fix: update

Signed-off-by: Junjie Gao <[email protected]>
notaryproject · Sep 14, 2024 · c6132af · c6132af
1 parent deec55e
commit c6132af
Show file tree

Hide file tree

Showing 9 changed files with 112 additions and 191 deletions.
diff --git a/revocation/internal/crl/crl.go b/revocation/internal/crl/crl.go
@@ -26,7 +26,6 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/notaryproject/notation-core-go/revocation/internal/revocation"
 	"github.com/notaryproject/notation-core-go/revocation/result"
 )
 
@@ -73,10 +72,10 @@ func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts C
 		return &result.CertRevocationResult{
 			Result: result.ResultNonRevokable,
 			ServerResults: []*result.ServerResult{{
-				RevocationMethod: revocation.MethodCRL,
+				RevocationMethod: result.RevocationMethodCRL,
 				Result:           result.ResultNonRevokable,
 			}},
-			RevocationMethod: revocation.MethodCRL,
+			RevocationMethod: result.RevocationMethodCRL,
 		}
 	}
 
@@ -113,7 +112,7 @@ func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts C
 			return &result.CertRevocationResult{
 				Result:           result.ResultRevoked,
 				ServerResults:    []*result.ServerResult{crlResult},
-				RevocationMethod: revocation.MethodCRL,
+				RevocationMethod: result.RevocationMethodCRL,
 			}
 		}
 
@@ -128,16 +127,16 @@ func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts C
 					Result:           result.ResultUnknown,
 					Server:           crlURL,
 					Error:            lastErr,
-					RevocationMethod: revocation.MethodCRL,
+					RevocationMethod: result.RevocationMethodCRL,
 				}},
-			RevocationMethod: revocation.MethodCRL,
+			RevocationMethod: result.RevocationMethodCRL,
 		}
 	}
 
 	return &result.CertRevocationResult{
 		Result:           result.ResultOK,
 		ServerResults:    serverResults,
-		RevocationMethod: revocation.MethodCRL,
+		RevocationMethod: result.RevocationMethodCRL,
 	}
 }
 
@@ -206,15 +205,15 @@ func checkRevocation(cert *x509.Certificate, baseCRL *x509.RevocationList, signi
 			return &result.ServerResult{
 				Result:           result.ResultRevoked,
 				Server:           crlURL,
-				RevocationMethod: revocation.MethodCRL,
+				RevocationMethod: result.RevocationMethodCRL,
 			}, nil
 		}
 	}
 
 	return &result.ServerResult{
 		Result:           result.ResultOK,
 		Server:           crlURL,
-		RevocationMethod: revocation.MethodCRL,
+		RevocationMethod: result.RevocationMethodCRL,
 	}, nil
 }
 

diff --git a/revocation/internal/ocsp/ocsp.go b/revocation/internal/ocsp/ocsp.go
@@ -30,7 +30,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/notaryproject/notation-core-go/revocation/internal/revocation"
 	"github.com/notaryproject/notation-core-go/revocation/result"
 	"golang.org/x/crypto/ocsp"
 )
@@ -59,7 +58,7 @@ func CertCheckStatus(cert, issuer *x509.Certificate, opts CertCheckStatusOptions
 		return &result.CertRevocationResult{
 			Result:           result.ResultNonRevokable,
 			ServerResults:    []*result.ServerResult{toServerResult("", NoServerError{})},
-			RevocationMethod: revocation.MethodOCSP,
+			RevocationMethod: result.RevocationMethodOCSP,
 		}
 	}
 	ocspURLs := cert.OCSPServer
@@ -230,14 +229,14 @@ func toServerResult(server string, err error) *result.ServerResult {
 		// and TimeoutError
 		serverResult = result.NewServerResult(result.ResultUnknown, server, t)
 	}
-	serverResult.RevocationMethod = revocation.MethodOCSP
+	serverResult.RevocationMethod = result.RevocationMethodOCSP
 	return serverResult
 }
 
 func serverResultsToCertRevocationResult(serverResults []*result.ServerResult) *result.CertRevocationResult {
 	return &result.CertRevocationResult{
 		Result:           serverResults[len(serverResults)-1].Result,
 		ServerResults:    serverResults,
-		RevocationMethod: revocation.MethodOCSP,
+		RevocationMethod: result.RevocationMethodOCSP,
 	}
 }
diff --git a/revocation/internal/revocation/method.go b/revocation/internal/revocation/method.go
diff --git a/revocation/internal/revocation/method_test.go b/revocation/internal/revocation/method_test.go
diff --git a/revocation/method.go b/revocation/method.go
diff --git a/revocation/result/results.go b/revocation/result/results.go
@@ -14,11 +14,7 @@
 // Package result provides general objects that are used across revocation
 package result
 
-import (
-	"strconv"
-
-	"github.com/notaryproject/notation-core-go/revocation/internal/revocation"
-)
+import "strconv"
 
 // Result is a type of enumerated value to help characterize revocation result.
 // It can be OK, Unknown, NonRevokable, or Revoked
@@ -60,6 +56,43 @@ func (r Result) String() string {
 	}
 }
 
