[LSC] Convert all Lints to CertificateLints

v3/lints/apple/lint_ct_sct_policy_count_unsatisfied.go

@@ -27,13 +27,15 @@ import (
 type sctPolicyCount struct{}
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "w_ct_sct_policy_count_unsatisfied",
-		Description:   "Check if certificate has enough embedded SCTs to meet Apple CT Policy",
-		Citation:      "https://support.apple.com/en-us/HT205280",
-		Source:        lint.AppleRootStorePolicy,
-		EffectiveDate: util.AppleCTPolicyDate,
-		Lint:          NewSctPolicyCount,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "w_ct_sct_policy_count_unsatisfied",
+			Description:   "Check if certificate has enough embedded SCTs to meet Apple CT Policy",
+			Citation:      "https://support.apple.com/en-us/HT205280",
+			Source:        lint.AppleRootStorePolicy,
+			EffectiveDate: util.AppleCTPolicyDate,
+		},
+		Lint: NewSctPolicyCount,
 	})
 }
 

v3/lints/apple/lint_e_server_cert_valid_time_longer_than_398_days.go

@@ -25,14 +25,16 @@ import (
 type serverCertValidityTooLong struct{}
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name: "e_tls_server_cert_valid_time_longer_than_398_days",
-		Description: "TLS server certificates issued on or after September 1, 2020 " +
-			"00:00 GMT/UTC must not have a validity period greater than 398 days",
-		Citation:      "https://support.apple.com/en-us/HT211025",
-		Source:        lint.AppleRootStorePolicy,
-		EffectiveDate: util.AppleReducedLifetimeDate,
-		Lint:          NewServerCertValidityTooLong,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name: "e_tls_server_cert_valid_time_longer_than_398_days",
+			Description: "TLS server certificates issued on or after September 1, 2020 " +
+				"00:00 GMT/UTC must not have a validity period greater than 398 days",
+			Citation:      "https://support.apple.com/en-us/HT211025",
+			Source:        lint.AppleRootStorePolicy,
+			EffectiveDate: util.AppleReducedLifetimeDate,
+		},
+		Lint: NewServerCertValidityTooLong,
 	})
 }
 

v3/lints/apple/lint_w_server_cert_valid_time_longer_than_397_days.go

@@ -25,14 +25,16 @@ import (
 type serverCertValidityAlmostTooLong struct{}
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name: "w_tls_server_cert_valid_time_longer_than_397_days",
-		Description: "TLS server certificates issued on or after September 1, 2020 " +
-			"00:00 GMT/UTC should not have a validity period greater than 397 days",
-		Citation:      "https://support.apple.com/en-us/HT211025",
-		Source:        lint.AppleRootStorePolicy,
-		EffectiveDate: util.AppleReducedLifetimeDate,
-		Lint:          NewServerCertValidityAlmostTooLong,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name: "w_tls_server_cert_valid_time_longer_than_397_days",
+			Description: "TLS server certificates issued on or after September 1, 2020 " +
+				"00:00 GMT/UTC should not have a validity period greater than 397 days",
+			Citation:      "https://support.apple.com/en-us/HT211025",
+			Source:        lint.AppleRootStorePolicy,
+			EffectiveDate: util.AppleReducedLifetimeDate,
+		},
+		Lint: NewServerCertValidityAlmostTooLong,
 	})
 }
 

v3/lints/cabf_br/lint_ca_common_name_missing.go

@@ -23,13 +23,15 @@ import (
 type caCommonNameMissing struct{}
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_common_name_missing",
-		Description:   "CA Certificates common name MUST be included.",
-		Citation:      "BRs: 7.1.4.3.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABV148Date,
-		Lint:          NewCaCommonNameMissing,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_common_name_missing",
+			Description:   "CA Certificates common name MUST be included.",
+			Citation:      "BRs: 7.1.4.3.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABV148Date,
+		},
+		Lint: NewCaCommonNameMissing,
 	})
 }
 

