Support self signed certificates in GitHub Copilot

intitni · intitni · commit 36449ca4740f · 2024-05-22T21:03:24.000+08:00
diff --git a/Core/Sources/HostApp/AccountSettings/GitHubCopilotView.swift b/Core/Sources/HostApp/AccountSettings/GitHubCopilotView.swift
@@ -22,6 +22,8 @@ struct GitHubCopilotView: View {
         @AppStorage(\.gitHubCopilotEnterpriseURI) var gitHubCopilotEnterpriseURI
         @AppStorage(\.disableGitHubCopilotSettingsAutoRefreshOnAppear)
         var disableGitHubCopilotSettingsAutoRefreshOnAppear
+        @AppStorage(\.gitHubCopilotLoadKeyChainCertificates)
+        var gitHubCopilotLoadKeyChainCertificates
         init() {}
     }
 
@@ -196,6 +198,10 @@ struct GitHubCopilotView: View {
                         .foregroundColor(.secondary)
                         .font(.callout)
                         .dynamicHeightTextInFormWorkaround()
+                        
+                        Toggle(isOn: $settings.gitHubCopilotLoadKeyChainCertificates) {
+                            Text("Load certificates in keychain")
+                        }
                     }
                 }
 
diff --git a/Tool/Package.swift b/Tool/Package.swift
@@ -316,7 +316,8 @@ let package = Package(
                 "BuiltinExtension",
                 .product(name: "LanguageServerProtocol", package: "LanguageServerProtocol"),
                 .product(name: "CopilotForXcodeKit", package: "CopilotForXcodeKit"),
-            ]
+            ],
+            resources: [.copy("Resources/load-self-signed-cert.js")]
         ),
         .testTarget(
             name: "GitHubCopilotServiceTests",
diff --git a/Tool/Sources/GitHubCopilotService/LanguageServer/GitHubCopilotService.swift b/Tool/Sources/GitHubCopilotService/LanguageServer/GitHubCopilotService.swift
@@ -42,11 +42,14 @@ protocol GitHubCopilotLSP {
 enum GitHubCopilotError: Error, LocalizedError {
     case languageServerNotInstalled
     case languageServerError(ServerError)
+    case failedToInstallStartScript
 
     var errorDescription: String? {
         switch self {
         case .languageServerNotInstalled:
             return "Language server is not installed."
+        case .failedToInstallStartScript:
+            return "Failed to install start script."
         case let .languageServerError(error):
             switch error {
             case let .handlerUnavailable(handler):
@@ -109,12 +112,32 @@ public class GitHubCopilotBaseService {
                 throw GitHubCopilotError.languageServerNotInstalled
             }
 
