-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNOW-1821504: [JDBC] Initialal OCSP deprecation plan steps #2008
base: master
Are you sure you want to change the base?
Changes from 12 commits
c4fdb4c
e5d2224
c9607ee
4d66099
1967502
f26374e
47ab1dc
b244875
a5237da
e0055ca
20a9483
b76683b
c8e578e
28bbf9d
1dff792
829b5c6
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,6 +11,7 @@ | |
import static org.hamcrest.MatcherAssert.assertThat; | ||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
import static org.junit.jupiter.api.Assertions.assertFalse; | ||
import static org.junit.jupiter.api.Assertions.assertThrows; | ||
import static org.junit.jupiter.api.Assertions.assertTrue; | ||
import static org.junit.jupiter.api.Assertions.fail; | ||
|
||
|
@@ -1014,6 +1015,28 @@ public void testFailOverOrgAccount() throws SQLException { | |
} | ||
} | ||
|
||
/** Test production connectivity with disableOCSPChecksMode enabled. */ | ||
@Test | ||
public void testDisableOCSPChecksMode() throws SQLException { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we have more tests on various combinations of |
||
|
||
String deploymentUrl = | ||
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true"; | ||
Properties properties = new Properties(); | ||
|
||
properties.put("user", "fakeuser"); | ||
properties.put("password", "fakepwd"); | ||
properties.put("account", "fakeaccount"); | ||
SQLException thrown = | ||
assertThrows( | ||
SQLException.class, | ||
() -> { | ||
DriverManager.getConnection(deploymentUrl, properties); | ||
}); | ||
|
||
assertThat( | ||
thrown.getErrorCode(), anyOf(is(INVALID_CONNECTION_INFO_CODE), is(BAD_REQUEST_GS_CODE))); | ||
} | ||
|
||
private class ConcurrentConnections implements Runnable { | ||
|
||
ConcurrentConnections() {} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,9 +7,11 @@ | |
import static org.hamcrest.CoreMatchers.anyOf; | ||
import static org.hamcrest.CoreMatchers.containsString; | ||
import static org.hamcrest.CoreMatchers.equalTo; | ||
import static org.hamcrest.CoreMatchers.is; | ||
import static org.hamcrest.MatcherAssert.assertThat; | ||
import static org.hamcrest.core.IsInstanceOf.instanceOf; | ||
import static org.junit.jupiter.api.Assertions.assertNull; | ||
import static org.junit.jupiter.api.Assertions.assertThrows; | ||
import static org.junit.jupiter.api.Assertions.fail; | ||
|
||
import java.net.SocketTimeoutException; | ||
|
@@ -42,6 +44,9 @@ public class ConnectionWithOCSPModeIT extends BaseJDBCTest { | |
private final String testUser = "fakeuser"; | ||
private final String testPassword = "testpassword"; | ||
private final String testRevokedCertConnectString = "jdbc:snowflake://revoked.badssl.com/"; | ||
public static final int INVALID_CONNECTION_INFO_CODE = 390100; | ||
private static final int DISABLE_OCSP_INSECURE_MODE_MISMATCH = 200064; | ||
public static final int BAD_REQUEST_GS_CODE = 390400; | ||
|
||
private static int nameCounter = 0; | ||
|
||
|
@@ -440,6 +445,49 @@ public void testWrongHost() throws InterruptedException { | |
fail("All retries failed"); | ||
} | ||
|
||
/** Test connectivity with disableOCSPChecksMode and insecure mode enabled. */ | ||
@Test | ||
public void testDisableOCSPChecksModeAndInsecureMode() throws SQLException { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Also worth having tests for There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These tests are already added in ConnectionIT class. I shifted them to same class. |
||
|
||
String deploymentUrl = | ||
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true&insecureMode=true"; | ||
Properties properties = new Properties(); | ||
|
||
properties.put("user", "fakeuser"); | ||
properties.put("password", "fakepwd"); | ||
properties.put("account", "fakeaccount"); | ||
SQLException thrown = | ||
assertThrows( | ||
SQLException.class, | ||
() -> { | ||
DriverManager.getConnection(deploymentUrl, properties); | ||
}); | ||
|
||
assertThat( | ||
thrown.getErrorCode(), anyOf(is(INVALID_CONNECTION_INFO_CODE), is(BAD_REQUEST_GS_CODE))); | ||
} | ||
|
||
/** Test connectivity with disableOCSPChecksMode enabled and insecure mode disabled. */ | ||
@Test | ||
public void testDisableOCSPChecksModeAndInsecureModeMismatched() throws SQLException { | ||
|
||
String deploymentUrl = | ||
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true&insecureMode=false"; | ||
Properties properties = new Properties(); | ||
|
||
properties.put("user", "fakeuser"); | ||
properties.put("password", "fakepwd"); | ||
properties.put("account", "fakeaccount"); | ||
SQLException thrown = | ||
assertThrows( | ||
SQLException.class, | ||
() -> { | ||
DriverManager.getConnection(deploymentUrl, properties); | ||
}); | ||
|
||
assertThat(thrown.getErrorCode(), anyOf(is(DISABLE_OCSP_INSECURE_MODE_MISMATCH))); | ||
} | ||
|
||
private static Matcher<String> httpStatus403Or404Or513() { | ||
return anyOf( | ||
containsString("HTTP status=403"), | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd add "or unset insecureMode".