v3/lints/cabf_br/lint_ca_country_name_invalid.go

@@ -31,13 +31,15 @@ in which the CA’s place	of business	is located.
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_country_name_invalid",
-		Description:   "Root and Subordinate CA certificates MUST have a two-letter country code specified in ISO 3166-1",
-		Citation:      "BRs: 7.1.2.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaCountryNameInvalid,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_country_name_invalid",
+			Description:   "Root and Subordinate CA certificates MUST have a two-letter country code specified in ISO 3166-1",
+			Citation:      "BRs: 7.1.2.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaCountryNameInvalid,
 	})
 }
 

v3/lints/cabf_br/lint_ca_country_name_missing.go

@@ -31,13 +31,15 @@ in which the CA’s place	of business	is located.
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_country_name_missing",
-		Description:   "Root and Subordinate CA certificates MUST have a countryName present in subject information",
-		Citation:      "BRs: 7.1.2.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaCountryNameMissing,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_country_name_missing",
+			Description:   "Root and Subordinate CA certificates MUST have a countryName present in subject information",
+			Citation:      "BRs: 7.1.2.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaCountryNameMissing,
 	})
 }
 

v3/lints/cabf_br/lint_ca_crl_sign_not_set.go

@@ -30,13 +30,15 @@ signing OCSP responses, then the digitalSignature bit MUST be set.
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_crl_sign_not_set",
-		Description:   "Root and Subordinate CA certificate keyUsage extension's crlSign bit MUST be set",
-		Citation:      "BRs: 7.1.2.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaCRLSignNotSet,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_crl_sign_not_set",
+			Description:   "Root and Subordinate CA certificate keyUsage extension's crlSign bit MUST be set",
+			Citation:      "BRs: 7.1.2.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaCRLSignNotSet,
 	})
 }
 

v3/lints/cabf_br/lint_ca_digital_signature_not_set.go

@@ -33,13 +33,15 @@ If the Root CA Private Key is used for signing OCSP responses, then the digitalS
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "n_ca_digital_signature_not_set",
-		Description:   "Root and Subordinate CA Certificates that wish to use their private key for signing OCSP responses will not be able to without their digital signature set",
-		Citation:      "BRs: 7.1.2.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaDigSignNotSet,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "n_ca_digital_signature_not_set",
+			Description:   "Root and Subordinate CA Certificates that wish to use their private key for signing OCSP responses will not be able to without their digital signature set",
+			Citation:      "BRs: 7.1.2.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaDigSignNotSet,
 	})
 }
 

v3/lints/cabf_br/lint_ca_is_ca.go

@@ -24,13 +24,15 @@ import (
 type caIsCA struct{}
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_is_ca",
-		Description:   "Root and Sub CA Certificate: The CA field MUST be set to true.",
-		Citation:      "BRs: 7.1.2.1, BRs: 7.1.2.2",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaIsCA,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_is_ca",
+			Description:   "Root and Sub CA Certificate: The CA field MUST be set to true.",
+			Citation:      "BRs: 7.1.2.1, BRs: 7.1.2.2",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaIsCA,
 	})
 }
 

v3/lints/cabf_br/lint_ca_key_cert_sign_not_set.go

@@ -29,13 +29,15 @@ If the Root CA Private Key is used for signing OCSP responses, then the digitalS
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_key_cert_sign_not_set",
-		Description:   "Root CA Certificate: Bit positions for keyCertSign and cRLSign MUST be set.",
-		Citation:      "BRs: 7.1.2.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaKeyCertSignNotSet,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_key_cert_sign_not_set",
+			Description:   "Root CA Certificate: Bit positions for keyCertSign and cRLSign MUST be set.",
+			Citation:      "BRs: 7.1.2.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaKeyCertSignNotSet,
 	})
 }
 

v3/lints/cabf_br/lint_ca_key_usage_missing.go

@@ -31,13 +31,15 @@ Conforming CAs MUST include this extension in certificates that
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_key_usage_missing",
-		Description:   "Root and Subordinate CA certificate keyUsage extension MUST be present",
-		Citation:      "BRs: 7.1.2.1, RFC 5280: 4.2.1.3",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.RFC3280Date,
-		Lint:          NewCaKeyUsageMissing,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_key_usage_missing",
+			Description:   "Root and Subordinate CA certificate keyUsage extension MUST be present",
+			Citation:      "BRs: 7.1.2.1, RFC 5280: 4.2.1.3",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.RFC3280Date,
+		},
+		Lint: NewCaKeyUsageMissing,
 	})
 }
 

