def test_ocsp_bad_validity(): SnowflakeOCSP.clear_cache() environ["SF_OCSP_TEST_MODE"] = "true" environ["SF_TEST_OCSP_FORCE_BAD_RESPONSE_VALIDITY"] = "true" OCSPCache.del_cache_file() ocsp = SFOCSP(use_ocsp_cache_server=False) connection = _openssl_connect("snowflake.okta.com") assert ocsp.validate("snowflake.okta.com", connection), "Connection should have passed with fail open" del environ['SF_OCSP_TEST_MODE'] del environ['SF_TEST_OCSP_FORCE_BAD_RESPONSE_VALIDITY']
def test_ocsp_fail_open_w_single_endpoint(): SnowflakeOCSP.clear_cache() OCSPCache.del_cache_file() environ["SF_OCSP_TEST_MODE"] = "true" environ["SF_TEST_OCSP_URL"] = "http://httpbin.org/delay/10" environ["SF_TEST_CA_OCSP_RESPONDER_CONNECTION_TIMEOUT"] = "5" ocsp = SFOCSP(use_ocsp_cache_server=False) connection = _openssl_connect("snowflake.okta.com") try: assert ocsp.validate("snowflake.okta.com", connection), \ 'Failed to validate: {0}'.format("snowflake.okta.com") finally: del environ['SF_OCSP_TEST_MODE'] del environ['SF_TEST_OCSP_URL'] del environ['SF_TEST_CA_OCSP_RESPONDER_CONNECTION_TIMEOUT']
def test_ocsp_wo_cache_file(): """ OCSP tests without File cache. NOTE: Use /etc as a readonly directory such that no cache file is used. """ # reset the memory cache SnowflakeOCSP.clear_cache() OCSPCache.del_cache_file() environ['SF_OCSP_RESPONSE_CACHE_DIR'] = '/etc' OCSPCache.reset_cache_dir() try: ocsp = SFOCSP() for url in TARGET_HOSTS: connection = _openssl_connect(url) assert ocsp.validate(url, connection), \ 'Failed to validate: {0}'.format(url) finally: del environ['SF_OCSP_RESPONSE_CACHE_DIR'] OCSPCache.reset_cache_dir()
def test_ocsp_fail_close_w_single_endpoint(): SnowflakeOCSP.clear_cache() environ["SF_OCSP_TEST_MODE"] = "true" environ["SF_TEST_OCSP_URL"] = "http://httpbin.org/delay/10" environ["SF_TEST_CA_OCSP_RESPONDER_CONNECTION_TIMEOUT"] = "5" OCSPCache.del_cache_file() ocsp = SFOCSP(use_ocsp_cache_server=False, use_fail_open=False) connection = _openssl_connect("snowflake.okta.com") with pytest.raises(RevocationCheckError) as ex: ocsp.validate("snowflake.okta.com", connection) try: assert ex.value.errno == ER_INVALID_OCSP_RESPONSE_CODE, "Connection should have failed" finally: del environ['SF_OCSP_TEST_MODE'] del environ['SF_TEST_OCSP_URL'] del environ['SF_TEST_CA_OCSP_RESPONDER_CONNECTION_TIMEOUT']