def _fetch_ocsp_response(self, ocsp_request, cert, do_retry=True):
"""
Fetch OCSP response using OCSPRequest
"""
ocsp_url = self.extract_ocsp_url(cert)
if not ocsp_url:
return None
actual_method = 'post' if self._use_post_method else 'get'
if SnowflakeOCSP.OCSP_CACHE.RETRY_URL_PATTERN:
# no POST is supported for Retry URL at the moment.
actual_method = 'get'
if actual_method == 'get':
b64data = self.decode_ocsp_request_b64(ocsp_request)
target_url = SnowflakeOCSP.OCSP_CACHE.generate_get_url(
ocsp_url, b64data)
payload = None
headers = None
else:
target_url = ocsp_url
payload = self.decode_ocsp_request(ocsp_request)
headers = {'Content-Type': 'application/ocsp-request'}
ret = None
logger.debug('url: %s', target_url)
with requests.Session() as session:
session.mount('http://', adapters.HTTPAdapter(max_retries=5))
session.mount('https://', adapters.HTTPAdapter(max_retries=5))
max_retry = 30 if do_retry else 1
sleep_time = 1
backoff = DecorrelateJitterBackoff(sleep_time, 16)
for attempt in range(max_retry):
response = session.request(
headers=headers,
method=actual_method,
url=target_url,
timeout=30,
data=payload,
)
if response.status_code == OK:
logger.debug(
"OCSP response was successfully returned from OCSP "
"server.")
ret = response.content
break
elif max_retry > 1:
sleep_time = backoff.next_sleep(sleep_time)
logger.debug("OCSP server returned %s. Retrying in %s(s)",
response.status_code, sleep_time)
time.sleep(sleep_time)
else:
logger.error("Failed to get OCSP response after %s attempt.",
max_retry)
raise OperationalError(
msg="Failed to get OCSP response after {) attempt.".format(
max_retry),
errno=ER_INVALID_OCSP_RESPONSE)
return ret
def _fetch_ocsp_response(req, cert, do_retry=True):
"""
Fetch OCSP response using OCSPRequest
"""
global SF_OCSP_RESPONSE_CACHE_SERVER_RETRY_URL_PATTERN
max_retry = 100 if do_retry else 1
data = req.dump() # convert to DER
b64data = b64encode(data).decode('ascii')
urls = cert.ocsp_urls
ocsp_url = urls[0]
if SF_OCSP_RESPONSE_CACHE_SERVER_RETRY_URL_PATTERN:
parsed_url = urlsplit(ocsp_url)
target_url = SF_OCSP_RESPONSE_CACHE_SERVER_RETRY_URL_PATTERN.format(
parsed_url.hostname, b64data
)
else:
target_url = u"{0}/{1}".format(ocsp_url, b64data)
ret = None
logger.debug('url: %s', target_url)
with requests.Session() as session:
session.mount('http://', adapters.HTTPAdapter(max_retries=5))
session.mount('https://', adapters.HTTPAdapter(max_retries=5))
global PROXIES
for attempt in range(max_retry):
response = session.get(
target_url,
proxies=PROXIES,
timeout=30)
if response.status_code == OK:
logger.debug(
"OCSP response was successfully returned from OCSP server.")
ret = response.content
break
elif max_retry > 1:
wait_time = 2 ** attempt
wait_time = 16 if wait_time > 16 else wait_time
logger.debug("OCSP server returned %s. Retrying in %s(s)",
response.status_code, wait_time)
time.sleep(wait_time)
else:
logger.error("Failed to get OCSP response after %s attempt.",
max_retry)
raise OperationalError(
msg="Failed to get OCSP response after {) attempt.".format(
max_retry),
errno=ER_INVALID_OCSP_RESPONSE
)
return ret
def _fetch_ocsp_response(req, cert, do_retry=True):
"""
Fetch OCSP response using OCSPRequest
"""
urls = cert.ocsp_urls
parsed_url = urlsplit(urls[0]) # urls is guaranteed to have OCSP URL
max_retry = 100 if do_retry else 1
data = req.dump() # convert to DER
headers = {
'Content-Type': 'application/ocsp-request',
'Content-Length': '{0}'.format(len(data)),
'Host': parsed_url.hostname,
}
ret = None
with requests.Session() as session:
session.mount('http://', adapters.HTTPAdapter(max_retries=5))
session.mount('https://', adapters.HTTPAdapter(max_retries=5))
global PROXIES
for attempt in range(max_retry):
response = session.post(urls[0],
headers=headers,
proxies=PROXIES,
data=data,
timeout=30)
if response.status_code == OK:
logger.debug("OCSP response was successfully returned from "
"OCSP server.")
