Switch to id-based affiliation determination

chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

Index: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
index 937390ea0e063f69bda53f7a0a90b19d7f312999..ce06d2ed183788c57fd81bfcb698590ed74a0243 100644
--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
@@ -25,7 +25,6 @@
 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h"
 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"
-#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h"
 #include "chrome/browser/net/nss_context.h"
@@ -778,12 +777,9 @@ void SelectClientCertificates(
       chromeos::ProfileHelper::Get()->GetUserByProfile(
           Profile::FromBrowserContext(browser_context));
 
-  // Use the device-wide system key slot only if the user is of the same
-  // domain as the device is registered to.
-  policy::BrowserPolicyConnectorChromeOS* connector =
-      g_browser_process->platform_part()->browser_policy_connector_chromeos();
-  bool use_system_key_slot = connector->GetUserAffiliation(user->email()) ==
-                             policy::USER_AFFILIATION_MANAGED;
+  // Use the device-wide system key slot only if the user is affiliated on the
+  // device.
+  bool use_system_key_slot = user->is_affiliated();
 
   scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState(
       user->username_hash(), use_system_key_slot, cert_request_info, callback));