QUIC: obtain source address token keys from internal key server.

net/quic/crypto/quic_crypto_server_config.h

Index: net/quic/crypto/quic_crypto_server_config.h
diff --git a/net/quic/crypto/quic_crypto_server_config.h b/net/quic/crypto/quic_crypto_server_config.h
index 0dabc295d93c0b60ec46a22dfa65cf1720f214ae..617779c99d61627b40951987b571340a405ee400 100644
--- a/net/quic/crypto/quic_crypto_server_config.h
+++ b/net/quic/crypto/quic_crypto_server_config.h
@@ -194,6 +194,14 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
   bool SetConfigs(const std::vector<QuicServerConfigProtobuf*>& protobufs,
                   QuicWallTime now);
 
+  // SetDefaultSourceAddressTokenKeys sets the keys to be tried, in order,
+  // when decrypting a source address token. This modifies only the default
+  // boxer, which is to say, it is a no-op if a key was specified in the Config.
+  // Note that these keys are used *without* passing them through a KDF, in
+  // contradistinction to the |source_address_token_secret| argument to the
+  // constructor.
+  void SetDefaultSourceAddressTokenKeys(const std::vector<std::string>& keys);
+
   // Get the server config ids for all known configs.
   void GetConfigIds(std::vector<std::string>* scids) const;