Merge branch '212342-java-root-certificates' into 'master'v3.7.4

Pull packages from a custom mvn repository with a custom root certificate.

See merge request gitlab-org/security-products/license-management!139

1 files changed, 23 insertions, 1 deletions

diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb
index 92444e8..f14e566 100644
--- a/spec/integration/java/maven_spec.rb
+++ b/spec/integration/java/maven_spec.rb
@@ -13,7 +13,8 @@ RSpec.describe "maven" do
       })
 
       expect(report).to match_schema(version: '2.0')
-      expect(report[:dependencies]).to match_array([{ name: 'mvn-spike', url: '', description: '', paths: ['.'], licenses: ['MIT'] }])
+      expect(report.dependency_names).to match_array(['mvn-spike'])
+      expect(report.licenses_for('mvn-spike')).to match_array(['MIT'])
     end
 
     it 'downloads packages from by using a custom `settings.xml`' do
@@ -78,4 +79,25 @@ RSpec.describe "maven" do
       expect(report.dependency_names).not_to include('junit')
     end
   end
+
+  context "when connecting to a custom package registry with a self signed certificate" do
+    let(:bundle) { fixture_file_content('java/maven.crt') }
+    let(:report) { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, 'LOG_LEVEL' => 'debug' }) }
+
+    before do
+      runner.add_file('pom.xml') do
+        fixture_file_content('java/pom-single.xml.erb', {
+          group_id: 'com.fasterxml.jackson.core',
+          artifact_id: 'jackson-core',
+          version: '2.10.0',
+          repository_id: 'custom',
+          repository_url: "https://#{private_maven_host}/artifactory/mvn-cache"
+        })
+      end
+    end
+
+    specify { expect(report).to match_schema(version: '2.0') }
+    specify { expect(report.dependency_names).to match_array(['jackson-core']) }
+    specify { expect(report.licenses_for('jackson-core')).to match_array(['Apache-2.0']) }
+  end
 end