+            let indexJSURL: URL = try {
+                if UserDefaults.shared.value(for: \.gitHubCopilotLoadKeyChainCertificates) {
+                    let url = urls.executableURL.appendingPathComponent("load-self-signed-cert.js")
+                    if !FileManager.default.fileExists(atPath: url.path) {
+                        let file = Bundle.module.url(
+                            forResource: "load-self-signed-cert",
+                            withExtension: "js"
+                        )!
+                        do {
+                            try FileManager.default.copyItem(at: file, to: url)
+                        } catch {
+                            throw GitHubCopilotError.failedToInstallStartScript
+                        }
+                    }
+                    return url
+                } else {
+                    return agentJSURL
+                }
+            }()
+
             switch runner {
             case .bash:
                 let nodePath = UserDefaults.shared.value(for: \.nodePath)
                 let command = [
                     nodePath.isEmpty ? "node" : nodePath,
-                    "\"\(agentJSURL.path)\"",
+                    "\"\(indexJSURL.path)\"",
                     "--stdio",
                 ].joined(separator: " ")
                 executionParams = Process.ExecutionParameters(
@@ -128,7 +151,7 @@ public class GitHubCopilotBaseService {
                 let nodePath = UserDefaults.shared.value(for: \.nodePath)
                 let command = [
                     nodePath.isEmpty ? "node" : nodePath,
-                    "\"\(agentJSURL.path)\"",
+                    "\"\(indexJSURL.path)\"",
                     "--stdio",
                 ].joined(separator: " ")
                 executionParams = Process.ExecutionParameters(
@@ -146,7 +169,7 @@ public class GitHubCopilotBaseService {
                         path: "/usr/bin/env",
                         arguments: [
                             nodePath.isEmpty ? "node" : nodePath,
-                            agentJSURL.path,
+                            indexJSURL.path,
                             "--stdio",
                         ],
                         environment: [
diff --git a/Tool/Sources/GitHubCopilotService/Resources/load-self-signed-cert.js b/Tool/Sources/GitHubCopilotService/Resources/load-self-signed-cert.js
@@ -0,0 +1,40 @@
+function initialize() {
+  if (process.platform !== "darwin") {
+    return;
+  }
+
+  const splitPattern = /(?=-----BEGIN\sCERTIFICATE-----)/g;
+  const systemRootCertsPath =
+    "/System/Library/Keychains/SystemRootCertificates.keychain";
+  const args = ["find-certificate", "-a", "-p"];
+
+  const childProcess = require("child_process");
+  const allTrusted = childProcess
+    .spawnSync("/usr/bin/security", args)
+    .stdout.toString()
+    .split(splitPattern);
+
+  const allRoot = childProcess
+    .spawnSync("/usr/bin/security", args.concat(systemRootCertsPath))
+    .stdout.toString()
+    .split(splitPattern);
+  const all = allTrusted.concat(allRoot);
+
+  const tls = require("tls");
+  const origCreateSecureContext = tls.createSecureContext;
+  tls.createSecureContext = (options) => {
+    const ctx = origCreateSecureContext(options);
+    all.filter(duplicated).forEach((cert) => {
+      ctx.context.addCACert(cert.trim());
+    });
+    return ctx;
+  };
+}
+
+function duplicated(cert, index, arr) {
+  return arr.indexOf(cert) === index;
+}
+
+initialize();
+
+require("./copilot/dist/agent.js");
diff --git a/Tool/Sources/Preferences/Keys.swift b/Tool/Sources/Preferences/Keys.swift
@@ -187,6 +187,10 @@ public extension UserDefaultPreferenceKeys {
     var runNodeWith: PreferenceKey<NodeRunner> {
         .init(defaultValue: .env, key: "RunNodeWith")
     }
+    
+    var gitHubCopilotLoadKeyChainCertificates: PreferenceKey<Bool> {
+        .init(defaultValue: false, key: "GitHubCopilotLoadKeyChainCertificates")
+    }
 }
 
 // MARK: - Codeium Settings

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,8 @@ struct GitHubCopilotView: View {`
`22`	`22`	`@AppStorage(\.gitHubCopilotEnterpriseURI) var gitHubCopilotEnterpriseURI`
`23`	`23`	`@AppStorage(\.disableGitHubCopilotSettingsAutoRefreshOnAppear)`
`24`	`24`	`var disableGitHubCopilotSettingsAutoRefreshOnAppear`
	`25`	`+ @AppStorage(\.gitHubCopilotLoadKeyChainCertificates)`
	`26`	`+ var gitHubCopilotLoadKeyChainCertificates`
`25`	`27`	`init() {}`
`26`	`28`	`}`
`27`	`29`
`@@ -196,6 +198,10 @@ struct GitHubCopilotView: View {`
`196`	`198`	`.foregroundColor(.secondary)`
`197`	`199`	`.font(.callout)`
`198`	`200`	`.dynamicHeightTextInFormWorkaround()`
	`201`	`+`
	`202`	`+ Toggle(isOn: $settings.gitHubCopilotLoadKeyChainCertificates) {`
	`203`	`+ Text("Load certificates in keychain")`
	`204`	`+ }`
`199`	`205`	`}`
`200`	`206`	`}`
`201`	`207`
Original file line number	Diff line number	Diff line change
`@@ -187,6 +187,10 @@ public extension UserDefaultPreferenceKeys {`
`187`	`187`	`var runNodeWith: PreferenceKey<NodeRunner> {`
`188`	`188`	`.init(defaultValue: .env, key: "RunNodeWith")`
`189`	`189`	`}`
	`190`	`+`
	`191`	`+ var gitHubCopilotLoadKeyChainCertificates: PreferenceKey<Bool> {`
	`192`	`+ .init(defaultValue: false, key: "GitHubCopilotLoadKeyChainCertificates")`
	`193`	`+ }`
`190`	`194`	`}`
`191`	`195`
`192`	`196`	`// MARK: - Codeium Settings`