diff --git a/test/integration/testConnectionWithOCSP.js b/test/integration/testConnectionWithOCSP.js index fd00a1be4..06c3551e9 100644 --- a/test/integration/testConnectionWithOCSP.js +++ b/test/integration/testConnectionWithOCSP.js @@ -4,7 +4,7 @@ const assert = require('assert'); const snowflake = require('./../../lib/snowflake'); -const Errors = require('./../../lib/errors') +const Errors = require('./../../lib/errors'); const SocketUtil = require('./../../lib/agent/socket_util'); const OcspResponseCache = require('./../../lib/agent/ocsp_response_cache'); @@ -22,30 +22,24 @@ const testConnectionOptions = { sfRetryMaxLoginRetries: 2 }; -const testRevokedConnectionOptions = { - accessUrl: 'https://revoked.badssl.com', - username: 'fakeuser', - password: 'fakepasword', - account: 'fakeaccount' -}; +// const testRevokedConnectionOptions = { +// accessUrl: 'https://revoked.badssl.com', +// username: 'fakeuser', +// password: 'fakepasword', +// account: 'fakeaccount' +// }; -function getConnectionOptions() -{ +function getConnectionOptions() { // use unique hostname to avoid connection cache in tests. // If connection is cached, the test result is not consistent. - let objCopy = Object.assign({}, testConnectionOptions); + const objCopy = Object.assign({}, testConnectionOptions); objCopy['accessUrl'] = 'https://fakeaccount' + (testCounter) + '.snowflakecomputing.com'; testCounter++; return objCopy; } -describe('Connection with OCSP test', function () -{ - function deleteCache () { - OcspResponseCache.deleteCache(); - } - - function cleanupOcspState () { +describe('Connection with OCSP test', function () { + function cleanupOcspState() { OcspResponseCache.deleteCache(); snowflake.configure({ ocspFailOpen: true }); SocketUtil.variables.OCSP_RESPONSE_CACHE = undefined; @@ -68,103 +62,92 @@ describe('Connection with OCSP test', function () ].forEach(envVariable => delete process.env[envVariable]); }); - it('OCSP NOP - Fail Open', function (done) - { + it('OCSP NOP - Fail Open', function (done) { const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Validity Error - Fail Open', function (done) - { + it('OCSP Validity Error - Fail Open', function (done) { SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // inject validity error process.env.SF_OCSP_TEST_INJECT_VALIDITY_ERROR = 'true'; const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Validity Error - Fail Closed', function (done) - { + it('OCSP Validity Error - Fail Closed', function (done) { SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // inject validity error process.env.SF_OCSP_TEST_INJECT_VALIDITY_ERROR = 'true'; - snowflake.configure({ocspFailOpen: false}); + snowflake.configure({ ocspFailOpen: false }); const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); - assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_INVALID_VALIDITY); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); + assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_INVALID_VALIDITY); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Unknown Cert - Fail Open', function (done) - { + it('OCSP Unknown Cert - Fail Open', function (done) { SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // inject validity error process.env.SF_OCSP_TEST_INJECT_UNKNOWN_STATUS = 'true'; const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Unknown Cert - Fail Closed', function (done) - { + it('OCSP Unknown Cert - Fail Closed', function (done) { SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // inject validity error process.env.SF_OCSP_TEST_INJECT_UNKNOWN_STATUS = 'true'; - snowflake.configure({ocspFailOpen: false}); + snowflake.configure({ ocspFailOpen: false }); const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - if (err.code !== Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT) - { - console.log(err); - } - assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); - assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_UNKNOWN); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + if (err.code !== Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT) { + Logger.getInstance().error(JSON.stringify(err)); + } + assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); + assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_UNKNOWN); + done(); + } catch (error) { + done(error); + } + }); }); /* it('OCSP Revoked Cert - Fail Open', function (done) @@ -198,8 +181,7 @@ describe('Connection with OCSP test', function () }); });*/ - it('OCSP Cache Server Timeout - Fail Open', function (done) - { + it('OCSP Cache Server Timeout - Fail Open', function (done) { // cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = true; // fake OCSP responder. @@ -208,49 +190,44 @@ describe('Connection with OCSP test', function () const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - // read error is expected as the account name is fake. - // This just should not be OCSP error. - try { - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + // read error is expected as the account name is fake. + // This just should not be OCSP error. + try { + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Cache Server Timeout - Fail Closed', function (done) - { + it('OCSP Cache Server Timeout - Fail Closed', function (done) { // cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = true; // fake OCSP responder. process.env.SF_OCSP_RESPONSE_CACHE_SERVER_URL = `${hangWebServerUrl}/hang`; process.env.SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT = 1000; - snowflake.configure({ocspFailOpen: false}); + snowflake.configure({ ocspFailOpen: false }); const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - // read error is expected as the account name is fake. - // This just should not be OCSP error. - if (err.code !== Errors.codes.ERR_SF_RESPONSE_FAILURE) - { - console.log(err); - } - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + // read error is expected as the account name is fake. + // This just should not be OCSP error. + if (err.code !