1 // Copyright 2018 Google LLC. All Rights Reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package ctpolicy 16 17 import ( 18 "github.com/google/certificate-transparency-go/loglist3" 19 "github.com/google/certificate-transparency-go/x509" 20 ) 21 22 // AppleCTPolicy implements logic for complying with Apple's CT log policy. 23 type AppleCTPolicy struct{} 24 25 // LogsByGroup describes submission requirements for embedded SCTs according to 26 // https://support.apple.com/en-us/HT205280. Returns an error if it's not 27 // possible to satisfy the policy with the provided loglist. 28 func (appleP AppleCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error) { 29 var incCount int 30 switch m := lifetimeInMonths(cert); { 31 case m < 15: 32 incCount = 2 33 case m <= 27: 34 incCount = 3 35 case m <= 39: 36 incCount = 4 37 default: 38 incCount = 5 39 } 40 baseGroup, err := BaseGroupFor(approved, incCount) 41 if err != nil { 42 return nil, err 43 } 44 groups := LogPolicyData{baseGroup.Name: baseGroup} 45 return groups, nil 46 } 47 48 // Name returns label for the submission policy. 49 func (appleP AppleCTPolicy) Name() string { 50 return "Apple" 51 } 52