6 files changed, 129 insertions, 5 deletions
diff --git a/spec/fixtures/python/airgap-Pipfile.erb b/spec/fixtures/python/airgap-Pipfile.erb
new file mode 100644
index 0000000..750147d
--- /dev/null
+++ b/spec/fixtures/python/airgap-Pipfile.erb
@@ -0,0 +1,9 @@
+[[source]]
+name = "pypi"
+url = "<%= index_url %>"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+requests = "*"
diff --git a/spec/fixtures/python/airgap-Pipfile.lock.erb b/spec/fixtures/python/airgap-Pipfile.lock.erb
new file mode 100644
index 0000000..6a55e26
--- /dev/null
+++ b/spec/fixtures/python/airgap-Pipfile.lock.erb
@@ -0,0 +1,50 @@
+{
+  "_meta": {
+    "hash": {
+      "sha256": "5b488a008aa3a3189ebb41e224ca36bb2ca6e5d4d420ad136bb660d15fd27a14"
+    },
+    "pipfile-spec": 6,
+    "requires": {},
+    "sources": [
+      {
+        "name": "pypi",
+        "url": "<%= index_url %>",
+        "verify_ssl": true
+      }
+    ]
+  },
+  "default": {
+    "certifi": {
+      "hashes": [
+        "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3"
+      ],
+      "version": "==2019.11.28"
+    },
+    "chardet": {
+      "hashes": [
+        "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
+      ],
+      "version": "==3.0.4"
+    },
+    "idna": {
+      "hashes": [
+        "sha256:a068a21ceac8a4d63dbfd964670474107f541babbd2250d61922f029858365fa"
+      ],
+      "version": "==2.9"
+    },
+    "requests": {
+      "hashes": [
+        "sha256:43999036bfa82904b6af1d99e4882b560e5e2c68e5c4b0aa03b655f3d7d73fee"
+      ],
+      "index": "pypi",
+      "version": "==2.23.0"
+    },
+    "urllib3": {
+      "hashes": [
+        "sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc"
+      ],
+      "version": "==1.25.8"
+    }
+  },
+  "develop": {}
+}
diff --git a/spec/fixtures/python/pypi.crt b/spec/fixtures/python/pypi.crt
new file mode 100644
index 0000000..202557f
--- /dev/null
+++ b/spec/fixtures/python/pypi.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIUWxGpSPKNbbHUxh32y0cGgvmSwZIwDQYJKoZIhvcNAQEL
+BQAwgYwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK
+DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxRTBDBgNVBAMMPGdpdGxhYi1haXJn
+YXAtcHlwaS51cy13ZXN0MS1iLmMuZ3JvdXAtc2VjdXJlLWE4OWZlNy5pbnRlcm5h
+bDAeFw0yMDA0MDIwMTQ0MTFaFw0yMTA0MDIwMTQ0MTFaMIGMMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMUUwQwYDVQQDDDxnaXRsYWItYWlyZ2FwLXB5cGkudXMtd2VzdDEt
+Yi5jLmdyb3VwLXNlY3VyZS1hODlmZTcuaW50ZXJuYWwwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCsguLHmkpWR13l06HrLze+sv/4eI3jyveBc0xkUGFh
+WKHAOCPQvfHhavK2W1w2mKA69mEixkncUwU3Q5KT8bapnUYo2sks62vSfuibat1F
+ZzoII35xk71zgkXwGgEAy/h4izEubbsP0JMYIE0uZKuuytylax7KDy5Tskbh79Gq
+Ye42N1j77T6rxfB06nrENokZMb9EoOtUdW/jU4BMBGUO1ZwQHh1QOawENtGBay24
+j05HbOURZzl5SxfJbbFSeQbGqaY/ujaCDdJRRfacbmkjs+qaZ0QF/fEvxg9/xP/y
+VwGwLSzIXfkuRyw2KSmKBSdy36DLIJ/TBdmLoMgHjouhAgMBAAGjUzBRMB0GA1Ud
+DgQWBBS2dpl46jX7D8PTwLhdulc++IzBRTAfBgNVHSMEGDAWgBS2dpl46jX7D8PT
+wLhdulc++IzBRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBd
+SN3o3SEEl3sfbnzKPzQusBbg2njpp9zmnRt26DvHWXPM2BYyBPs0YY8jF4NmwoK4
+ijbGolsOPJy/8gQ478WLizN0Mdhcqh7+R5FvbhghyO66/I6WsPvOR+XNOuaYXe4S
+Jg9dfTFOTzndTJwbTJqhe+QwM3Ns+jw8uDE3zAtsGJ1rcgXOKX8B24AvPdIttu1h
