- add download api to ext mgmt service

- support verifying signed extension in remote when downloading locally

Author: sandy081

src/vs/platform/environment/common/environment.ts

@@ -142,7 +142,7 @@ export interface INativeEnvironmentService extends IEnvironmentService {
 
 	// --- extensions
 	extensionsPath: string;
-	extensionsDownloadPath: string;
+	extensionsDownloadLocation: URI;
 	builtinExtensionsPath: string;
 
 	// --- use keytar for credentials

src/vs/platform/environment/common/environmentService.ts

@@ -127,13 +127,13 @@ export abstract class AbstractNativeEnvironmentService implements INativeEnviron
 		return normalize(join(FileAccess.asFileUri('', require).fsPath, '..', 'extensions'));
 	}
 
-	get extensionsDownloadPath(): string {
+	get extensionsDownloadLocation(): URI {
 		const cliExtensionsDownloadDir = this.args['extensions-download-dir'];
 		if (cliExtensionsDownloadDir) {
-			return resolve(cliExtensionsDownloadDir);
+			return URI.file(resolve(cliExtensionsDownloadDir));
 		}
 
-		return join(this.userDataPath, 'CachedExtensionVSIXs');
+		return URI.file(join(this.userDataPath, 'CachedExtensionVSIXs'));
 	}
 
 	@memoize

src/vs/platform/extensionManagement/common/abstractExtensionManagementService.ts

@@ -672,6 +672,7 @@ export abstract class AbstractExtensionManagementService extends Disposable impl
 	abstract getManifest(vsix: URI): Promise<IExtensionManifest>;
 	abstract install(vsix: URI, options?: InstallVSIXOptions): Promise<ILocalExtension>;
 	abstract getInstalled(type?: ExtensionType, profileLocation?: URI): Promise<ILocalExtension[]>;
+	abstract download(extension: IGalleryExtension, operation: InstallOperation): Promise<URI>;
 
 	abstract getMetadata(extension: ILocalExtension): Promise<Metadata | undefined>;
 	abstract updateMetadata(local: ILocalExtension, metadata: IGalleryMetadata): Promise<ILocalExtension>;

src/vs/platform/extensionManagement/common/extensionManagement.ts

@@ -444,6 +444,7 @@ export interface IExtensionManagementService {
 	getInstalled(type?: ExtensionType, profileLocation?: URI): Promise<ILocalExtension[]>;
 	getExtensionsControlManifest(): Promise<IExtensionsControlManifest>;
 
+	download(extension: IGalleryExtension, operation: InstallOperation): Promise<URI>;
 	getMetadata(extension: ILocalExtension): Promise<Metadata | undefined>;
 	updateMetadata(local: ILocalExtension, metadata: IGalleryMetadata): Promise<ILocalExtension>;
 	updateExtensionScope(local: ILocalExtension, isMachineScoped: boolean): Promise<ILocalExtension>;

src/vs/platform/extensionManagement/common/extensionManagementIpc.ts

@@ -10,7 +10,7 @@ import { cloneAndChange } from 'vs/base/common/objects';
 import { URI, UriComponents } from 'vs/base/common/uri';
 import { DefaultURITransformer, IURITransformer, transformAndReviveIncomingURIs } from 'vs/base/common/uriIpc';
 import { IChannel, IServerChannel } from 'vs/base/parts/ipc/common/ipc';
-import { IExtensionIdentifier, IExtensionTipsService, IGalleryExtension, IGalleryMetadata, ILocalExtension, IExtensionsControlManifest, isTargetPlatformCompatible, InstallOptions, InstallVSIXOptions, UninstallOptions, Metadata, IExtensionManagementService, DidUninstallExtensionEvent, InstallExtensionEvent, InstallExtensionResult, UninstallExtensionEvent } from 'vs/platform/extensionManagement/common/extensionManagement';
+import { IExtensionIdentifier, IExtensionTipsService, IGalleryExtension, IGalleryMetadata, ILocalExtension, IExtensionsControlManifest, isTargetPlatformCompatible, InstallOptions, InstallVSIXOptions, UninstallOptions, Metadata, IExtensionManagementService, DidUninstallExtensionEvent, InstallExtensionEvent, InstallExtensionResult, UninstallExtensionEvent, InstallOperation } from 'vs/platform/extensionManagement/common/extensionManagement';
 import { ExtensionType, IExtensionManifest, TargetPlatform } from 'vs/platform/extensions/common/extensions';
 
