[Python][Client] Default to system CA instead of certifi (#8108)

* Use system CA by default and remove certifi

See #6506

* Use system CA by default in asyncio client

* Update README_onlypackage.mustache

* Result of ./bin/generate-samples.sh

* Add ssl_ca_cert argument for Configuration

* Result of ./bin/generate-samples.sh

* Remove certifi, use system CA by default

Author: rparini

modules/openapi-generator/src/main/resources/python-legacy/README_onlypackage.mustache

@@ -25,9 +25,8 @@ This python library package is generated without supporting files like setup.py
 
 To be able to use it, you will need these dependencies in your own package that uses this library:
 
-* urllib3 >= 1.15
+* urllib3 >= 1.25.3
 * six >= 1.10
-* certifi
 * python-dateutil
 {{#asyncio}}
 * aiohttp

modules/openapi-generator/src/main/resources/python-legacy/asyncio/rest.mustache

@@ -9,7 +9,6 @@ import re
 import ssl
 
 import aiohttp
-import certifi
 # python 2 and python 3 compatibility library
 from six.moves.urllib.parse import urlencode
 
@@ -43,14 +42,7 @@ class RESTClientObject(object):
         if maxsize is None:
             maxsize = configuration.connection_pool_maxsize
 
-        # ca_certs
-        if configuration.ssl_ca_cert:
-            ca_certs = configuration.ssl_ca_cert
-        else:
-            # if not set certificate file, use Mozilla's root certificates.
-            ca_certs = certifi.where()
-
-        ssl_context = ssl.create_default_context(cafile=ca_certs)
+        ssl_context = ssl.create_default_context(cafile=configuration.ssl_ca_cert)
         if configuration.cert_file:
             ssl_context.load_cert_chain(
                 configuration.cert_file, keyfile=configuration.key_file

modules/openapi-generator/src/main/resources/python-legacy/configuration.mustache

@@ -76,6 +76,8 @@ class Configuration(object):
     :param server_operation_variables: Mapping from operation ID to a mapping with
       string values to replace variables in templated server configuration.
       The validation of enums is performed for variables with defined enum values before.
+    :param ssl_ca_cert: str - the path to a file of concatenated CA certificates 
+      in PEM format 
 
 {{#hasAuthMethods}}
     :Example:
@@ -174,6 +176,7 @@ conf = {{{packageName}}}.Configuration(
 {{/hasHttpSignatureMethods}}
                  server_index=None, server_variables=None,
                  server_operation_index=None, server_operation_variables=None,
+                 ssl_ca_cert=None,
                  ):
         """Constructor
         """
@@ -258,7 +261,7 @@ conf = {{{packageName}}}.Configuration(
            Set this to false to skip verifying SSL certificate when calling API
            from https server.
         """
-        self.ssl_ca_cert = None
+        self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
         self.cert_file = None

modules/openapi-generator/src/main/resources/python-legacy/requirements.mustache

@@ -1,6 +1,5 @@
-certifi >= 14.05.14
 future; python_version<="2.7"
 six >= 1.10
 python_dateutil >= 2.5.3
 setuptools >= 21.0.0
-urllib3 >= 1.15.1
+urllib3 >= 1.25.3

modules/openapi-generator/src/main/resources/python-legacy/rest.mustache

@@ -10,7 +10,6 @@ import logging
 import re
 import ssl
 
-import certifi
 # python 2 and python 3 compatibility library
 import six
 from six.moves.urllib.parse import urlencode
@@ -54,13 +53,6 @@ class RESTClientObject(object):
         else:
             cert_reqs = ssl.CERT_NONE
 
