diff options
| author | Quentin Pradet <quentin.pradet@gmail.com> | 2020-01-13 16:30:27 +0400 |
|---|---|---|
| committer | Seth Michael Larson <sethmichaellarson@gmail.com> | 2020-01-13 07:02:32 -0600 |
| commit | fd2666e3f16c62c892e5dd9a5697f537de06628b (patch) | |
| tree | 051461801ce24678cea4aaf8964577453e6079a2 | |
| parent | 6322ad570c55fc0b51097ffcaeb9836358f27adb (diff) | |
| download | urllib3-fd2666e3f16c62c892e5dd9a5697f537de06628b.tar.gz | |
Use fixture to configure NO_SAN test certs
Switching to pytest fixtures for those tests will allow to switch to
dynamically generated certificates in the future, without changing the
test. Using fixtures is easier than the existing setup because it's easy
to send information to the test about url, port and ca certs to use.
| -rw-r--r-- | test/conftest.py | 32 | ||||
| -rw-r--r-- | test/with_dummyserver/test_https.py | 13 |
2 files changed, 38 insertions, 7 deletions
diff --git a/test/conftest.py b/test/conftest.py index 79be7d00..dc8fcd05 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -1,15 +1,23 @@ +import collections +import contextlib +import threading import platform import sys import pytest import trustme +from tornado import web, ioloop +from dummyserver.handlers import TestingApp +from dummyserver.server import run_tornado_app from dummyserver.server import ( DEFAULT_CA, DEFAULT_CA_KEY, CLIENT_INTERMEDIATE_PEM, CLIENT_NO_INTERMEDIATE_PEM, CLIENT_INTERMEDIATE_KEY, + NO_SAN_CA, + NO_SAN_CERTS, ) @@ -42,3 +50,27 @@ def certs_dir(tmp_path_factory): cert.cert_chain_pems[0].write_to_path(str(tmpdir / CLIENT_NO_INTERMEDIATE_PEM)) yield tmpdir + + +ServerConfig = collections.namedtuple("ServerConfig", ["host", "port", "ca_certs"]) + + +@contextlib.contextmanager +def run_server_in_thread(scheme, host, ca_certs, server_certs): + io_loop = ioloop.IOLoop.current() + app = web.Application([(r".*", TestingApp)]) + server, port = run_tornado_app(app, io_loop, server_certs, scheme, host) + server_thread = threading.Thread(target=io_loop.start) + server_thread.start() + + yield ServerConfig(host, port, ca_certs) + + io_loop.add_callback(server.stop) + io_loop.add_callback(io_loop.stop) + server_thread.join() + + +@pytest.fixture +def no_san_server(tmp_path_factory): + with run_server_in_thread("https", "localhost", NO_SAN_CA, NO_SAN_CERTS) as cfg: + yield cfg diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py index 380e30ec..4a01d8de 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -18,8 +18,6 @@ from dummyserver.server import ( DEFAULT_CA, DEFAULT_CA_BAD, DEFAULT_CERTS, - NO_SAN_CERTS, - NO_SAN_CA, IPV6_ADDR_CERTS, IPV6_ADDR_CA, HAS_IPV6, @@ -707,15 +705,16 @@ class TestHTTPS_TLSv1_3(TestHTTPS): certs = TLSv1_3_CERTS -class TestHTTPS_NoSAN(HTTPSDummyServerTestCase): - certs = NO_SAN_CERTS - - def test_warning_for_certs_without_a_san(self): +class TestHTTPS_NoSAN: + def test_warning_for_certs_without_a_san(self, no_san_server): """Ensure that a warning is raised when the cert from the server has no Subject Alternative Name.""" with mock.patch("warnings.warn") as warn: with HTTPSConnectionPool( - self.host, self.port, cert_reqs="CERT_REQUIRED", ca_certs=NO_SAN_CA + no_san_server.host, + no_san_server.port, + cert_reqs="CERT_REQUIRED", + ca_certs=no_san_server.ca_certs, ) as https_pool: r = https_pool.request("GET", "/") assert r.status == 200 |