Add SSL certificate handling for corporate proxy environments

Co-authored-by: JoseVSeb <20752081+JoseVSeb@users.noreply.github.com>

Author: Copilot

package.json

@@ -55,6 +55,12 @@
                         "markdownDescription": "Extra CLI arguments to pass to [Google Java Format](https://github.com/google/google-java-format).",
                         "default": null,
                         "scope": "window"
+                    },
+                    "java.format.settings.google.strictSSL": {
+                        "type": "boolean",
+                        "markdownDescription": "Whether to verify SSL certificates when downloading Google Java Format. Set to `false` if you're behind a corporate proxy with custom certificates.",
+                        "default": true,
+                        "scope": "window"
                     }
                 }
             }

src/Cache.ts

@@ -7,6 +7,7 @@ import {
     commands,
     workspace,
 } from "vscode";
+import { fetchWithSSLOptions } from "./fetchWithSSLOptions";
 
 export class Cache {
     private uri: Uri;
@@ -15,6 +16,7 @@ export class Cache {
         private context: ExtensionContext,
         private log: LogOutputChannel,
         cacheFolder: string,
+        private strictSSL: boolean = true,
     ) {
         this.uri = Uri.joinPath(context.extensionUri, cacheFolder);
     }
@@ -23,8 +25,9 @@ export class Cache {
         context: ExtensionContext,
         log: LogOutputChannel,
         cacheFolder = "cache",
+        strictSSL: boolean = true,
     ) {
-        const cache = new Cache(context, log, cacheFolder);
+        const cache = new Cache(context, log, cacheFolder, strictSSL);
         await cache.init();
         return cache;
     }
@@ -38,6 +41,10 @@ export class Cache {
         );
     };
 
+    updateStrictSSL = (strictSSL: boolean) => {
+        this.strictSSL = strictSSL;
+    };
+
     clear = async () => {
         // clear cache
         await workspace.fs.delete(this.uri, { recursive: true });
@@ -88,7 +95,11 @@ export class Cache {
             // Download the file and write it to the cache directory
             this.log.info(`Downloading file from ${url}`);
 
-            const response = await fetch(url);
+            const response = await fetchWithSSLOptions(
+                url,
+                this.strictSSL,
+                this.log,
+            );
             if (response.ok) {
                 const buffer = await response.arrayBuffer();
                 await workspace.fs.writeFile(localPath, new Uint8Array(buffer));

src/ExtensionConfiguration.ts

@@ -13,13 +13,15 @@ export interface GoogleJavaFormatConfiguration {
     version?: GoogleJavaFormatVersion;
     mode?: GoogleJavaFormatMode;
     extra?: string;
+    strictSSL?: boolean;
 }
 
 export class ExtensionConfiguration implements GoogleJavaFormatConfiguration {
     executable?: string;
     version?: GoogleJavaFormatVersion;
     mode?: GoogleJavaFormatMode;
     extra?: string;
+    strictSSL?: boolean;
     readonly subscriptions: ((
         config: GoogleJavaFormatConfiguration,
     ) => void)[] = [];

src/extension.ts

@@ -15,9 +15,19 @@ export async function activate(context: ExtensionContext) {
     const config = new ExtensionConfiguration(context);
     config.subscribe();
 
-    const cache = await Cache.getInstance(context, log);
+    const cache = await Cache.getInstance(
+        context,
+        log,
+        "cache",
+        config.strictSSL ?? true,
+    );
     cache.subscribe();
 
+    // Subscribe to configuration changes for cache SSL settings
+    config.subscriptions.push((newConfig) => {
+        cache.updateStrictSSL(newConfig.strictSSL ?? true);
+    });
+
     const executable = await Executable.getInstance(
         context,
         config,

