Make keystore custom cert injection additive

plugin/META-INF/MANIFEST.MF

@@ -29,41 +29,45 @@ Require-Bundle: org.eclipse.core.runtime;bundle-version="3.31.0",
  slf4j.api;bundle-version="2.0.13",
  org.apache.commons.lang3;bundle-version="3.14.0"
 Bundle-Classpath: target/classes/,
- target/dependency/annotations-2.28.26.jar,
- target/dependency/apache-client-2.28.26.jar,
- target/dependency/auth-2.28.26.jar,
- target/dependency/aws-core-2.28.26.jar,
- target/dependency/aws-json-protocol-2.28.26.jar,
- target/dependency/checksums-2.28.26.jar,
- target/dependency/checksums-spi-2.28.26.jar,
- target/dependency/cognitoidentity-2.28.26.jar,
- target/dependency/commons-codec-1.17.1.jar,
- target/dependency/endpoints-spi-2.28.26.jar,
- target/dependency/http-auth-2.28.26.jar,
- target/dependency/http-auth-aws-2.28.26.jar,
- target/dependency/http-auth-aws-eventstream-2.28.26.jar,
- target/dependency/http-auth-spi-2.28.26.jar,
- target/dependency/http-client-spi-2.28.26.jar,
- target/dependency/httpclient-4.5.14.jar,
- target/dependency/httpcore-4.4.16.jar,
- target/dependency/identity-spi-2.28.26.jar,
- target/dependency/jackson-annotations-2.17.2.jar,
- target/dependency/jackson-core-2.17.2.jar,
- target/dependency/jackson-databind-2.17.2.jar,
- target/dependency/jakarta.inject-api-2.0.1.jar,
- target/dependency/json-utils-2.28.26.jar,
- target/dependency/maven-artifact-3.9.9.jar,
- target/dependency/metrics-spi-2.28.26.jar,
- target/dependency/netty-nio-client-2.28.26.jar,
- target/dependency/nimbus-jose-jwt-9.41.2.jar,
- target/dependency/profiles-2.28.26.jar,
- target/dependency/protocol-core-2.28.26.jar,
- target/dependency/proxy-vole-1.1.6.jar,
- target/dependency/reactive-streams-1.0.4.jar,
- target/dependency/regions-2.28.26.jar,
- target/dependency/retries-2.28.26.jar,
- target/dependency/retries-spi-2.28.26.jar,
- target/dependency/rxjava-3.1.5.jar,
- target/dependency/sdk-core-2.28.26.jar,
- target/dependency/third-party-jackson-core-2.28.26.jar,
- target/dependency/utils-2.28.26.jar
+ target/dependency/annotations.jar,
+ target/dependency/apache-client.jar,
+ target/dependency/auth.jar,
+ target/dependency/aws-core.jar,
+ target/dependency/aws-json-protocol.jar,
+ target/dependency/checksums-spi.jar,
+ target/dependency/checksums.jar,
+ target/dependency/cognitoidentity.jar,
+ target/dependency/commons-codec.jar,
+ target/dependency/delight-rhino-sandbox.jar,
+ target/dependency/endpoints-spi.jar,
+ target/dependency/http-auth-aws-eventstream.jar,
+ target/dependency/http-auth-aws.jar,
+ target/dependency/http-auth-spi.jar,
+ target/dependency/http-auth.jar,
+ target/dependency/http-client-spi.jar,
+ target/dependency/httpclient.jar,
+ target/dependency/httpcore.jar,
+ target/dependency/identity-spi.jar,
+ target/dependency/jackson-annotations.jar,
+ target/dependency/jackson-core.jar,
+ target/dependency/jackson-databind.jar,
+ target/dependency/jakarta.inject-api.jar,
+ target/dependency/jna-platform.jar,
+ target/dependency/jna.jar,
+ target/dependency/json-utils.jar,
+ target/dependency/maven-artifact.jar,
+ target/dependency/metrics-spi.jar,
+ target/dependency/netty-nio-client.jar,
+ target/dependency/nimbus-jose-jwt.jar,
+ target/dependency/profiles.jar,
+ target/dependency/protocol-core.jar,
+ target/dependency/proxy-vole.jar,
+ target/dependency/reactive-streams.jar,
+ target/dependency/regions.jar,
+ target/dependency/retries-spi.jar,
+ target/dependency/retries.jar,
+ target/dependency/rxjava.jar,
+ target/dependency/sdk-core.jar,
+ target/dependency/slf4j-api.jar,
+ target/dependency/third-party-jackson-core.jar,
+ target/dependency/utils.jar

