Make keystore custom cert injection additive

plugin/pom.xml

@@ -52,11 +52,6 @@
             <artifactId>jakarta.inject-api</artifactId>
             <version>2.0.1</version>
         </dependency>
-        <dependency>
-            <groupId>io.reactivex.rxjava3</groupId>
-            <artifactId>rxjava</artifactId>
-            <version>3.1.5</version>
-        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
@@ -153,8 +148,24 @@
                             <goal>copy-dependencies</goal>
                         </goals>
                         <configuration>
+                            <includeScope>runtime</includeScope>
+                            <stripVersion>true</stripVersion>
                             <outputDirectory>${project.build.directory}/dependency</outputDirectory>
-                            <includeGroupIds>io.reactivex,software.amazon.awssdk,com.fasterxml.jackson,com.nimbusds,jakarta.inject,commons-codec,org.apache.httpcomponents,org.reactivestreams,org.apache.maven,org.bidib.com.github.markusbernhardt</includeGroupIds>
+                            <includeGroupIds>
+                                io.reactivex,
+                                software.amazon.awssdk,
+                                com.fasterxml.jackson,
+                                com.nimbusds,jakarta.inject,
+                                commons-codec,
+                                org.apache.httpcomponents,
+                                org.reactivestreams,
+                                org.apache.maven,
+                                org.bidib.com.github.markusbernhardt,
+                                net.java.dev.jna,
+                                org.ini4j,
+                                org.javadelight,
+                                org.slf4j
+                            </includeGroupIds>
                         </configuration>
                     </execution>
                     <execution>

plugin/src/software/aws/toolkits/eclipse/amazonq/lsp/connection/QLspConnectionProvider.java

@@ -44,10 +44,10 @@ public QLspConnectionProvider() throws IOException {
 
     @Override
     protected final void addEnvironmentVariables(final Map<String, String> env) {
-        String httpsProxyPreference = ProxyUtil.getHttpsProxyUrl();
+        String httpsProxyUrl = ProxyUtil.getHttpsProxyUrl();
         String caCertPreference = Activator.getDefault().getPreferenceStore().getString(AmazonQPreferencePage.CA_CERT);
-        if (!StringUtils.isEmpty(httpsProxyPreference)) {
-            env.put("HTTPS_PROXY", httpsProxyPreference);
+        if (!StringUtils.isEmpty(httpsProxyUrl)) {
+            env.put("HTTPS_PROXY", httpsProxyUrl);
         }
         if (!StringUtils.isEmpty(caCertPreference)) {
             env.put("NODE_EXTRA_CA_CERTS", caCertPreference);

plugin/src/software/aws/toolkits/eclipse/amazonq/util/ProxyUtil.java

@@ -16,7 +16,9 @@
 import java.security.cert.X509Certificate;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 
 import org.eclipse.mylyn.commons.ui.dialogs.AbstractNotificationPopup;
 import org.eclipse.swt.widgets.Display;
@@ -154,22 +156,35 @@ private static String getCustomCertPath() {
     }
 
     private static SSLContext createSslContextWithCustomCert(final String certPath) throws Exception {
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init((KeyStore) null);
+
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+
+        for (TrustManager tm : tmf.getTrustManagers()) {
+            if (tm instanceof X509TrustManager) {
+                X509TrustManager xtm = (X509TrustManager) tm;
+                for (X509Certificate cert : xtm.getAcceptedIssuers()) {
+                    keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert);
+                }
+            }
+        }
+
         CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
         X509Certificate cert;
 
         try (FileInputStream fis = new FileInputStream(certPath)) {
             cert = (X509Certificate) certificateFactory.generateCertificate(fis);
         }
 
-        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-        keyStore.load(null, null);
         keyStore.setCertificateEntry("custom-cert", cert);
 
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-        tmf.init(keyStore);
+        TrustManagerFactory customTmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        customTmf.init(keyStore);
 
         SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
-        sslContext.init(null, tmf.getTrustManagers(), null);
+        sslContext.init(null, customTmf.getTrustManagers(), null);
         Activator.getLogger().info("Picked up custom CA cert.");
 
         return sslContext;

pom.xml

@@ -27,11 +27,7 @@
             <layout>p2</layout>
             <url>https://download.eclipse.org/releases/2024-06</url>
         </repository>
-        <repository>
-            <id>lsp4e</id>
-            <layout>p2</layout>
-            <url>http://download.eclipse.org/lsp4e/releases/latest/</url>
-        </repository>
+
     </repositories>
 
     <build>