ret = response.content
break
elif max_retry > 1:
wait_time = 2**attempt
wait_time = 16 if wait_time > 16 else wait_time
logger.debug("OCSP server returned %s. Retrying in %s(s)",
response.status_code, wait_time)
time.sleep(wait_time)
else:
logger.error("Failed to get OCSP response after %s attempt.",
max_retry)
raise OperationalError(
msg="Failed to get OCSP response after {) attempt.".format(
max_retry),
errno=ER_INVALID_OCSP_RESPONSE)
return ret
def _download_ocsp_response_cache(url, do_retry=True):
"""
Download OCSP response cache from the cache server
:param url: OCSP response cache server
:param do_retry: retry if connection fails up to N times
"""
global PROXIES
max_retry = 100 if do_retry else 1
ocsp_validation_cache = {}
try:
start_time = time.time()
logger.debug("started downloading OCSP response cache file")
with requests.Session() as session:
session.mount('http://', adapters.HTTPAdapter(max_retries=5))
session.mount('https://', adapters.HTTPAdapter(max_retries=5))
for attempt in range(max_retry):
response = session.request(
method=u'get',
url=url,
proxies=PROXIES,
timeout=10, # socket timeout
verify=True, # for HTTPS (future use)
)
if response.status_code == OK:
_decode_ocsp_response_cache(response.json(),
ocsp_validation_cache)
elapsed_time = time.time() - start_time
logger.debug(
"ended downloading OCSP response cache file. "
"elapsed time: %ss", elapsed_time)
break
elif max_retry > 1:
wait_time = 2**attempt
wait_time = 16 if wait_time > 16 else wait_time
logger.debug("OCSP server returned %s. Retrying in %s(s)",
response.status_code, wait_time)
time.sleep(wait_time)
else:
logger.error("Failed to get OCSP response after %s attempt.",
max_retry)
except Exception as e:
logger.debug("Failed to get OCSP response cache from %s: %s", url, e)
return ocsp_validation_cache
def _download_ocsp_response_cache(ocsp, url, do_retry=True):
"""
Download OCSP response cache from the cache server
:param url: OCSP response cache server
:param do_retry: retry if connection fails up to N times
"""
try:
start_time = time.time()
logger.debug("started downloading OCSP response cache file")
with requests.Session() as session:
session.mount('http://', adapters.HTTPAdapter(max_retries=5))
session.mount('https://', adapters.HTTPAdapter(max_retries=5))
max_retry = 30 if do_retry else 1
sleep_time = 1
backoff = DecorrelateJitterBackoff(sleep_time, 16)
for attempt in range(max_retry):
response = session.get(
url,
timeout=10, # socket timeout
)
if response.status_code == OK:
ocsp.decode_ocsp_response_cache(response.json())
elapsed_time = time.time() - start_time
logger.debug(
"ended downloading OCSP response cache file. "
"elapsed time: %ss", elapsed_time)
break
elif max_retry > 1:
sleep_time = backoff.next_sleep(sleep_time)
logger.debug(
"OCSP server returned %s. Retrying in %s(s)",
response.status_code, sleep_time)
time.sleep(sleep_time)
else:
logger.error(
"Failed to get OCSP response after %s attempt.",
max_retry)
except Exception as e:
logger.debug("Failed to get OCSP response cache from %s: %s", url,
e)
def __init__(self):
super(CustomPynamoSession, self).__init__()
self.mount('http://', adapters.HTTPAdapter(pool_maxsize=100))