Added support for signed policy blobs on desktop.

chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc

Index: chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc
index 16468bb595e62e91ed910a72f2f748c0c216225d..0c0934b1282a09a9a2cf15e88d7c171c4f17872f 100644
--- a/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc
@@ -46,7 +46,11 @@ void DeviceCloudPolicyStoreChromeOS::Store(
   }
 
   scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy));
-  validator->ValidateSignature(*owner_key->public_key(), true);
+
+  validator->ValidateSignature(owner_key->public_key_as_string(),
+                               GetPolicyVerificationKey(),

[Mattias Nissler (ping if slow), 2014/01/27 13:52:13]

So we actually do verification for Chrome OS? Didn't you mention elsewhere that
it is not?

[Andrew T Wilson (Slow), 2014/01/30 17:10:31]

The plumbing is in place, but GetPolicyVerificationKey() currently returns "no
key" on ChromeOS. At some point in the future we can turn it on by changing that
routine.

+                               std::string(),
+                               true);
   validator->ValidateAgainstCurrentPolicy(
       device_settings_service_->policy_data(),
       CloudPolicyValidatorBase::TIMESTAMP_REQUIRED,
@@ -74,7 +78,7 @@ void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy(
   }
 
   scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy));
-  validator->ValidateInitialKey();
+  validator->ValidateInitialKey(GetPolicyVerificationKey());
   validator.release()->StartValidation(
       base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated,
                  weak_factory_.GetWeakPtr()));