time::NowFromSystemTime() -
-         base::Time::UnixEpoch()).InMilliseconds());
+        base::Time::NowFromSystemTime().ToJavaTime());
     device_policy_.Build();
 
     register_response_.mutable_register_response()->set_device_management_token(
diff --git a/chrome/browser/chromeos/policy/device_status_collector.cc b/chrome/browser/chromeos/policy/device_status_collector.cc
index a8dab4f..caef236 100644
--- a/chrome/browser/chromeos/policy/device_status_collector.cc
+++ b/chrome/browser/chromeos/policy/device_status_collector.cc
@@ -106,7 +106,7 @@
   Time out_time;
   bool conversion_success = Time::FromUTCExploded(exploded, &out_time);
   DCHECK(conversion_success);
-  return (out_time - Time::UnixEpoch()).InMilliseconds();
+  return out_time.ToJavaTime();
 }
 
 // Helper function (invoked via blocking pool) to fetch information about
diff --git a/chrome/browser/policy/cloud/cloud_policy_invalidator.cc b/chrome/browser/policy/cloud/cloud_policy_invalidator.cc
index f63060f..71a376d 100644
--- a/chrome/browser/policy/cloud/cloud_policy_invalidator.cc
+++ b/chrome/browser/policy/cloud/cloud_policy_invalidator.cc
@@ -391,8 +391,8 @@
 }
 
 bool CloudPolicyInvalidator::IsInvalidationExpired(int64_t version) {
-  base::Time last_fetch_time = base::Time::UnixEpoch() +
-      base::TimeDelta::FromMilliseconds(core_->store()->policy()->timestamp());
+  base::Time last_fetch_time =
+      base::Time::FromJavaTime(core_->store()->policy()->timestamp());
 
   // If the version is unknown, consider the invalidation invalid if the
   // policy was fetched very recently.
diff --git a/chrome/browser/policy/cloud/cloud_policy_invalidator_unittest.cc b/chrome/browser/policy/cloud/cloud_policy_invalidator_unittest.cc
index a9564eb..e23599b 100644
--- a/chrome/browser/policy/cloud/cloud_policy_invalidator_unittest.cc
+++ b/chrome/browser/policy/cloud/cloud_policy_invalidator_unittest.cc
@@ -285,7 +285,7 @@
     data->set_invalidation_source(GetPolicyObjectId(object).source());
     data->set_invalidation_name(GetPolicyObjectId(object).name());
   }
-  data->set_timestamp((time - base::Time::UnixEpoch()).InMilliseconds());
+  data->set_timestamp(time.ToJavaTime());
   // Swap the policy value if a policy change is desired.
   if (policy_changed)
     policy_value_cur_ = policy_value_cur_ == policy_value_a_ ?
diff --git a/components/policy/core/common/cloud/cloud_policy_client.cc b/components/policy/core/common/cloud/cloud_policy_client.cc
index fff57a0..a6e2481 100644
--- a/components/policy/core/common/cloud/cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc
@@ -237,11 +237,8 @@
     if (IsChromePolicy(type_to_fetch.first)) {
       if (submit_machine_id_ && !machine_id_.empty())
         fetch_request->set_machine_id(machine_id_);
-      if (!last_policy_timestamp_.is_null()) {
-        base::TimeDelta timestamp(
-            last_policy_timestamp_ - base::Time::UnixEpoch());
-        fetch_request->set_timestamp(timestamp.InMilliseconds());
-      }
+      if (!last_policy_timestamp_.is_null())
+        fetch_request->set_timestamp(last_policy_timestamp_.ToJavaTime());
       if (!invalidation_payload_.empty()) {
         fetch_request->set_invalidation_version(invalidation_version_);
         fetch_request->set_invalidation_payload(invalidation_payload_);
diff --git a/components/policy/core/common/cloud/cloud_policy_client_unittest.cc b/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
index bed57e7..d0ebf6d 100644
--- a/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
@@ -537,8 +537,7 @@
   em::PolicyFetchRequest* policy_fetch_request =
       policy_request_.mutable_policy_request()->mutable_request(0);
   policy_fetch_request->set_machine_id(kMachineID);
-  policy_fetch_request->set_timestamp(
-      (timestamp - base::Time::UnixEpoch()).InMilliseconds());
+  policy_fetch_request->set_timestamp(timestamp.ToJavaTime());
   policy_fetch_request->set_public_key_version(42);
 
