Load certificates in net.connect (#185098)

package.json

@@ -68,7 +68,7 @@
     "@parcel/watcher": "2.1.0",
     "@vscode/iconv-lite-umd": "0.7.0",
     "@vscode/policy-watcher": "^1.1.4",
-    "@vscode/proxy-agent": "^0.13.2",
+    "@vscode/proxy-agent": "^0.14.1",
     "@vscode/ripgrep": "^1.15.4",
     "@vscode/spdlog": "^0.13.10",
     "@vscode/sqlite3": "5.1.5-vscode",

remote/package.json

@@ -7,7 +7,7 @@
     "@microsoft/1ds-post-js": "^3.2.2",
     "@parcel/watcher": "2.1.0",
     "@vscode/iconv-lite-umd": "0.7.0",
-    "@vscode/proxy-agent": "^0.13.2",
+    "@vscode/proxy-agent": "^0.14.1",
     "@vscode/ripgrep": "^1.15.4",
     "@vscode/spdlog": "^0.13.10",
     "@vscode/vscode-languagedetection": "1.0.21",

remote/yarn.lock

@@ -58,10 +58,10 @@
   resolved "https://registry.yarnpkg.com/@vscode/iconv-lite-umd/-/iconv-lite-umd-0.7.0.tgz#d2f1e0664ee6036408f9743fee264ea0699b0e48"
   integrity sha512-bRRFxLfg5dtAyl5XyiVWz/ZBPahpOpPrNYnnHpOpUZvam4tKH35wdhP4Kj6PbM0+KdliOsPzbGWpkxcdpNB/sg==
 
-"@vscode/proxy-agent@^0.13.2":
-  version "0.13.2"
-  resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.13.2.tgz#0d289826c07faecc4ca07de80a8e5a9459d06119"
-  integrity sha512-BSUd0NTj44WvG4O9A6N+4R1XhxtPqCYltWeHyNkquX9T//a1US+cd8fxzcZCPd3z7dygdYIPkZAKM+CrefWWOA==
+"@vscode/proxy-agent@^0.14.1":
+  version "0.14.1"
+  resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.14.1.tgz#61866221a8fbd5143f73a14c29deccdf85f13113"
+  integrity sha512-bJxCO9E6zDpy90TiViAZgFjAgo83gS0Lh5CUIu/JZ8p5UwwQ37Y6LZH2f2l6kBr2RGdNSRbORTFrfmLtr1faRA==
   dependencies:
     "@tootallnate/once" "^1.1.2"
     agent-base "^6.0.2"

src/vs/workbench/api/node/proxyResolver.ts

@@ -6,6 +6,7 @@
 import * as http from 'http';
 import * as https from 'https';
 import * as tls from 'tls';
+import * as net from 'net';
 
 import { IExtHostWorkspaceProvider } from 'vs/workbench/api/common/extHostWorkspace';
 import { ExtHostConfigProvider } from 'vs/workbench/api/common/extHostConfiguration';
@@ -15,7 +16,7 @@ import { ExtHostExtensionService } from 'vs/workbench/api/node/extHostExtensionS
 import { URI } from 'vs/base/common/uri';
 import { ILogService } from 'vs/platform/log/common/log';
 import { IExtensionDescription } from 'vs/platform/extensions/common/extensions';
-import { LogLevel, createHttpPatch, createProxyResolver, createTlsPatch, ProxySupportSetting } from '@vscode/proxy-agent';
+import { LogLevel, createHttpPatch, createProxyResolver, createTlsPatch, ProxySupportSetting, ProxyAgentParams, createNetPatch } from '@vscode/proxy-agent';
 
 export function connectProxyResolver(
 	extHostWorkspace: IExtHostWorkspaceProvider,
@@ -27,7 +28,7 @@ export function connectProxyResolver(
 ) {
 	const useHostProxy = initData.environment.useHostProxy;
 	const doUseHostProxy = typeof useHostProxy === 'boolean' ? useHostProxy : !initData.remote.isRemote;
-	const resolveProxy = createProxyResolver({
+	const params: ProxyAgentParams = {
 		resolveProxy: url => extHostWorkspace.resolveProxy(url),
 		getHttpProxySetting: () => configProvider.getConfiguration('http').get('proxy'),
 		log: (level, message, ...args) => {
@@ -50,13 +51,19 @@ export function connectProxyResolver(
 		// TODO @chrmarti Remove this from proxy agent
 		proxyResolveTelemetry: () => { },
 		useHostProxy: doUseHostProxy,
+		useSystemCertificatesV2: certSettingV2(configProvider),
+		addCertificates: [],
 		env: process.env,
+	};
+	configProvider.onDidChangeConfiguration(e => {
+		params.useSystemCertificatesV2 = certSettingV2(configProvider);
 	});
-	const lookup = createPatchedModules(configProvider, resolveProxy);
+	const resolveProxy = createProxyResolver(params);
+	const lookup = createPatchedModules(params, configProvider, resolveProxy);
 	return configureModuleLoading(extensionService, lookup);
 }
 
