From cc8e8046487ecd9d4a3dd7bf1fe3a53f71634ad7 Mon Sep 17 00:00:00 2001
From: "G.Pruvost" <gaetan.pruvost@gmail.com>
Date: Thu, 3 May 2018 18:37:02 +0200
Subject: [PATCH] #2211 - Support for ssl certs config on download command
 (#2212)

* Add support for SSL/Certs customization on download CLI

* Add a note on SSL options for the 'download' CLI in the README

* Add contributor agreement
---
 .github/contributors/mn3mos.md | 106 +++++++++++++++++++++++++++++++++
 README.rst                     |   5 ++
 spacy/cli/download.py          |  36 ++++++++---
 3 files changed, 139 insertions(+), 8 deletions(-)
 create mode 100644 .github/contributors/mn3mos.md

diff --git a/.github/contributors/mn3mos.md b/.github/contributors/mn3mos.md
new file mode 100644
index 000000000..e1eae0a09
--- /dev/null
+++ b/.github/contributors/mn3mos.md
@@ -0,0 +1,106 @@
+# spaCy contributor agreement
+
+This spaCy Contributor Agreement (**"SCA"**) is based on the
+[Oracle Contributor Agreement](http://www.oracle.com/technetwork/oca-405177.pdf).
+The SCA applies to any contribution that you make to any product or project
+managed by us (the **"project"**), and sets out the intellectual property rights
+you grant to us in the contributed materials. The term **"us"** shall mean
+[ExplosionAI UG (haftungsbeschränkt)](https://explosion.ai/legal). The term
+**"you"** shall mean the person or entity identified below.
+
+If you agree to be bound by these terms, fill in the information requested
+below and include the filled-in version with your first pull request, under the
+folder [`.github/contributors/`](/.github/contributors/). The name of the file
+should be your GitHub username, with the extension `.md`. For example, the user
+example_user would create the file `.github/contributors/example_user.md`.
+
+Read this agreement carefully before signing. These terms and conditions
+constitute a binding legal agreement.
+
+## Contributor Agreement
+
+1. The term "contribution" or "contributed materials" means any source code,
+object code, patch, tool, sample, graphic, specification, manual,
+documentation, or any other material posted or submitted by you to the project.
+
+2. With respect to any worldwide copyrights, or copyright applications and
+registrations, in your contribution:
+
+    * you hereby assign to us joint ownership, and to the extent that such
+    assignment is or becomes invalid, ineffective or unenforceable, you hereby
+    grant to us a perpetual, irrevocable, non-exclusive, worldwide, no-charge,
+    royalty-free, unrestricted license to exercise all rights under those
+    copyrights. This includes, at our option, the right to sublicense these same
+    rights to third parties through multiple levels of sublicensees or other
+    licensing arrangements;
+
+    * you agree that each of us can do all things in relation to your
+    contribution as if each of us were the sole owners, and if one of us makes
+    a derivative work of your contribution, the one who makes the derivative
+    work (or has it made will be the sole owner of that derivative work;
+
+    * you agree that you will not assert any moral rights in your contribution
+    against us, our licensees or transferees;
+
+    * you agree that we may register a copyright in your contribution and
+    exercise all ownership rights associated with it; and
+
+    * you agree that neither of us has any duty to consult with, obtain the
+    consent of, pay or render an accounting to the other for any use or
+    distribution of your contribution.
+
+3. With respect to any patents you own, or that you can license without payment
+to any third party, you hereby grant to us a perpetual, irrevocable,
+non-exclusive, worldwide, no-charge, royalty-free license to:
+
+    * make, have made, use, sell, offer to sell, import, and otherwise transfer
+    your contribution in whole or in part, alone or in combination with or
+    included in any product, work or materials arising out of the project to
+    which your contribution was submitted, and
+
+    * at our option, to sublicense these same rights to third parties through
+    multiple levels of sublicensees or other licensing arrangements.
+
+4. Except as set out above, you keep all right, title, and interest in your
+contribution. The rights that you grant to us under these terms are effective
+on the date you first submitted a contribution to us, even if your submission
+took place before the date you sign these terms.
+
+5. You covenant, represent, warrant and agree that:
+
+    * Each contribution that you submit is and shall be an original work of
+    authorship and you can legally grant the rights set out in this SCA;
+
+    * to the best of your knowledge, each contribution will not violate any
+    third party's copyrights, trademarks, patents, or other intellectual
+    property rights; and
+
+    * each contribution shall be in compliance with U.S. export control laws and
+    other applicable export and import laws. You agree to notify us if you
+    become aware of any circumstance which would make any of the foregoing
+    representations inaccurate in any respect. We may publicly disclose your
+    participation in the project, including the fact that you have signed the SCA.
+
+6. This SCA is governed by the laws of the State of California and applicable
+U.S. Federal law. Any choice of law rules will not apply.
+
+7. Please place an “x” on one of the applicable statement below. Please do NOT
+mark both statements:
+
+    * [x] I am signing on behalf of myself as an individual and no other person
+    or entity, including my employer, has or will have rights with respect to my
+    contributions.
+
+    * [ ] I am signing on behalf of my employer or a legal entity and I have the
+    actual authority to contractually bind that entity.
+
+## Contributor Details
+
+| Field                          | Entry                |
+|------------------------------- | -------------------- |
+| Name                           | Gaëtan PRUVOST       |
+| Company name (if applicable)   |                      |
+| Title or role (if applicable)  |                      |
+| Date                           | 13/04/2018           |
+| GitHub username                | mn3mos               |
+| Website (optional)             |                      |
diff --git a/README.rst b/README.rst
index 139453344..98c880a04 100644
--- a/README.rst
+++ b/README.rst
@@ -199,6 +199,11 @@ or manually by pointing pip to a path or URL.
     # pip install .tar.gz archive from path or URL
     pip install /Users/you/en_core_web_sm-2.0.0.tar.gz
 