   ExpectPolicyFetch(kDMToken);
diff --git a/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc b/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc
index 2f69cd7..bf1ac85 100644
--- a/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc
+++ b/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc
@@ -239,9 +239,7 @@
   // fetching again on startup; the Android logic differs from the desktop in
   // this aspect.
   if (store_->has_policy() && store_->policy()->has_timestamp()) {
-    last_refresh_ =
-        base::Time::UnixEpoch() +
-        base::TimeDelta::FromMilliseconds(store_->policy()->timestamp());
+    last_refresh_ = base::Time::FromJavaTime(store_->policy()->timestamp());
     last_refresh_ticks_ = base::TimeTicks::Now() +
                           (last_refresh_ - base::Time::NowFromSystemTime());
   }
@@ -251,9 +249,7 @@
   // immediate refresh is intentional.
   if (store_->has_policy() && store_->policy()->has_timestamp() &&
       !store_->is_managed()) {
-    last_refresh_ =
-        base::Time::UnixEpoch() +
-        base::TimeDelta::FromMilliseconds(store_->policy()->timestamp());
+    last_refresh_ = base::Time::FromJavaTime(store_->policy()->timestamp());
     last_refresh_ticks_ = base::TimeTicks::Now() +
                           (last_refresh_ - base::Time::NowFromSystemTime());
   }
diff --git a/components/policy/core/common/cloud/cloud_policy_refresh_scheduler_unittest.cc b/components/policy/core/common/cloud/cloud_policy_refresh_scheduler_unittest.cc
index 828a0d7..28610833 100644
--- a/components/policy/core/common/cloud/cloud_policy_refresh_scheduler_unittest.cc
+++ b/components/policy/core/common/cloud/cloud_policy_refresh_scheduler_unittest.cc
@@ -51,11 +51,8 @@
     base::Time now = base::Time::NowFromSystemTime();
     base::TimeDelta initial_age =
         base::TimeDelta::FromMinutes(kInitialCacheAgeMinutes);
-    store_.policy_->set_timestamp(
-        ((now - initial_age) - base::Time::UnixEpoch()).InMilliseconds());
-    last_update_ =
-        base::Time::UnixEpoch() +
-        base::TimeDelta::FromMilliseconds(store_.policy_->timestamp());
+    store_.policy_->set_timestamp((now - initial_age).ToJavaTime());
+    last_update_ = base::Time::FromJavaTime(store_.policy_->timestamp());
     last_update_ticks_ = base::TimeTicks::Now() +
                          (last_update_ - base::Time::NowFromSystemTime());
   }
diff --git a/components/policy/core/common/cloud/cloud_policy_service.cc b/components/policy/core/common/cloud/cloud_policy_service.cc
index ab99561..f501707 100644
--- a/components/policy/core/common/cloud/cloud_policy_service.cc
+++ b/components/policy/core/common/cloud/cloud_policy_service.cc
@@ -113,11 +113,8 @@
 
   // Timestamp.
   base::Time policy_timestamp;
-  if (policy && policy->has_timestamp()) {
-    policy_timestamp =
-        base::Time::UnixEpoch() +
-        base::TimeDelta::FromMilliseconds(policy->timestamp());
-  }
+  if (policy && policy->has_timestamp())
+    policy_timestamp = base::Time::FromJavaTime(policy->timestamp());
   client_->set_last_policy_timestamp(policy_timestamp);
 
