Carlosguerravz/devcerts check (#5589)

* added check for development certificates for debug. If not found the user will be prompted to create them

* added succes and fail messages for self-signed certificate creation.

* changes message to have 'Yes' option as default.

* updated optionsSchema.json and debugger-launchjson.md descriptions. Updated functions to return error and exit code along strings. set 'not now option' as iscloseaffordance

* added option 'More Information' to redirect to the github md file

* added event for dev-dert creation failure

* Added event ShowChannel to switch focus to C# output

* added check for exact error code

* added status codes enum, and used them to check for specific return codes. dotnet devcerts now also checks for trusted certificate.

Author: CarlosGuerraVz

debugger-launchjson.md

@@ -338,3 +338,18 @@ Example:
 ```json
     "targetArchitecture": "arm64"
 ```
+
+## Check for DevCert
+
+This option controls if, on launch, the the debugger should check if the computer has a self-signed HTTPS certificate used to develop web projects running on https endpoints. For this it will try to run `dotnet dev-certs https --check --trust`, if no certs are found it will prompt the user to suggest creating one. If approved by the user, the extension will run `dotnet dev-certs https --trust` to create a trusted self-signed certificate.
+
+If unspecified, defaults to true when `serverReadyAction` is set.
+This option does nothing on Linux, VS Code remote, and VS Code Web UI scenarios.
+
+You can override this behavior by setting `checkForDevCert` to false in your `launch.json`.
+
+Example:
+
+```json
+    "checkForDevCert": "false"
+```

package.json

@@ -1982,6 +1982,11 @@
               "targetArchitecture": {
                 "type": "string",
                 "description": "[Only supported in local macOS debugging] The architecture of the debuggee. This will automatically be detected unless this parameter is set. Allowed values are x86_64 or arm64."
+              },
+              "checkForDevCert": {
+                "type": "boolean",
+                "description": "When true, the debugger will check if the computer has a self-signed HTTPS certificate used to develop web servers running on https endpoints. If unspecified, defaults to true when `serverReadyAction` is set. This option does nothing on Linux, VS Code remote, and VS Code Web UI scenarios. If the HTTPS certificate is not found or isn't trusted, the user will be prompted to install/trust it.",
+                "default": true
               }
             }
           },
@@ -3109,6 +3114,11 @@
               "targetArchitecture": {
                 "type": "string",
                 "description": "[Only supported in local macOS debugging] The architecture of the debuggee. This will automatically be detected unless this parameter is set. Allowed values are x86_64 or arm64."
+              },
+              "checkForDevCert": {
+                "type": "boolean",
+                "description": "When true, the debugger will check if the computer has a self-signed HTTPS certificate used to develop web servers running on https endpoints. If unspecified, defaults to true when `serverReadyAction` is set. This option does nothing on Linux, VS Code remote, and VS Code Web UI scenarios. If the HTTPS certificate is not found or isn't trusted, the user will be prompted to install/trust it.",
+                "default": true
               }
             }
           },

src/coreclr-debug/activate.ts

@@ -32,8 +32,8 @@ export async function activate(thisExtension: vscode.Extension<CSharpExtensionEx
     }
 
     const factory = new DebugAdapterExecutableFactory(debugUtil, platformInformation, eventStream, thisExtension.packageJSON, thisExtension.extensionPath, options);
-    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('coreclr', new DotnetDebugConfigurationProvider(platformInformation)));
-    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('clr', new DotnetDebugConfigurationProvider(platformInformation)));
+    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('coreclr', new DotnetDebugConfigurationProvider(platformInformation, eventStream, options)));
+    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('clr', new DotnetDebugConfigurationProvider(platformInformation, eventStream, options)));
     context.subscriptions.push(vscode.debug.registerDebugAdapterDescriptorFactory('coreclr', factory));
     context.subscriptions.push(vscode.debug.registerDebugAdapterDescriptorFactory('clr', factory));
 }

src/coreclr-debug/debugConfigurationProvider.ts

@@ -6,10 +6,14 @@
 import * as vscode from 'vscode';
 
 import { RemoteAttachPicker, DotNetAttachItemsProviderFactory, AttachPicker, AttachItem } from '../features/processPicker';
+import { Options } from '../omnisharp/options';
 import { PlatformInformation } from '../platform';
-
+import { hasDotnetDevCertsHttps, createSelfSignedCert, CertToolStatusCodes } from '../utils/DotnetDevCertsHttps';
+import { EventStream } from '../EventStream';
+import { DevCertCreationFailure, ShowChannel } from '../omnisharp/loggingEvents';
+ 
 export class DotnetDebugConfigurationProvider implements vscode.DebugConfigurationProvider {
-    constructor(public platformInformation: PlatformInformation) {}
+    constructor(public platformInformation: PlatformInformation, private readonly eventStream: EventStream, private options: Options) {}
 