 function transformIncomingURI(uri: UriComponents, transformer: IURITransformer | null): URI {
@@ -75,6 +75,7 @@ export class ExtensionManagementChannel implements IServerChannel {
 			case 'updateMetadata': return this.service.updateMetadata(transformIncomingExtension(args[0], uriTransformer), args[1]).then(e => transformOutgoingExtension(e, uriTransformer));
 			case 'updateExtensionScope': return this.service.updateExtensionScope(transformIncomingExtension(args[0], uriTransformer), args[1]).then(e => transformOutgoingExtension(e, uriTransformer));
 			case 'getExtensionsControlManifest': return this.service.getExtensionsControlManifest();
+			case 'download': return this.service.download(args[0], args[1]);
 		}
 
 		throw new Error('Invalid call');
@@ -177,6 +178,11 @@ export class ExtensionManagementChannelClient extends Disposable implements IExt
 		return Promise.resolve(this.channel.call<IExtensionsControlManifest>('getExtensionsControlManifest'));
 	}
 
+	async download(extension: IGalleryExtension, operation: InstallOperation): Promise<URI> {
+		const result = await this.channel.call<UriComponents>('download', [extension, operation]);
+		return URI.revive(result);
+	}
+
 	registerParticipant() { throw new Error('Not Supported'); }
 }
 

src/vs/platform/extensionManagement/node/extensionDownloader.ts

@@ -6,15 +6,18 @@
 import { Promises } from 'vs/base/common/async';
 import { getErrorMessage } from 'vs/base/common/errors';
 import { Disposable } from 'vs/base/common/lifecycle';
+import { Schemas } from 'vs/base/common/network';
 import { isWindows } from 'vs/base/common/platform';
 import { joinPath } from 'vs/base/common/resources';
 import * as semver from 'vs/base/common/semver/semver';
 import { URI } from 'vs/base/common/uri';
 import { generateUuid } from 'vs/base/common/uuid';
 import { Promises as FSPromises } from 'vs/base/node/pfs';
+import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
 import { INativeEnvironmentService } from 'vs/platform/environment/common/environment';
-import { IExtensionGalleryService, IGalleryExtension, InstallOperation } from 'vs/platform/extensionManagement/common/extensionManagement';
+import { ExtensionManagementError, ExtensionManagementErrorCode, IExtensionGalleryService, IGalleryExtension, InstallOperation } from 'vs/platform/extensionManagement/common/extensionManagement';
 import { ExtensionKey, groupByExtension } from 'vs/platform/extensionManagement/common/extensionManagementUtil';
+import { ExtensionSignatureVerificationError, IExtensionSignatureVerificationService } from 'vs/platform/extensionManagement/node/extensionSignatureVerificationService';
 import { IFileService, IFileStatWithMetadata } from 'vs/platform/files/common/files';
 import { ILogService } from 'vs/platform/log/common/log';
 
@@ -30,23 +33,42 @@ export class ExtensionsDownloader extends Disposable {
 		@INativeEnvironmentService environmentService: INativeEnvironmentService,
 		@IFileService private readonly fileService: IFileService,
 		@IExtensionGalleryService private readonly extensionGalleryService: IExtensionGalleryService,
+		@IConfigurationService private readonly configurationService: IConfigurationService,
+		@IExtensionSignatureVerificationService private readonly extensionSignatureVerificationService: IExtensionSignatureVerificationService,
 		@ILogService private readonly logService: ILogService,
 	) {
 		super();
-		this.extensionsDownloadDir = URI.file(environmentService.extensionsDownloadPath);
+		this.extensionsDownloadDir = environmentService.extensionsDownloadLocation;
 		this.cache = 20; // Cache 20 downloaded VSIX files
 		this.cleanUpPromise = this.cleanUp();
 	}
 
