Carlosguerravz/devcerts check

debugger-launchjson.md

@@ -338,3 +338,16 @@ Example:
 ```json
     "targetArchitecture": "arm64"
 ```
+
+## Check for DevCert
+If unspecified, it will be enabled when `serverReadyAction` is set AND when `pipeTransport` is NOT set.
+
+When `true` and if VS is runing on Windows or MacOS, the extension will try to find if your system contains a development certificate by running `dotnet dev-certs https --check`, if no certs are found it will prompt the user to suggest creating them. If approved by the user, the extension will run `dotnet dev-certs https --trust` to create self signed certificates.
+
+You can override this behavior by setting `checkForDevCert` to false in your `launch.json`.
+
+Example:
+
+```json
+    "checkForDevCert": "false"
+```

package.json

@@ -1982,6 +1982,11 @@
               "targetArchitecture": {
                 "type": "string",
                 "description": "[Only supported in local macOS debugging] The architecture of the debuggee. This will automatically be detected unless this parameter is set. Allowed values are x86_64 or arm64."
+              },
+              "checkForDevCert": {
+                "type": "boolean",
+                "description": "When true, the presence of dev certificates will be checked by runing dotnet `dev-certs https --check`, and if that fails the user will be prompted to create dev certs by running `dotnet dev-certs https --trust`",
+                "default": true
               }
             }
           },
@@ -3109,6 +3114,11 @@
               "targetArchitecture": {
                 "type": "string",
                 "description": "[Only supported in local macOS debugging] The architecture of the debuggee. This will automatically be detected unless this parameter is set. Allowed values are x86_64 or arm64."
+              },
+              "checkForDevCert": {
+                "type": "boolean",
+                "description": "When true, the presence of dev certificates will be checked by runing dotnet `dev-certs https --check`, and if that fails the user will be prompted to create dev certs by running `dotnet dev-certs https --trust`",
+                "default": true
               }
             }
           },

src/coreclr-debug/activate.ts

@@ -32,8 +32,8 @@ export async function activate(thisExtension: vscode.Extension<CSharpExtensionEx
     }
 
     const factory = new DebugAdapterExecutableFactory(debugUtil, platformInformation, eventStream, thisExtension.packageJSON, thisExtension.extensionPath, options);
-    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('coreclr', new DotnetDebugConfigurationProvider(platformInformation)));
-    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('clr', new DotnetDebugConfigurationProvider(platformInformation)));
+    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('coreclr', new DotnetDebugConfigurationProvider(platformInformation, options)));
+    context.subscriptions.push(vscode.debug.registerDebugConfigurationProvider('clr', new DotnetDebugConfigurationProvider(platformInformation, options)));
     context.subscriptions.push(vscode.debug.registerDebugAdapterDescriptorFactory('coreclr', factory));
     context.subscriptions.push(vscode.debug.registerDebugAdapterDescriptorFactory('clr', factory));
 }

src/coreclr-debug/debugConfigurationProvider.ts

@@ -6,10 +6,12 @@
 import * as vscode from 'vscode';
 
 import { RemoteAttachPicker, DotNetAttachItemsProviderFactory, AttachPicker, AttachItem } from '../features/processPicker';
+import { Options } from '../omnisharp/options';
 import { PlatformInformation } from '../platform';
-
+import { hasDotnetDevCertsHttps, createSelfSignedCert } from '../utils/DotnetDevCertsHttps';
+
 export class DotnetDebugConfigurationProvider implements vscode.DebugConfigurationProvider {
-    constructor(public platformInformation: PlatformInformation) {}
+    constructor(public platformInformation: PlatformInformation, private options: Options) {}
 
