SNOW-872568: Fix retry oscp URL for private link (#1733)

sfc-gh-aalam · web-flow · commit 91d31b8f016e · 2023-09-22T22:49:47.000Z
diff --git a/DESCRIPTION.md b/DESCRIPTION.md
@@ -10,6 +10,7 @@ Source code is also available at: https://github.com/snowflakedb/snowflake-conne
 
 - v3.2.1(TBD)
 
+  - Fixed a bug where url port and path were ignore in private link oscp retry.
   - Added thread safety in telemetry when instantiating multiple connections concurrently.
 
 - v3.2.0(September 06,2023)
diff --git a/src/snowflake/connector/ocsp_snowflake.py b/src/snowflake/connector/ocsp_snowflake.py
@@ -439,7 +439,15 @@ def generate_get_url(self, ocsp_url, b64data):
         if self.OCSP_RETRY_URL is None:
             target_url = f"{ocsp_url}/{b64data}"
         else:
-            target_url = self.OCSP_RETRY_URL.format(parsed_url.hostname, b64data)
+            # values of parsed_url.netloc and parsed_url.path based on oscp_url are as follows:
+            # URL                                    NETLOC                         PATH
+            # "http://oneocsp.microsoft.com"         "oneocsp.microsoft.com"        ""
+            # "http://oneocsp.microsoft.com:8080"    "oneocsp.microsoft.com:8080"   ""
+            # "http://oneocsp.microsoft.com/"        "oneocsp.microsoft.com"        "/"
+            # "http://oneocsp.microsoft.com/ocsp"    "oneocsp.microsoft.com"        "/ocsp"
+            # The check below is to treat first two urls same
+            path = parsed_url.path if parsed_url.path != "/" else ""
+            target_url = self.OCSP_RETRY_URL.format(parsed_url.netloc + path, b64data)
 
         logger.debug("OCSP Retry URL is - %s", target_url)
         return target_url
diff --git a/test/unit/test_ocsp.py b/test/unit/test_ocsp.py
@@ -395,6 +395,33 @@ def test_building_retry_url():
         == "http://ocsp.us-east-1.snowflakecomputing.com/retry/{0}/{1}"
     )
 
+    assert (
+        OCSP_SERVER.generate_get_url("http://oneocsp.microsoft.com", "1234")
+        == "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com/1234"
+    )
+    assert (
+        OCSP_SERVER.generate_get_url("http://oneocsp.microsoft.com/", "1234")
+        == "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com/1234"
+    )
+    assert (
+        OCSP_SERVER.generate_get_url("http://oneocsp.microsoft.com/ocsp", "1234")
+        == "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com/ocsp/1234"
+    )
+
+    # ensure we also handle port
+    assert (
+        OCSP_SERVER.generate_get_url("http://oneocsp.microsoft.com:8080", "1234")
+        == "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com:8080/1234"
+    )
+    assert (
+        OCSP_SERVER.generate_get_url("http://oneocsp.microsoft.com:8080/", "1234")
+        == "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com:8080/1234"
+    )
+    assert (
+        OCSP_SERVER.generate_get_url("http://oneocsp.microsoft.com:8080/ocsp", "1234")
+        == "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com:8080/ocsp/1234"
+    )
+
     # privatelink retry url with port
     OCSP_SERVER.OCSP_RETRY_URL = None
     OCSP_SERVER.CACHE_SERVER_URL = (
