Make QuicCryptoClientConfig only cache server configs for 1 week.

net/quic/core/crypto/quic_crypto_client_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/crypto/quic_crypto_client_config.h"
 
+#include <algorithm>
 #include <memory>
 
 #include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "net/quic/core/crypto/cert_compressor.h"
 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h"
 #include "net/quic/core/crypto/channel_id.h"
 #include "net/quic/core/crypto/common_cert_set.h"
@@ skipping 63 matching lines @@
   }
 
   const CryptoHandshakeMessage* scfg = GetServerConfig();
   if (!scfg) {
     // Should be impossible short of cache corruption.
     DCHECK(false);
     RecordInchoateClientHelloReason(SERVER_CONFIG_CORRUPTED);
     return false;
   }
 
-  if (now.IsAfter(expiration_time_)) {
-    UMA_HISTOGRAM_CUSTOM_TIMES(
-        "Net.QuicClientHelloServerConfig.InvalidDuration",
-        base::TimeDelta::FromSeconds(now.ToUNIXSeconds() -
-                                     expiration_time_.ToUNIXSeconds()),
-        base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50);
-    RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED);
-    return false;
+  if (now.IsBefore(expiration_time_)) {
+    return true;
   }
 
-  return true;
+  UMA_HISTOGRAM_CUSTOM_TIMES(
+      "Net.QuicClientHelloServerConfig.InvalidDuration",
+      base::TimeDelta::FromSeconds(now.ToUNIXSeconds() -
+                                   expiration_time_.ToUNIXSeconds()),
+      base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50);
+  RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED);
+  return false;
 }
 
 bool QuicCryptoClientConfig::CachedState::IsEmpty() const {
   return server_config_.empty();
 }
 
 const CryptoHandshakeMessage*
 QuicCryptoClientConfig::CachedState::GetServerConfig() const {
   if (server_config_.empty()) {
     return nullptr;
@@ skipping 607 matching lines @@
 
   StringPiece scfg;
   if (!message.GetStringPiece(kSCFG, &scfg)) {
     *error_details = "Missing SCFG";
     return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND;
   }
 
   QuicWallTime expiration_time = QuicWallTime::Zero();
   uint64_t expiry_seconds;
   if (message.GetUint64(kSTTL, &expiry_seconds) == QUIC_NO_ERROR) {
-    expiration_time = now.Add(QuicTime::Delta::FromSeconds(expiry_seconds));
+    // Only cache configs for a maximum of 1 week.
+    expiration_time = now.Add(QuicTime::Delta::FromSeconds(
+        std::min(expiry_seconds, kNumSecondsPerWeek)));
   }
 
   CachedState::ServerConfigState state =
       cached->SetServerConfig(scfg, now, expiration_time, error_details);
   if (state == CachedState::SERVER_CONFIG_EXPIRED) {
     return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED;
   }
   // TODO(rtenneti): Return more specific error code than returning
   // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER.
   if (state != CachedState::SERVER_CONFIG_VALID) {
@@ skipping 234 matching lines @@
   }
 
   // Update canonical version to point at the "most recent" entry.
   canonical_server_map_[suffix_server_id] = server_id;
 
   server_state->InitializeFrom(*canonical_state);
   return true;
 }
 
 }  // namespace net