Added support for signed policy blobs on desktop.

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
index 03d949b38563105319e0bcc043167ed34be7ba27..0b300f8f5c10db6ef4dae56358c5b497690ec637 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
@@ -18,6 +18,7 @@
 #include "chrome/browser/chromeos/policy/user_policy_token_loader.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "chromeos/dbus/session_manager_client.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "policy/proto/cloud_policy.pb.h"
 #include "policy/proto/device_management_local.pb.h"
@@ -255,7 +256,11 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() {
                       CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
   validator->ValidateUsername(username_);
   const bool allow_rotation = false;
-  validator->ValidateSignature(policy_key_, allow_rotation);
+  validator->ValidateSignature(
+      policy_key_,
+      GetPolicyVerificationKey(),
+      std::string(), // No signature verification needed.
+      allow_rotation);
   validator->RunValidation();
   OnRetrievedPolicyValidated(validator.get());
 }
@@ -268,10 +273,13 @@ void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
                       CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
   validator->ValidateUsername(username_);
   if (policy_key_.empty()) {
-    validator->ValidateInitialKey();
+    validator->ValidateInitialKey(GetPolicyVerificationKey());
   } else {
     const bool allow_rotation = true;
-    validator->ValidateSignature(policy_key_, allow_rotation);
+    validator->ValidateSignature(policy_key_,
+                                 GetPolicyVerificationKey(),
+                                 std::string(),
+                                 allow_rotation);
   }
 
   // Start validation. The Validator will delete itself once validation is
@@ -367,7 +375,10 @@ void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy(
                       CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
   validator->ValidateUsername(username_);
   const bool allow_rotation = false;
-  validator->ValidateSignature(policy_key_, allow_rotation);
+  validator->ValidateSignature(policy_key_,
+                               GetPolicyVerificationKey(),
+                               std::string(),
+                               allow_rotation);
   // Start validation. The Validator will delete itself once validation is
   // complete.
   validator.release()->StartValidation(
@@ -475,7 +486,7 @@ void UserCloudPolicyStoreChromeOS::RemoveLegacyCacheDir(
 
 void UserCloudPolicyStoreChromeOS::ReloadPolicyKey(
     const base::Closure& callback) {
-  std::vector<uint8>* key = new std::vector<uint8>();
+  std::string* key = new std::string();
   background_task_runner()->PostTaskAndReply(
       FROM_HERE,
       base::Bind(&UserCloudPolicyStoreChromeOS::LoadPolicyKey,
@@ -489,7 +500,7 @@ void UserCloudPolicyStoreChromeOS::ReloadPolicyKey(
 
 // static
 void UserCloudPolicyStoreChromeOS::LoadPolicyKey(const base::FilePath& path,
-                                                 std::vector<uint8>* key) {
+                                                 std::string* key) {
   if (!base::PathExists(path)) {
     // There is no policy key the first time that a user fetches policy. If
     // |path| does not exist then that is the most likely scenario, so there's
@@ -504,10 +515,8 @@ void UserCloudPolicyStoreChromeOS::LoadPolicyKey(const base::FilePath& path,
   } else if (size == 0 || size > kKeySizeLimit) {
     LOG(ERROR) << "Key at " << path.value() << " has bad size " << size;
   } else {
-    key->resize(size);
-    int read_size = base::ReadFile(
-        path, reinterpret_cast<char*>(vector_as_array(key)), size);
-    if (read_size != size) {
+    if (!base::ReadFileToString(path, key) ||

[Mattias Nissler (ping if slow), 2014/01/27 13:52:13]

nit: I'd prefer ReadFile over ReadFileToString since the former uses only
limited memory (strictly speaking, there's a race here where the file size might
have increased since the GetFileSize() call above).

[Andrew T Wilson (Slow), 2014/01/30 17:10:31]

Done.

+        key->size() != static_cast<uint64>(size)) {
       LOG(ERROR) << "Failed to read key at " << path.value();
       key->clear();
     }
@@ -518,9 +527,9 @@ void UserCloudPolicyStoreChromeOS::LoadPolicyKey(const base::FilePath& path,
 }
 
 void UserCloudPolicyStoreChromeOS::OnPolicyKeyReloaded(
-    std::vector<uint8>* key,
+    std::string* key,
     const base::Closure& callback) {
-  policy_key_.swap(*key);
+  policy_key_ = *key;
   policy_key_loaded_ = true;
   callback.Run();
 }