-        # ca_certs
-        if configuration.ssl_ca_cert:
-            ca_certs = configuration.ssl_ca_cert
-        else:
-            # if not set certificate file, use Mozilla's root certificates.
-            ca_certs = certifi.where()
-
         addition_pool_args = {}
         if configuration.assert_hostname is not None:
             addition_pool_args['assert_hostname'] = configuration.assert_hostname  # noqa: E501
@@ -83,7 +75,7 @@ class RESTClientObject(object):
                 num_pools=pools_size,
                 maxsize=maxsize,
                 cert_reqs=cert_reqs,
-                ca_certs=ca_certs,
+                ca_certs=configuration.ssl_ca_cert,
                 cert_file=configuration.cert_file,
                 key_file=configuration.key_file,
                 proxy_url=configuration.proxy,
@@ -95,7 +87,7 @@ class RESTClientObject(object):
                 num_pools=pools_size,
                 maxsize=maxsize,
                 cert_reqs=cert_reqs,
-                ca_certs=ca_certs,
+                ca_certs=configuration.ssl_ca_cert,
                 cert_file=configuration.cert_file,
                 key_file=configuration.key_file,
                 **addition_pool_args

modules/openapi-generator/src/main/resources/python-legacy/setup.mustache

@@ -16,7 +16,7 @@ VERSION = "{{packageVersion}}"
 # prerequisite: setuptools
 # http://pypi.python.org/pypi/setuptools
 
-REQUIRES = ["urllib3 >= 1.15", "six >= 1.10", "certifi", "python-dateutil"]
+REQUIRES = ["urllib3 >= 1.25.3", "six >= 1.10", "python-dateutil"]
 {{#asyncio}}
 REQUIRES.append("aiohttp >= 3.0.0")
 {{/asyncio}}

modules/openapi-generator/src/main/resources/python/README_onlypackage.mustache

@@ -25,8 +25,7 @@ This python library package is generated without supporting files like setup.py
 
 To be able to use it, you will need these dependencies in your own package that uses this library:
 
-* urllib3 >= 1.15
-* certifi
+* urllib3 >= 1.25.3
 * python-dateutil
 {{#asyncio}}
 * aiohttp

modules/openapi-generator/src/main/resources/python/asyncio/rest.mustache

@@ -7,7 +7,6 @@ import re
 import ssl
 
 import aiohttp
-import certifi
 # python 2 and python 3 compatibility library
 from six.moves.urllib.parse import urlencode
 
@@ -41,14 +40,7 @@ class RESTClientObject(object):
         if maxsize is None:
             maxsize = configuration.connection_pool_maxsize
 
-        # ca_certs
-        if configuration.ssl_ca_cert:
-            ca_certs = configuration.ssl_ca_cert
-        else:
-            # if not set certificate file, use Mozilla's root certificates.
-            ca_certs = certifi.where()
-
-        ssl_context = ssl.create_default_context(cafile=ca_certs)
+        ssl_context = ssl.create_default_context(cafile=configuration.ssl_ca_cert)
         if configuration.cert_file:
             ssl_context.load_cert_chain(
                 configuration.cert_file, keyfile=configuration.key_file

modules/openapi-generator/src/main/resources/python/configuration.mustache

@@ -71,6 +71,8 @@ class Configuration(object):
     :param server_operation_variables: Mapping from operation ID to a mapping with
       string values to replace variables in templated server configuration.
       The validation of enums is performed for variables with defined enum values before.
+    :param ssl_ca_cert: str - the path to a file of concatenated CA certificates 
+      in PEM format
 
 {{#hasAuthMethods}}
     :Example:
@@ -169,6 +171,7 @@ conf = {{{packageName}}}.Configuration(
 {{/hasHttpSignatureMethods}}
                  server_index=None, server_variables=None,
                  server_operation_index=None, server_operation_variables=None,
+                 ssl_ca_cert=None,
                  ):
         """Constructor
         """
@@ -253,7 +256,7 @@ conf = {{{packageName}}}.Configuration(
            Set this to false to skip verifying SSL certificate when calling API
            from https server.
         """
-        self.ssl_ca_cert = None
+        self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
         self.cert_file = None

modules/openapi-generator/src/main/resources/python/requirements.mustache

@@ -1,5 +1,4 @@
 nulltype
-certifi >= 14.05.14
 python_dateutil >= 2.5.3
 setuptools >= 21.0.0
-urllib3 >= 1.15.1
+urllib3 >= 1.25.3