From f802d37977f85bedb8677113419eeef45d167490 Mon Sep 17 00:00:00 2001
From: klzgrad <kizdiv@gmail.com>
Date: Thu, 21 May 2020 00:19:03 +0800
Subject: [PATCH] Add cert net fetcher

---
 src/net/tools/naive/naive_proxy_bin.cc | 34 +++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/net/tools/naive/naive_proxy_bin.cc b/src/net/tools/naive/naive_proxy_bin.cc
index f8a9398f57..21025ffc0b 100644
--- a/src/net/tools/naive/naive_proxy_bin.cc
+++ b/src/net/tools/naive/naive_proxy_bin.cc
@@ -30,6 +30,8 @@
 #include "net/base/auth.h"
 #include "net/base/network_isolation_key.h"
 #include "net/base/url_util.h"
+#include "net/cert/cert_verifier.h"
+#include "net/cert_net/cert_net_fetcher_url_request.h"
 #include "net/dns/host_resolver.h"
 #include "net/dns/mapped_host_resolver.h"
 #include "net/http/http_auth.h"
@@ -116,9 +118,29 @@ std::unique_ptr<base::Value> GetConstants(
   return constants_dict;
 }
 
+std::unique_ptr<net::URLRequestContext> BuildCertURLRequestContext(
+    net::NetLog* net_log) {
+  net::URLRequestContextBuilder builder;
+
+  builder.DisableHttpCache();
+  builder.set_net_log(net_log);
+
+  net::ProxyConfig proxy_config;
+  auto proxy_service =
+      net::ConfiguredProxyResolutionService::CreateWithoutProxyResolver(
+          std::make_unique<net::ProxyConfigServiceFixed>(
+              net::ProxyConfigWithAnnotation(proxy_config, kTrafficAnnotation)),
+          net_log);
+  proxy_service->ForceReloadProxyConfig();
+  builder.set_proxy_resolution_service(std::move(proxy_service));
+
+  return builder.Build();
+}
+
 // Builds a URLRequestContext assuming there's only a single loop.
 std::unique_ptr<net::URLRequestContext> BuildURLRequestContext(
     const Params& params,
+    scoped_refptr<net::CertNetFetcherURLRequest> cert_net_fetcher,
     net::NetLog* net_log) {
   net::URLRequestContextBuilder builder;
 
@@ -140,6 +162,9 @@ std::unique_ptr<net::URLRequestContext> BuildURLRequestContext(
     builder.set_host_mapping_rules(params.host_resolver_rules);
   }
 
+  builder.SetCertVerifier(
+      net::CertVerifier::CreateDefault(std::move(cert_net_fetcher)));
+
   auto context = builder.Build();
 
   if (!params.proxy_url.empty() && !params.proxy_user.empty() &&
@@ -473,7 +498,14 @@ int main(int argc, char* argv[]) {
                          net::NetLogCaptureMode::kDefault);
   }
 
-  auto context = BuildURLRequestContext(params, net_log);
+  auto cert_context = BuildCertURLRequestContext(net_log);
+  scoped_refptr<net::CertNetFetcherURLRequest> cert_net_fetcher;
+#if defined(OS_LINUX) || defined(OS_MAC)
+  cert_net_fetcher = base::MakeRefCounted<net::CertNetFetcherURLRequest>();
+  cert_net_fetcher->SetURLRequestContext(cert_context.get());
+#endif
+  auto context =
+      BuildURLRequestContext(params, std::move(cert_net_fetcher), net_log);
   auto* session = context->http_transaction_factory()->GetSession();
 
   auto listen_socket =