JZLint: An open-source lint software for PKI structures

JZLint is an open-source lint software for PKI structures like certificate, revocation lists, and OCSP responses. It is a program that checks whether these structures are compliant to certain rules. Therefore, it can be employed by certification authorities, auditors, PKI software manufactures among others to test whether these structures are valid.

Certification authorities can use it for quality assurance to test their certificates and revocation lists and avoid incident reports. Pre-issuance linting is considered best practice for public CAs Auditors may use it as a tool to test conformance of a CA and software manufacturers to test the creation process of certificate and revocation lists by their software. But other uses cases may exist also.

JZLint is a port of ZLint (https://github.com/zmap/zlint) in Java. It contains most of the lints of the ZLint project and it contains several extensions and further lints. In contrast to ZLint, it contains methods to lint OCSP responses, or lints that consider the issuer of a certificate. It additionally contains lints about code signing certificates and several lints that consider the CAB Forum S/MIME specifications. JZLint is an open-source project. The project is located at: https://github.com/MTG-AG/jzlint. It integrates very well in the Java ecosystem.

Several of the observation during the development of zlint have been reported to the zlint project and are addressed by the project team. ?Also, through testing several issues have been discovered that have also been reported. Parts if this discussion can be found here: https://github.com/zmap/zlint/issues/709. This software has been developed exclusively by MTG AG in Germany.

Possible further developments:

1.??????Enhance the functionality

2.??????Extend the functionality for example with further lints

3.??????Integrate jzlint to a crt.sh