Add CAs for proxy connection (microsoft/vscode#235410)

microsoft · Dec 5, 2024 · 8e32b6f · 8e32b6f
1 parent b71e934
commit 8e32b6f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/src/agent.ts b/src/agent.ts
@@ -34,14 +34,17 @@ type FindProxyForURL = (req: http.ClientRequest, opts: http.RequestOptions, url:
 export class PacProxyAgent extends Agent {
 	resolver: FindProxyForURL;
 	opts: PacProxyAgentOptions;
+	addCAs: (opts: PacProxyAgentOptions) => Promise<void>;
+	casAdded = false;
 	cache?: Readable;
 
-	constructor(resolver: FindProxyForURL, opts: PacProxyAgentOptions = {}) {
+	constructor(resolver: FindProxyForURL, opts: PacProxyAgentOptions = {}, addCAs: (opts: PacProxyAgentOptions) => Promise<void> = async () => {}) {
 		super(opts);
 		debug('Creating PacProxyAgent with options %o', opts);
 
 		this.resolver = resolver;
 		this.opts = { ...opts };
+		this.addCAs = addCAs;
 		this.cache = undefined;
 	}
 
@@ -96,6 +99,11 @@ export class PacProxyAgent extends Agent {
 		} else if (proxyURL.startsWith('http')) {
 			// Use an HTTP or HTTPS proxy
 			// http://dev.chromium.org/developers/design-documents/secure-web-proxy
+			if (!this.casAdded && proxyURL.startsWith('https')) {
+				debug('Adding CAs to proxy options');
+				this.casAdded = true;
+				await this.addCAs(this.opts);
+			}
 			if (secureEndpoint) {
 				agent = new HttpsProxyAgent2(proxyURL, this.opts);
 			} else {
@@ -235,7 +243,8 @@ class HttpsProxyAgent2<Uri extends string> extends HttpsProxyAgent<Uri> {
 
 export function createPacProxyAgent(
 	resolver: FindProxyForURL,
-	opts?: PacProxyAgentOptions
+	opts?: PacProxyAgentOptions,
+	addCAs?: (opts: PacProxyAgentOptions) => Promise<void>,
 ): PacProxyAgent {
 	if (!opts) {
 		opts = {};
@@ -245,7 +254,7 @@ export function createPacProxyAgent(
 		throw new TypeError('a resolve function must be specified!');
 	}
 
-	return new PacProxyAgent(resolver, opts);
+	return new PacProxyAgent(resolver, opts, addCAs);
 }
 type PacProxyAgentOptions =
 		HttpProxyAgentOptions<''> &

diff --git a/src/index.ts b/src/index.ts
@@ -138,7 +138,7 @@ export function createProxyResolver(params: ProxyAgentParams) {
 
 		const stackText = ''; // getLogLevel() === LogLevel.Trace ? '\n' + new Error('Error for stack trace').stack : '';
 
-		addCertificatesV1(params, flags.addCertificatesV1, opts, () => {
+		addCertificatesToOptionsV1(params, flags.addCertificatesV1, opts, () => {
 			if (!flags.useProxySettings) {
 				callback('DIRECT');
 				return;
@@ -395,7 +395,7 @@ export function createHttpPatch(params: ProxyAgentParams, originals: typeof http
 					originalAgent: (!useProxySettings || isLocalhost || config === 'fallback') ? originalAgent : undefined,
 					lookupProxyAuthorization: params.lookupProxyAuthorization,
 					// keepAlive: ((originalAgent || originals.globalAgent) as { keepAlive?: boolean }).keepAlive, // Skipping due to https://github.com/microsoft/vscode/issues/228872.
-				});
+				}, opts => new Promise<void>(resolve => addCertificatesToOptionsV1(params, params.addCertificatesV1(), opts, resolve)));
 				agent.protocol = isHttps ? 'https:' : 'http:';
 				options.agent = agent
 				if (isHttps) {
@@ -727,7 +727,7 @@ function getAgentOptions(systemCA: string[] | undefined, requestInit: RequestIni
 	return { allowH2, requestCA, proxyCA };
 }
 
-function addCertificatesV1(params: ProxyAgentParams, addCertificatesV1: boolean, opts: http.RequestOptions, callback: () => void) {
+function addCertificatesToOptionsV1(params: ProxyAgentParams, addCertificatesV1: boolean, opts: http.RequestOptions | tls.ConnectionOptions, callback: () => void) {
 	if (addCertificatesV1) {
 		getOrLoadAdditionalCertificates(params)
 			.then(caCertificates => {