Extract IsKnownRoot() functionality for testing if a certificate is a

net/cert/cert_verify_proc_nss.cc

Index: net/cert/cert_verify_proc_nss.cc
diff --git a/net/cert/cert_verify_proc_nss.cc b/net/cert/cert_verify_proc_nss.cc
index 48aca1dfd438b215ae232a3fda24236cb4fbd5de..ec943556efef6dca2b5b715ec90a73fe8b0acebd 100644
--- a/net/cert/cert_verify_proc_nss.cc
+++ b/net/cert/cert_verify_proc_nss.cc
@@ -29,6 +29,7 @@
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/crl_set.h"
 #include "net/cert/ev_root_ca_metadata.h"
+#include "net/cert/known_roots_nss.h"
 #include "net/cert/x509_certificate.h"
 #include "net/cert/x509_util_nss.h"
 
@@ -204,18 +205,6 @@ void GetCertChainInfo(CERTCertList* cert_list,
     verify_result->cert_status |= CERT_STATUS_INVALID;
 }
 
-// IsKnownRoot returns true if the given certificate is one that we believe
-// is a standard (as opposed to user-installed) root.
-bool IsKnownRoot(CERTCertificate* root) {
-  if (!root || !root->slot)
-    return false;
-
-  // This magic name is taken from
-  // http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ckfw/builtins/constants.c&rev=1.13&mark=86,89#79
-  return 0 == strcmp(PK11_GetSlotName(root->slot),
-                     "NSS Builtin Objects");
-}
-
 // Returns true if the given certificate is one of the additional trust anchors.
 bool IsAdditionalTrustAnchor(CERTCertList* additional_trust_anchors,
                              CERTCertificate* root) {