def test_ocsp_with_outdated_cache(tmpdir):
"""
Attempt to use outdated OCSP response cache file
"""
cache_file_name, target_hosts = _store_cache_in_file(tmpdir)
ocsp = SFOCSP(ocsp_response_cache_uri='file://' + cache_file_name)
# reading cache file
OCSPCache.read_ocsp_response_cache_file(ocsp, cache_file_name)
cache_data = OCSPCache.CACHE
assert cache_data, "more than one cache entries should be stored."
# setting outdated data
current_time = int(time.time())
for k, v in cache_data.items():
cache_data[k] = (current_time - 48 * 60 * 60, v[1])
# write back the cache file
OCSPCache.CACHE = cache_data
OCSPCache.write_ocsp_response_cache_file(ocsp, cache_file_name)
# forces to use the bogus cache file but it should raise errors
SnowflakeOCSP.clear_cache() # reset the memory cache
SFOCSP(ocsp_response_cache_uri='file://' + cache_file_name)
assert SnowflakeOCSP.cache_size() == 0, \
'must be empty. outdated cache should not be loaded'
def test_ocsp_with_bogus_cache_files(tmpdir):
"""
Attempt to use bogus OCSP response data
"""
cache_file_name, target_hosts = _store_cache_in_file(tmpdir)
ocsp = SFOCSP(ocsp_response_cache_uri='file://' + cache_file_name)
OCSPCache.read_ocsp_response_cache_file(ocsp, cache_file_name)
cache_data = OCSPCache.CACHE
assert cache_data, "more than one cache entries should be stored."
# setting bogus data
current_time = int(time.time())
for k, v in cache_data.items():
cache_data[k] = (current_time, b'bogus')
# write back the cache file
OCSPCache.CACHE = cache_data
OCSPCache.write_ocsp_response_cache_file(ocsp, cache_file_name)
# forces to use the bogus cache file but it should raise errors
SnowflakeOCSP.clear_cache()
ocsp = SFOCSP(ocsp_response_cache_uri='file://' + cache_file_name)
for hostname in target_hosts:
connection = _openssl_connect(hostname)
assert ocsp.validate(hostname, connection), \
'Failed to validate: {0}'.format(hostname)
