Use cached compressed certs if available to reduce load of compressing certs. Flag protected by qui…

net/quic/crypto/quic_crypto_server_config_test.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_server_config.h"
 
 #include <stdarg.h>
 
 #include "base/stl_util.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
+#include "net/quic/crypto/cert_compressor.h"
 #include "net/quic/crypto/crypto_handshake_message.h"
 #include "net/quic/crypto/crypto_secret_boxer.h"
 #include "net/quic/crypto/crypto_server_config_protobuf.h"
 #include "net/quic/crypto/quic_random.h"
 #include "net/quic/crypto/strike_register_client.h"
 #include "net/quic/quic_flags.h"
 #include "net/quic/quic_time.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/mock_clock.h"
 #include "net/quic/test_tools/quic_test_utils.h"
@@ skipping 153 matching lines @@
 
     return s;
   }
 
   void SelectNewPrimaryConfig(int seconds) {
     base::AutoLock locked(server_config_->configs_lock_);
     server_config_->SelectNewPrimaryConfig(
         QuicWallTime::FromUNIXSeconds(seconds));
   }
 
+  const string CompressChain(QuicCompressedCertsCache* compressed_certs_cache,
+                             const scoped_refptr<ProofSource::Chain>& chain,
+                             const string& client_common_set_hashes,
+                             const string& client_cached_cert_hashes,
+                             const CommonCertSets* common_sets) {
+    return server_config_->CompressChain(
+        compressed_certs_cache, chain, client_common_set_hashes,
+        client_cached_cert_hashes, common_sets);
+  }
+
  private:
   const QuicCryptoServerConfig* server_config_;
 };
 
 class TestStrikeRegisterClient : public StrikeRegisterClient {
  public:
   explicit TestStrikeRegisterClient(QuicCryptoServerConfig* config)
       : config_(config), is_known_orbit_called_(false) {}
 
   bool IsKnownOrbit(StringPiece orbit) const override {
@@ skipping 70 matching lines @@
   TestStrikeRegisterClient* strike_register =
       new TestStrikeRegisterClient(&server);
   server.SetStrikeRegisterClient(strike_register);
 
   QuicCryptoServerConfig::ConfigOptions options;
   scoped_ptr<CryptoHandshakeMessage> message(
       server.AddDefaultConfig(rand, &clock, options));
   EXPECT_TRUE(strike_register->is_known_orbit_called());
 }
 
+TEST(QuicCryptoServerConfigTest, CompressCerts) {
+  QuicCompressedCertsCache compressed_certs_cache(
+      QuicCompressedCertsCache::kQuicCompressedCertsCacheSize);
+
+  QuicRandom* rand = QuicRandom::GetInstance();
+  QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand,
+                                CryptoTestUtils::ProofSourceForTesting());
+  QuicCryptoServerConfigPeer peer(&server);
+
+  vector<string> certs = {"testcert"};
+  scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs));
+
+  string compressed =
+      peer.CompressChain(&compressed_certs_cache, chain, "", "", nullptr);
+
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
+  } else {
+    EXPECT_EQ(compressed_certs_cache.Size(), 0u);
+  }
+}
+
+TEST(QuicCryptoServerConfigTest, CompressSameCertsTwice) {
+  QuicCompressedCertsCache compressed_certs_cache(
+      QuicCompressedCertsCache::kQuicCompressedCertsCacheSize);
+
+  QuicRandom* rand = QuicRandom::GetInstance();
+  QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand,
+                                CryptoTestUtils::ProofSourceForTesting());
+  QuicCryptoServerConfigPeer peer(&server);
+
+  // Compress the certs for the first time.
+  vector<string> certs = {"testcert"};
+  scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs));
+  string common_certs = "";
+  string cached_certs = "";
+
+  string compressed = peer.CompressChain(&compressed_certs_cache, chain,
+                                         common_certs, cached_certs, nullptr);
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
+  }
+
+  // Compress the same certs, should use cache if available.
+  string compressed2 = peer.CompressChain(&compressed_certs_cache, chain,
+                                          common_certs, cached_certs, nullptr);
+  EXPECT_EQ(compressed, compressed2);
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
+  }
+}
+
+TEST(QuicCryptoServerConfigTest, CompressDifferentCerts) {
+  // This test compresses a set of similar but not identical certs. Cache if
+  // used should return cache miss and add all the compressed certs.
+  QuicCompressedCertsCache compressed_certs_cache(
+      QuicCompressedCertsCache::kQuicCompressedCertsCacheSize);
+
+  QuicRandom* rand = QuicRandom::GetInstance();
+  QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand,
+                                CryptoTestUtils::ProofSourceForTesting());
+  QuicCryptoServerConfigPeer peer(&server);
+
+  vector<string> certs = {"testcert"};
+  scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs));
+  string common_certs = "";
+  string cached_certs = "";
+
+  string compressed = peer.CompressChain(&compressed_certs_cache, chain,
+                                         common_certs, cached_certs, nullptr);
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    EXPECT_EQ(compressed_certs_cache.Size(), 1u);
+  }
+
+  // Compress a similar certs which only differs in the chain.
+  scoped_refptr<ProofSource::Chain> chain2(new ProofSource::Chain(certs));
+
+  string compressed2 = peer.CompressChain(&compressed_certs_cache, chain2,
+                                          common_certs, cached_certs, nullptr);
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    EXPECT_EQ(compressed_certs_cache.Size(), 2u);
+  }
+
+  // Compress a similar certs which only differs in common certs field.
+  static const uint64_t set_hash = 42;
+  scoped_ptr<CommonCertSets> common_sets(
+      CryptoTestUtils::MockCommonCertSets(certs[0], set_hash, 1));
+  StringPiece different_common_certs(reinterpret_cast<const char*>(&set_hash),
+                                     sizeof(set_hash));
+  string compressed3 = peer.CompressChain(&compressed_certs_cache, chain,
+                                          different_common_certs.as_string(),
+                                          cached_certs, common_sets.get());
+  if (FLAGS_quic_use_cached_compressed_certs) {
+    EXPECT_EQ(compressed_certs_cache.Size(), 3u);
+  }
+}
+
 class SourceAddressTokenTest : public ::testing::Test {
  public:
   SourceAddressTokenTest()
       : ip4_(Loopback4()),
         ip4_dual_(ConvertIPv4ToIPv4MappedIPv6(ip4_)),
         ip6_(Loopback6()),
         original_time_(QuicWallTime::Zero()),
         rand_(QuicRandom::GetInstance()),
         server_(QuicCryptoServerConfig::TESTING,
                 rand_,
@@ skipping 377 matching lines @@
 TEST_F(CryptoServerConfigsTest, InvalidConfigs) {
   // Ensure that invalid configs don't change anything.
   SetConfigs("a", 800, 1, "b", 900, 1, "c", 1100, 1, nullptr);
   test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr);
   SetConfigs("a", 800, 1, "c", 1100, 1, "INVALID1", 1000, 1, nullptr);
   test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr);
 }
 
 }  // namespace test
 }  // namespace net