plugin/pom.xml

@@ -52,11 +52,6 @@
             <artifactId>jakarta.inject-api</artifactId>
             <version>2.0.1</version>
         </dependency>
-        <dependency>
-            <groupId>io.reactivex.rxjava3</groupId>
-            <artifactId>rxjava</artifactId>
-            <version>3.1.5</version>
-        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
@@ -153,8 +148,24 @@
                             <goal>copy-dependencies</goal>
                         </goals>
                         <configuration>
+                            <includeScope>runtime</includeScope>
+                            <stripVersion>true</stripVersion>
                             <outputDirectory>${project.build.directory}/dependency</outputDirectory>
-                            <includeGroupIds>io.reactivex,software.amazon.awssdk,com.fasterxml.jackson,com.nimbusds,jakarta.inject,commons-codec,org.apache.httpcomponents,org.reactivestreams,org.apache.maven,org.bidib.com.github.markusbernhardt</includeGroupIds>
+                            <includeGroupIds>
+                                io.reactivex,
+                                software.amazon.awssdk,
+                                com.fasterxml.jackson,
+                                com.nimbusds,jakarta.inject,
+                                commons-codec,
+                                org.apache.httpcomponents,
+                                org.reactivestreams,
+                                org.apache.maven,
+                                org.bidib.com.github.markusbernhardt,
+                                net.java.dev.jna,
+                                org.ini4j,
+                                org.javadelight,
+                                org.slf4j
+                            </includeGroupIds>
                         </configuration>
                     </execution>
                     <execution>

plugin/src/software/aws/toolkits/eclipse/amazonq/lsp/connection/QLspConnectionProvider.java

@@ -44,10 +44,10 @@ public QLspConnectionProvider() throws IOException {
 
     @Override
     protected final void addEnvironmentVariables(final Map<String, String> env) {
-        String httpsProxyPreference = ProxyUtil.getHttpsProxyUrl();
+        String httpsProxyUrl = ProxyUtil.getHttpsProxyUrl();
         String caCertPreference = Activator.getDefault().getPreferenceStore().getString(AmazonQPreferencePage.CA_CERT);
-        if (!StringUtils.isEmpty(httpsProxyPreference)) {
-            env.put("HTTPS_PROXY", httpsProxyPreference);
+        if (!StringUtils.isEmpty(httpsProxyUrl)) {
+            env.put("HTTPS_PROXY", httpsProxyUrl);
         }
         if (!StringUtils.isEmpty(caCertPreference)) {
             env.put("NODE_EXTRA_CA_CERTS", caCertPreference);

plugin/src/software/aws/toolkits/eclipse/amazonq/util/ProxyUtil.java

@@ -16,7 +16,9 @@
 import java.security.cert.X509Certificate;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 
 import org.eclipse.mylyn.commons.ui.dialogs.AbstractNotificationPopup;
 import org.eclipse.swt.widgets.Display;
@@ -154,22 +156,35 @@ private static String getCustomCertPath() {
     }
 
     private static SSLContext createSslContextWithCustomCert(final String certPath) throws Exception {
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init((KeyStore) null);
+
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+
+        for (TrustManager tm : tmf.getTrustManagers()) {
+            if (tm instanceof X509TrustManager) {
+                X509TrustManager xtm = (X509TrustManager) tm;
+                for (X509Certificate cert : xtm.getAcceptedIssuers()) {
+                    keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert);
+                }
+            }
+        }
+
         CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
         X509Certificate cert;
 
         try (FileInputStream fis = new FileInputStream(certPath)) {
             cert = (X509Certificate) certificateFactory.generateCertificate(fis);
         }
 
-        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-        keyStore.load(null, null);
         keyStore.setCertificateEntry("custom-cert", cert);
 
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-        tmf.init(keyStore);
+        TrustManagerFactory customTmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        customTmf.init(keyStore);
 
         SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
-        sslContext.init(null, tmf.getTrustManagers(), null);
+        sslContext.init(null, customTmf.getTrustManagers(), null);
         Activator.getLogger().info("Picked up custom CA cert.");
 
         return sslContext;

pom.xml

@@ -27,11 +27,7 @@
             <layout>p2</layout>
             <url>https://download.eclipse.org/releases/2024-06</url>
         </repository>
-        <repository>
-            <id>lsp4e</id>
-            <layout>p2</layout>
-            <url>http://download.eclipse.org/lsp4e/releases/latest/</url>
-        </repository>
+
     </repositories>
 
     <build>