Expose signing key from cloud policy stores

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
index 245ed810c231954a2092e7fa4a080863a496fd84..804bb1ff09196820e2f10797516eb60705363b46 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
@@ -195,7 +195,9 @@ UserCloudPolicyStoreChromeOS::UserCloudPolicyStoreChromeOS(
                                                  background_task_runner)),
       legacy_caches_loaded_(false),
       policy_key_loaded_(false),
-      weak_factory_(this) {}
+      weak_factory_(this) {
+  owning_domain_ = ExtractDomain(account_id_.GetUserEmail());
+}
 
 UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {}
 
@@ -259,7 +261,7 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() {
 
   policy_key_path_ = user_policy_key_dir_.Append(
       base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str()));
-  LoadPolicyKey(policy_key_path_, &policy_key_);
+  LoadPolicyKey(policy_key_path_, &public_key_);
   policy_key_loaded_ = true;
 
   std::unique_ptr<UserCloudPolicyValidator> validator =
@@ -274,14 +276,12 @@ void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
   std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
       std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED);
   validator->ValidateUsername(account_id_.GetUserEmail(), true);
-  if (policy_key_.empty()) {
-    validator->ValidateInitialKey(GetPolicyVerificationKey(),
-                                  ExtractDomain(account_id_.GetUserEmail()));
+  if (public_key_.empty()) {
+    validator->ValidateInitialKey(GetPolicyVerificationKey(), owning_domain_);
   } else {
     const bool allow_rotation = true;
-    validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(),
-                                 ExtractDomain(account_id_.GetUserEmail()),
-                                 allow_rotation);
+    validator->ValidateSignature(public_key_, GetPolicyVerificationKey(),
+                                 owning_domain_, allow_rotation);
   }
 
   // Start validation. The Validator will delete itself once validation is
@@ -361,7 +361,7 @@ void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
     return;
   }
 
-  // Load |policy_key_| to verify the loaded policy.
+  // Load |public_key_| to verify the loaded policy.
   EnsurePolicyKeyLoaded(
       base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy,
                  weak_factory_.GetWeakPtr(),
@@ -524,7 +524,7 @@ void UserCloudPolicyStoreChromeOS::LoadPolicyKey(const base::FilePath& path,
 void UserCloudPolicyStoreChromeOS::OnPolicyKeyReloaded(
     std::string* key,
     const base::Closure& callback) {
-  policy_key_ = *key;
+  public_key_ = *key;
   policy_key_loaded_ = true;
   callback.Run();
 }
@@ -570,8 +570,7 @@ UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
   // verification key since it is secure, and since there may be legacy policy
   // data that was stored without a verification key. Hence passing an empty
   // value for the verification key.
-  validator->ValidateSignature(policy_key_, empty_key,
-                               ExtractDomain(account_id_.GetUserEmail()),
+  validator->ValidateSignature(public_key_, empty_key, owning_domain_,
                                allow_rotation);
   return validator;
 }