From eeb87b3018e8dca4efa46c5573b9f3ad1fb3e0fe Mon Sep 17 00:00:00 2001 From: Christof Marti Date: Thu, 15 Jun 2023 09:13:35 +0200 Subject: [PATCH] Load certificates in net.connect (#185098) --- package.json | 2 +- remote/package.json | 2 +- remote/yarn.lock | 8 ++--- src/vs/workbench/api/node/proxyResolver.ts | 38 +++++++++++++++++----- yarn.lock | 8 ++--- 5 files changed, 39 insertions(+), 19 deletions(-) diff --git a/package.json b/package.json index f1f8428adab0f..4670a5f4e52c7 100644 --- a/package.json +++ b/package.json @@ -68,7 +68,7 @@ "@parcel/watcher": "2.1.0", "@vscode/iconv-lite-umd": "0.7.0", "@vscode/policy-watcher": "^1.1.4", - "@vscode/proxy-agent": "^0.13.2", + "@vscode/proxy-agent": "^0.14.1", "@vscode/ripgrep": "^1.15.4", "@vscode/spdlog": "^0.13.10", "@vscode/sqlite3": "5.1.5-vscode", diff --git a/remote/package.json b/remote/package.json index b6f21703ca476..bb42ecaf9d42a 100644 --- a/remote/package.json +++ b/remote/package.json @@ -7,7 +7,7 @@ "@microsoft/1ds-post-js": "^3.2.2", "@parcel/watcher": "2.1.0", "@vscode/iconv-lite-umd": "0.7.0", - "@vscode/proxy-agent": "^0.13.2", + "@vscode/proxy-agent": "^0.14.1", "@vscode/ripgrep": "^1.15.4", "@vscode/spdlog": "^0.13.10", "@vscode/vscode-languagedetection": "1.0.21", diff --git a/remote/yarn.lock b/remote/yarn.lock index 8836ac2d179c3..8c58b320af98a 100644 --- a/remote/yarn.lock +++ b/remote/yarn.lock @@ -58,10 +58,10 @@ resolved "https://registry.yarnpkg.com/@vscode/iconv-lite-umd/-/iconv-lite-umd-0.7.0.tgz#d2f1e0664ee6036408f9743fee264ea0699b0e48" integrity sha512-bRRFxLfg5dtAyl5XyiVWz/ZBPahpOpPrNYnnHpOpUZvam4tKH35wdhP4Kj6PbM0+KdliOsPzbGWpkxcdpNB/sg== -"@vscode/proxy-agent@^0.13.2": - version "0.13.2" - resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.13.2.tgz#0d289826c07faecc4ca07de80a8e5a9459d06119" - integrity sha512-BSUd0NTj44WvG4O9A6N+4R1XhxtPqCYltWeHyNkquX9T//a1US+cd8fxzcZCPd3z7dygdYIPkZAKM+CrefWWOA== +"@vscode/proxy-agent@^0.14.1": + version "0.14.1" + resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.14.1.tgz#61866221a8fbd5143f73a14c29deccdf85f13113" + integrity sha512-bJxCO9E6zDpy90TiViAZgFjAgo83gS0Lh5CUIu/JZ8p5UwwQ37Y6LZH2f2l6kBr2RGdNSRbORTFrfmLtr1faRA== dependencies: "@tootallnate/once" "^1.1.2" agent-base "^6.0.2" diff --git a/src/vs/workbench/api/node/proxyResolver.ts b/src/vs/workbench/api/node/proxyResolver.ts index 52ebe8327846a..133cffc590035 100644 --- a/src/vs/workbench/api/node/proxyResolver.ts +++ b/src/vs/workbench/api/node/proxyResolver.ts @@ -6,6 +6,7 @@ import * as http from 'http'; import * as https from 'https'; import * as tls from 'tls'; +import * as net from 'net'; import { IExtHostWorkspaceProvider } from 'vs/workbench/api/common/extHostWorkspace'; import { ExtHostConfigProvider } from 'vs/workbench/api/common/extHostConfiguration'; @@ -15,7 +16,7 @@ import { ExtHostExtensionService } from 'vs/workbench/api/node/extHostExtensionS import { URI } from 'vs/base/common/uri'; import { ILogService } from 'vs/platform/log/common/log'; import { IExtensionDescription } from 'vs/platform/extensions/common/extensions'; -import { LogLevel, createHttpPatch, createProxyResolver, createTlsPatch, ProxySupportSetting } from '@vscode/proxy-agent'; +import { LogLevel, createHttpPatch, createProxyResolver, createTlsPatch, ProxySupportSetting, ProxyAgentParams, createNetPatch } from '@vscode/proxy-agent'; export function connectProxyResolver( extHostWorkspace: IExtHostWorkspaceProvider, @@ -27,7 +28,7 @@ export function connectProxyResolver( ) { const useHostProxy = initData.environment.useHostProxy; const doUseHostProxy = typeof useHostProxy === 'boolean' ? useHostProxy : !initData.remote.isRemote; - const resolveProxy = createProxyResolver({ + const params: ProxyAgentParams = { resolveProxy: url => extHostWorkspace.resolveProxy(url), getHttpProxySetting: () => configProvider.getConfiguration('http').get('proxy'), log: (level, message, ...args) => { @@ -50,13 +51,19 @@ export function connectProxyResolver( // TODO @chrmarti Remove this from proxy agent proxyResolveTelemetry: () => { }, useHostProxy: doUseHostProxy, + useSystemCertificatesV2: certSettingV2(configProvider), + addCertificates: [], env: process.env, + }; + configProvider.onDidChangeConfiguration(e => { + params.useSystemCertificatesV2 = certSettingV2(configProvider); }); - const lookup = createPatchedModules(configProvider, resolveProxy); + const resolveProxy = createProxyResolver(params); + const lookup = createPatchedModules(params, configProvider, resolveProxy); return configureModuleLoading(extensionService, lookup); } -function createPatchedModules(configProvider: ExtHostConfigProvider, resolveProxy: ReturnType) { +function createPatchedModules(params: ProxyAgentParams, configProvider: ExtHostConfigProvider, resolveProxy: ReturnType) { const proxySetting = { config: configProvider.getConfiguration('http') .get('proxySupport') || 'off' @@ -66,12 +73,10 @@ function createPatchedModules(configProvider: ExtHostConfigProvider, resolveProx .get('proxySupport') || 'off'; }); const certSetting = { - config: !!configProvider.getConfiguration('http') - .get('systemCertificates') + config: certSettingV1(configProvider) }; configProvider.onDidChangeConfiguration(e => { - certSetting.config = !!configProvider.getConfiguration('http') - .get('systemCertificates'); + certSetting.config = certSettingV1(configProvider); }); return { @@ -89,10 +94,21 @@ function createPatchedModules(configProvider: ExtHostConfigProvider, resolveProx onRequest: Object.assign({}, https, createHttpPatch(https, resolveProxy, proxySetting, certSetting, true)), default: Object.assign(https, createHttpPatch(https, resolveProxy, proxySetting, certSetting, false)) // run last } as Record, - tls: Object.assign(tls, createTlsPatch(tls)) + net: Object.assign(net, createNetPatch(params, net)), + tls: Object.assign(tls, createTlsPatch(params, tls)) }; } +function certSettingV1(configProvider: ExtHostConfigProvider) { + const http = configProvider.getConfiguration('http'); + return !http.get('experimental.systemCertificatesV2') && !!http.get('systemCertificates'); +} + +function certSettingV2(configProvider: ExtHostConfigProvider) { + const http = configProvider.getConfiguration('http'); + return !!http.get('experimental.systemCertificatesV2') && !!http.get('systemCertificates'); +} + const modulesCache = new Map(); function configureModuleLoading(extensionService: ExtHostExtensionService, lookup: ReturnType): Promise { return extensionService.getExtensionPathIndex() @@ -100,6 +116,10 @@ function configureModuleLoading(extensionService: ExtHostExtensionService, looku const node_module = globalThis._VSCODE_NODE_MODULES.module; const original = node_module._load; node_module._load = function load(request: string, parent: { filename: string }, isMain: boolean) { + if (request === 'net') { + return lookup.net; + } + if (request === 'tls') { return lookup.tls; } diff --git a/yarn.lock b/yarn.lock index cece00d0a16ba..c1e4bd1c7bc9c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1287,10 +1287,10 @@ bindings "^1.5.0" node-addon-api "^6.0.0" -"@vscode/proxy-agent@^0.13.2": - version "0.13.2" - resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.13.2.tgz#0d289826c07faecc4ca07de80a8e5a9459d06119" - integrity sha512-BSUd0NTj44WvG4O9A6N+4R1XhxtPqCYltWeHyNkquX9T//a1US+cd8fxzcZCPd3z7dygdYIPkZAKM+CrefWWOA== +"@vscode/proxy-agent@^0.14.1": + version "0.14.1" + resolved "https://registry.yarnpkg.com/@vscode/proxy-agent/-/proxy-agent-0.14.1.tgz#61866221a8fbd5143f73a14c29deccdf85f13113" + integrity sha512-bJxCO9E6zDpy90TiViAZgFjAgo83gS0Lh5CUIu/JZ8p5UwwQ37Y6LZH2f2l6kBr2RGdNSRbORTFrfmLtr1faRA== dependencies: "@tootallnate/once" "^1.1.2" agent-base "^6.0.2"