Certificate path builder for new certificate verification library

components/cast_certificate/cast_cert_validator.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_
 #define COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_
 
 #include <memory>
 #include <string>
 #include <vector>
@@ skipping 36 matching lines @@
 
  private:
   DISALLOW_COPY_AND_ASSIGN(CertVerificationContext);
 };
 
 // Verifies a cast device certficate given a chain of DER-encoded certificates.
 //
 // Inputs:
 //
 // * |certs| is a chain of DER-encoded certificates:
-//   * |certs[0]| is the target certificate (i.e. the device certificate)
-//   * |certs[i]| is the certificate that issued certs[i-1]
-//   * |certs.back()| must be signed by a trust anchor
+//   * |certs[0]| is the target certificate (i.e. the device certificate).
+//   * |certs[1..n-1]| are intermediates certificates to use in path building.
+//     Their ordering does not matter.
 //
 // * |time| is the UTC time to use for determining if the certificate
 //   is expired.
 //
 // Outputs:
 //
 // Returns true on success, false on failure. On success the output
 // parameters are filled with more details:
 //
 //   * |context| is filled with an object that can be used to verify signatures
@@ skipping 20 matching lines @@
 // |data| must remain valid and not be mutated throughout the lifetime of
 // the program.
 // Warning: Using this function concurrently with VerifyDeviceCert()
 //          is not thread safe.
 bool AddTrustAnchorForTest(const uint8_t* data,
                            size_t length) WARN_UNUSED_RESULT;
 
 }  // namespace cast_certificate
 
 #endif  // COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_