+z0ahOUbRIT5MsTxCMBZZqQTFdhBOeBiLEYUtK789NsWjb3JdKwuBeKyhnJhcPnUo
+YK3HLoDrUfpHveFsg5CWUm7euJ/HXljJm+Ct1+fHbRC1jUQ3tY8JsvbmvkXCVHXv
+f7j8RXMzKBldTaHzsVj2
+-----END CERTIFICATE-----
diff --git a/spec/integration/python/pipenv_spec.rb b/spec/integration/python/pipenv_spec.rb
index 410d3c7..9ec7d96 100644
--- a/spec/integration/python/pipenv_spec.rb
+++ b/spec/integration/python/pipenv_spec.rb
@@ -201,4 +201,29 @@ RSpec.describe "pipenv" do
       end
     end
   end
+
+  context "when connecting to a private package repository with self signed certificate" do
+    let(:index_url) { "https://gitlab-airgap-pypi.us-west1-b.c.group-secure-a89fe7.internal/simple" }
+    let(:bundle) { fixture_file_content('python/pypi.crt') }
+
+    def install_airgap_hosts
+      add_host('gitlab-airgap-test.us-west1-b.c.group-secure-a89fe7.internal', '34.82.7.216')
+      add_host('gitlab-airgap-pypi.us-west1-b.c.group-secure-a89fe7.internal', '35.227.149.218')
+    end
+
+    before do
+      runner.add_file('Pipfile', fixture_file_content('python/airgap-Pipfile.erb', index_url: index_url))
+      runner.add_file('Pipfile.lock', fixture_file_content('python/airgap-Pipfile.lock.erb', index_url: index_url))
+    end
+
+    pending 'downloads the packages and trusts the certificate' do
+      report = runner.scan(env: {
+        'ADDITIONAL_CA_CERT_BUNDLE' => bundle,
+        'PIP_INDEX_URL' => index_url
+      })
+
+      expect(report).to match_schema(version: '2.0')
+      expect(report.dependency_names).to include('requests')
+    end
+  end
 end
diff --git a/spec/support/fixture_file_helper.rb b/spec/support/fixture_file_helper.rb
index fe11acd..5a9599f 100644
--- a/spec/support/fixture_file_helper.rb
+++ b/spec/support/fixture_file_helper.rb
@@ -1,6 +1,11 @@
 module FixtureFileHelper
-  def fixture_file_content(path)
-    IO.read(fixture_file(path))
+  def fixture_file_content(path, data = {})
+    content = IO.read(fixture_file(path))
+    return content unless path.end_with?('.erb')
+
+    ERB
+      .new(content)
+      .result(OpenStruct.new(data).send(:binding))
   end
 
   def fixture_file(path)
diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb
index bcc5c1f..6c30a99 100644
--- a/spec/support/integration_test_helper.rb
+++ b/spec/support/integration_test_helper.rb
@@ -56,9 +56,13 @@ module IntegrationTestHelper
     end
 
     def clone(repo, branch: 'master')
-      execute({}, "git", "clone", '--quiet', repo, project_path)
-      Dir.chdir project_path do
-        execute({}, "git", "checkout", branch)
+      if branch.match?(/\b[0-9a-f]{5,40}\b/)
+        execute({}, 'git', 'clone', '--quiet', repo, project_path)
+        Dir.chdir project_path do
+          execute({}, 'git', 'checkout', branch)
+        end
+      else
+        execute({}, 'git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch', branch, repo, project_path)
       end
     end
 
@@ -85,4 +89,11 @@ module IntegrationTestHelper
   def runner(*args)
     @runner ||= IntegrationTestRunner.new(*args)
   end
+
+  def add_host(name, ip)
+    return unless ENV['LM_HOME']
+    return if system("grep #{name} /etc/hosts")
+
+    system("echo '#{ip} #{name}' >> /etc/hosts")
+  end
 end