fix: update

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
notaryproject · Sep 14, 2024 · f4400ac · f4400ac
1 parent 982561e
commit f4400ac
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 29 deletions.
diff --git a/revocation/internal/crl/crl.go b/revocation/internal/crl/crl.go
@@ -26,12 +26,10 @@ import (
 	"net/url"
 	"time"
 
+	"github.com/notaryproject/notation-core-go/revocation/internal/revocation"
 	"github.com/notaryproject/notation-core-go/revocation/result"
 )
 
-// RevocationMethodCRL represents the CRL revocation method
-const RevocationMethodCRL int = 2
-
 var (
 	// oidFreshestCRL is the object identifier for the distribution point
 	// for the delta CRL. (See RFC 5280, Section 5.2.6)
@@ -75,10 +73,10 @@ func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts C
 		return &result.CertRevocationResult{
 			Result: result.ResultNonRevokable,
 			ServerResults: []*result.ServerResult{{
-				RevocationMethod: RevocationMethodCRL,
+				RevocationMethod: revocation.MethodCRL,
 				Result:           result.ResultNonRevokable,
 			}},
-			RevocationMethod: RevocationMethodCRL,
+			RevocationMethod: revocation.MethodCRL,
 		}
 	}
 
@@ -90,11 +88,11 @@ func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts C
 	// point with one CRL URI, which will be cached, so checking all the URIs is
 	// not a performance issue.
 	var (
-		serverResults = make([]*result.ServerResult, len(cert.CRLDistributionPoints))
+		serverResults = make([]*result.ServerResult, 0, len(cert.CRLDistributionPoints))
 		lastErr       error
 		crlURL        string
 	)
-	for i, crlURL := range cert.CRLDistributionPoints {
+	for _, crlURL := range cert.CRLDistributionPoints {
 		baseCRL, err := download(ctx, crlURL, opts.HTTPClient)
 		if err != nil {
 			lastErr = fmt.Errorf("failed to download CRL from %s: %w", crlURL, err)
@@ -115,11 +113,11 @@ func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts C
 			return &result.CertRevocationResult{
 				Result:           result.ResultRevoked,
 				ServerResults:    []*result.ServerResult{crlResult},
-				RevocationMethod: RevocationMethodCRL,
+				RevocationMethod: revocation.MethodCRL,
 			}
 		}
 
-		serverResults[i] = crlResult
+		serverResults = append(serverResults, crlResult)
 	}
 
 	if lastErr != nil {
@@ -130,16 +128,16 @@ func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts C
 					Result:           result.ResultUnknown,
 					Server:           crlURL,
 					Error:            lastErr,
-					RevocationMethod: RevocationMethodCRL,
+					RevocationMethod: revocation.MethodCRL,
 				}},
-			RevocationMethod: RevocationMethodCRL,
+			RevocationMethod: revocation.MethodCRL,
 		}
 	}
 
 	return &result.CertRevocationResult{
 		Result:           result.ResultOK,
 		ServerResults:    serverResults,
-		RevocationMethod: RevocationMethodCRL,
+		RevocationMethod: revocation.MethodCRL,
 	}
 }
 
@@ -208,15 +206,15 @@ func checkRevocation(cert *x509.Certificate, baseCRL *x509.RevocationList, signi
 			return &result.ServerResult{
 				Result:           result.ResultRevoked,
 				Server:           crlURL,
-				RevocationMethod: RevocationMethodCRL,
+				RevocationMethod: revocation.MethodCRL,
 			}, nil
 		}
 	}
 
 	return &result.ServerResult{
 		Result:           result.ResultOK,
 		Server:           crlURL,
-		RevocationMethod: RevocationMethodCRL,
+		RevocationMethod: revocation.MethodCRL,
 	}, nil
 }
 

diff --git a/revocation/internal/ocsp/ocsp.go b/revocation/internal/ocsp/ocsp.go
@@ -30,13 +30,11 @@ import (
 	"strings"
 	"time"
 
+	"github.com/notaryproject/notation-core-go/revocation/internal/revocation"
 	"github.com/notaryproject/notation-core-go/revocation/result"
 	"golang.org/x/crypto/ocsp"
 )
 
