Daggerize TMCH/signed mark util classes

This allows them to support injectable configuration.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143709052

java/google/registry/tmch/TmchXmlSignature.java

@@ -20,6 +20,7 @@ import static com.google.common.base.Throwables.getRootCause;
 import static com.google.common.base.Throwables.propagateIfInstanceOf;
 import static google.registry.xml.XmlTransformer.loadXmlSchemas;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -32,6 +33,7 @@ import java.security.cert.X509Certificate;
 import java.util.List;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
+import javax.inject.Inject;
 import javax.xml.crypto.AlgorithmMethod;
 import javax.xml.crypto.KeySelector;
 import javax.xml.crypto.KeySelectorException;
@@ -56,6 +58,14 @@ import org.xml.sax.SAXException;
 @ThreadSafe
 public final class TmchXmlSignature {
 
+  @VisibleForTesting
+  final TmchCertificateAuthority tmchCertificateAuthority;
+
+  @Inject
+  public TmchXmlSignature(TmchCertificateAuthority tmchCertificateAuthority) {
+    this.tmchCertificateAuthority = tmchCertificateAuthority;
+  }
+
   private static final Schema SCHEMA =
       loadXmlSchemas(ImmutableList.of("mark.xsd", "dsig.xsd", "smd.xsd"));
 
@@ -66,19 +76,15 @@ public final class TmchXmlSignature {
    * cryptographic stuff.
    *
    * @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
-   *         incorrect keys, and for invalid, old, not-yet-valid or revoked certificates.
+   *     incorrect keys, and for invalid, old, not-yet-valid or revoked certificates.
    * @throws IOException
    * @throws MarshalException
    * @throws ParserConfigurationException
    * @throws SAXException
    */
-  public static void verify(byte[] smdXml)
-      throws GeneralSecurityException,
-             IOException,
-             MarshalException,
-             ParserConfigurationException,
-             SAXException,
-             XMLSignatureException {
+  public void verify(byte[] smdXml)
+      throws GeneralSecurityException, IOException, MarshalException, ParserConfigurationException,
+          SAXException, XMLSignatureException {
     checkArgument(smdXml.length > 0);
     Document doc = parseSmdDocument(new ByteArrayInputStream(smdXml));
 
@@ -87,7 +93,7 @@ public final class TmchXmlSignature {
       throw new XMLSignatureException("Expected exactly one <ds:Signature> element.");
     }
     XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
-    KeyValueKeySelector selector = new KeyValueKeySelector();
+    KeyValueKeySelector selector = new KeyValueKeySelector(tmchCertificateAuthority);
     DOMValidateContext context = new DOMValidateContext(selector, signatureNodes.item(0));
     XMLSignature signature = factory.unmarshalXMLSignature(context);
 
@@ -134,13 +140,21 @@ public final class TmchXmlSignature {
 
   /** Callback class for DOM validator checks validity of {@code <ds:KeyInfo>} elements. */
   private static final class KeyValueKeySelector extends KeySelector {
+
+    private final TmchCertificateAuthority tmchCertificateAuthority;
+
+    KeyValueKeySelector(TmchCertificateAuthority tmchCertificateAuthority) {
+      this.tmchCertificateAuthority = tmchCertificateAuthority;
+    }
+
     @Nullable
     @Override
     public KeySelectorResult select(
         @Nullable KeyInfo keyInfo,
         KeySelector.Purpose purpose,
         AlgorithmMethod method,
-        XMLCryptoContext context) throws KeySelectorException {
+        XMLCryptoContext context)
+        throws KeySelectorException {
       if (keyInfo == null) {
         return null;
       }
@@ -151,7 +165,7 @@ public final class TmchXmlSignature {
             if (x509DataChild instanceof X509Certificate) {
               X509Certificate cert = (X509Certificate) x509DataChild;
               try {
-                TmchCertificateAuthority.verify(cert);
+                tmchCertificateAuthority.verify(cert);
               } catch (SignatureException e) {
                 throw new KeySelectorException(new CertificateSignatureException(e.getMessage()));
               } catch (GeneralSecurityException e) {