Merge pull request #454 from zynaxsoft/custom-ca

tamasfe · Aug 19, 2023 · 7f2fba1 · 7f2fba1
2 parents 051ce9f + 4a88c76
commit 7f2fba1
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 8 deletions.
diff --git a/crates/taplo-cli/src/lib.rs b/crates/taplo-cli/src/lib.rs
@@ -21,10 +21,8 @@ pub struct Taplo<E: Environment> {
 impl<E: Environment> Taplo<E> {
     pub fn new(env: E) -> Self {
         #[cfg(not(target_arch = "wasm32"))]
-        let http = reqwest::Client::builder()
-            .timeout(std::time::Duration::from_secs(5))
-            .build()
-            .unwrap();
+        let http =
+            taplo_common::util::get_reqwest_client(std::time::Duration::from_secs(5)).unwrap();
 
         #[cfg(target_arch = "wasm32")]
         let http = reqwest::Client::default();

diff --git a/crates/taplo-common/src/util.rs b/crates/taplo-common/src/util.rs
@@ -120,3 +120,35 @@ pub(crate) fn normalize_str(s: &str) -> Cow<str> {
         percent_decoded
     }
 }
+
+#[cfg(not(target_arch = "wasm32"))]
+#[tracing::instrument]
+pub fn get_reqwest_client(timeout: std::time::Duration) -> Result<reqwest::Client, reqwest::Error> {
+    fn get_cert(path: impl AsRef<Path>) -> Result<reqwest::Certificate, anyhow::Error> {
+        let path = path.as_ref();
+        let is_der = path.extension().map_or(false, |ext| ext == "der");
+        let buf = std::fs::read(path)?;
+        tracing::info!(
+            "Found a custom CA {}. Reading the CA...",
+            path.to_string_lossy()
+        );
+        if is_der {
+            Ok(reqwest::Certificate::from_der(&buf)?)
+        } else {
+            Ok(reqwest::Certificate::from_pem(&buf)?)
+        }
+    }
+    let mut builder = reqwest::Client::builder().timeout(timeout);
+    if let Some(path) = std::env::var_os("TAPLO_EXTRA_CA_CERTS") {
+        match get_cert(&path) {
+            Ok(cert) => {
+                builder = builder.add_root_certificate(cert);
+                tracing::info!(?path, "Added the custom CA");
+            }
+            Err(err) => {
+                tracing::error!(error = %err, "Could not parse the custom CA");
+            }
+        }
+    }
+    builder.build()
+}
diff --git a/crates/taplo-lsp/src/world.rs b/crates/taplo-lsp/src/world.rs
@@ -124,10 +124,7 @@ impl<E: Environment> WorkspaceState<E> {
 
         #[cfg(not(target_arch = "wasm32"))]
         {
-            client = reqwest::Client::builder()
-                .timeout(Duration::from_secs(10))
-                .build()
-                .unwrap();
+            client = taplo_common::util::get_reqwest_client(Duration::from_secs(10)).unwrap();
         }
 
         Self {

diff --git a/site/site/configuration/using-schemas.md b/site/site/configuration/using-schemas.md
@@ -9,3 +9,5 @@ JSON schemas can be assigned to TOML documents according to the following in pri
 1. default schema set in the [configuration file](./file#schema)
 1. contributed by an [extension](./developing-schemas.md#visual-studio-code-extensions) *(Visual Studio Code only)*
 1. an association based on a [schema catalog](./developing-schemas.md#publishing)
+
+Extra root CA certificate could be added by specifying with the TAPLO_EXTRA_CA_CERTS environment. The provided paths must be absolute paths. For example, `TAPLO_EXTRA_CA_CERTS=/home/taplo-user/custom-ca.pem`