Roll Chrome into Mojo.

net/quic/crypto/quic_crypto_server_config_test.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_server_config.h"
 
 #include <stdarg.h>
 
 #include "base/stl_util.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
@@ skipping 34 matching lines @@
     }
   }
 
   bool ConfigHasDefaultSourceAddressTokenBoxer(string config_id) {
     scoped_refptr<QuicCryptoServerConfig::Config> config = GetConfig(config_id);
     return config->source_address_token_boxer ==
         &(server_config_->default_source_address_token_boxer_);
   }
 
   string NewSourceAddressToken(string config_id,
-                               const IPEndPoint& ip,
-                               QuicRandom* rand,
-                               QuicWallTime now) {
-    return NewSourceAddressToken(config_id, ip, rand, now, NULL);
-  }
-
-  string NewSourceAddressToken(string config_id,
-                               const IPEndPoint& ip,
-                               QuicRandom* rand,
-                               QuicWallTime now,
-                               const SourceAddressTokens& previous_tokens) {
-    return server_config_->NewSourceAddressToken(
-        *GetConfig(config_id), previous_tokens, ip, rand, now, NULL);
-  }
-
-  string NewSourceAddressToken(string config_id,
+                               SourceAddressTokens previous_tokens,
                                const IPEndPoint& ip,
                                QuicRandom* rand,
                                QuicWallTime now,
                                CachedNetworkParameters* cached_network_params) {
-    SourceAddressTokens previous_tokens;
     return server_config_->NewSourceAddressToken(*GetConfig(config_id),
                                                  previous_tokens, ip, rand, now,
                                                  cached_network_params);
   }
 
   HandshakeFailureReason ValidateSourceAddressToken(string config_id,
                                                     StringPiece srct,
                                                     const IPEndPoint& ip,
                                                     QuicWallTime now) {
     return ValidateSourceAddressToken(config_id, srct, ip, now, NULL);
@@ skipping 228 matching lines @@
     override_config_protobuf_.reset(
         QuicCryptoServerConfig::GenerateConfig(rand_, &clock_, options));
     override_config_protobuf_->set_source_address_token_secret_override(
         "a secret key");
     // Lower priority than the default config.
     override_config_protobuf_->set_priority(1);
     override_config_.reset(
         server_.AddConfig(override_config_protobuf_.get(), original_time_));
   }
 
+  string NewSourceAddressToken(string config_id, const IPEndPoint& ip) {
+    return NewSourceAddressToken(config_id, ip, NULL);
+  }
+
+  string NewSourceAddressToken(string config_id,
+                               const IPEndPoint& ip,
+                               const SourceAddressTokens& previous_tokens) {
+    return peer_.NewSourceAddressToken(config_id, previous_tokens, ip, rand_,
+                                       clock_.WallNow(), NULL);
+  }
+
+  string NewSourceAddressToken(string config_id,
+                               const IPEndPoint& ip,
+                               CachedNetworkParameters* cached_network_params) {
+    SourceAddressTokens previous_tokens;
+    return peer_.NewSourceAddressToken(config_id, previous_tokens, ip, rand_,
+                                       clock_.WallNow(), cached_network_params);
+  }
+
+  HandshakeFailureReason ValidateSourceAddressToken(string config_id,
+                                                    StringPiece srct,
+                                                    const IPEndPoint& ip) {
+    return ValidateSourceAddressToken(config_id, srct, ip, NULL);
+  }
+
+  HandshakeFailureReason ValidateSourceAddressToken(
+      string config_id,
+      StringPiece srct,
+      const IPEndPoint& ip,
+      CachedNetworkParameters* cached_network_params) {
+    return peer_.ValidateSourceAddressToken(
+        config_id, srct, ip, clock_.WallNow(), cached_network_params);
+  }
+
+  HandshakeFailureReason ValidateSourceAddressTokens(string config_id,
+                                                     StringPiece srct,
+                                                     const IPEndPoint& ip) {
+    return ValidateSourceAddressTokens(config_id, srct, ip, NULL);
+  }
+
+  HandshakeFailureReason ValidateSourceAddressTokens(
+      string config_id,
+      StringPiece srct,
+      const IPEndPoint& ip,
+      CachedNetworkParameters* cached_network_params) {
+    return peer_.ValidateSourceAddressTokens(
+        config_id, srct, ip, clock_.WallNow(), cached_network_params);
+  }
+
   const string kPrimary = "<primary>";
   const string kOverride = "Config with custom source address token key";
 
   IPEndPoint ip4_;
   IPEndPoint ip4_dual_;
   IPEndPoint ip6_;
 
