Add ssl_certs_file arg and config for custom ca bundles

tests/samples/configs/has_everything.cfg

@@ -13,6 +13,7 @@ include_only_with_project_file = false
 offline = false
 proxy = https://user:pass@localhost:8080
 no_ssl_verify = false
+ssl_certs_file =
 timeout = abc
 api_url = https://localhost:0/api/v1/heartbeats
 hostname = fromcfgfile

tests/samples/configs/ssl_custom_certfile.cfg

@@ -0,0 +1,18 @@
+[settings]
+verbose = true
+api_key = d491a956-c8f2-44a9-98a7-987814bd71ba
+log_file = /tmp/waka
+hide_filenames = true
+exclude =
+    ^COMMIT_EDITMSG$
+    ^TAG_EDITMSG$
+    ^/var/
+    ^/etc/
+include =
+    .*
+offline = false
+proxy = https://user:pass@localhost:8080
+ssl_certs_file = /fake/ca/certs/bundle.pem
+timeout = abc
+api_url = https://localhost:0/api/v1/heartbeats
+hostname = fromcfgfile

tests/samples/configs/ssl_verify_disabled.cfg

@@ -13,6 +13,7 @@ include =
 offline = false
 proxy = https://user:pass@localhost:8080
 no_ssl_verify = true
+ssl_certs_file =
 timeout = abc
 api_url = https://localhost:0/api/v1/heartbeats
 hostname = fromcfgfile

tests/samples/output/common_usage_header

@@ -1,7 +1,8 @@
 usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN]
                 [--time time] [--lineno LINENO] [--cursorpos CURSORPOS]
                 [--entity-type ENTITY_TYPE] [--category CATEGORY]
-                [--proxy PROXY] [--no-ssl-verify] [--project PROJECT]
+                [--proxy PROXY] [--no-ssl-verify]
+                [--ssl-certs-file SSL_CERTS_FILE] [--project PROJECT]
                 [--alternate-project ALTERNATE_PROJECT] [--language LANGUAGE]
                 [--local-file FILE] [--hostname HOSTNAME] [--disable-offline]
                 [--hide-file-names] [--hide-project-names] [--exclude EXCLUDE]

tests/samples/output/test_help_contents

@@ -29,6 +29,9 @@ optional arguments:
                         socks5://user:pass@host:port or domain\user:pass
   --no-ssl-verify       Disables SSL certificate verification for HTTPS
                         requests. By default, SSL certificates are verified.
+  --ssl-certs-file SSL_CERTS_FILE
+                        Override the bundled Python Requests CA certs file. By
+                        default, uses certifi for ca certs.
   --project PROJECT     Optional project name.
   --alternate-project ALTERNATE_PROJECT
                         Optional alternate project name. Auto-discovered

tests/test_arguments.py

@@ -471,6 +471,33 @@ class ArgumentsTestCase(TestCase):
 
             self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].assert_called_once_with(ANY, cert=None, proxies=ANY, stream=False, timeout=60, verify=False)
 
+    @log_capture()
+    def test_custom_ssl_certs_file_argument(self, logs):
+        logging.disable(logging.NOTSET)
+        self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].return_value = CustomResponse()
+
+        with TemporaryDirectory() as tempdir:
+            entity = 'tests/samples/codefiles/emptyfile.txt'
+            shutil.copy(entity, os.path.join(tempdir, 'emptyfile.txt'))
+            entity = os.path.realpath(os.path.join(tempdir, 'emptyfile.txt'))
+
+            certfile = '/fake/certfile.pem'
+            config = 'tests/samples/configs/good_config.cfg'
+            args = ['--file', entity, '--config', config, '--ssl-certs-file', certfile]
+            retval = execute(args)
+            self.assertEquals(retval, SUCCESS)
+            self.assertNothingPrinted()
+            self.assertNothingLogged(logs)
+
+            self.patched['wakatime.session_cache.SessionCache.get'].assert_called_once_with()
+            self.patched['wakatime.session_cache.SessionCache.delete'].assert_not_called()
+            self.patched['wakatime.session_cache.SessionCache.save'].assert_called_once_with(ANY)
+
+            self.patched['wakatime.offlinequeue.Queue.push'].assert_not_called()
+            self.patched['wakatime.offlinequeue.Queue.pop'].assert_called_once_with()
+
+            self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].assert_called_once_with(ANY, cert=None, proxies=ANY, stream=False, timeout=60, verify=certfile)
+
     @log_capture()
     def test_write_argument(self, logs):
         logging.disable(logging.NOTSET)

tests/test_configs.py

@@ -663,7 +663,7 @@ class ConfigsTestCase(TestCase):
             shutil.copy(entity, os.path.join(tempdir, 'emptyfile.txt'))
             entity = os.path.realpath(os.path.join(tempdir, 'emptyfile.txt'))
 
-            config = 'tests/samples/configs/has_ssl_verify_disabled.cfg'
+            config = 'tests/samples/configs/ssl_verify_disabled.cfg'
             args = ['--file', entity, '--config', config, '--timeout', '15', '--log-file', '~/.wakatime.log']
             retval = execute(args)
             self.assertEquals(retval, SUCCESS)
@@ -674,3 +674,23 @@ class ConfigsTestCase(TestCase):
             self.assertHeartbeatNotSavedOffline()
             self.assertOfflineHeartbeatsSynced()
             self.assertSessionCacheSaved()
+
+    def test_ssl_custom_ca_certs_file(self):
+        self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].return_value = CustomResponse()
+
+        with TemporaryDirectory() as tempdir:
+            entity = 'tests/samples/codefiles/emptyfile.txt'
+            shutil.copy(entity, os.path.join(tempdir, 'emptyfile.txt'))
+            entity = os.path.realpath(os.path.join(tempdir, 'emptyfile.txt'))
+
+            config = 'tests/samples/configs/ssl_custom_certfile.cfg'
+            args = ['--file', entity, '--config', config, '--timeout', '15', '--log-file', '~/.wakatime.log']
+            retval = execute(args)
+            self.assertEquals(retval, SUCCESS)
+            self.assertNothingPrinted()
+
+            self.assertHeartbeatSent(proxies=ANY, timeout=15, verify='/fake/ca/certs/bundle.pem')
+
+            self.assertHeartbeatNotSavedOffline()
+            self.assertOfflineHeartbeatsSynced()
+            self.assertSessionCacheSaved()