Seal - Core/com.jermey.seal.core.policy/ChromeCtPolicy

ChromeCtPolicy

class ChromeCtPolicy : CTPolicy(source)

Chrome CT policy implementation.

This policy mirrors Chrome's Certificate Transparency requirements:

  • Certificate lifetime < 180 days → requires ≥ 2 valid SCTs

  • Certificate lifetime ≥ 180 days → requires ≥ 3 valid SCTs

  • Operator diversity: at least 1 SCT must come from a Google-operated log AND at least 1 from a non-Google log.

Important: The Google-specific operator diversity requirement means that certificates with valid SCTs from multiple distinct operators—but none named "Google"—will fail. This can happen for certificates that use only Let's Encrypt, DigiCert, or other non-Google CT logs.

If you don't need Google-specific diversity, consider using AppleCtPolicy instead, which requires only 2 distinct operators (of any type).

See also

Constructors

Link copied to clipboard
constructor()

Functions

Link copied to clipboard
open override fun evaluate(certificateLifetimeDays: Long, sctResults: List<SctVerificationResult>): VerificationResult

Evaluate whether the given SCT verification results satisfy this policy.