refactor: minor adjustments

Author: james-d-elliott

protocol/utils.go

@@ -67,6 +67,10 @@ func parseX5C(x5c []any) (x5cs []*x509.Certificate, err error) {
 	return x5cs, nil
 }
 
+// attStatementCertChainVerify allows verifying an attestation statement certificate chain and optionally allows
+// mangling the not after value for purpose of just validating the attestation lineage. If you set mangleNotAfter to
+// true this function should only be considered safe for determining lineage, and not hte validity of a chain in
+// general.
 func attStatementCertChainVerify(certs []*x509.Certificate, roots *x509.CertPool, mangleNotAfter bool, mangleNotAfterSafeTime time.Time) (chains [][]*x509.Certificate, err error) {
 	if len(certs) == 0 {
 		return nil, errors.New("empty chain")
@@ -139,6 +143,9 @@ func certsInsecureNotAfterMangle(certs []*x509.Certificate) (out []*x509.Certifi
 	return out
 }
 
+// This function is used to intentionally but conditionally mangle the certificate not after value to exclude it from
+// the verification process. This should only be used in instances where all you care about is which certificates
+// performed the signing.
 func certInsecureConditionalNotAfterMangle(cert *x509.Certificate, mangle bool, safe time.Time) (out *x509.Certificate) {
 	if !mangle || cert.NotAfter.After(safe) {
 		return cert