Design policy interface
It would be nice to be able to support different CT policies, ranging from simple ones (like "just require a single embedded SCT") to more complex ones (e.g., the Google Chrome policy or one that fetches proofs).
Here's an initial idea:
// Package policy provides abstractions to check if an X.509 certificate is
// compliant with a given certificate transparency log policy
package policy
import (
"crypto/x509"
)
// Policy represents a certificate transparency policy. It should be used to
// verify whether a certificate is compliant by calling the Check() method.
type Policy interface {
// Check checks if a certificate is compliant with the certificate
// transparency policy that is implemented by this interface. The
// specified chain to verify has its leaf certificate at index 0. It is
// up to implementors of this interface to define options, if any.
Check(chain []x509.Certificate, options any) error
}
Might need a context as well if we're anticipating potential network calls and similar.