updated per code review

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

dir/fs.go

@@ -59,7 +59,7 @@ func PluginFS() SysFS {
 	return NewSysFS(filepath.Join(userLibexecDirPath(), PathPlugins))
 }
 
-// CacheFS is the cache SysFS
-func CacheFS() SysFS {
-	return NewSysFS(userCacheDirPath())
+// CRLFileCacheFS is the crl file cache SysFS
+func CRLFileCacheFS() SysFS {
+	return NewSysFS(filepath.Join(userCacheDirPath(), PathCRLFileCache))
 }

dir/fs_test.go

@@ -73,7 +73,7 @@ func TestPluginFS(t *testing.T) {
 }
 
 func TestCacheFS(t *testing.T) {
-	cacheFS := CacheFS()
+	cacheFS := CRLFileCacheFS()
 	path, err := cacheFS.SysPath()
 	if err != nil {
 		t.Fatalf("SysPath() failed. err = %v", err)

dir/path.go

@@ -78,6 +78,12 @@ const (
 	TrustStoreDir = "truststore"
 )
 
+// The relative path to {NOTATION_CACHE}
+const (
+	// PathCRLFileCache is the crl file cache directory relative path.
+	PathCRLFileCache = "crl"
+)
+
 // for unit tests
 var (
 	userConfigDir = os.UserConfigDir

verifier/crl/crl.go

@@ -60,11 +60,11 @@ type FileCache struct {
 
 // fileCacheContent is the actual content saved in a FileCache
 type fileCacheContent struct {
-	// RawBaseCRL is baseCRL.Raw
-	RawBaseCRL []byte `json:"rawBaseCRL"`
+	// BaseCRL is the ASN.1 encoded base CRL
+	BaseCRL []byte `json:"baseCRL"`
 
-	// RawDeltaCRL is deltaCRL.Raw
-	RawDeltaCRL []byte `json:"rawDeltaCRL,omitempty"`
+	// DeltaCRL is the ASN.1 encoded delta CRL
+	DeltaCRL []byte `json:"deltaCRL,omitempty"`
 }
 
 // NewFileCache creates a FileCache with root as the root directory
@@ -101,12 +101,12 @@ func (c *FileCache) Get(ctx context.Context, url string) (*corecrl.Bundle, error
 		return nil, fmt.Errorf("failed to decode file retrieved from file cache: %w", err)
 	}
 	var bundle corecrl.Bundle
-	bundle.BaseCRL, err = x509.ParseRevocationList(content.RawBaseCRL)
+	bundle.BaseCRL, err = x509.ParseRevocationList(content.BaseCRL)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse base CRL of file retrieved from file cache: %w", err)
 	}
-	if content.RawDeltaCRL != nil {
-		bundle.DeltaCRL, err = x509.ParseRevocationList(content.RawDeltaCRL)
+	if content.DeltaCRL != nil {
+		bundle.DeltaCRL, err = x509.ParseRevocationList(content.DeltaCRL)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse delta CRL of file retrieved from file cache: %w", err)
 		}
@@ -140,17 +140,19 @@ func (c *FileCache) Set(ctx context.Context, url string, bundle *corecrl.Bundle)
 
 	// actual content to be saved in the cache
 	content := fileCacheContent{
-		RawBaseCRL: bundle.BaseCRL.Raw,
+		BaseCRL: bundle.BaseCRL.Raw,
 	}
 	if bundle.DeltaCRL != nil {
-		content.RawDeltaCRL = bundle.DeltaCRL.Raw
+		content.DeltaCRL = bundle.DeltaCRL.Raw
 	}
 
 	// save content to tmp file
 	tmpFile, err := os.CreateTemp("", tmpFileName)
 	if err != nil {
 		return fmt.Errorf("failed to store crl bundle in file cache: failed to create temp file: %w", err)
 	}
+	defer os.Remove(tmpFile.Name())
+	defer tmpFile.Close()
 	err = json.NewEncoder(tmpFile).Encode(content)
 	if err != nil {
 		return fmt.Errorf("failed to store crl bundle in file cache: failed to encode content: %w", err)

verifier/crl/crl_test.go

@@ -188,7 +188,7 @@ func TestGetFailed(t *testing.T) {
 
 	t.Run("empty RawBaseCRL of content", func(t *testing.T) {
 		content := fileCacheContent{
-			RawBaseCRL: []byte{},
+			BaseCRL: []byte{},
 		}
 		b, err := json.Marshal(content)
 		if err != nil {
@@ -207,7 +207,7 @@ func TestGetFailed(t *testing.T) {
 
 	t.Run("invalid RawBaseCRL of content", func(t *testing.T) {
 		content := fileCacheContent{
-			RawBaseCRL: []byte("invalid"),
+			BaseCRL: []byte("invalid"),
 		}
 		b, err := json.Marshal(content)
 		if err != nil {
@@ -226,8 +226,8 @@ func TestGetFailed(t *testing.T) {
 
 	t.Run("invalid RawDeltaCRL of content", func(t *testing.T) {
 		content := fileCacheContent{
-			RawBaseCRL:  baseCRL.Raw,
-			RawDeltaCRL: []byte("invalid"),
+			BaseCRL:  baseCRL.Raw,
+			DeltaCRL: []byte("invalid"),
 		}
 		b, err := json.Marshal(content)
 		if err != nil {