-	async downloadVSIX(extension: IGalleryExtension, operation: InstallOperation): Promise<URI> {
+	async download(extension: IGalleryExtension, operation: InstallOperation): Promise<{ readonly location: URI; verified: boolean }> {
 		await this.cleanUpPromise;
 
 		const location = joinPath(this.extensionsDownloadDir, this.getName(extension));
-		await this.downloadFile(extension, location, location => this.extensionGalleryService.download(extension, location, operation));
-		return location;
+		try {
+			await this.downloadFile(extension, location, location => this.extensionGalleryService.download(extension, location, operation));
+		} catch (error) {
+			throw new ExtensionManagementError(error.message, ExtensionManagementErrorCode.Download);
+		}
+
+		let verified: boolean = false;
+		if (extension.isSigned && this.configurationService.getValue('extensions.verifySignature') === true) {
+			const signatureArchiveLocation = await this.downloadSignatureArchive(extension);
+			try {
+				verified = await this.extensionSignatureVerificationService.verify(location.fsPath, signatureArchiveLocation.fsPath);
+			} catch (error) {
+				await this.delete(signatureArchiveLocation);
+				await this.delete(location);
+				throw new ExtensionManagementError((error as ExtensionSignatureVerificationError).code, ExtensionManagementErrorCode.Signature);
+			}
+		}
+
+		return { location, verified };
 	}
 
-	async downloadSignatureArchive(extension: IGalleryExtension): Promise<URI> {
+	private async downloadSignatureArchive(extension: IGalleryExtension): Promise<URI> {
 		await this.cleanUpPromise;
 
 		const location = joinPath(this.extensionsDownloadDir, `${this.getName(extension)}${ExtensionsDownloader.SignatureArchiveExtension}`);
@@ -60,6 +82,12 @@ export class ExtensionsDownloader extends Disposable {
 			return;
 		}
 
+		// Download directly if locaiton is not file scheme
+		if (location.scheme !== Schemas.file) {
+			await downloadFn(location);
+			return;
+		}
+
 		// Download to temporary location first only if file does not exist
 		const tempLocation = joinPath(this.extensionsDownloadDir, `.${generateUuid()}`);
 		if (!await this.fileService.exists(tempLocation)) {

src/vs/platform/extensionManagement/node/extensionManagementService.ts

@@ -44,8 +44,6 @@ import { IProductService } from 'vs/platform/product/common/productService';
 import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
 import { IUriIdentityService } from 'vs/platform/uriIdentity/common/uriIdentity';
 import { IUserDataProfilesService } from 'vs/platform/userDataProfile/common/userDataProfile';
-import { ExtensionSignatureVerificationError, IExtensionSignatureVerificationService } from 'vs/platform/extensionManagement/node/extensionSignatureVerificationService';
-import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
 
 interface InstallableExtension {
 	zipPath: string;
@@ -80,9 +78,7 @@ export class ExtensionManagementService extends AbstractExtensionManagementServi
 		@IFileService private readonly fileService: IFileService,
 		@IProductService productService: IProductService,
 		@IUriIdentityService uriIdentityService: IUriIdentityService,
-		@IUserDataProfilesService userDataProfilesService: IUserDataProfilesService,
-		@IConfigurationService private readonly configurationService: IConfigurationService,
-		@IExtensionSignatureVerificationService private readonly extensionSignatureVerificationService: IExtensionSignatureVerificationService
+		@IUserDataProfilesService userDataProfilesService: IUserDataProfilesService
 	) {
 		super(galleryService, telemetryService, logService, productService, userDataProfilesService);
 		const extensionLifecycle = this._register(instantiationService.createInstance(ExtensionsLifecycle));
@@ -181,6 +177,11 @@ export class ExtensionManagementService extends AbstractExtensionManagementServi
 		return this.extensionsScanner.cleanUp(removeOutdated);
 	}
 