-function createPatchedModules(configProvider: ExtHostConfigProvider, resolveProxy: ReturnType<typeof createProxyResolver>) {
+function createPatchedModules(params: ProxyAgentParams, configProvider: ExtHostConfigProvider, resolveProxy: ReturnType<typeof createProxyResolver>) {
 	const proxySetting = {
 		config: configProvider.getConfiguration('http')
 			.get<ProxySupportSetting>('proxySupport') || 'off'
@@ -66,12 +73,10 @@ function createPatchedModules(configProvider: ExtHostConfigProvider, resolveProx
 			.get<ProxySupportSetting>('proxySupport') || 'off';
 	});
 	const certSetting = {
-		config: !!configProvider.getConfiguration('http')
-			.get<boolean>('systemCertificates')
+		config: certSettingV1(configProvider)
 	};
 	configProvider.onDidChangeConfiguration(e => {
-		certSetting.config = !!configProvider.getConfiguration('http')
-			.get<boolean>('systemCertificates');
+		certSetting.config = certSettingV1(configProvider);
 	});
 
 	return {
@@ -89,17 +94,32 @@ function createPatchedModules(configProvider: ExtHostConfigProvider, resolveProx
 			onRequest: Object.assign({}, https, createHttpPatch(https, resolveProxy, proxySetting, certSetting, true)),
 			default: Object.assign(https, createHttpPatch(https, resolveProxy, proxySetting, certSetting, false)) // run last
 		} as Record<string, typeof https>,
-		tls: Object.assign(tls, createTlsPatch(tls))
+		net: Object.assign(net, createNetPatch(params, net)),
+		tls: Object.assign(tls, createTlsPatch(params, tls))
 	};
 }
 
+function certSettingV1(configProvider: ExtHostConfigProvider) {
+	const http = configProvider.getConfiguration('http');
+	return !http.get<boolean>('experimental.systemCertificatesV2') && !!http.get<boolean>('systemCertificates');
+}
+
+function certSettingV2(configProvider: ExtHostConfigProvider) {
+	const http = configProvider.getConfiguration('http');
+	return !!http.get<boolean>('experimental.systemCertificatesV2') && !!http.get<boolean>('systemCertificates');
+}
+
 const modulesCache = new Map<IExtensionDescription | undefined, { http?: typeof http; https?: typeof https }>();
 function configureModuleLoading(extensionService: ExtHostExtensionService, lookup: ReturnType<typeof createPatchedModules>): Promise<void> {
 	return extensionService.getExtensionPathIndex()
 		.then(extensionPaths => {
 			const node_module = <any>globalThis._VSCODE_NODE_MODULES.module;
 			const original = node_module._load;
 			node_module._load = function load(request: string, parent: { filename: string }, isMain: boolean) {
+				if (request === 'net') {
+					return lookup.net;
+				}
+
 				if (request === 'tls') {
 					return lookup.tls;
 				}

yarn.lock

@@ -1287,10 +1287,10 @@
     bindings "^1.5.0"
     node-addon-api "^6.0.0"
 
-"@vscode/proxy-agent@^0.13.2":
-  version "0.13.2"
-  resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.13.2.tgz#0d289826c07faecc4ca07de80a8e5a9459d06119"
-  integrity sha512-BSUd0NTj44WvG4O9A6N+4R1XhxtPqCYltWeHyNkquX9T//a1US+cd8fxzcZCPd3z7dygdYIPkZAKM+CrefWWOA==
+"@vscode/proxy-agent@^0.14.1":
+  version "0.14.1"
+  resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.14.1.tgz#61866221a8fbd5143f73a14c29deccdf85f13113"
+  integrity sha512-bJxCO9E6zDpy90TiViAZgFjAgo83gS0Lh5CUIu/JZ8p5UwwQ37Y6LZH2f2l6kBr2RGdNSRbORTFrfmLtr1faRA==
   dependencies:
     "@tootallnate/once" "^1.1.2"
     agent-base "^6.0.2"