WIP: NSS trust store integration for path builder.

net/cert/internal/path_builder.h

Index: net/cert/internal/path_builder.h
diff --git a/net/cert/internal/path_builder.h b/net/cert/internal/path_builder.h
index f08ad1275f6cec90ed518b78e9c64843c9785b1e..94dc184d0e15b3b6cf4940c6fe26029a99dfdcc4 100644
--- a/net/cert/internal/path_builder.h
+++ b/net/cert/internal/path_builder.h
@@ -98,19 +98,26 @@ class NET_EXPORT CertPathBuilder {
   // The caller must keep |trust_store|, |signature_policy|, and |*result| valid
   // for the lifetime of the CertPathBuilder.
   CertPathBuilder(scoped_refptr<ParsedCertificate> cert,
-                  const TrustStore* trust_store,
                   const SignaturePolicy* signature_policy,
                   const der::GeneralizedTime& time,
                   Result* result);
   ~CertPathBuilder();
 
+  // Adds a TrustStore to check if certificates are trust anchors during path
+  // building. Multiple trust stores may be added. Should not be called after
+  // Run is called. The |*trust_store| must remain valid for the lifetime of the
+  // CertPathBuilder.
+  //
+  // (If no trust stores are added, verification will fail.)
+  void AddTrustStore(TrustStore* trust_store);
+
   // Adds a CertIssuerSource to provide intermediates for use in path building.
   // Multiple sources may be added. Must not be called after Run is called.
   // The |*cert_issuer_source| must remain valid for the lifetime of the
   // CertPathBuilder.
   //
   // (If no issuer sources are added, the target certificate will only verify if
-  // it is a trust anchor or is directly signed by a trust anchor.)
+  // it is a trust anchor.)
   void AddCertIssuerSource(CertIssuerSource* cert_issuer_source);
 
   // Begins verification of the target certificate.
@@ -150,7 +157,6 @@ class NET_EXPORT CertPathBuilder {
   base::Closure callback_;
 
   std::unique_ptr<CertPathIter> cert_path_iter_;
-  const TrustStore* trust_store_;
   const SignaturePolicy* signature_policy_;
   const der::GeneralizedTime time_;