v3/lints/cabf_br/lint_ca_key_usage_not_critical.go

@@ -29,13 +29,15 @@ If the Root CA Private Key is used for signing OCSP responses, then the digitalS
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_key_usage_not_critical",
-		Description:   "Root and Subordinate CA certificate keyUsage extension MUST be marked as critical",
-		Citation:      "BRs: 7.1.2.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaKeyUsageNotCrit,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_key_usage_not_critical",
+			Description:   "Root and Subordinate CA certificate keyUsage extension MUST be marked as critical",
+			Citation:      "BRs: 7.1.2.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaKeyUsageNotCrit,
 	})
 }
 

v3/lints/cabf_br/lint_ca_organization_name_missing.go

@@ -28,13 +28,15 @@ The Certificate Subject MUST contain the following: organizationName (OID 2.5.4.
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_ca_organization_name_missing",
-		Description:   "Root and Subordinate CA certificates MUST have a organizationName present in subject information",
-		Citation:      "BRs: 7.1.2.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCaOrganizationNameMissing,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_ca_organization_name_missing",
+			Description:   "Root and Subordinate CA certificates MUST have a organizationName present in subject information",
+			Citation:      "BRs: 7.1.2.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCaOrganizationNameMissing,
 	})
 }
 

v3/lints/cabf_br/lint_cab_dv_conflicts_with_locality.go

@@ -24,13 +24,15 @@ import (
 )
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_cab_dv_conflicts_with_locality",
-		Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, locality name MUST NOT be included in subject",
-		Citation:      "BRs: 7.1.6.1",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCertPolicyConflictsWithLocality,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_cab_dv_conflicts_with_locality",
+			Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, locality name MUST NOT be included in subject",
+			Citation:      "BRs: 7.1.6.1",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCertPolicyConflictsWithLocality,
 	})
 }
 

v3/lints/cabf_br/lint_cab_dv_conflicts_with_org.go

@@ -33,13 +33,15 @@ field.
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_cab_dv_conflicts_with_org",
-		Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, organization name MUST NOT be included in subject",
-		Citation:      "BRs: 7.1.6.4",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCertPolicyConflictsWithOrg,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_cab_dv_conflicts_with_org",
+			Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, organization name MUST NOT be included in subject",
+			Citation:      "BRs: 7.1.6.4",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCertPolicyConflictsWithOrg,
 	})
 }
 

v3/lints/cabf_br/lint_cab_dv_conflicts_with_postal.go

@@ -33,13 +33,15 @@ field.
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_cab_dv_conflicts_with_postal",
-		Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, postalCode MUST NOT be included in subject",
-		Citation:      "BRs: 7.1.6.4",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCertPolicyConflictsWithPostal,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_cab_dv_conflicts_with_postal",
+			Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, postalCode MUST NOT be included in subject",
+			Citation:      "BRs: 7.1.6.4",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCertPolicyConflictsWithPostal,
 	})
 }
 

v3/lints/cabf_br/lint_cab_dv_conflicts_with_province.go

@@ -33,13 +33,15 @@ field.
 ************************************************/
 
 func init() {
-	lint.RegisterLint(&lint.Lint{
-		Name:          "e_cab_dv_conflicts_with_province",
-		Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, stateOrProvinceName MUST NOT be included in subject",
-		Citation:      "BRs: 7.1.6.4",
-		Source:        lint.CABFBaselineRequirements,
-		EffectiveDate: util.CABEffectiveDate,
-		Lint:          NewCertPolicyConflictsWithProvince,
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_cab_dv_conflicts_with_province",
+			Description:   "If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, stateOrProvinceName MUST NOT be included in subject",
+			Citation:      "BRs: 7.1.6.4",
+			Source:        lint.CABFBaselineRequirements,
+			EffectiveDate: util.CABEffectiveDate,
+		},
+		Lint: NewCertPolicyConflictsWithProvince,
 	})
 }