diff options
| author | rtenneti <rtenneti@chromium.org> | 2016-03-23 17:50:02 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-24 00:51:18 +0000 |
| commit | 61de368f64f49bea82a22c429f16b19ece352fbd (patch) | |
| tree | 3fde0d0989050d8977ef6a03539ac8fc953c4f82 | |
| parent | 271c91e974143cfd5649934a97cb284dab7dd37d (diff) | |
| download | chromium_src-61de368f64f49bea82a22c429f16b19ece352fbd.zip chromium_src-61de368f64f49bea82a22c429f16b19ece352fbd.tar.gz chromium_src-61de368f64f49bea82a22c429f16b19ece352fbd.tar.bz2 | |
QUIC - Persist "Hash of the CHLO message" and "Signed timestamp of the
leaf cert".
Bumped up the version number of the persisted data. We will not load
server config's from disk cache if they have prior version.
R=rch@chromium.org
Review URL: https://codereview.chromium.org/1818393003
Cr-Commit-Position: refs/heads/master@{#382996}
| -rw-r--r-- | net/http/disk_cache_based_quic_server_info_unittest.cc | 56 | ||||
| -rw-r--r-- | net/quic/crypto/properties_based_quic_server_info_test.cc | 6 | ||||
| -rw-r--r-- | net/quic/crypto/quic_crypto_client_config.cc | 6 | ||||
| -rw-r--r-- | net/quic/crypto/quic_crypto_client_config.h | 10 | ||||
| -rw-r--r-- | net/quic/crypto/quic_server_info.cc | 28 | ||||
| -rw-r--r-- | net/quic/crypto/quic_server_info.h | 2 | ||||
| -rw-r--r-- | net/quic/quic_chromium_client_session.cc | 2 | ||||
| -rw-r--r-- | net/quic/quic_stream_factory.cc | 3 | ||||
| -rw-r--r-- | net/quic/quic_stream_factory_test.cc | 6 |
9 files changed, 108 insertions, 11 deletions
diff --git a/net/http/disk_cache_based_quic_server_info_unittest.cc b/net/http/disk_cache_based_quic_server_info_unittest.cc index 6f6425e..490b935 100644 --- a/net/http/disk_cache_based_quic_server_info_unittest.cc +++ b/net/http/disk_cache_based_quic_server_info_unittest.cc @@ -116,12 +116,16 @@ TEST(DiskCacheBasedQuicServerInfo, Update) { EXPECT_TRUE(state->certs.empty()); const string server_config_a = "server_config_a"; const string source_address_token_a = "source_address_token_a"; + const string cert_sct_a = "cert_sct_a"; + const string chlo_hash_a = "chlo_hash_a"; const string server_config_sig_a = "server_config_sig_a"; const string cert_a = "cert_a"; const string cert_b = "cert_b"; state->server_config = server_config_a; state->source_address_token = source_address_token_a; + state->cert_sct = cert_sct_a; + state->chlo_hash = chlo_hash_a; state->server_config_sig = server_config_sig_a; state->certs.push_back(cert_a); quic_server_info->Persist(); @@ -156,6 +160,8 @@ TEST(DiskCacheBasedQuicServerInfo, Update) { const QuicServerInfo::State& state1 = quic_server_info->state(); EXPECT_EQ(server_config_a, state1.server_config); EXPECT_EQ(source_address_token_a, state1.source_address_token); + EXPECT_EQ(cert_sct_a, state1.cert_sct); + EXPECT_EQ(chlo_hash_a, state1.chlo_hash); EXPECT_EQ(server_config_sig_a, state1.server_config_sig); EXPECT_EQ(2U, state1.certs.size()); EXPECT_EQ(cert_a, state1.certs[0]); @@ -183,11 +189,15 @@ TEST(DiskCacheBasedQuicServerInfo, UpdateDifferentPorts) { EXPECT_TRUE(state1->certs.empty()); const string server_config_a = "server_config_a"; const string source_address_token_a = "source_address_token_a"; + const string cert_sct_a = "cert_sct_a"; + const string chlo_hash_a = "chlo_hash_a"; const string server_config_sig_a = "server_config_sig_a"; const string cert_a = "cert_a"; state1->server_config = server_config_a; state1->source_address_token = source_address_token_a; + state1->cert_sct = cert_sct_a; + state1->chlo_hash = chlo_hash_a; state1->server_config_sig = server_config_sig_a; state1->certs.push_back(cert_a); quic_server_info1->Persist(); @@ -207,11 +217,15 @@ TEST(DiskCacheBasedQuicServerInfo, UpdateDifferentPorts) { EXPECT_TRUE(state2->certs.empty()); const string server_config_b = "server_config_b"; const string source_address_token_b = "source_address_token_b"; + const string cert_sct_b = "cert_sct_b"; + const string chlo_hash_b = "chlo_hash_b"; const string server_config_sig_b = "server_config_sig_b"; const string cert_b = "cert_b"; state2->server_config = server_config_b; state2->source_address_token = source_address_token_b; + state2->cert_sct = cert_sct_b; + state2->chlo_hash = chlo_hash_b; state2->server_config_sig = server_config_sig_b; state2->certs.push_back(cert_b); quic_server_info2->Persist(); @@ -230,6 +244,8 @@ TEST(DiskCacheBasedQuicServerInfo, UpdateDifferentPorts) { const QuicServerInfo::State& state_a = quic_server_info->state(); EXPECT_EQ(server_config_a, state_a.server_config); EXPECT_EQ(source_address_token_a, state_a.source_address_token); + EXPECT_EQ(cert_sct_a, state_a.cert_sct); + EXPECT_EQ(chlo_hash_a, state_a.chlo_hash); EXPECT_EQ(server_config_sig_a, state_a.server_config_sig); EXPECT_EQ(1U, state_a.certs.size()); EXPECT_EQ(cert_a, state_a.certs[0]); @@ -245,6 +261,8 @@ TEST(DiskCacheBasedQuicServerInfo, UpdateDifferentPorts) { const QuicServerInfo::State& state_b = quic_server_info->state(); EXPECT_EQ(server_config_b, state_b.server_config); EXPECT_EQ(source_address_token_b, state_b.source_address_token); + EXPECT_EQ(cert_sct_b, state_b.cert_sct); + EXPECT_EQ(chlo_hash_b, state_b.chlo_hash); EXPECT_EQ(server_config_sig_b, state_b.server_config_sig); EXPECT_EQ(1U, state_b.certs.size()); EXPECT_EQ(cert_b, state_b.certs[0]); @@ -272,11 +290,15 @@ TEST(DiskCacheBasedQuicServerInfo, IsReadyToPersist) { EXPECT_TRUE(state->certs.empty()); const string server_config_a = "server_config_a"; const string source_address_token_a = "source_address_token_a"; + const string cert_sct_a = "cert_sct_a"; + const string chlo_hash_a = "chlo_hash_a"; const string server_config_sig_a = "server_config_sig_a"; const string cert_a = "cert_a"; state->server_config = server_config_a; state->source_address_token = source_address_token_a; + state->cert_sct = cert_sct_a; + state->chlo_hash = chlo_hash_a; state->server_config_sig = server_config_sig_a; state->certs.push_back(cert_a); EXPECT_TRUE(quic_server_info->IsReadyToPersist()); @@ -302,6 +324,8 @@ TEST(DiskCacheBasedQuicServerInfo, IsReadyToPersist) { const QuicServerInfo::State& state1 = quic_server_info->state(); EXPECT_EQ(server_config_a, state1.server_config); EXPECT_EQ(source_address_token_a, state1.source_address_token); + EXPECT_EQ(cert_sct_a, state1.cert_sct); + EXPECT_EQ(chlo_hash_a, state1.chlo_hash); EXPECT_EQ(server_config_sig_a, state1.server_config_sig); EXPECT_EQ(1U, state1.certs.size()); EXPECT_EQ(cert_a, state1.certs[0]); @@ -329,11 +353,15 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersist) { EXPECT_TRUE(state->certs.empty()); const string server_config_init = "server_config_init"; const string source_address_token_init = "source_address_token_init"; + const string cert_sct_init = "cert_sct_init"; + const string chlo_hash_init = "chlo_hash_init"; const string server_config_sig_init = "server_config_sig_init"; const string cert_init = "cert_init"; state->server_config = server_config_init; state->source_address_token = source_address_token_init; + state->cert_sct = cert_sct_init; + state->chlo_hash = chlo_hash_init; state->server_config_sig = server_config_sig_init; state->certs.push_back(cert_init); EXPECT_TRUE(quic_server_info->IsReadyToPersist()); @@ -352,11 +380,15 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersist) { // doing another Start() and WaitForDataReady. const string server_config_a = "server_config_a"; const string source_address_token_a = "source_address_token_a"; + const string cert_sct_a = "cert_sct_a"; + const string chlo_hash_a = "chlo_hash_a"; const string server_config_sig_a = "server_config_sig_a"; const string cert_a = "cert_a"; state->server_config = server_config_a; state->source_address_token = source_address_token_a; + state->cert_sct = cert_sct_a; + state->chlo_hash = chlo_hash_a; state->server_config_sig = server_config_sig_a; state->certs.push_back(cert_a); EXPECT_TRUE(quic_server_info->IsReadyToPersist()); @@ -382,6 +414,8 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersist) { const QuicServerInfo::State& state1 = quic_server_info->state(); EXPECT_EQ(server_config_a, state1.server_config); EXPECT_EQ(source_address_token_a, state1.source_address_token); + EXPECT_EQ(cert_sct_a, state1.cert_sct); + EXPECT_EQ(chlo_hash_a, state1.chlo_hash); EXPECT_EQ(server_config_sig_a, state1.server_config_sig); EXPECT_EQ(1U, state1.certs.size()); EXPECT_EQ(cert_a, state1.certs[0]); @@ -466,11 +500,15 @@ TEST(DiskCacheBasedQuicServerInfo, StartAndPersist) { EXPECT_TRUE(state->certs.empty()); const string server_config_a = "server_config_a"; const string source_address_token_a = "source_address_token_a"; + const string cert_sct_a = "cert_sct_a"; + const string chlo_hash_a = "chlo_hash_a"; const string server_config_sig_a = "server_config_sig_a"; const string cert_a = "cert_a"; state->server_config = server_config_a; state->source_address_token = source_address_token_a; + state->cert_sct = cert_sct_a; + state->chlo_hash = chlo_hash_a; state->server_config_sig = server_config_sig_a; state->certs.push_back(cert_a); EXPECT_TRUE(quic_server_info->IsReadyToPersist()); @@ -498,6 +536,8 @@ TEST(DiskCacheBasedQuicServerInfo, StartAndPersist) { const QuicServerInfo::State& state1 = quic_server_info->state(); EXPECT_EQ(server_config_a, state1.server_config); EXPECT_EQ(source_address_token_a, state1.source_address_token); + EXPECT_EQ(cert_sct_a, state1.cert_sct); + EXPECT_EQ(chlo_hash_a, state1.chlo_hash); EXPECT_EQ(server_config_sig_a, state1.server_config_sig); EXPECT_EQ(1U, state1.certs.size()); EXPECT_EQ(cert_a, state1.certs[0]); @@ -527,11 +567,15 @@ TEST(DiskCacheBasedQuicServerInfo, PersistWhenNotReadyToPersist) { EXPECT_TRUE(state->certs.empty()); const string server_config_init = "server_config_init"; const string source_address_token_init = "source_address_token_init"; + const string cert_sct_init = "cert_sct_init"; + const string chlo_hash_init = "chlo_hash_init"; const string server_config_sig_init = "server_config_sig_init"; const string cert_init = "cert_init"; state->server_config = server_config_init; state->source_address_token = source_address_token_init; + state->cert_sct = cert_sct_init; + state->chlo_hash = chlo_hash_init; state->server_config_sig = server_config_sig_init; state->certs.push_back(cert_init); EXPECT_FALSE(quic_server_info->IsReadyToPersist()); @@ -556,6 +600,8 @@ TEST(DiskCacheBasedQuicServerInfo, PersistWhenNotReadyToPersist) { const QuicServerInfo::State& state1 = quic_server_info->state(); EXPECT_EQ(server_config_init, state1.server_config); EXPECT_EQ(source_address_token_init, state1.source_address_token); + EXPECT_EQ(cert_sct_init, state1.cert_sct); + EXPECT_EQ(chlo_hash_init, state1.chlo_hash); EXPECT_EQ(server_config_sig_init, state1.server_config_sig); EXPECT_EQ(1U, state1.certs.size()); EXPECT_EQ(cert_init, state1.certs[0]); @@ -582,11 +628,15 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersistsWithoutWaiting) { EXPECT_TRUE(state->certs.empty()); const