-// RevocationMethodOCSP represents the OCSP revocation method
-const RevocationMethodOCSP int = 1
-
 // CertCheckStatusOptions specifies values that are needed to check OCSP revocation
 type CertCheckStatusOptions struct {
 	// HTTPClient is the HTTP client used to perform the OCSP request
@@ -61,7 +59,7 @@ func CertCheckStatus(cert, issuer *x509.Certificate, opts CertCheckStatusOptions
 		return &result.CertRevocationResult{
 			Result:           result.ResultNonRevokable,
 			ServerResults:    []*result.ServerResult{toServerResult("", NoServerError{})},
-			RevocationMethod: RevocationMethodOCSP,
+			RevocationMethod: revocation.MethodOCSP,
 		}
 	}
 	ocspURLs := cert.OCSPServer
@@ -232,14 +230,14 @@ func toServerResult(server string, err error) *result.ServerResult {
 		// and TimeoutError
 		serverResult = result.NewServerResult(result.ResultUnknown, server, t)
 	}
-	serverResult.RevocationMethod = RevocationMethodOCSP
+	serverResult.RevocationMethod = revocation.MethodOCSP
 	return serverResult
 }
 
 func serverResultsToCertRevocationResult(serverResults []*result.ServerResult) *result.CertRevocationResult {
 	return &result.CertRevocationResult{
 		Result:           serverResults[len(serverResults)-1].Result,
 		ServerResults:    serverResults,
-		RevocationMethod: RevocationMethodOCSP,
+		RevocationMethod: revocation.MethodOCSP,
 	}
 }
diff --git a/revocation/internal/revocation/method.go b/revocation/internal/revocation/method.go
@@ -0,0 +1,49 @@
+// Copyright The Notary Project Authors.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package revocation
+
+type Method int
+
+const (
+	// MethodUnknown is used for root certificates or when the method
+	// used to check the revocation status of a certificate is unknown.
+	MethodUnknown Method = iota
+
+	// MethodOCSP represents OCSP as the method used to check the
+	// revocation status of a certificate
+	MethodOCSP
+
+	// MethodCRL represents CRL as the method used to check the
+	// revocation status of a certificate
+	MethodCRL
+
+	// MethodOCSPFallbackCRL represents OCSP check with unknown error
+	// fallback to CRL as the method used to check the revocation status of a
+	// certificate
+	MethodOCSPFallbackCRL
+)
+
+// String provides a conversion from a Method to a string
+func (m Method) String() string {
+	switch m {
+	case MethodOCSP:
+		return "OCSP"
+	case MethodCRL:
+		return "CRL"
+	case MethodOCSPFallbackCRL:
+		return "OCSPFallbackCRL"
+	default:
+		return "Unknown"
+	}
+}
diff --git a/revocation/method.go b/revocation/method.go
@@ -14,25 +14,26 @@
 package revocation
 
 import (
-	"github.com/notaryproject/notation-core-go/revocation/internal/crl"
-	"github.com/notaryproject/notation-core-go/revocation/internal/ocsp"
+	internalrevocation "github.com/notaryproject/notation-core-go/revocation/internal/revocation"
 )
 
+type Method = internalrevocation.Method
+
 const (
 	// MethodUnknown is used for root certificates or when the method
 	// used to check the revocation status of a certificate is unknown.
-	MethodUnknown int = 0
+	MethodUnknown = internalrevocation.MethodUnknown
 
 	// MethodOCSP represents OCSP as the method used to check the
 	// revocation status of a certificate
-	MethodOCSP int = ocsp.RevocationMethodOCSP
+	MethodOCSP = internalrevocation.MethodOCSP
 
 	// MethodCRL represents CRL as the method used to check the
 	// revocation status of a certificate
-	MethodCRL int = crl.RevocationMethodCRL
+	MethodCRL = internalrevocation.MethodCRL
 
 	// MethodOCSPFallbackCRL represents OCSP check with unknown error
 	// fallback to CRL as the method used to check the revocation status of a
 	// certificate
-	MethodOCSPFallbackCRL int = 3
+	MethodOCSPFallbackCRL = internalrevocation.MethodOCSPFallbackCRL
 )
diff --git a/revocation/result/results.go b/revocation/result/results.go
@@ -14,7 +14,11 @@
 // Package result provides general objects that are used across revocation
 package result
 
-import "strconv"
+import (
+	"strconv"
+
+	"github.com/notaryproject/notation-core-go/revocation/internal/revocation"
+)
 
 // Result is a type of enumerated value to help characterize revocation result.
 // It can be OK, Unknown, NonRevokable, or Revoked
@@ -74,7 +78,7 @@ type ServerResult struct {
 
 	// RevocationMethod is the method used to check the revocation status of the
 	// certificate, including Unknown(0), MethodOCSP(1), MethodCRL(2)
-	RevocationMethod int
+	RevocationMethod revocation.Method
 }
 
 // NewServerResult creates a ServerResult object from its individual parts: a
@@ -117,5 +121,5 @@ type CertRevocationResult struct {
 	// RevocationMethod is the method used to check the revocation status of the
 	// certificate, including Unknown(0), MethodOCSP(1), MethodCRL(2) and
 	// OCSPFallbackCRL(3)
-	RevocationMethod int
+	RevocationMethod revocation.Method
 }