hook up

rli · rli · commit b8dcb4d21e78 · 2025-04-11T14:19:37.000-07:00
diff --git a/plugins/amazonq/shared/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/lsp/AmazonQLspService.kt b/plugins/amazonq/shared/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/lsp/AmazonQLspService.kt
@@ -20,6 +20,9 @@ import com.intellij.openapi.util.Disposer
 import com.intellij.openapi.util.Key
 import com.intellij.openapi.util.SystemInfo
 import com.intellij.util.io.await
+import com.intellij.util.net.HttpConfigurable
+import com.intellij.util.net.JdkProxyProvider
+import io.ktor.util.network.hostname
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Deferred
 import kotlinx.coroutines.TimeoutCancellationException
@@ -29,6 +32,7 @@ import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.withTimeout
+import org.apache.http.client.utils.URIBuilder
 import org.eclipse.lsp4j.ClientCapabilities
 import org.eclipse.lsp4j.ClientInfo
 import org.eclipse.lsp4j.DidChangeConfigurationParams
@@ -45,6 +49,7 @@ import org.slf4j.event.Level
 import software.aws.toolkits.core.utils.getLogger
 import software.aws.toolkits.core.utils.info
 import software.aws.toolkits.core.utils.warn
+import software.aws.toolkits.core.utils.writeText
 import software.aws.toolkits.jetbrains.isDeveloperMode
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.artifacts.ArtifactManager
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.auth.DefaultAuthCredentialsService
@@ -54,6 +59,7 @@ import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.createExtended
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.textdocument.TextDocumentServiceHandler
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.util.WorkspaceFolderUtil.createWorkspaceFolders
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.workspace.WorkspaceServiceHandler
+import software.aws.toolkits.jetbrains.services.amazonq.profile.QEndpoints
 import software.aws.toolkits.jetbrains.services.telemetry.ClientMetadata
 import software.aws.toolkits.jetbrains.settings.LspSettings
 import java.io.IOException
@@ -62,7 +68,11 @@ import java.io.PipedInputStream
 import java.io.PipedOutputStream
 import java.io.PrintWriter
 import java.io.StringWriter
+import java.net.Proxy
+import java.net.URI
 import java.nio.charset.StandardCharsets
+import java.nio.file.Files
+import java.util.Base64
 import java.util.concurrent.Future
 import kotlin.time.Duration.Companion.seconds
 
@@ -250,13 +260,55 @@ private class AmazonQServerInstance(private val project: Project, private val cs
     init {
         // will cause slow service init, but maybe fine for now. will not block UI since fetch/extract will be under background progress
         val artifact = runBlocking { ArtifactManager(project, manifestRange = null).fetchArtifact() }.toAbsolutePath()
+
+        // more slowness
+        // make assumption that all requests will resolve to the same CA
+        // also terrible assumption that default endpoint is reachable
+        val qUri = URI(QEndpoints.Q_DEFAULT_SERVICE_CONFIG.ENDPOINT)
+        val rtsTrustChain = TrustChainUtil.getTrustChain(qUri)
+        val extraCaCerts = Files.createTempFile("q-extra-ca", ".pem").apply {
+            writeText(
+                buildList {
+                    rtsTrustChain.forEach {
+                        add("-----BEGIN CERTIFICATE-----")
+                        add(Base64.getMimeEncoder(64, System.lineSeparator().toByteArray()).encodeToString(it.encoded))
+                        add("-----END CERTIFICATE-----")
+                    }
+                }.joinToString(separator = System.lineSeparator())
+            )
+        }
+
         val node = if (SystemInfo.isWindows) "node.exe" else "node"
         val cmd = GeneralCommandLine(
             artifact.resolve(node).toString(),
             LspSettings.getInstance().getArtifactPath() ?: artifact.resolve("aws-lsp-codewhisperer.js").toString(),
             "--stdio",
             "--set-credentials-encryption-key",
+        ).withEnvironment(
+            buildMap {
+                put("NODE_EXTRA_CA_CERTS", extraCaCerts.toAbsolutePath().toString())
+
+                val proxy = JdkProxyProvider.getInstance().proxySelector.select(qUri)
+                    // log if only socks proxy available
+                    .firstOrNull { it.type() == Proxy.Type.HTTP }
+
+                if (proxy != null) {
+                    val address = proxy.address()
+                    if (address is java.net.InetSocketAddress) {
+                        put(
+                            "HTTPS_PROXY",
+                            URIBuilder("http://${address.hostname}:${address.port}").apply {
+                                val login = HttpConfigurable.getInstance().proxyLogin
+                                if (login != null) {
+                                    setUserInfo(login, HttpConfigurable.getInstance().plainProxyPassword)
+                                }
+                            }.build().toASCIIString()
+                        )
+                    }
+                }
+            }
         )
+            .withParentEnvironmentType(GeneralCommandLine.ParentEnvironmentType.CONSOLE)
 
         launcherHandler = KillableColoredProcessHandler.Silent(cmd)
         val inputWrapper = LSPProcessListener()
