Coverage for CABF EVGs SC17 version 7: Alternative Registration Numbers for EV Certificates

[sleevi]

The CABForum adopted SC17 v7, which were adopted in EV Guidelines v1.7.0

This permits the use of the organizationIdentifier field within the Subject, as well as introduces an additional extension to be used to convey the same information in a structured form.

Required Lints

• [ ] #402 - The organizationIdentifier MUST be encoded as a PrintableString or UTF8String
• [ ] #400 #401 - The Registration Scheme MUST be identified using the defined structure
• [ ] The Subject Jurisdiction of Incorporation MUST match the Registration Reference (c.f. "the organization represented by the Registration Reference is the same as the organization named in the organizationName field as specified in Section 9.2.1 within the context of the subject’s jurisdiction as specified in Section 9.2.4;")
• [ ] The cabfOrganizationIdentifier extension MUST be encoded according to the defined ASN.1 module
• [ ] #399 - The cabfOrganizationIdentifier extension MUST be present for certificates issued on or after 2020-01-31
• [ ] #403 - The cabfOrganizationidentifier extension MUST have the same meanings and restrictions described in Section 9.2.8 (i.e. it MUST be consistent with the subject:organizationIdentifier field)
• [ ] #400 - The Registration Scheme MUST be a Registration Scheme defined within Appendix H
• [ ] #404 - If the NTR Registration Scheme is used, then this information MUST be consistent with the Subject Jurisdiction of Incorporation or Registration fields
• [ ] If the PSD Registration Scheme is used, then the information MUST be consistent with a National Competent Authority

[sleevi]

@mtgag Just trying to organize the other PRs.

[mtgag]

Revisiting these issues.

A check on #399 can be set because this is already implemented in lint_ev_organization_id_missing.go.

#400 pull request is also updated.