   // Public key version.
diff --git a/components/policy/core/common/cloud/cloud_policy_service_unittest.cc b/components/policy/core/common/cloud/cloud_policy_service_unittest.cc
index 46406d2..8888272 100644
--- a/components/policy/core/common/cloud/cloud_policy_service_unittest.cc
+++ b/components/policy/core/common/cloud/cloud_policy_service_unittest.cc
@@ -80,8 +80,7 @@
               SetupRegistration(store_.policy_->request_token(),
                                 store_.policy_->device_id())).Times(1);
   store_.NotifyStoreLoaded();
-  EXPECT_EQ(base::Time::UnixEpoch() + base::TimeDelta::FromMilliseconds(32),
-            client_.last_policy_timestamp_);
+  EXPECT_EQ(base::Time::FromJavaTime(32), client_.last_policy_timestamp_);
   EXPECT_TRUE(client_.submit_machine_id_);
   EXPECT_TRUE(client_.public_key_version_valid_);
   EXPECT_EQ(17, client_.public_key_version_);
diff --git a/components/policy/core/common/cloud/cloud_policy_validator.cc b/components/policy/core/common/cloud/cloud_policy_validator.cc
index bcd24b2..8a51556 100644
--- a/components/policy/core/common/cloud/cloud_policy_validator.cc
+++ b/components/policy/core/common/cloud/cloud_policy_validator.cc
@@ -53,8 +53,7 @@
     base::Time not_before,
     ValidateTimestampOption timestamp_option) {
   validation_flags_ |= VALIDATE_TIMESTAMP;
-  timestamp_not_before_ =
-      (not_before - base::Time::UnixEpoch()).InMilliseconds();
+  timestamp_not_before_ = not_before.ToJavaTime();
   timestamp_option_ = timestamp_option;
 }
 
@@ -146,9 +145,7 @@
   std::string expected_dm_token;
   std::string expected_device_id;
   if (policy_data) {
-    last_policy_timestamp =
-        base::Time::UnixEpoch() +
-        base::TimeDelta::FromMilliseconds(policy_data->timestamp());
+    last_policy_timestamp = base::Time::FromJavaTime(policy_data->timestamp());
     expected_dm_token = policy_data->request_token();
     expected_device_id = policy_data->device_id();
   }
diff --git a/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc b/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc
index ef099c9..1a773e8 100644
--- a/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc
+++ b/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc
@@ -43,9 +43,7 @@
 class CloudPolicyValidatorTest : public testing::Test {
  public:
   CloudPolicyValidatorTest()
-      : timestamp_(
-            base::Time::UnixEpoch() +
-            base::TimeDelta::FromMilliseconds(PolicyBuilder::kFakeTimestamp)),
+      : timestamp_(base::Time::FromJavaTime(PolicyBuilder::kFakeTimestamp)),
         timestamp_option_(CloudPolicyValidatorBase::TIMESTAMP_VALIDATED),
         dm_token_option_(CloudPolicyValidatorBase::DM_TOKEN_REQUIRED),
         device_id_option_(CloudPolicyValidatorBase::DEVICE_ID_REQUIRED),
@@ -214,8 +212,7 @@
 
 TEST_F(CloudPolicyValidatorTest, ErrorOldTimestamp) {
   base::Time timestamp(timestamp_ - base::TimeDelta::FromMinutes(5));
-  policy_.policy_data().set_timestamp(
-      (timestamp - base::Time::UnixEpoch()).InMilliseconds());
+  policy_.policy_data().set_timestamp(timestamp.ToJavaTime());
   Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP));
 }
 
diff --git a/components/policy/core/common/cloud/component_cloud_policy_store.cc b/components/policy/core/common/cloud/component_cloud_policy_store.cc
index b6a62ea..7ca3d1b 100644
--- a/components/policy/core/common/cloud/component_cloud_policy_store.cc
+++ b/components/policy/core/common/cloud/component_cloud_policy_store.cc
@@ -72,10 +72,6 @@
   return nullptr;
 }
 
-base::Time GetTimeFromPolicyTimestamp(int64_t timestamp) {
-  return base::Time::UnixEpoch() + base::TimeDelta::FromMilliseconds(timestamp);
-}
-
 }  // namespace
 
 ComponentCloudPolicyStore::Delegate::~Delegate() {}
@@ -171,7 +167,7 @@
         policy_bundle_.Get(ns).Swap(&policy);
         cached_hashes_[ns] = payload.secure_hash();
         stored_policy_times_[ns] =
-            GetTimeFromPolicyTimestamp(policy_data.timestamp());
+            base::Time::FromJavaTime(policy_data.timestamp());
       } else {
         // The data for this proto couldn't be loaded or is corrupted.
         Delete(ns);
@@ -201,8 +197,7 @@
   // And expose the policy.
   policy_bundle_.Get(ns).Swap(&policy);
   cached_hashes_[ns] = secure_hash;
-  stored_policy_times_[ns] =
-      GetTimeFromPolicyTimestamp(policy_data->timestamp());
+  stored_policy_times_[ns] = base::Time::FromJavaTime(policy_data->timestamp());
   delegate_->OnComponentCloudPolicyStoreUpdated();
   return true;
 }
diff --git a/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc b/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc
index 643f62e..b84206c 100644
--- a/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc
+++ b/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc
@@ -175,7 +175,8 @@
   EXPECT_TRUE(store_->Store(kTestPolicyNS, CreateSerializedResponse(),
                             CreatePolicyData(), TestPolicyHash(), kTestPolicy));
 
-  const int64_t kPastTimestamp = base::TimeDelta::FromDays(1).InMilliseconds();
+  const int64_t kPastTimestamp =
+      (base::Time() + base::TimeDelta::FromDays(1)).ToJavaTime();
   CHECK_GT(ComponentPolicyBuilder::kFakeTimestamp, kPastTimestamp);
   builder_.policy_data().set_timestamp(kPastTimestamp);
   EXPECT_FALSE(store_->ValidatePolicy(kTestPolicyNS, CreateResponse(),
diff --git a/components/policy/proto/device_management_backend.proto b/components/policy/proto/device_management_backend.proto
index 46bd261..93f0ac5 100644
--- a/components/policy/proto/device_management_backend.proto
+++ b/components/policy/proto/device_management_backend.proto
@@ -201,7 +201,9 @@
   //   google/ios/user => ChromeSettingsProto
   optional string policy_type = 1;
 
-  // This is the last policy timestamp that client received from server.
+  // This is the last policy timestamp that client received from server. The
+  // expectation is that this field is filled by the value of
+  // PolicyData.timestamp from the last policy received by the client.
   optional int64 timestamp = 2;
 
   // Tell server what kind of security signature is required.
@@ -285,11 +287,11 @@
   // See PolicyFetchRequest.policy_type.
   optional string policy_type = 1;
 
-  // [timestamp] is milliseconds since Epoch in UTC timezone. It is
-  // included here so that the time at which the server issued this
-  // response cannot be faked (as protection against replay attacks).
-  // It is the timestamp generated by DMServer, NOT the time admin
-  // last updated the policy or anything like that.
+  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). It is
+  // included here so that the time at which the server issued this response
+  // cannot be faked (as protection against replay attacks). It is the timestamp
+  // generated by DMServer, NOT the time admin last updated the policy or
+  // anything like that.
   optional int64 timestamp = 2;
 
   // The DM token that was used by the client in the HTTP POST header
@@ -536,7 +538,7 @@
 }
 
 message TimePeriod {
-  // [timestamp] is milli seconds since Epoch in UTC timezone.
+  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
   optional int64 start_timestamp = 1;
   optional int64 end_timestamp = 2;
 }
@@ -1023,8 +1025,9 @@
   // RemoteCommand protobuf that contained the command.
   optional int64 command_id = 2;
 
-  // The time at which the command was executed, if the the result is
-  // RESULT_SUCCESS.
+  // The timestamp representing time at which the command was executed, if the
+  // result is RESULT_SUCCESS. The timestamp is milliseconds since Epoch in UTC
+  // timezone (Java time).
   optional int64 timestamp = 3;
 
   // Extra information sent to server as result of execution, expected to be a