SNOW-642635: Remove legacy ocsp cache code (#1292)

snowflakedb · Nov 3, 2022 · b6d752b · b6d752b
1 parent 88843f8
commit b6d752b
Show file tree

Hide file tree

Showing 8 changed files with 227 additions and 637 deletions.
diff --git a/DESCRIPTION.md b/DESCRIPTION.md
@@ -8,6 +8,10 @@ Source code is also available at: https://github.com/snowflakedb/snowflake-conne
 
 # Release Notes
 
+- v2.8.2(Unreleased)
+
+  - Improved performance of OCSP response caching
+
 - v2.8.1(October 30,2022)
 
    - Bumped cryptography dependency from <37.0.0 to <39.0.0

diff --git a/src/snowflake/connector/cache.py b/src/snowflake/connector/cache.py
@@ -59,6 +59,10 @@ def __init__(
         self._lock = Lock()
         self._reset_telemetry()
 
+    def __len__(self) -> int:
+        with self._lock:
+            return len(self._cache)
+
     @classmethod
     def from_dict(
         cls,
@@ -474,18 +478,21 @@ def _save(self, load_first: bool = True) -> bool:
                     )
                     with open(tmp_file, "wb") as w_file:
                         pickle.dump(self, w_file)
+                    # We write to a tmp file and then move it to have atomic write
+                    os.replace(tmp_file_path, self.file_path)
+                    self.last_loaded = datetime.datetime.fromtimestamp(
+                        getmtime(self.file_path),
+                    )
+                    return True
                 except OSError as o_err:
                     raise PermissionError(
                         o_err.errno,
                         "Cache folder is not writeable",
                         _dir,
                     )
-                # We write to a tmp file and then move it to have atomic write
-                os.replace(tmp_file_path, self.file_path)
-                self.last_loaded = datetime.datetime.fromtimestamp(
-                    getmtime(self.file_path),
-                )
-                return True
+                finally:
+                    if os.path.exists(tmp_file_path) and os.path.isfile(tmp_file_path):
+                        os.unlink(tmp_file_path)
         except Timeout:
             logger.debug(
                 f"acquiring {self._file_lock_path} timed out, skipping saving..."

diff --git a/src/snowflake/connector/compat.py b/src/snowflake/connector/compat.py
@@ -53,6 +53,7 @@
 urlunsplit = urllib.parse.urlunsplit
 parse_qs = urllib.parse.parse_qs
 urlparse = urllib.parse.urlparse
+urlunparse = urllib.parse.urlunparse
 
 NUM_DATA_TYPES += (int, float, decimal.Decimal)
 

diff --git a/src/snowflake/connector/ocsp_asn1crypto.py b/src/snowflake/connector/ocsp_asn1crypto.py
@@ -44,8 +44,7 @@
     ER_OCSP_RESPONSE_STATUS_UNSUCCESSFUL,
 )
 from snowflake.connector.errors import RevocationCheckError
-from snowflake.connector.ocsp_snowflake import SnowflakeOCSP
-from snowflake.connector.ssd_internal_keys import ret_wildcard_hkey
+from snowflake.connector.ocsp_snowflake import SnowflakeOCSP, generate_cache_key
 
 with warnings.catch_warnings():
     warnings.simplefilter("ignore")
@@ -80,12 +79,6 @@ class SnowflakeOCSPAsn1Crypto(SnowflakeOCSP):
         "sha512": hashes.SHA3_512,
     }
 
-    WILDCARD_CERTID = None
-
-    def __init__(self, **kwargs):
-        super().__init__(**kwargs)
-        self.WILDCARD_CERTID = self.encode_cert_id_key(ret_wildcard_hkey())
-
     def encode_cert_id_key(self, hkey):
         issuer_name_hash, issuer_key_hash, serial_number = hkey
         issuer_name_hash = OctetString.load(issuer_name_hash)
@@ -103,12 +96,8 @@ def encode_cert_id_key(self, hkey):
         )
         return cert_id
 
-    def decode_cert_id_key(self, cert_id):
-        return (
-            cert_id["issuer_name_hash"].dump(),
-            cert_id["issuer_key_hash"].dump(),
-            cert_id["serial_number"].dump(),
-        )
+    def decode_cert_id_key(self, cert_id: CertId) -> tuple[bytes, bytes, bytes]:
+        return generate_cache_key(cert_id)
 
     def decode_cert_id_base64(self, cert_id_base64):
         return CertId.load(b64decode(cert_id_base64))
@@ -365,7 +354,6 @@ def process_ocsp_response(self, issuer, cert_id, ocsp_response):
         try:
             if cert_status == "good":
                 self._process_good_status(single_response, cert_id, ocsp_response)
-                SnowflakeOCSP.OCSP_CACHE.update_cache(self, cert_id, ocsp_response)
             elif cert_status == "revoked":
                 self._process_revoked_status(single_response, cert_id)
             elif cert_status == "unknown":