read certificate chain to verify connection

connection.schema.json

@@ -26,6 +26,14 @@
       "title": "Password",
       "type": "string",
       "minLength": 1
+    },
+    "verifySSLCert": {
+      "title": "Verify SSL Cert",
+      "type": "boolean"
+    },
+    "caChain": {
+      "title": "Certificate chain",
+      "type": "string"
     }
   },
   "required": ["server", "catalog", "user"]

package.json

@@ -2,7 +2,7 @@
   "name": "trino-driver-sqltools",
   "displayName": "Trino Driver",
   "description": "Trino Driver for SQLTools",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "engines": {
     "vscode": "^1.73.1"
   },
@@ -61,7 +61,7 @@
   "devDependencies": {
     "@babel/preset-env": "^7.20.2",
     "@types/node": "^18.11.18",
-    "@types/vscode": "^1.73.0",
+    "@types/vscode": "^1.73.1",
     "@typescript-eslint/eslint-plugin": "^5.47.1",
     "@typescript-eslint/parser": "^5.48.1",
     "esbuild": "^0.16.16",

src/ls/client.ts

@@ -1,8 +1,11 @@
 import axios, { AxiosRequestConfig, RawAxiosRequestHeaders } from 'axios';
+import * as https from 'https'
+import * as fs from 'fs';
 
 const DEFAULT_SERVER = 'http://localhost:8080';
 const DEFAULT_SOURCE = 'trino-js-client';
 const DEFAULT_USER = process.env.USER;
+const DEFAULT_VERIFY_SSL_CERT = true;
 
 // Trino headers
 const TRINO_HEADER_PREFIX = 'X-Trino-';
@@ -49,7 +52,8 @@ export type ConnectionOptions = {
     readonly auth?: Auth;
     readonly session?: Session;
     readonly extraCredential?: ExtraCredential;
-    readonly verify?: Boolean;
+    readonly verifySSLCert?: boolean;
+    readonly caChain?: string;
 };
 
 export type QueryStage = {
@@ -163,14 +167,9 @@ class Client {
     ) { }
 
     static create(options: ConnectionOptions): Client {
-        const https = require('https');
-        const agent = new https.Agent({
-            rejectUnauthorized: false
-        })
-
         const clientConfig: AxiosRequestConfig = {
             baseURL: options.server ?? DEFAULT_SERVER,
-            httpsAgent: agent,
+            httpsAgent: this.buildHttpsAgent(options),
         };
 
         const headers: RawAxiosRequestHeaders = {
@@ -199,6 +198,27 @@ class Client {
         return new Client(clientConfig, options);
     }
 
+
+    /**
+     * Method to build an https agent based on the configurations available
+     * @param options - ConnectionOptions
+     * @returns https.Agent
+     */
+    static buildHttpsAgent(options: ConnectionOptions): https.Agent {
+        const verifySSLCert = options.verifySSLCert ?? DEFAULT_VERIFY_SSL_CERT
+        if (!verifySSLCert) {
+            return new https.Agent({
+                rejectUnauthorized: false,
+            });
+        } else {
+            return new https.Agent({
+                rejectUnauthorized: true,
+                ca: fs.readFileSync(options.caChain)
+            });
+        }
+    }
+
+
     /**
      * Generic method to send a request to the server.
      * @param cfg - AxiosRequestConfig<any>

src/ls/driver.ts

@@ -33,7 +33,8 @@ export default class TrinoDriver
       schema: this.credentials.schema,
       source: "sqltools-driver",
       auth: new BasicAuth(this.credentials.username, this.credentials.password),
-      verify: this.credentials.verify
+      verifySSLCert: this.credentials.verifySSLCert,
+      caChain: this.credentials.caChain
     };
 
     try {

yarn.lock

@@ -1267,7 +1267,7 @@
   resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.3.12.tgz#920447fdd78d76b19de0438b7f60df3c4a80bf1c"
   integrity sha512-WwA1MW0++RfXmCr12xeYOOC5baSC9mSb0ZqCquFzKhcoF4TvHu5MKOuXsncgZcpVFhB1pXd5hZmM0ryAoCp12A==
 
-"@types/vscode@^1.73.0":
+"@types/vscode@^1.73.1":
   version "1.74.0"
   resolved "https://registry.yarnpkg.com/@types/vscode/-/vscode-1.74.0.tgz#4adc21b4e7f527b893de3418c21a91f1e503bdcd"
   integrity sha512-LyeCIU3jb9d38w0MXFwta9r0Jx23ugujkAxdwLTNCyspdZTKUc43t7ppPbCiPoQ/Ivd/pnDFZrb4hWd45wrsgA==