+	async download(extension: IGalleryExtension, operation: InstallOperation): Promise<URI> {
+		const { location } = await this.extensionsDownloader.download(extension, operation);
+		return location;
+	}
+
 	private async downloadVsix(vsix: URI): Promise<{ location: URI; cleanup: () => Promise<void> }> {
 		if (vsix.scheme === Schemas.file) {
 			return { location: vsix, async cleanup() { } };
@@ -207,7 +208,7 @@ export class ExtensionManagementService extends AbstractExtensionManagementServi
 			const key = ExtensionKey.create(extension).toString();
 			installExtensionTask = this.installGalleryExtensionsTasks.get(key);
 			if (!installExtensionTask) {
-				this.installGalleryExtensionsTasks.set(key, installExtensionTask = new InstallGalleryExtensionTask(manifest, extension, options, this.extensionsDownloader, this.extensionsScanner, this.logService, this.configurationService, this.extensionSignatureVerificationService));
+				this.installGalleryExtensionsTasks.set(key, installExtensionTask = new InstallGalleryExtensionTask(manifest, extension, options, this.extensionsDownloader, this.extensionsScanner, this.logService));
 				installExtensionTask.waitUntilTaskIsFinished().then(() => this.installGalleryExtensionsTasks.delete(key));
 			}
 		}
@@ -600,8 +601,6 @@ export class InstallGalleryExtensionTask extends InstallExtensionTask {
 		private readonly extensionsDownloader: ExtensionsDownloader,
 		extensionsScanner: ExtensionsScanner,
 		logService: ILogService,
-		private readonly configurationService: IConfigurationService,
-		private readonly extensionVerificationService: IExtensionSignatureVerificationService
 	) {
 		super(gallery.identifier, gallery, options, extensionsScanner, logService);
 	}
@@ -637,17 +636,22 @@ export class InstallGalleryExtensionTask extends InstallExtensionTask {
 			return { local, metadata };
 		}
 
-		const zipPath = await this.downloadVSIX(this.gallery, this._operation);
+		const { location, verified } = await this.extensionsDownloader.download(this.gallery, this._operation);
 		try {
-			this.wasVerified = await this.verifyExtensionSignature(zipPath);
-			this.validateManifest(zipPath);
-			const local = await this.installExtension({ zipPath, key: ExtensionKey.create(this.gallery), metadata }, token);
+			this.wasVerified = !!verified;
+			this.validateManifest(location.fsPath);
+			const local = await this.installExtension({ zipPath: location.fsPath, key: ExtensionKey.create(this.gallery), metadata }, token);
 			if (existingExtension && !this.options.profileLocation && (existingExtension.targetPlatform !== local.targetPlatform || semver.neq(existingExtension.manifest.version, local.manifest.version))) {
 				await this.extensionsScanner.setUninstalled(existingExtension);
 			}
 			return { local, metadata };
 		} catch (error) {
-			await this.deleteDownloadedFile(zipPath);
+			try {
+				await this.extensionsDownloader.delete(location);
+			} catch (error) {
+				/* Ignore */
+				this.logService.warn(`Error while deleting the downloaded file`, location.toString(), getErrorMessage(error));
+			}
 			throw error;
 		}
 	}
@@ -660,43 +664,6 @@ export class InstallGalleryExtensionTask extends InstallExtensionTask {
 		}
 	}
 
-	private async verifyExtensionSignature(zipPath: string): Promise<boolean> {
-		if (!this.gallery.isSigned) {
-			return false;
-		}
-		if (!this.configurationService.getValue('extensions.verifySignature')) {
-			return false;
-		}
-		const signatureArchivePath = (await this.extensionsDownloader.downloadSignatureArchive(this.gallery)).fsPath;
-		try {
-			return await this.extensionVerificationService.verify(zipPath, signatureArchivePath);
-		} catch (error) {
-			await this.deleteDownloadedFile(signatureArchivePath);
-			throw new ExtensionManagementError((error as ExtensionSignatureVerificationError).code, ExtensionManagementErrorCode.Signature);
-		}
-	}
-
-	private async deleteDownloadedFile(filePath: string): Promise<void> {
-		try {
-			await this.extensionsDownloader.delete(URI.file(filePath));
-		} catch (error) {
-			/* Ignore */
-			this.logService.warn(`Error while deleting the downloaded file`, filePath.toString(), getErrorMessage(error));
-		}
-	}
-
-	private async downloadVSIX(extension: IGalleryExtension, operation: InstallOperation): Promise<string> {
-		let zipPath: string | undefined;
-		try {
-			this.logService.trace('Started downloading extension:', extension.identifier.id);
-			zipPath = (await this.extensionsDownloader.downloadVSIX(extension, operation)).fsPath;
-			this.logService.info('Downloaded extension:', extension.identifier.id, zipPath);
-		} catch (error) {
-			throw new ExtensionManagementError(joinErrors(error).message, ExtensionManagementErrorCode.Download);
-		}
-		return zipPath;
-	}
-
 }
 
 class InstallVSIXTask extends InstallExtensionTask {