Use fixture to configure NO_SAN test certs

pquentin · sethmlarson · commit fd2666e3f16c · 2020-01-13T07:02:32.000-06:00
Switching to pytest fixtures for those tests will allow to switch to
dynamically generated certificates in the future, without changing the
test. Using fixtures is easier than the existing setup because it's easy
to send information to the test about url, port and ca certs to use.
diff --git a/test/conftest.py b/test/conftest.py
@@ -1,15 +1,23 @@
+import collections
+import contextlib
+import threading
 import platform
 import sys
 
 import pytest
 import trustme
+from tornado import web, ioloop
 
+from dummyserver.handlers import TestingApp
+from dummyserver.server import run_tornado_app
 from dummyserver.server import (
     DEFAULT_CA,
     DEFAULT_CA_KEY,
     CLIENT_INTERMEDIATE_PEM,
     CLIENT_NO_INTERMEDIATE_PEM,
     CLIENT_INTERMEDIATE_KEY,
+    NO_SAN_CA,
+    NO_SAN_CERTS,
 )
 
 
@@ -42,3 +50,27 @@ def certs_dir(tmp_path_factory):
     cert.cert_chain_pems[0].write_to_path(str(tmpdir / CLIENT_NO_INTERMEDIATE_PEM))
 
     yield tmpdir
+
+
+ServerConfig = collections.namedtuple("ServerConfig", ["host", "port", "ca_certs"])
+
+
+@contextlib.contextmanager
+def run_server_in_thread(scheme, host, ca_certs, server_certs):
+    io_loop = ioloop.IOLoop.current()
+    app = web.Application([(r".*", TestingApp)])
+    server, port = run_tornado_app(app, io_loop, server_certs, scheme, host)
+    server_thread = threading.Thread(target=io_loop.start)
+    server_thread.start()
+
+    yield ServerConfig(host, port, ca_certs)
+
+    io_loop.add_callback(server.stop)
+    io_loop.add_callback(io_loop.stop)
+    server_thread.join()
+
+
+@pytest.fixture
+def no_san_server(tmp_path_factory):
+    with run_server_in_thread("https", "localhost", NO_SAN_CA, NO_SAN_CERTS) as cfg:
+        yield cfg
diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py
@@ -18,8 +18,6 @@
     DEFAULT_CA,
     DEFAULT_CA_BAD,
     DEFAULT_CERTS,
-    NO_SAN_CERTS,
-    NO_SAN_CA,
     IPV6_ADDR_CERTS,
     IPV6_ADDR_CA,
     HAS_IPV6,
@@ -707,15 +705,16 @@ class TestHTTPS_TLSv1_3(TestHTTPS):
     certs = TLSv1_3_CERTS
 
 
-class TestHTTPS_NoSAN(HTTPSDummyServerTestCase):
-    certs = NO_SAN_CERTS
-
-    def test_warning_for_certs_without_a_san(self):
+class TestHTTPS_NoSAN:
+    def test_warning_for_certs_without_a_san(self, no_san_server):
         """Ensure that a warning is raised when the cert from the server has
         no Subject Alternative Name."""
         with mock.patch("warnings.warn") as warn:
             with HTTPSConnectionPool(
-                self.host, self.port, cert_reqs="CERT_REQUIRED", ca_certs=NO_SAN_CA
+                no_san_server.host,
+                no_san_server.port,
+                cert_reqs="CERT_REQUIRED",
+                ca_certs=no_san_server.ca_certs,
             ) as https_pool:
                 r = https_pool.request("GET", "/")
                 assert r.status == 200