+// RevocationMethod defines the method used to check the revocation status of a
+// certificate.
+type RevocationMethod int
+
+const (
+	// RevocationMethodUnknown is used for root certificates or when the method
+	// used to check the revocation status of a certificate is unknown.
+	RevocationMethodUnknown RevocationMethod = iota
+
+	// RevocationMethodOCSP represents OCSP as the method used to check the
+	// revocation status of a certificate.
+	RevocationMethodOCSP
+
+	// RevocationMethodCRL represents CRL as the method used to check the
+	// revocation status of a certificate.
+	RevocationMethodCRL
+
+	// RevocationMethodOCSPFallbackCRL represents OCSP check with unknown error
+	// fallback to CRL as the method used to check the revocation status of a
+	// certificate.
+	RevocationMethodOCSPFallbackCRL
+)
+
+// String provides a conversion from a Method to a string
+func (m RevocationMethod) String() string {
+	switch m {
+	case RevocationMethodOCSP:
+		return "OCSP"
+	case RevocationMethodCRL:
+		return "CRL"
+	case RevocationMethodOCSPFallbackCRL:
+		return "OCSPFallbackCRL"
+	default:
+		return "Unknown"
+	}
+}
+
 // ServerResult encapsulates the OCSP result for a single server or the CRL
 // result for a single CRL URI for a certificate in the chain
 type ServerResult struct {
@@ -78,7 +111,7 @@ type ServerResult struct {
 
 	// RevocationMethod is the method used to check the revocation status of the
 	// certificate, including MethodUnknown, MethodOCSP, MethodCRL
-	RevocationMethod revocation.Method
+	RevocationMethod RevocationMethod
 }
 
 // NewServerResult creates a ServerResult object from its individual parts: a
@@ -121,5 +154,5 @@ type CertRevocationResult struct {
 	// RevocationMethod is the method used to check the revocation status of the
 	// certificate, including MethodUnknown, MethodOCSP, MethodCRL and
 	// MethodOCSPFallbackCRL
-	RevocationMethod revocation.Method
+	RevocationMethod RevocationMethod
 }
diff --git a/revocation/result/results_test.go b/revocation/result/results_test.go
@@ -46,6 +46,27 @@ func TestResultString(t *testing.T) {
 	})
 }
 
+func TestMethodString(t *testing.T) {
+	tests := []struct {
+		method   RevocationMethod
+		expected string
+	}{
+		{RevocationMethodOCSP, "OCSP"},
+		{RevocationMethodCRL, "CRL"},
+		{RevocationMethodOCSPFallbackCRL, "OCSPFallbackCRL"},
+		{RevocationMethod(999), "Unknown"}, // Test for default case
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.expected, func(t *testing.T) {
+			result := tt.method.String()
+			if result != tt.expected {
+				t.Errorf("expected %s, got %s", tt.expected, result)
+			}
+		})
+	}
+}
+
 func TestNewServerResult(t *testing.T) {
 	expectedR := &ServerResult{
 		Result: ResultNonRevokable,

diff --git a/revocation/revocation.go b/revocation/revocation.go
@@ -199,12 +199,12 @@ func (r *revocation) ValidateContext(ctx context.Context, validateContextOpts Va
 
 				ocspResult := ocsp.CertCheckStatus(cert, certChain[i+1], ocspOpts)
 				if ocspResult != nil && ocspResult.Result == result.ResultUnknown && crl.Supported(cert) {
-					// try CRL check if OCSP result is unknown
-					result := crl.CertCheckStatus(ctx, cert, certChain[i+1], crlOpts)
+					// try CRL check if OCSP serverResult is unknown
+					serverResult := crl.CertCheckStatus(ctx, cert, certChain[i+1], crlOpts)
 					// append CRL result to OCSP result
-					result.ServerResults = append(ocspResult.ServerResults, result.ServerResults...)
-					result.RevocationMethod = MethodOCSPFallbackCRL
-					certResults[i] = result
+					serverResult.ServerResults = append(ocspResult.ServerResults, serverResult.ServerResults...)
+					serverResult.RevocationMethod = result.RevocationMethodOCSPFallbackCRL
+					certResults[i] = serverResult
 				} else {
 					certResults[i] = ocspResult
 				}
@@ -230,9 +230,9 @@ func (r *revocation) ValidateContext(ctx context.Context, validateContextOpts Va
 				Result: result.ResultNonRevokable,
 				ServerResults: []*result.ServerResult{{
 					Result:           result.ResultNonRevokable,
-					RevocationMethod: MethodUnknown,
+					RevocationMethod: result.RevocationMethodUnknown,
 				}},
-				RevocationMethod: MethodUnknown,
+				RevocationMethod: result.RevocationMethodUnknown,
 			}
 		}
 	}
@@ -242,9 +242,9 @@ func (r *revocation) ValidateContext(ctx context.Context, validateContextOpts Va
 		Result: result.ResultNonRevokable,
 		ServerResults: []*result.ServerResult{{
 			Result:           result.ResultNonRevokable,
-			RevocationMethod: MethodUnknown,
+			RevocationMethod: result.RevocationMethodUnknown,
 		}},
-		RevocationMethod: MethodUnknown,
+		RevocationMethod: result.RevocationMethodUnknown,
 	}
 	wg.Wait()