Expose signing key from cloud policy stores

components/policy/core/common/cloud/cloud_policy_store.h

Index: components/policy/core/common/cloud/cloud_policy_store.h
diff --git a/components/policy/core/common/cloud/cloud_policy_store.h b/components/policy/core/common/cloud/cloud_policy_store.h
index e91b80f1582592eece6388d9e10cc9d01ea5ce2f..b1dabdc7d03a45a6a99b1f58e6640ad9fcd3c209 100644
--- a/components/policy/core/common/cloud/cloud_policy_store.h
+++ b/components/policy/core/common/cloud/cloud_policy_store.h
@@ -8,6 +8,7 @@
 #include <stdint.h>
 
 #include <memory>
+#include <string>
 
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
@@ -83,6 +84,7 @@ class POLICY_EXPORT CloudPolicyStore {
   CloudPolicyValidatorBase::Status validation_status() const {
     return validation_status_;
   }
+  const std::string& public_key() const { return public_key_; }
 
   // Store a new policy blob. Pending load/store operations will be canceled.
   // The store operation may proceed asynchronously and observers are notified
@@ -150,6 +152,13 @@ class POLICY_EXPORT CloudPolicyStore {
   // The invalidation version of the last policy stored.
   int64_t invalidation_version_;
 
+  // The public part of signing key that is used by the currently effective
+  // policy. The subclasses should keep its value up to date to correspond to
+  // the currently effective policy. The member can be empty if no policy is
+  // currently effective, or if signature verification was not possible for the
+  // policy.
+  std::string public_key_;
+
  private:
   // Whether the store has completed asynchronous initialization, which is
   // triggered by calling Load().