== Errors.codes.ERR_SF_RESPONSE_FAILURE) { + Logger.getInstance().error(JSON.stringify(err)); + } + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Responder Timeout - Fail Open', function (done) - { + it('OCSP Responder Timeout - Fail Open', function (done) { // no cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // fake OCSP responder. @@ -259,53 +236,47 @@ describe('Connection with OCSP test', function () const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - // read error is expected as the account name is fake. - // This just should not be OCSP error. - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + // read error is expected as the account name is fake. + // This just should not be OCSP error. + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Responder Timeout - Fail Closed', function (done) - { + it('OCSP Responder Timeout - Fail Closed', function (done) { // no cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // fake OCSP responder. process.env.SF_OCSP_RESPONDER_URL = `${hangWebServerUrl}/hang`; process.env.SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT = 1000; - snowflake.configure({ocspFailOpen: false}); + snowflake.configure({ ocspFailOpen: false }); const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - // should be OCSP timeout error. - if (err.code !== Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT) - { - console.log(err); - } - assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); - if (err.cause.code === 'ECONNREFUSED') - { - console.log("run hang_webserver.py") - } - assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_RESPONDER_TIMEOUT); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + // should be OCSP timeout error. + if (err.code !== Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT) { + Logger.getInstance().error(JSON.stringify(err)); + } + assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); + if (err.cause.code === 'ECONNREFUSED') { + Logger.getInstance().error('run hang_webserver.py'); + } + assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_RESPONDER_TIMEOUT); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Cache Server and Responder Timeout - Fail Open', function (done) - { + it('OCSP Cache Server and Responder Timeout - Fail Open', function (done) { // no cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = true; // fake OCSP responder. @@ -316,51 +287,45 @@ describe('Connection with OCSP test', function () const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - // should be 403 - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + // should be 403 + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Responder 403 - Fail Closed', function (done) - { + it('OCSP Responder 403 - Fail Closed', function (done) { // no cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // fake OCSP responder. process.env.SF_OCSP_RESPONDER_URL = `${hangWebServerUrl}/403`; - snowflake.configure({ocspFailOpen: false}); + snowflake.configure({ ocspFailOpen: false }); const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - // should be OCSP timeout error. - if (err.code !== Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT) - { - console.log(err); - } - assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); - if (err.cause.code === 'ECONNREFUSED') - { - console.log("run hang_webserver.py") - } - assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_FAILED_OBTAIN_OCSP_RESPONSE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + // should be OCSP timeout error. + if (err.code !== Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT) { + Logger.getInstance().error(JSON.stringify(err)); + } + assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); + if (err.cause.code === 'ECONNREFUSED') { + Logger.getInstance().error('run hang_webserver.py'); + } + assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_FAILED_OBTAIN_OCSP_RESPONSE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Responder 403 - Fail Open', function (done) - { + it('OCSP Responder 403 - Fail Open', function (done) { // no cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // fake OCSP responder. @@ -368,43 +333,39 @@ describe('Connection with OCSP test', function () const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - // should be OCSP timeout error. - assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + // should be OCSP timeout error. + assert.strictEqual(err.code, Errors.codes.ERR_SF_RESPONSE_FAILURE); + done(); + } catch (error) { + done(error); + } + }); }); - it('OCSP Responder 404 - Fail Closed', function (done) - { + it('OCSP Responder 404 - Fail Closed', function (done) { // no cache server is used SocketUtil.variables.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED = false; // fake OCSP responder. process.env.SF_OCSP_RESPONDER_URL = `${hangWebServerUrl}/404`; - snowflake.configure({ocspFailOpen: false}); + snowflake.configure({ ocspFailOpen: false }); const connection = snowflake.createConnection(getConnectionOptions()); - connection.connect(function (err) - { - try { - // should be OCSP timeout error. - assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); - if (err.cause.code === 'ECONNREFUSED') - { - console.log("run hang_webserver.py") - } - assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_FAILED_OBTAIN_OCSP_RESPONSE); - done(); - } catch (error) { - done(error); - } - }); + connection.connect(function (err) { + try { + // should be OCSP timeout error. + assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); + if (err.cause.code === 'ECONNREFUSED') { + Logger.getInstance().error('run hang_webserver.py'); + } + assert.strictEqual(err.cause.code, Errors.codes.ERR_OCSP_FAILED_OBTAIN_OCSP_RESPONSE); + done(); + } catch (error) { + done(error); + } + }); }); const testInvalidCertConnectionOptions = [ @@ -432,36 +393,28 @@ describe('Connection with OCSP test', function () */ ]; - function connectToHttpsEndpoint(testOptions, i, connection, done) - { - connection.connect(function (err) - { + function connectToHttpsEndpoint(testOptions, i, connection, done) { + connection.connect(function (err) { assert.ok(err); - if (err) - { + if (err) { assert.strictEqual(err.code, Errors.codes.ERR_SF_NETWORK_COULD_NOT_CONNECT); assert.strictEqual(err.cause.code, testInvalidCertConnectionOptions[i].errorCode); } - if (i === testInvalidCertConnectionOptions.length - 1) - { + if (i === testInvalidCertConnectionOptions.length - 1) { done(); - } - else - { + } else { testOptions(i + 1); } }); } - it('OCSP Invalid Certificate', function (done) - { - const testOptions = function (i) - { - console.log('==> ' + testInvalidCertConnectionOptions[i].connectString.accessUrl); + it('OCSP Invalid Certificate', function (done) { + const testOptions = function (i) { + Logger.getInstance().error('==> ' + testInvalidCertConnectionOptions[i].connectString.accessUrl); const connection = snowflake.createConnection( testInvalidCertConnectionOptions[i].connectString); - connectToHttpsEndpoint(testOptions, i, connection, done) + connectToHttpsEndpoint(testOptions, i, connection, done); }; testOptions(0); });