Expose signing key from cloud policy stores

components/policy/core/common/cloud/cloud_policy_store.h

Index: components/policy/core/common/cloud/cloud_policy_store.h
diff --git a/components/policy/core/common/cloud/cloud_policy_store.h b/components/policy/core/common/cloud/cloud_policy_store.h
index e91b80f1582592eece6388d9e10cc9d01ea5ce2f..e004ed00f4a99624738f5857e41effb786184a37 100644
--- a/components/policy/core/common/cloud/cloud_policy_store.h
+++ b/components/policy/core/common/cloud/cloud_policy_store.h
@@ -8,6 +8,7 @@
 #include <stdint.h>
 
 #include <memory>
+#include <string>
 
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
@@ -83,6 +84,9 @@ class POLICY_EXPORT CloudPolicyStore {
   CloudPolicyValidatorBase::Status validation_status() const {
     return validation_status_;
   }
+  const std::string& policy_signature_public_key() const {
+    return policy_signature_public_key_;
+  }
 
   // Store a new policy blob. Pending load/store operations will be canceled.
   // The store operation may proceed asynchronously and observers are notified
@@ -150,6 +154,13 @@ class POLICY_EXPORT CloudPolicyStore {
   // The invalidation version of the last policy stored.
   int64_t invalidation_version_;
 
+  // The public part of signing key that is used by the currently effective
+  // policy. The subclasses should keep its value up to date to correspond to
+  // the currently effective policy. The member should be empty if no policy is
+  // currently effective, or if signature verification was not possible for the
+  // policy.
+  std::string policy_signature_public_key_;
+
  private:
   // Whether the store has completed asynchronous initialization, which is
   // triggered by calling Load().