src/fetchWithSSLOptions.ts

@@ -0,0 +1,59 @@
+import { Agent } from "https";
+import { LogOutputChannel } from "vscode";
+
+/**
+ * Custom fetch function that handles SSL certificate issues in corporate proxy environments.
+ * This function respects the strictSSL configuration option and provides fallback behavior
+ * for environments where SSL certificates cannot be properly validated.
+ */
+export async function fetchWithSSLOptions(
+    url: string,
+    strictSSL: boolean,
+    log: LogOutputChannel,
+): Promise<Response> {
+    log.debug(`Fetching: ${url} (strictSSL: ${strictSSL})`);
+
+    if (strictSSL) {
+        // Use standard fetch with full SSL verification (default behavior)
+        return fetch(url);
+    }
+
+    // For corporate proxy environments, create a custom HTTPS agent that allows
+    // self-signed certificates or certificate validation issues
+    try {
+        // First try with standard fetch
+        const response = await fetch(url);
+        log.debug("Standard fetch succeeded");
+        return response;
+    } catch (error) {
+        log.warn(
+            `Standard fetch failed: ${error}. Retrying with relaxed SSL verification.`,
+        );
+
+        // If standard fetch fails, try with relaxed SSL verification
+        // This uses Node.js-specific options that are not available in all environments
+        try {
+            const httpsAgent = new Agent({
+                rejectUnauthorized: false,
+            });
+
+            // Use fetch with custom agent for HTTPS URLs
+            if (url.startsWith("https://")) {
+                const response = await fetch(url, {
+                    // @ts-ignore - Node.js specific option
+                    agent: httpsAgent,
+                });
+                log.debug("Fetch with relaxed SSL verification succeeded");
+                return response;
+            }
+
+            // For non-HTTPS URLs, use standard fetch
+            return fetch(url);
+        } catch (relaxedError) {
+            log.error(
+                `Both standard and relaxed SSL fetch failed: ${relaxedError}`,
+            );
+            throw relaxedError;
+        }
+    }
+}

src/getLatestReleaseOfGoogleJavaFormat.ts

@@ -1,16 +1,25 @@
 import { LogOutputChannel } from "vscode";
+import { ExtensionConfiguration } from "./ExtensionConfiguration";
+import { fetchWithSSLOptions } from "./fetchWithSSLOptions";
 import {
     GoogleJavaFormatReleaseResponse,
     parseGoogleJavaFormatReleaseResponse,
 } from "./GoogleJavaFormatRelease";
 import { logAsyncFunction } from "./logFunction";
 
 export const getLatestReleaseOfGoogleJavaFormat = logAsyncFunction(
-    async function getLatestReleaseOfGoogleJavaFormat(log: LogOutputChannel) {
+    async function getLatestReleaseOfGoogleJavaFormat(
+        log: LogOutputChannel,
+        config: ExtensionConfiguration,
+    ) {
         const url =
             "https://api.github.com/repos/google/google-java-format/releases/latest";
         log.debug("Fetching:", url);
-        const response = await fetch(url);
+        const response = await fetchWithSSLOptions(
+            url,
+            config.strictSSL ?? true,
+            log,
+        );
         if (!response.ok) {
             throw new Error(
                 "Failed to get latest release of Google Java Format.",

src/getReleaseOfGoogleJavaFormatByVersion.ts

@@ -1,5 +1,6 @@
 import { LogOutputChannel } from "vscode";
-import { GoogleJavaFormatVersion } from "./ExtensionConfiguration";
+import { ExtensionConfiguration, GoogleJavaFormatVersion } from "./ExtensionConfiguration";
+import { fetchWithSSLOptions } from "./fetchWithSSLOptions";
 import {
     GoogleJavaFormatReleaseResponse,
     parseGoogleJavaFormatReleaseResponse,
@@ -10,10 +11,15 @@ export const getReleaseOfGoogleJavaFormatByVersion = logAsyncFunction(
     async function getReleaseOfGoogleJavaFormatByVersion(
         log: LogOutputChannel,
         version: Exclude<GoogleJavaFormatVersion, "latest">,
+        config: ExtensionConfiguration,
     ) {
         const url = `https://api.github.com/repos/google/google-java-format/releases/tags/v${version}`;
         log.debug("Fetching:", url);
-        const response = await fetch(url);
+        const response = await fetchWithSSLOptions(
+            url,
+            config.strictSSL ?? true,
+            log,
+        );
         if (!response.ok) {
             throw new Error(`Failed to get v${version} of Google Java Format.`);
         }

src/resolveExecutableFileFromConfig.ts

@@ -5,7 +5,7 @@ import { getReleaseOfGoogleJavaFormatByVersion } from "./getReleaseOfGoogleJavaF
 import { getUriFromString } from "./getUriFromString";
 
 export async function resolveExecutableFileFromConfig(
-    { executable, mode, version }: ExtensionConfiguration,
+    { executable, mode, version, strictSSL }: ExtensionConfiguration,
     log: LogOutputChannel,
 ): Promise<Uri> {
     if (executable) {
@@ -24,10 +24,12 @@ export async function resolveExecutableFileFromConfig(
         log.debug(`Using latest version...`);
     }
 
