From b3cd3dc5f1ccc927d1691a1dc6cbb66156950c6e Mon Sep 17 00:00:00 2001
From: Jack Dimas <giannosdim@transifex.com>
Date: Fri, 19 Jun 2020 16:45:34 +0300
Subject: [PATCH] CLI option for custom CA certificate bundle file

We add the option to define a private CA certificate bundle file
instead of the default which is to use the system's trust store.

This fixes https://github.com/transifex/transifex-client/issues/91
---
 txclib/cmdline.py |  4 +++-
 txclib/parsers.py | 12 ++++++++++++
 txclib/web.py     |  6 ++++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/txclib/cmdline.py b/txclib/cmdline.py
index 9eb07d27..e4388c5d 100755
--- a/txclib/cmdline.py
+++ b/txclib/cmdline.py
@@ -4,7 +4,7 @@
 import sys
 from urllib3.exceptions import SSLError
 
-from txclib import utils
+from txclib import utils, web
 from txclib.log import set_log_level, logger
 from txclib.parsers import tx_main_parser
 from txclib.exceptions import AuthenticationError
@@ -62,6 +62,8 @@ def main(argv=None):
     elif options.debug:
         set_log_level('DEBUG')
 
+    web.cacerts_file = options.cacert
+
     # find .tx
     path_to_tx = options.root_dir or utils.find_dot_tx()
 
diff --git a/txclib/parsers.py b/txclib/parsers.py
index b0b17944..0eae292a 100644
--- a/txclib/parsers.py
+++ b/txclib/parsers.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 
+import argparse
 import os
 import sys
 
@@ -11,6 +12,11 @@
     'mapping', 'mapping-remote', 'mapping-bulk'
 )
 
+def check_file_exists(file=None):
+    if file and not os.path.isfile(file):
+        raise argparse.ArgumentTypeError(
+            'certificate file %s not found' % file)
+
 
 def tx_main_parser():
     description = "This is the Transifex command line client which"\
@@ -46,6 +52,12 @@ def tx_main_parser():
         default=(os.name == 'nt' or not sys.stdout.isatty()),
         help="disable colors in the output of commands"
     )
+    # set a private CA cert bundle file to override the system one
+    parser.add_argument(
+        "--cacert", action="store", dest="cacert", default=None,
+        help="set path to CA certificate bundle file",
+        metavar='/path/to/ca-cert-bundle-file', type=check_file_exists
+    )
     parser.add_argument(
         "command", action="store", help="TX command", nargs='?', default=None
     )
diff --git a/txclib/web.py b/txclib/web.py
index 50672db8..6077103a 100644
--- a/txclib/web.py
+++ b/txclib/web.py
@@ -6,6 +6,8 @@
 import txclib
 
 
+cacerts_file = None
+
 def user_agent_identifier():
     """Return the user agent for the client."""
     client_info = (txclib.__version__, platform.system(), platform.machine())
@@ -13,6 +15,10 @@ def user_agent_identifier():
 
 
 def certs_file():
+    return cacerts_file or system_certs_file()
+
+
+def system_certs_file():
     if platform.system() == 'Windows':
         return os.path.join(txclib.utils.get_base_dir(), 'cacert.pem')
     else: