QUIC: obtain source address token keys from internal key server.

QUIC: obtain source address token keys from internal key server.

We've discovered that the gradual fleet-wide rotation of the internal
server's primary key causes a weekly spike of
SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, because this key is used to
derive QUIC's source address token key.

This CL fixes the problem by fetching the key from internal key server,
and (for backup) changing QUIC to attempt token decryption using several
keys.

Merge internal change: 114465990

R=rch@chromium.org

[mab, 2016-02-19 01:52:40]

mab@google.com changed reviewers:
+ mab@google.com

[mab, 2016-02-19 01:52:41]

(Any reason to wait for the fix to be tested with live traffic, before
proceeding with this change?)

[Ryan Hamilton, 2016-02-19 03:05:48]

lgtm, but I recommend making the CL description (particularly in the final CL) a
bit less internal-focused. Perhaps just mention what's happening in the Chromium
change?

[ramant (doing other things), 2016-02-19 18:30:45]

On 2016/02/19 01:52:41, mab wrote:
> (Any reason to wait for the fix to be tested with live traffic, before
> proceeding with this change?)

chromium's client code wouldn't use this code. This CL impacts quic_server.
Tested that code and it worked ok.

[ramant (doing other things), 2016-02-19 18:38:29]

On 2016/02/19 03:05:48, Ryan Hamilton wrote:
> lgtm, but I recommend making the CL description (particularly in the final CL)
a
> bit less internal-focused. Perhaps just mention what's happening in the
Chromium
> change?

Very good point Ryan. Updated the description in the following Landing CL.
Thanks much.

https://codereview.chromium.org/1714713002/