fix: don't reload cert manager, use only sni callback

2026-04-20 21:14:17 +02:00
parent d7bca9dc10
commit e7e8c9f141
4 changed files with 51 additions and 160 deletions
@@ -167,41 +167,24 @@ class TestRegistry(BaseTestCase):
            lambda: self.cert_manager.get_key("localhost"),
        )

-    def test_get_https_context_fail(self) -> None:
-        self.assertIsNone(self.cert_manager.get_https_context("localhost"))
-
-    def test_get_https_context(self) -> None:
-        self._make_self_signed("localhost")
-        with (
-            self.patch("ssl.create_default_context", return_value=self.context_mock),
-            self.mock_call(
-                self.context_mock.load_cert_chain,
-                [
-                    self.self_signed_path / "localhost" / CertManager.CRT_FILE,
-                    self.self_signed_path / "localhost" / CertManager.KEY_FILE,
-                ],
-            ),
-        ):
-            self.assertEqual(
-                self.cert_manager.get_https_context("localhost"), self.context_mock
-            )
-
    def test_sni_callback_no_host(self) -> None:
        self._make_self_signed("localhost")
        with (
-            self.patch("ssl.create_default_context", return_value=self.context_mock),
-            self.mock_call(
-                self.context_mock.load_cert_chain,
-                [
-                    self.self_signed_path / "localhost" / CertManager.CRT_FILE,
-                    self.self_signed_path / "localhost" / CertManager.KEY_FILE,
-                ],
-            ),
+            self.patch("ssl.create_default_context", count=0),
        ):
-            self.cert_manager.get_https_context("localhost")
-            self.context_mock.sni_callback(self.socket_mock, None, self.context_mock)
+            self.cert_manager.sni_callback(self.socket_mock, None, self.context_mock)

    def test_sni_callback_fail(self) -> None:
+        self._make_self_signed("localhost")
+        with (
+            self.patch("shutil.which", count=3),
+            self.patch("ssl.create_default_context", count=0),
+        ):
+            self.cert_manager.sni_callback(
+                self.socket_mock, "new_host", self.context_mock
+            )
+
+    def test_sni_callback_create_context(self) -> None:
        self._make_self_signed("localhost")
        with (
            self.patch("ssl.create_default_context", return_value=self.context_mock),
@@ -212,53 +195,26 @@ class TestRegistry(BaseTestCase):
                    self.self_signed_path / "localhost" / CertManager.KEY_FILE,
                ],
            ),
-            self.patch("shutil.which", count=3),
-        ):
-            self.cert_manager.get_https_context("localhost")
-            self.assertRaises(
-                CertManagerError,
-                lambda: self.context_mock.sni_callback(
-                    self.socket_mock, "new_host", self.context_mock
-                ),
-            )
-
-    def test_sni_callback_change_context(self) -> None:
-        self._make_self_signed("localhost")
-        self._make_self_signed("new_host")
-        with (
-            self.patch(
-                "ssl.create_default_context", return_value=self.context_mock, count=2
-            ),
-            self.mock_calls(
-                self.context_mock.load_cert_chain,
-                [
-                    [
-                        self.self_signed_path / "localhost" / CertManager.CRT_FILE,
-                        self.self_signed_path / "localhost" / CertManager.KEY_FILE,
-                    ],
-                    [
-                        self.self_signed_path / "new_host" / CertManager.CRT_FILE,
-                        self.self_signed_path / "new_host" / CertManager.KEY_FILE,
-                    ],
-                ],
-            ),
            self.patch("shutil.which", count=0),
        ):
-            self.cert_manager.get_https_context("localhost")
-            self.context_mock.sni_callback(
-                self.socket_mock, "new_host", self.context_mock
+            self.cert_manager.sni_callback(
+                self.socket_mock, "localhost", self.context_mock
            )

-    def test_detect_default_cert_change(self) -> None:
+    def test_sni_callback_create_context_fail(self) -> None:
        self._make_self_signed("localhost")
-        assert self.cert_manager.detect_default_cert_change("localhost")
-
-    def test_detect_default_cert_change_nothing(self) -> None:
-        self._make_self_signed("localhost")
-        self.cert_manager.last_file_change = (
-            (self.self_signed_path / "localhost" / CertManager.CRT_FILE).stat().st_mtime
-        )
-        assert not self.cert_manager.detect_default_cert_change("localhost")
+        with (
+            self.patch("ssl.create_default_context", return_value=self.context_mock),
+            self.patch("shutil.which", count=0),
+        ):
+            self.context_mock.load_cert_chain.side_effect = Exception
+            self.cert_manager.sni_callback(
+                self.socket_mock, "localhost", self.context_mock
+            )
+            self.context_mock.load_cert_chain.assert_called_once_with(
+                self.self_signed_path / "localhost" / CertManager.CRT_FILE,
+                self.self_signed_path / "localhost" / CertManager.KEY_FILE,
+            )

    def _make_self_signed(self, host: str) -> None:
        (self.self_signed_path / host).mkdir(parents=True, exist_ok=True)