Load root certificates on Mac (#52880)

17909499 · Christof Marti · 637eef81 · 17909499
显示空白变更内容
内联并排

Showing with 34 addition and 18 deletion

src/vs/workbench/services/extensions/node/proxyResolver.ts src/vs/workbench/services/extensions/node/proxyResolver.ts +34 -18

未找到文件。
--- a/src/vs/workbench/services/extensions/node/proxyResolver.ts
+++ b/src/vs/workbench/services/extensions/node/proxyResolver.ts
@@ -8,6 +8,7 @@ import * as https from 'https';
 import * as tls from 'tls';
 import * as nodeurl from 'url';
 import * as os from 'os';
+import * as cp from 'child_process';
 import { assign } from 'vs/base/common/objects';
 import { endsWith } from 'vs/base/common/strings';
@@ -19,6 +20,7 @@ import { ExtHostLogService } from 'vs/workbench/api/node/extHostLogService';
 import { toErrorMessage } from 'vs/base/common/errorMessage';
 import { ExtHostExtensionService } from 'vs/workbench/api/node/extHostExtensionService';
 import { URI } from 'vs/base/common/uri';
+import { promisify } from 'util';
 interface ConnectionResult {
 	proxy: string;
@@ -421,7 +423,7 @@ function useSystemCertificates(extHostLogService: ExtHostLogService, useSystemCe
 	}
 }
-let _certificates: Promise<typeof https.globalAgent.options.ca | undefined>;
+let _certificates: Promise<string[]>;
 async function getCertificates(extHostLogService: ExtHostLogService) {
 	if (!_certificates) {
 		_certificates = readCertificates()
@@ -433,8 +435,17 @@ async function getCertificates(extHostLogService: ExtHostLogService) {
 	return _certificates;
 }
-async function readCertificates() {
+async function readCertificates(): Promise<string[]> {
 	if (process.platform === 'win32') {
+		return readWindowsCertificates();
+	}
+	if (process.platform === 'darwin') {
+		return readMacCertificates();
+	}
+	return undefined;
+}
+function readWindowsCertificates() {
 	const winCA = require.__$__nodeRequire<any>('win-ca-lib');
 	let ders = [];
@@ -451,8 +462,13 @@ async function readCertificates() {
 	const seen = {};
 	return ders.map(derToPem)
 		.filter(pem => !seen[pem] && (seen[pem] = true));
-	}
+}
-	return undefined;
+async function readMacCertificates() {
+	const stdout = (await promisify(cp.execFile)('/usr/bin/security', ['find-certificate', '-a', '-p'], { encoding: 'utf8' })).stdout;
+	const seen = {};
+	return stdout.split(/(?=-----BEGIN CERTIFICATE-----)/g)
+		.filter(pem => !!pem.length && !seen[pem] && (seen[pem] = true));
 }
 function derToPem(blob) {