fix: update

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
notaryproject · Sep 18, 2024 · cf4bb29 · cf4bb29
1 parent 0653b0b
commit cf4bb29
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/revocation/crl/cache/cache.go b/revocation/crl/cache/cache.go
@@ -36,6 +36,9 @@ import (
 const (
 	// DefaultMaxAge is the default maximum age of the CRLs cache.
 	// If the CRL is older than DefaultMaxAge, it will be considered as expired.
+	//
+	// reference: Baseline Requirements for Code-Signing Certificates
+	// 4.9.7 CRL issuance frequency: https://cabforum.org/uploads/Baseline-Requirements-for-the-Issuance-and-Management-of-Code-Signing.v3.9.pdf
 	DefaultMaxAge = 24 * 7 * time.Hour
 )
 

diff --git a/revocation/crl/fetcher/fetcher.go b/revocation/crl/fetcher/fetcher.go
@@ -28,10 +28,10 @@ import (
 	"github.com/notaryproject/notation-core-go/revocation/crl/cache"
 )
 
-// maxCRLSize is the maximum size of CRL in bytes
+// MaxCRLSize is the maximum size of CRL in bytes
 //
 // CRL examples: https://chasersystems.com/blog/an-analysis-of-certificate-revocation-list-sizes/
-const maxCRLSize = 32 * 1024 * 1024 // 32 MiB
+const MaxCRLSize = 32 * 1024 * 1024 // 32 MiB
 
 // Fetcher is an interface that specifies methods used for fetching CRL
 // from the given URL
@@ -135,12 +135,12 @@ func download(ctx context.Context, crlURL string, client *http.Client) (bundle *
 		return nil, fmt.Errorf("failed to download with status code: %d", resp.StatusCode)
 	}
 	// read with size limit
-	data, err := io.ReadAll(io.LimitReader(resp.Body, maxCRLSize))
+	data, err := io.ReadAll(io.LimitReader(resp.Body, MaxCRLSize))
 	if err != nil {
 		return nil, fmt.Errorf("failed to read CRL response: %w", err)
 	}
-	if len(data) == maxCRLSize {
-		return nil, fmt.Errorf("CRL size exceeds the limit: %d", maxCRLSize)
+	if len(data) == MaxCRLSize {
+		return nil, fmt.Errorf("CRL size exceeds the limit: %d", MaxCRLSize)
 	}
 
 	// parse CRL and create bundle

diff --git a/revocation/crl/fetcher/fetcher_test.go b/revocation/crl/fetcher/fetcher_test.go
@@ -215,7 +215,7 @@ func TestDownload(t *testing.T) {
 
 	t.Run("exceed the size limit", func(t *testing.T) {
 		_, err := download(context.Background(), "http://example.com", &http.Client{
-			Transport: expectedRoundTripperMock{Body: make([]byte, maxCRLSize+1)},
+			Transport: expectedRoundTripperMock{Body: make([]byte, MaxCRLSize+1)},
 		})
 		if err == nil {
 			t.Fatal("expected error")