string server_config_init = "server_config_init"; const string source_address_token_init = "source_address_token_init"; + const string cert_sct_init = "cert_sct_init"; + const string chlo_hash_init = "chlo_hash_init"; const string server_config_sig_init = "server_config_sig_init"; const string cert_init = "cert_init"; state->server_config = server_config_init; state->source_address_token = source_address_token_init; + state->cert_sct = cert_sct_init; + state->chlo_hash = chlo_hash_init; state->server_config_sig = server_config_sig_init; state->certs.push_back(cert_init); EXPECT_TRUE(quic_server_info->IsReadyToPersist()); @@ -600,11 +650,15 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersistsWithoutWaiting) { // doing another Start() and WaitForDataReady. const string server_config_a = "server_config_a"; const string source_address_token_a = "source_address_token_a"; + const string cert_sct_a = "cert_sct_a"; + const string chlo_hash_a = "chlo_hash_a"; const string server_config_sig_a = "server_config_sig_a"; const string cert_a = "cert_a"; state->server_config = server_config_a; state->source_address_token = source_address_token_a; + state->cert_sct = cert_sct_a; + state->chlo_hash = chlo_hash_a; state->server_config_sig = server_config_sig_a; state->certs.push_back(cert_a); EXPECT_FALSE(quic_server_info->IsReadyToPersist()); @@ -627,6 +681,8 @@ TEST(DiskCacheBasedQuicServerInfo, MultiplePersistsWithoutWaiting) { const QuicServerInfo::State& state1 = quic_server_info->state(); EXPECT_EQ(server_config_a, state1.server_config); EXPECT_EQ(source_address_token_a, state1.source_address_token); + EXPECT_EQ(cert_sct_a, state1.cert_sct); + EXPECT_EQ(chlo_hash_a, state1.chlo_hash); EXPECT_EQ(server_config_sig_a, state1.server_config_sig); EXPECT_EQ(1U, state1.certs.size()); EXPECT_EQ(cert_a, state1.certs[0]); diff --git a/net/quic/crypto/properties_based_quic_server_info_test.cc b/net/quic/crypto/properties_based_quic_server_info_test.cc index 2e9c2d3..f9cb681 100644 --- a/net/quic/crypto/properties_based_quic_server_info_test.cc +++ b/net/quic/crypto/properties_based_quic_server_info_test.cc @@ -18,6 +18,8 @@ namespace test { namespace { const std::string kServerConfigA("server_config_a"); const std::string kSourceAddressTokenA("source_address_token_a"); +const std::string kCertSCTA("cert_sct_a"); +const std::string kChloHashA("chlo_hash_a"); const std::string kServerConfigSigA("server_config_sig_a"); const std::string kCertA("cert_a"); const std::string kCertB("cert_b"); @@ -39,6 +41,8 @@ class PropertiesBasedQuicServerInfoTest : public ::testing::Test { state->server_config = kServerConfigA; state->source_address_token = kSourceAddressTokenA; state->server_config_sig = kServerConfigSigA; + state->cert_sct = kCertSCTA; + state->chlo_hash = kChloHashA; state->certs.push_back(kCertA); EXPECT_TRUE(server_info_.IsReadyToPersist()); server_info_.Persist(); @@ -51,6 +55,8 @@ class PropertiesBasedQuicServerInfoTest : public ::testing::Test { void VerifyInitialData(const QuicServerInfo::State& state) { EXPECT_EQ(kServerConfigA, state.server_config); EXPECT_EQ(kSourceAddressTokenA, state.source_address_token); + EXPECT_EQ(kCertSCTA, state.cert_sct); + EXPECT_EQ(kChloHashA, state.chlo_hash); EXPECT_EQ(kServerConfigSigA, state.server_config_sig); EXPECT_EQ(kCertA, state.certs[0]); } diff --git a/net/quic/crypto/quic_crypto_client_config.cc b/net/quic/crypto/quic_crypto_client_config.cc index 0467ff5..2f049d1 100644 --- a/net/quic/crypto/quic_crypto_client_config.cc +++ b/net/quic/crypto/quic_crypto_client_config.cc @@ -253,7 +253,7 @@ bool QuicCryptoClientConfig::CachedState::Initialize( StringPiece