     public async resolveDebugConfigurationWithSubstitutedVariables(folder: vscode.WorkspaceFolder | undefined, debugConfiguration: vscode.DebugConfiguration, token?: vscode.CancellationToken): Promise<vscode.DebugConfiguration | null | undefined>
     {
@@ -59,7 +63,66 @@ export class DotnetDebugConfigurationProvider implements vscode.DebugConfigurati
                 return undefined;
             }
         }
+        
+        // We want to ask the user if we should run dotnet  dev-certs https --trust, but this doesn't work in a few cases --
+        // Linux -- not supported by the .NET CLI as there isn't a single root cert store
+        // VS Code remoting/Web UI -- the trusted cert work would need to happen on the client machine, but we don't have a way to run code there currently
+        // pipeTransport -- the dev cert on the server will be different from the client
+        if (!this.platformInformation.isLinux() && !vscode.env.remoteName && vscode.env.uiKind != vscode.UIKind.Web && !debugConfiguration.pipeTransport)
+        {
+            if(debugConfiguration.checkForDevCert === undefined && debugConfiguration.serverReadyAction)
+            {
+                debugConfiguration.checkForDevCert = true;
+            }
+
+            if (debugConfiguration.checkForDevCert)
+            {
+                checkForDevCerts(this.options.dotNetCliPaths, this.eventStream);
+            }
+        }
 
         return debugConfiguration;
     }
 }
+
+function checkForDevCerts(dotNetCliPaths: string[], eventStream: EventStream){
+    hasDotnetDevCertsHttps(dotNetCliPaths).then(async (returnData) => {
+        let errorCode = returnData.error?.code;
+        if(errorCode === CertToolStatusCodes.CertificateNotTrusted || errorCode === CertToolStatusCodes.ErrorNoValidCertificateFound) 
+        {
+            const labelYes: string = "Yes";
+            const labelNotNow: string = "Not Now";
+            const labelMoreInfo: string = "More Information";
+
+            const result = await vscode.window.showInformationMessage(
+                "The selected launch configuration is configured to launch a web browser but no trusted development certificate was found. Create a trusted self-signed certificate?", 
+                { title:labelYes }, { title:labelNotNow, isCloseAffordance: true }, { title:labelMoreInfo }
+                ); 
+            if (result?.title === labelYes)
+            {
+                let returnData = await createSelfSignedCert(dotNetCliPaths);
+                if (returnData.error === null) //if the prcess returns 0, returnData.error is null, otherwise the return code can be acessed in returnData.error.code
+                {
+                    let message = errorCode === CertToolStatusCodes.CertificateNotTrusted ? 'trusted' : 'created';
+                    vscode.window.showInformationMessage(`Self-signed certificate sucessfully ${message}.`);
+                }
+                else
+                {
+                    eventStream.post(new DevCertCreationFailure(`${returnData.error.message}\ncode: ${returnData.error.code}\nstdout: ${returnData.stdout}`));
+
+                    const labelShowOutput: string = "Show Output";
+                    const result = await vscode.window.showWarningMessage("Couldn't create self-signed certificate. See output for more information.", labelShowOutput);
+                    if (result === labelShowOutput){
+                        eventStream.post(new ShowChannel());
+                    }
+                }
+            }
+            if (result?.title === labelMoreInfo)
+            {
+                const launchjsonDescriptionURL = 'https://github.com/OmniSharp/omnisharp-vscode/blob/master/debugger-launchjson.md#check-for-devcert';
+                vscode.env.openExternal(vscode.Uri.parse(launchjsonDescriptionURL));
+                checkForDevCerts(dotNetCliPaths, eventStream);
+            }
+        }
+    });
+}

src/observers/CsharpChannelObserver.ts

@@ -18,6 +18,9 @@ export class CsharpChannelObserver extends BaseChannelObserver {
             case EventType.ProjectJsonDeprecatedWarning:
                 this.showChannel(true);
                 break;
+            case EventType.ShowChannel:
+                this.showChannel(false);
+                break;
         }
     }
 }

src/observers/CsharpLoggerObserver.ts

@@ -68,6 +68,9 @@ export class CsharpLoggerObserver extends BaseLoggerObserver {
             case EventType.IntegrityCheckSuccess:
                 this.handleIntegrityCheckSuccess(<Event.IntegrityCheckSuccess>event);
                 break;
+            case EventType.DevCertCreationFailure:
+                this.handleDevCertCreationFailure(<Event.DevCertCreationFailure>event);
+                break;
         }
     }
 