     public async resolveDebugConfigurationWithSubstitutedVariables(folder: vscode.WorkspaceFolder | undefined, debugConfiguration: vscode.DebugConfiguration, token?: vscode.CancellationToken): Promise<vscode.DebugConfiguration | null | undefined>
     {
@@ -59,6 +61,46 @@ export class DotnetDebugConfigurationProvider implements vscode.DebugConfigurati
                 return undefined;
             }
         }
+
+        // We want to ask the user if we should run dotnet  dev-certs https --trust, but this doesn't work in a few cases --
+        // Linux -- not supported by the .NET CLI as there isn't a single root cert store
+        // VS Code remoting/Web UI -- the trusted cert work would need to happen on the client machine, but we don't have a way to run code there currently
+        // pipeTransport -- the dev cert on the server will be different from the client
+        if (!this.platformInformation.isLinux() && !vscode.env.remoteName && vscode.env.uiKind != vscode.UIKind.Web && !debugConfiguration.pipeTransport)
+        {
+            if(debugConfiguration.checkForDevCert === undefined && debugConfiguration.serverReadyAction)
+            {
+                debugConfiguration.checkForDevCert = true;
+            }
+
+            if (debugConfiguration.checkForDevCert)
+            {
+                hasDotnetDevCertsHttps(this.options.dotNetCliPaths).then(async (hasDevCert) => {
+                    if(!hasDevCert)
+                    {
+                        const result = await vscode.window.showInformationMessage(
+                            "The selected launch configuration is configured to launch a web browser but no trusted development certificate was found. Create a trusted self-signed certificate?", 
+                            'Yes', "Don't Ask Again", 'Not Now'
+                            ); 
+                        if (result === 'Yes')
+                        {
+                            if (await createSelfSignedCert(this.options.dotNetCliPaths))
+                            {
+                                vscode.window.showInformationMessage('Self-signed certificate sucessfully created');
+                            }
+                            else
+                            {
+                                vscode.window.showWarningMessage("Couldn't create self-signed certificate");
+                            }
+                        }
+                        else if (result === "Don't Ask Again")
+                        {
+                            await vscode.window.showInformationMessage("To don't see this message again set launch option 'checkForDevCert' to 'false' in launch.json", { modal: true });
+                        }
+                    }
+                });
+            }
+        }
 
         return debugConfiguration;
     }

src/tools/OptionsSchema.json

@@ -407,6 +407,11 @@
         "targetArchitecture": {
           "type": "string",
           "description": "[Only supported in local macOS debugging] The architecture of the debuggee. This will automatically be detected unless this parameter is set. Allowed values are x86_64 or arm64."
+        },
+        "checkForDevCert": {
+          "type": "boolean",
+          "description": "When true, the presence of dev certificates will be checked by runing dotnet `dev-certs https --check`, and if that fails the user will be prompted to create dev certs by running `dotnet dev-certs https --trust`",
+          "default": true
         }
       }
     },

src/utils/DotnetDevCertsHttps.ts

@@ -0,0 +1,50 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import { join } from "path";
+import { execChildProcess } from "../common";
+import { CoreClrDebugUtil } from "../coreclr-debug/util";
+
+// Will return true if `dotnet dev-certs https --check` succesfully finds a development certificate. 
+export async function hasDotnetDevCertsHttps(dotNetCliPaths: string[]): Promise<Boolean> {
+
+    let dotnetExecutablePath = getDotNetExecutablePath(dotNetCliPaths);
+
+    try {
+        await execChildProcess(`${dotnetExecutablePath ?? 'dotnet'} dev-certs https --check`, process.cwd(), process.env);
+        return true;
+    }
+    catch (err) { // execChildProcess will throw if the process returns anything but 0
+        return false;
+    }
+}
+
+// Will run `dotnet dev-certs https --trust` to prompt the user to create self signed certificates. Retruns true if sucessfull.
+export async function createSelfSignedCert(dotNetCliPaths: string[]): Promise<Boolean> {
+
+    let dotnetExecutablePath = getDotNetExecutablePath(dotNetCliPaths);
+
+    try {
+        await execChildProcess(`${dotnetExecutablePath ?? 'dotnet'} dev-certs https --trust`, process.cwd(), process.env);
+        return true; 
+    }
+    catch (err) { // execChildProcess will throw if the process returns anything but 0
+        return false;
+    }
+}
+
+function getDotNetExecutablePath(dotNetCliPaths: string[]): string | undefined{
+    let dotnetExeName = `dotnet${CoreClrDebugUtil.getPlatformExeExtension()}`;
+    let dotnetExecutablePath: string | undefined;
+
+    for (const dotnetPath of dotNetCliPaths) {
+        let dotnetFullPath = join(dotnetPath, dotnetExeName);
+        if (CoreClrDebugUtil.existsSync(dotnetFullPath)) {
+            dotnetExecutablePath = dotnetFullPath;
+            break;
+        }
+    }
+    return dotnetExecutablePath;
+}