From cf4bb29746afd94133a34a506f20a468bffe96fb Mon Sep 17 00:00:00 2001 From: Junjie Gao Date: Wed, 18 Sep 2024 07:35:32 +0000 Subject: [PATCH] fix: update Signed-off-by: Junjie Gao --- revocation/crl/cache/cache.go | 3 +++ revocation/crl/fetcher/fetcher.go | 10 +++++----- revocation/crl/fetcher/fetcher_test.go | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/revocation/crl/cache/cache.go b/revocation/crl/cache/cache.go index 3497f4b6..c7a40a54 100644 --- a/revocation/crl/cache/cache.go +++ b/revocation/crl/cache/cache.go @@ -36,6 +36,9 @@ import ( const ( // DefaultMaxAge is the default maximum age of the CRLs cache. // If the CRL is older than DefaultMaxAge, it will be considered as expired. + // + // reference: Baseline Requirements for Code-Signing Certificates + // 4.9.7 CRL issuance frequency: https://cabforum.org/uploads/Baseline-Requirements-for-the-Issuance-and-Management-of-Code-Signing.v3.9.pdf DefaultMaxAge = 24 * 7 * time.Hour ) diff --git a/revocation/crl/fetcher/fetcher.go b/revocation/crl/fetcher/fetcher.go index 4c9cd55c..76dcd17d 100644 --- a/revocation/crl/fetcher/fetcher.go +++ b/revocation/crl/fetcher/fetcher.go @@ -28,10 +28,10 @@ import ( "github.com/notaryproject/notation-core-go/revocation/crl/cache" ) -// maxCRLSize is the maximum size of CRL in bytes +// MaxCRLSize is the maximum size of CRL in bytes // // CRL examples: https://chasersystems.com/blog/an-analysis-of-certificate-revocation-list-sizes/ -const maxCRLSize = 32 * 1024 * 1024 // 32 MiB +const MaxCRLSize = 32 * 1024 * 1024 // 32 MiB // Fetcher is an interface that specifies methods used for fetching CRL // from the given URL @@ -135,12 +135,12 @@ func download(ctx context.Context, crlURL string, client *http.Client) (bundle * return nil, fmt.Errorf("failed to download with status code: %d", resp.StatusCode) } // read with size limit - data, err := io.ReadAll(io.LimitReader(resp.Body, maxCRLSize)) + data, err := io.ReadAll(io.LimitReader(resp.Body, MaxCRLSize)) if err != nil { return nil, fmt.Errorf("failed to read CRL response: %w", err) } - if len(data) == maxCRLSize { - return nil, fmt.Errorf("CRL size exceeds the limit: %d", maxCRLSize) + if len(data) == MaxCRLSize { + return nil, fmt.Errorf("CRL size exceeds the limit: %d", MaxCRLSize) } // parse CRL and create bundle diff --git a/revocation/crl/fetcher/fetcher_test.go b/revocation/crl/fetcher/fetcher_test.go index 6f9dfcbc..ac423635 100644 --- a/revocation/crl/fetcher/fetcher_test.go +++ b/revocation/crl/fetcher/fetcher_test.go @@ -215,7 +215,7 @@ func TestDownload(t *testing.T) { t.Run("exceed the size limit", func(t *testing.T) { _, err := download(context.Background(), "http://example.com", &http.Client{ - Transport: expectedRoundTripperMock{Body: make([]byte, maxCRLSize+1)}, + Transport: expectedRoundTripperMock{Body: make([]byte, MaxCRLSize+1)}, }) if err == nil { t.Fatal("expected error")