server_config, StringPiece source_address_token, const vector<string>& certs, - const string& cert_sct, + StringPiece cert_sct, StringPiece chlo_hash, StringPiece signature, QuicWallTime now) { @@ -272,11 +272,11 @@ bool QuicCryptoClientConfig::CachedState::Initialize( return false; } - chlo_hash.CopyToString(&chlo_hash_); signature.CopyToString(&server_config_sig_); source_address_token.CopyToString(&source_address_token_); + cert_sct.CopyToString(&cert_sct_); + chlo_hash.CopyToString(&chlo_hash_); certs_ = certs; - cert_sct_ = cert_sct; return true; } diff --git a/net/quic/crypto/quic_crypto_client_config.h b/net/quic/crypto/quic_crypto_client_config.h index 6ecd678..a0c3536 100644 --- a/net/quic/crypto/quic_crypto_client_config.h +++ b/net/quic/crypto/quic_crypto_client_config.h @@ -148,10 +148,10 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { // SetProofVerifyDetails takes ownership of |details|. void SetProofVerifyDetails(ProofVerifyDetails* details); - // Copy the |server_config_|, |source_address_token_|, |certs_| and - // |server_config_sig_| from the |other|. The remaining fields, - // |generation_counter_|, |proof_verify_details_|, and |scfg_| remain - // unchanged. + // Copy the |server_config_|, |source_address_token_|, |certs_|, + // |cert_sct_|, |chlo_hash_| and |server_config_sig_| from the |other|. The + // remaining fields, |generation_counter_|, |proof_verify_details_|, and + // |scfg_| remain unchanged. void InitializeFrom(const CachedState& other); // Initializes this cached state based on the arguments provided. @@ -159,7 +159,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { bool Initialize(base::StringPiece server_config, base::StringPiece source_address_token, const std::vector<std::string>& certs, - const std::string& cert_sct, + base::StringPiece cert_sct, base::StringPiece chlo_hash, base::StringPiece signature, QuicWallTime now); diff --git a/net/quic/crypto/quic_server_info.cc b/net/quic/crypto/quic_server_info.cc index 2627fb4..24edb9b 100644 --- a/net/quic/crypto/quic_server_info.cc +++ b/net/quic/crypto/quic_server_info.cc @@ -12,7 +12,10 @@ using std::string; namespace { -const int kQuicCryptoConfigVersion = 1; +// TODO(rtenneti): Delete kQuicCryptoConfigVersionNoChloHash after +// QUIC_VERSION_31 becomes the default. +const int kQuicCryptoConfigVersionNoChloHash = 1; +const int kQuicCryptoConfigVersion = 2; } // namespace @@ -25,6 +28,8 @@ QuicServerInfo::State::~State() {} void QuicServerInfo::State::Clear() { server_config.clear(); source_address_token.clear(); + cert_sct.clear(); + chlo_hash.clear(); server_config_sig.clear(); certs.clear(); } @@ -70,7 +75,10 @@ bool QuicServerInfo::ParseInner(const string& data) { return false; } - if (version != kQuicCryptoConfigVersion) { + // TODO(rtenneti): Delete kQuicCryptoConfigVersionNoChloHash after + // QUIC_VERSION_31 becomes the default. + if (!(version == kQuicCryptoConfigVersionNoChloHash || + version == kQuicCryptoConfigVersion)) { DVLOG(1) << "Unsupported version"; return false; } @@ -83,6 +91,21 @@ bool QuicServerInfo::ParseInner(const string& data) { DVLOG(1) << "Malformed source_address_token"; return false; } + // TODO(rtenneti): Delete kQuicCryptoConfigVersionNoChloHash after + // QUIC_VERSION_31 becomes the default. + if (version == kQuicCryptoConfigVersionNoChloHash) { + state->cert_sct.clear(); + state->chlo_hash.clear(); + } else { + if (!iter.ReadString(&state->cert_sct)) { + DVLOG(1) << "Malformed cert_sct"; + return false; + } + if (!iter.ReadString(&state->chlo_hash)) { + DVLOG(1) << "Malformed chlo_hash"; + return false; + } + } if (!iter.ReadString(&state->server_config_sig)) { DVLOG(1) << "Malformed server_config_sig"; return false; @@ -119,6 +142,7 @@ string QuicServerInfo::SerializeInner() const { if (!p.WriteInt(kQuicCryptoConfigVersion) || !p.WriteString(state_.server_config) || !p.WriteString(state_.source_address_token) || + !p.WriteString(state_.cert_sct) || !p.WriteString(state_.chlo_hash) || !p.WriteString(state_.server_config_sig) || state_.certs.size() > std::numeric_limits<uint32_t>::max() || !p.WriteUInt32(state_.certs.size())) { diff --git a/net/quic/crypto/quic_server_info.h b/net/quic/crypto/quic_server_info.h index be15240..5032e38 100644 --- a/net/quic/crypto/quic_server_info.h +++ b/net/quic/crypto/quic_server_info.h @@ -81,6 +81,8 @@ class NET_EXPORT_PRIVATE QuicServerInfo { // This class matches QuicClientCryptoConfig::CachedState. std::string server_config; // A serialized handshake message. std::string source_address_token; // An opaque proof of IP ownership. + std::string cert_sct; // Signed timestamp of the leaf cert. + std::string chlo_hash; // Hash of the CHLO message. std::vector<std::string> certs; // A list of certificates in leaf-first // order. std::string server_config_sig; // A signature of |server_config_|. diff --git a/net/quic/quic_chromium_client_session.cc b/net/quic/quic_chromium_client_session.cc index fbc1382..7e54ece 100644 --- a/net/quic/quic_chromium_client_session.cc +++ b/net/quic/quic_chromium_client_session.cc @@ -915,6 +915,8 @@ void QuicChromiumClientSession::OnProofValid( state->server_config = cached.server_config(); state->source_address_token = cached.source_address_token(); + state->cert_sct = cached.cert_sct(); + state->chlo_hash = cached.chlo_hash(); state->server_config_sig = cached.signature(); state->certs = cached.certs(); diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc index a550bd9..a032f2e 100644 --- a/net/quic/quic_stream_factory.cc +++ b/net/quic/quic_stream_factory.cc @@ -1669,7 +1669,8 @@ void QuicStreamFactory::InitializeCachedStateInCryptoConfig( cached->Initialize(server_info->state().server_config, server_info->state().source_address_token, - server_info->state().certs, "", "", + server_info->state().certs, server_info->state().cert_sct, + server_info->state().chlo_hash, server_info->state().server_config_sig, clock_->WallNow()); } diff --git a/net/quic/quic_stream_factory_test.cc b/net/quic/quic_stream_factory_test.cc index 2175cfa..4e61258 100644 --- a/net/quic/quic_stream_factory_test.cc +++ b/net/quic/quic_stream_factory_test.cc @@ -3661,12 +3661,16 @@ TEST_P(QuicStreamFactoryTest, MaybeInitialize) { // Create temporary strings becasue Persist() clears string data in |state|. string server_config(reinterpret_cast<const char*>(&scfg), sizeof(scfg)); string source_address_token("test_source_address_token"); + string cert_sct("test_cert_sct"); + string chlo_hash("test_chlo_hash"); string signature("test_signature"); string test_cert("test_cert"); vector<string> certs; certs.push_back(test_cert); state->server_config = server_config; state->source_address_token = source_address_token; + state->cert_sct = cert_sct; + state->chlo_hash = chlo_hash; state->server_config_sig = signature; state->certs = certs; @@ -3686,6 +3690,8 @@ TEST_P(QuicStreamFactoryTest, MaybeInitialize) { EXPECT_TRUE(cached->GetServerConfig()); EXPECT_EQ(server_config, cached->server_config()); EXPECT_EQ(source_address_token, cached->source_address_token()); + EXPECT_EQ(cert_sct, cached->cert_sct()); + EXPECT_EQ(chlo_hash, cached->chlo_hash()); EXPECT_EQ(signature, cached->signature()); ASSERT_EQ(1U, cached->certs().size()); EXPECT_EQ(test_cert, cached->certs()[0]); |