+If you have SSL certification problems, SSL customization options are described in the help:
+
+    # help for the download command
+    python -m spacy download --help
+
 Loading and using models
 ------------------------
 
diff --git a/spacy/cli/download.py b/spacy/cli/download.py
index 7dc814efa..a68852b00 100644
--- a/spacy/cli/download.py
+++ b/spacy/cli/download.py
@@ -17,19 +17,39 @@ from .. import about
 @plac.annotations(
     model=("model to download, shortcut or name)", "positional", None, str),
     direct=("force direct download. Needs model name with version and won't "
-            "perform compatibility check", "flag", "d", bool))
-def download(model, direct=False):
+            "perform compatibility check", "flag", "d", bool),
+    unsecure=("unsecure mode - disables the verification of certificates", 
+        "flag", "u", bool),
+    caFile=("specify a certificate authority file to use for certificates "
+        "validation. Ignored if --unsecure is used", "option", "c"))
+def download(model, direct=False, unsecure=False, caFile=None):
     """
     Download compatible model from default download path using pip. Model
     can be shortcut, model name or, if --direct flag is set, full model name
     with version.
+    The --unsecure optional flag can be used to disable ssl verification
+    The --caFile option can be used to provide a local CA file
+    used for certificate verification.
     """
+
+    # sslVerify is the argument handled to the 'verify' parameter
+    # of requests package. It must be either None, a boolean, 
+    # or a String containing the path to CA file
+    sslVerify = None
+    if unsecure:
+        caFile    = None
+        sslVerify = False
+    else:
+        if caFile != None:
+            sslVerify = caFile
+
+    # Download the model
     if direct:
         dl = download_model('{m}/{m}.tar.gz'.format(m=model))
     else:
-        shortcuts = get_json(about.__shortcuts__, "available shortcuts")
+        shortcuts = get_json(about.__shortcuts__, "available shortcuts", sslVerify)
         model_name = shortcuts.get(model, model)
-        compatibility = get_compatibility()
+        compatibility = get_compatibility(sslVerify)
         version = get_version(model_name, compatibility)
         dl = download_model('{m}-{v}/{m}-{v}.tar.gz'.format(m=model_name,
                                                             v=version))
@@ -50,19 +70,19 @@ def download(model, direct=False):
             prints(Messages.M001.format(name=model_name), title=Messages.M002)
 
 
-def get_json(url, desc):
+def get_json(url, desc, sslVerify):
     try:
-        data = url_read(url)
+        data = url_read(url, verify=sslVerify)
     except HTTPError as e:
         prints(Messages.M004.format(desc, about.__version__),
                title=Messages.M003.format(e.code, e.reason), exits=1)
     return ujson.loads(data)
 
 
-def get_compatibility():
+def get_compatibility(sslVerify):
     version = about.__version__
     version = version.rsplit('.dev', 1)[0]
-    comp_table = get_json(about.__compatibility__, "compatibility table")
+    comp_table = get_json(about.__compatibility__, "compatibility table", sslVerify)
     comp = comp_table['spacy']
     if version not in comp:
         prints(Messages.M006.format(version=version), title=Messages.M005,