This changeset adds dependency injection support for SSL Root Certs.

This extends the API surface so that
custom certificates can be provided by an API user in both the standalone and
factory creation paths for the OpenSSLAdapter. Prior to this change the SSL
roots were hardcoded in a header file and directly included into
openssladapter.cc. This forces the 100 kilobytes of certificates to always be
compiled into the library. This is undesirable in certain linking cases where
these certificates can be shared from another binary that already has an
equivalent set of trusted roots hard coded into the binary.

Support for removing the hard coded SSL roots has also been added through a new
build flag. By default the hard coded SSL roots will be included and will be
used if no other trusted root certificates are provided.

The main goal of this CL is to reduce total binary size requirements of WebRTC
by about 100kb in certain applications where adding these certificates is
redundant.

Change-Id: Ifd36d92b5cb32d1b3098a61ddfc244d76df8f30f

Bug: chromium:526260
Change-Id: Ifd36d92b5cb32d1b3098a61ddfc244d76df8f30f
Reviewed-on: https://webrtc-review.googlesource.com/64841
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23180}

rtc_base/opensslidentity.h

@@ -19,6 +19,7 @@
 
 #include "rtc_base/checks.h"
 #include "rtc_base/constructormagic.h"
+#include "rtc_base/opensslcertificate.h"
 #include "rtc_base/sslidentity.h"
 
 typedef struct ssl_ctx_st SSL_CTX;
@@ -56,52 +57,6 @@ class OpenSSLKeyPair {
   RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair);
 };
 
-// OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
-// which is also reference counted inside the OpenSSL library.
-class OpenSSLCertificate : public SSLCertificate {
- public:
-  // Caller retains ownership of the X509 object.
-  explicit OpenSSLCertificate(X509* x509);
-
-  static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
-                                      const SSLIdentityParams& params);
-  static OpenSSLCertificate* FromPEMString(const std::string& pem_string);
-
-  ~OpenSSLCertificate() override;
-
-  OpenSSLCertificate* GetReference() const override;
-
-  X509* x509() const { return x509_; }
-
-  std::string ToPEMString() const override;
-  void ToDER(Buffer* der_buffer) const override;
-  bool operator==(const OpenSSLCertificate& other) const;
-  bool operator!=(const OpenSSLCertificate& other) const;
-
-  // Compute the digest of the certificate given algorithm
-  bool ComputeDigest(const std::string& algorithm,
-                     unsigned char* digest,
-                     size_t size,
-                     size_t* length) const override;
-
-  // Compute the digest of a certificate as an X509 *
-  static bool ComputeDigest(const X509* x509,
-                            const std::string& algorithm,
-                            unsigned char* digest,
-                            size_t size,
-                            size_t* length);
-
-  bool GetSignatureDigestAlgorithm(std::string* algorithm) const override;
-
-  int64_t CertificateExpirationTime() const override;
-
- private:
-  void AddReference() const;
-
-  X509* x509_;
-  RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLCertificate);
-};
-
 // Holds a keypair and certificate together, and a method to generate
 // them consistently.
 class OpenSSLIdentity : public SSLIdentity {