+    const config = { strictSSL } as ExtensionConfiguration;
+
     const { assets } =
         version && version !== "latest"
-            ? await getReleaseOfGoogleJavaFormatByVersion(log, version)
-            : await getLatestReleaseOfGoogleJavaFormat(log);
+            ? await getReleaseOfGoogleJavaFormatByVersion(log, version, config)
+            : await getLatestReleaseOfGoogleJavaFormat(log, config);
 
     const url =
         (shouldCheckNativeBinary && assets.get(system)) || assets.get("java")!;

src/test/suite/extensionConfiguration.test.ts

@@ -0,0 +1,37 @@
+import * as assert from "assert";
+import { GoogleJavaFormatConfiguration } from "../../ExtensionConfiguration";
+
+suite("ExtensionConfiguration SSL Test Suite", () => {
+    test("Should include strictSSL property in configuration interface", () => {
+        // Test that the configuration object can handle the strictSSL property
+        const config: GoogleJavaFormatConfiguration = {
+            version: "latest",
+            mode: "native-binary",
+            strictSSL: false,
+        };
+
+        assert.strictEqual(config.strictSSL, false, "strictSSL should be false when set");
+        
+        const configWithStrictSSL: GoogleJavaFormatConfiguration = {
+            version: "1.17.0",
+            mode: "jar-file", 
+            strictSSL: true,
+        };
+
+        assert.strictEqual(configWithStrictSSL.strictSSL, true, "strictSSL should be true when set");
+    });
+
+    test("Should handle undefined strictSSL gracefully", () => {
+        const config: GoogleJavaFormatConfiguration = {
+            version: "latest",
+            mode: "native-binary",
+        };
+
+        // strictSSL should be undefined when not set
+        assert.strictEqual(config.strictSSL, undefined, "strictSSL should be undefined when not set");
+        
+        // Default behavior should be strict SSL (true)
+        const effectiveStrictSSL = config.strictSSL ?? true;
+        assert.strictEqual(effectiveStrictSSL, true, "Default behavior should be strict SSL");
+    });
+});

src/test/suite/fetchWithSSLOptions.test.ts

@@ -0,0 +1,70 @@
+import * as assert from "assert";
+import { LogOutputChannel } from "vscode";
+import { fetchWithSSLOptions } from "../../fetchWithSSLOptions";
+
+// Mock logger for testing
+const mockLog: LogOutputChannel = {
+    debug: () => {},
+    info: () => {},
+    warn: () => {},
+    error: () => {},
+} as any;
+
+suite("fetchWithSSLOptions Test Suite", () => {
+    test("Should use standard fetch when strictSSL is true", async () => {
+        // Test with a URL that should work with standard fetch
+        const url = "https://api.github.com/repos/google/google-java-format/releases/latest";
+        
+        // This should not throw an error in most environments
+        try {
+            const response = await fetchWithSSLOptions(url, true, mockLog);
+            assert.ok(response, "Response should be defined");
+        } catch (error) {
+            // If this fails, it might be due to network issues in the test environment
+            // which is acceptable for this test
+            console.log("Standard fetch failed (expected in some environments):", error);
+        }
+    });
+
+    test("Should handle SSL configuration correctly", async () => {
+        // Test that the function accepts both true and false for strictSSL
+        const url = "https://api.github.com/repos/google/google-java-format/releases/latest";
+        
+        // Test with strictSSL = false (should not throw immediately)
+        try {
+            const response = await fetchWithSSLOptions(url, false, mockLog);
+            assert.ok(response, "Response should be defined even with strictSSL=false");
+        } catch (error) {
+            // This might fail due to network issues, which is acceptable
+            console.log("Relaxed SSL fetch failed (acceptable in test environment):", error);
+        }
+    });
+
+    test("Should log appropriate messages", () => {
+        let debugMessages: string[] = [];
+        let warnMessages: string[] = [];
+        
+        const testLog: LogOutputChannel = {
+            debug: (message: string) => debugMessages.push(message),
+            warn: (message: string) => warnMessages.push(message),
+            info: () => {},
+            error: () => {},
+        } as any;
+
+        // Test that debug messages are logged
+        const url = "https://example.com/test";
+        
+        // Just test the initial logging behavior
+        fetchWithSSLOptions(url, true, testLog).catch(() => {
+            // Expected to fail for example.com, but should have logged
+        });
+        
+        // The debug message should be logged immediately
+        setTimeout(() => {
+            assert.ok(
+                debugMessages.some(msg => msg.includes(url)),
+                "Should log the URL being fetched"
+            );
+        }, 10);
+    });
+});