@@ -146,4 +149,8 @@ export class CsharpLoggerObserver extends BaseLoggerObserver {
     private handleDocumentSynchronizationFailure(event: Event.DocumentSynchronizationFailure) {
         this.logger.appendLine(`Failed to synchronize document '${event.documentPath}': ${event.errorMessage}`);
     }
+
+    private handleDevCertCreationFailure(event: Event.DevCertCreationFailure) {
+        this.logger.appendLine(`Couldn't create self-signed certificate. ${event.errorMessage}`);
+    }
 }

src/omnisharp/EventType.ts

@@ -85,6 +85,8 @@ export enum EventType {
     TelemetryErrorEvent = 78,
     OmnisharpServerRequestCancelled = 79,
     BackgroundDiagnosticStatus = 80,
+    DevCertCreationFailure = 81,
+    ShowChannel = 82,
 }
 
 //Note that the EventType protocol is shared with Razor.VSCode and the numbers here should not be altered

src/omnisharp/loggingEvents.ts

@@ -350,3 +350,10 @@ export class DotNetTestDebugComplete implements BaseEvent {
 export class DownloadValidation implements BaseEvent {
     type = EventType.DownloadValidation;
 }
+export class DevCertCreationFailure implements BaseEvent {
+    type = EventType.DevCertCreationFailure;
+    constructor(public errorMessage: string) { }
+}
+export class ShowChannel implements BaseEvent {
+    type = EventType.ShowChannel;
+}

src/tools/OptionsSchema.json

@@ -407,6 +407,11 @@
         "targetArchitecture": {
           "type": "string",
           "description": "[Only supported in local macOS debugging] The architecture of the debuggee. This will automatically be detected unless this parameter is set. Allowed values are x86_64 or arm64."
+        },
+        "checkForDevCert": {
+          "type": "boolean",
+          "description": "When true, the debugger will check if the computer has a self-signed HTTPS certificate used to develop web servers running on https endpoints. If unspecified, defaults to true when `serverReadyAction` is set. This option does nothing on Linux, VS Code remote, and VS Code Web UI scenarios. If the HTTPS certificate is not found or isn't trusted, the user will be prompted to install/trust it.",
+          "default": true
         }
       }
     },

src/utils/DotnetDevCertsHttps.ts

@@ -0,0 +1,53 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import * as cp from 'child_process';
+import { getExtensionPath } from "../common";
+import { getDotNetExecutablePath } from "./getDotnetInfo";
+
+// Will return true if `dotnet dev-certs https --check` succesfully finds a trusted development certificate. 
+export async function hasDotnetDevCertsHttps(dotNetCliPaths: string[]): Promise<ExecReturnData> {
+
+    let dotnetExecutablePath = getDotNetExecutablePath(dotNetCliPaths);
+
+    return await execChildProcess(`${dotnetExecutablePath ?? 'dotnet'} dev-certs https --check --trust`, process.cwd(), process.env);
+}
+
+// Will run `dotnet dev-certs https --trust` to prompt the user to create a trusted self signed certificates. Retruns true if sucessfull.
+export async function createSelfSignedCert(dotNetCliPaths: string[]): Promise<ExecReturnData> {
+
+    let dotnetExecutablePath = getDotNetExecutablePath(dotNetCliPaths);
+
+    return await execChildProcess(`${dotnetExecutablePath ?? 'dotnet'} dev-certs https --trust`, process.cwd(), process.env);
+}
+
+async function execChildProcess(command: string, workingDirectory: string = getExtensionPath(), env: NodeJS.ProcessEnv = {}): Promise<ExecReturnData> {
+    return new Promise<ExecReturnData>((resolve) => {
+        cp.exec(command, { cwd: workingDirectory, maxBuffer: 500 * 1024, env: env }, (error, stdout, stderr) => {
+            resolve({error, stdout, stderr});
+        });
+    });
+}
+
+interface ExecReturnData {
+    error: cp.ExecException | null;
+    stdout: string;
+    stderr: string;
+}
+
+export enum CertToolStatusCodes
+{
+    CriticalError = -1,
+    Success = 0,
+    // Following are from trusting the certificate (dotnet dev-certs https --trust)
+    ErrorCreatingTheCertificate = 1,
+    ErrorSavingTheCertificate = 2,
+    ErrorExportingTheCertificate = 3,
+    ErrorTrustingTheCertificate = 4,
+    UserCancel = 5,
+    // Following two are from checking for trust (dotnet dev-certs https --check --trust)
+    ErrorNoValidCertificateFound = 6,
+    CertificateNotTrusted = 7,
+}