Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SNOW-1821504: [JDBC] Initialal OCSP deprecation plan steps #2008

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -723,7 +723,7 @@ public OCSPMode getOCSPMode() throws SnowflakeSQLException {
&& (disableOCSPChecks != insecureMode)) {
logger.error(
"The values for 'disableOCSPChecks' and 'insecureMode' must be identical. "
+ "Please ensure both properties are set to the same value.");
+ "Please ensure both properties are set to the same value or unset insecureMode.");
throw new SnowflakeSQLException(
ErrorCode.DISABLEOCSP_INSECUREMODE_VALUE_MISMATCH,
"The values for 'disableOCSPChecks' and 'insecureMode' " + "must be identical.");
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
/*
* Copyright (c) 2024 Snowflake Computing Inc. All right reserved.
*/
package net.snowflake.client.jdbc;

import static org.hamcrest.CoreMatchers.anyOf;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.fail;

import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Properties;
import net.snowflake.client.category.TestTags;
import net.snowflake.client.core.SFTrustManager;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

/** Tests for connection with DisableOCSPchecks and insecuremode settings. */
@Tag(TestTags.CONNECTION)
public class ConnectionWithDisableOCSPModeLatestIT extends BaseJDBCTest {
public static final int INVALID_CONNECTION_INFO_CODE = 390100;
private static final int DISABLE_OCSP_INSECURE_MODE_MISMATCH = 200064;
public static final int BAD_REQUEST_GS_CODE = 390400;

@BeforeEach
public void setUp() {
SFTrustManager.deleteCache();
}

@AfterEach
public void tearDown() {
SFTrustManager.cleanTestSystemParameters();
}

/** Test connectivity with disableOCSPChecksMode and insecure mode enabled. */
@Test
public void testDisableOCSPChecksModeAndInsecureMode() throws SQLException {

String deploymentUrl =
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true&insecureMode=true";
Properties properties = new Properties();

properties.put("user", "fakeuser");
properties.put("password", "fakepwd");
properties.put("account", "fakeaccount");
SQLException thrown =
assertThrows(
SQLException.class,
() -> {
DriverManager.getConnection(deploymentUrl, properties);
});

assertThat(
thrown.getErrorCode(), anyOf(is(INVALID_CONNECTION_INFO_CODE), is(BAD_REQUEST_GS_CODE)));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the purpose of this assertion? It only tests options mismatch, not the effect. We could make a typo in config and it wouldn't end up in the same exception, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test name for option mismatch is testDisableOCSPChecksModeAndInsecureModeMismatched.
This above test testDisableOCSPChecksModeAndInsecureMode is a good case where both options are enabled. It will skip the OCSP check and try to connect to db, but it ends up with an exception as the user and account are fake.
For testDisableOCSPChecksModeAndInsecureModeMismatched test, it will get the new error code 200064.

}

/** Test connectivity with disableOCSPChecksMode enabled and insecure mode disabled. */
@Test
public void testDisableOCSPChecksModeAndInsecureModeMismatched() throws SQLException {

String deploymentUrl =
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true&insecureMode=false";
Properties properties = new Properties();

properties.put("user", "fakeuser");
properties.put("password", "fakepwd");
properties.put("account", "fakeaccount");
SQLException thrown =
assertThrows(
SQLException.class,
() -> {
DriverManager.getConnection(deploymentUrl, properties);
});

assertThat(thrown.getErrorCode(), anyOf(is(DISABLE_OCSP_INSECURE_MODE_MISMATCH)));
}

/** Test production connectivity with only disableOCSPChecksMode enabled. */
@Test
public void testDisableOCSPChecksModeSet() throws SQLException {

String deploymentUrl =
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true";
Properties properties = new Properties();

properties.put("user", "fakeuser");
properties.put("password", "fakepwd");
properties.put("account", "fakeaccount");
SQLException thrown =
assertThrows(
SQLException.class,
() -> {
DriverManager.getConnection(deploymentUrl, properties);
});

assertThat(
thrown.getErrorCode(), anyOf(is(INVALID_CONNECTION_INFO_CODE), is(BAD_REQUEST_GS_CODE)));
}

/** Test production connectivity with insecure mode enabled. */
@Test
public void testEnableInsecureMode() throws SQLException {
String deploymentUrl = "jdbc:snowflake://sfcsupport.snowflakecomputing.com?insecureMode=true";
Properties properties = new Properties();

properties.put("user", "fakeuser");
properties.put("password", "fakepwd");
properties.put("account", "fakeaccount");
try {
DriverManager.getConnection(deploymentUrl, properties);
fail();
} catch (SQLException e) {
assertThat(
e.getErrorCode(), anyOf(is(INVALID_CONNECTION_INFO_CODE), is(BAD_REQUEST_GS_CODE)));
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,9 @@
import static org.hamcrest.CoreMatchers.anyOf;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.core.IsInstanceOf.instanceOf;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.fail;

import java.net.SocketTimeoutException;
Expand Down Expand Up @@ -45,7 +43,6 @@ public class ConnectionWithOCSPModeIT extends BaseJDBCTest {
private final String testPassword = "testpassword";
private final String testRevokedCertConnectString = "jdbc:snowflake://revoked.badssl.com/";
public static final int INVALID_CONNECTION_INFO_CODE = 390100;
private static final int DISABLE_OCSP_INSECURE_MODE_MISMATCH = 200064;
public static final int BAD_REQUEST_GS_CODE = 390400;

private static int nameCounter = 0;
Expand Down Expand Up @@ -445,49 +442,6 @@ public void testWrongHost() throws InterruptedException {
fail("All retries failed");
}

/** Test connectivity with disableOCSPChecksMode and insecure mode enabled. */
@Test
public void testDisableOCSPChecksModeAndInsecureMode() throws SQLException {

String deploymentUrl =
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true&insecureMode=true";
Properties properties = new Properties();

properties.put("user", "fakeuser");
properties.put("password", "fakepwd");
properties.put("account", "fakeaccount");
SQLException thrown =
assertThrows(
SQLException.class,
() -> {
DriverManager.getConnection(deploymentUrl, properties);
});

assertThat(
thrown.getErrorCode(), anyOf(is(INVALID_CONNECTION_INFO_CODE), is(BAD_REQUEST_GS_CODE)));
}

/** Test connectivity with disableOCSPChecksMode enabled and insecure mode disabled. */
@Test
public void testDisableOCSPChecksModeAndInsecureModeMismatched() throws SQLException {

String deploymentUrl =
"jdbc:snowflake://sfcsupport.snowflakecomputing.com?disableOCSPChecks=true&insecureMode=false";
Properties properties = new Properties();

properties.put("user", "fakeuser");
properties.put("password", "fakepwd");
properties.put("account", "fakeaccount");
SQLException thrown =
assertThrows(
SQLException.class,
() -> {
DriverManager.getConnection(deploymentUrl, properties);
});

assertThat(thrown.getErrorCode(), anyOf(is(DISABLE_OCSP_INSECURE_MODE_MISMATCH)));
}

private static Matcher<String> httpStatus403Or404Or513() {
return anyOf(
containsString("HTTP status=403"),
Expand Down
Loading