   MockClock clock_;
   QuicWallTime original_time_;
   QuicRandom* rand_ = QuicRandom::GetInstance();
   QuicCryptoServerConfig server_;
   QuicCryptoServerConfigPeer peer_;
   // Stores the primary config.
   scoped_ptr<CryptoHandshakeMessage> primary_config_;
   scoped_ptr<QuicServerConfigProtobuf> override_config_protobuf_;
   scoped_ptr<CryptoHandshakeMessage> override_config_;
 };
 
 TEST_F(SourceAddressTokenTest, SourceAddressToken) {
   ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
                               false);
 
-  QuicWallTime now = clock_.WallNow();
-
   EXPECT_TRUE(peer_.ConfigHasDefaultSourceAddressTokenBoxer(kPrimary));
   EXPECT_FALSE(peer_.ConfigHasDefaultSourceAddressTokenBoxer(kOverride));
 
   // Primary config generates configs that validate successfully.
-  const string token4 = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
-  const string token4d =
-      peer_.NewSourceAddressToken(kPrimary, ip4_dual_, rand_, now);
-  const string token6 = peer_.NewSourceAddressToken(kPrimary, ip6_, rand_, now);
-  EXPECT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressToken(kPrimary, token4, ip4_, now));
+  const string token4 = NewSourceAddressToken(kPrimary, ip4_);
+  const string token4d = NewSourceAddressToken(kPrimary, ip4_dual_);
+  const string token6 = NewSourceAddressToken(kPrimary, ip6_);
+  EXPECT_EQ(HANDSHAKE_OK, ValidateSourceAddressToken(kPrimary, token4, ip4_));
   ASSERT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressToken(kPrimary, token4, ip4_dual_, now));
+            ValidateSourceAddressToken(kPrimary, token4, ip4_dual_));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
-            peer_.ValidateSourceAddressToken(kPrimary, token4, ip6_, now));
+            ValidateSourceAddressToken(kPrimary, token4, ip6_));
+  ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressToken(kPrimary, token4d, ip4_));
   ASSERT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressToken(kPrimary, token4d, ip4_, now));
-  ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressToken(kPrimary, token4d,
-                                                           ip4_dual_, now));
+            ValidateSourceAddressToken(kPrimary, token4d, ip4_dual_));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
-            peer_.ValidateSourceAddressToken(kPrimary, token4d, ip6_, now));
-  ASSERT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressToken(kPrimary, token6, ip6_, now));
+            ValidateSourceAddressToken(kPrimary, token4d, ip6_));
+  ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressToken(kPrimary, token6, ip6_));
 
   // Override config generates configs that validate successfully.
-  const string override_token4 =
-      peer_.NewSourceAddressToken(kOverride, ip4_, rand_, now);
-  const string override_token6 =
-      peer_.NewSourceAddressToken(kOverride, ip6_, rand_, now);
-  ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressToken(
-                              kOverride, override_token4, ip4_, now));
-  ASSERT_EQ(
-      SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
-      peer_.ValidateSourceAddressToken(kOverride, override_token4, ip6_, now));
-  ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressToken(
-                              kOverride, override_token6, ip6_, now));
+  const string override_token4 = NewSourceAddressToken(kOverride, ip4_);
+  const string override_token6 = NewSourceAddressToken(kOverride, ip6_);
+  ASSERT_EQ(HANDSHAKE_OK,
+            ValidateSourceAddressToken(kOverride, override_token4, ip4_));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+            ValidateSourceAddressToken(kOverride, override_token4, ip6_));
+  ASSERT_EQ(HANDSHAKE_OK,
+            ValidateSourceAddressToken(kOverride, override_token6, ip6_));
 
   // Tokens generated by the primary config do not validate
   // successfully against the override config, and vice versa.
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-            peer_.ValidateSourceAddressToken(kOverride, token4, ip4_, now));
+            ValidateSourceAddressToken(kOverride, token4, ip4_));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-            peer_.ValidateSourceAddressToken(kOverride, token6, ip6_, now));
-  ASSERT_EQ(
-      SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-      peer_.ValidateSourceAddressToken(kPrimary, override_token4, ip4_, now));
-  ASSERT_EQ(
-      SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-      peer_.ValidateSourceAddressToken(kPrimary, override_token6, ip6_, now));
+            ValidateSourceAddressToken(kOverride, token6, ip6_));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+            ValidateSourceAddressToken(kPrimary, override_token4, ip4_));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+            ValidateSourceAddressToken(kPrimary, override_token6, ip6_));
 }
 
 TEST_F(SourceAddressTokenTest, SourceAddressTokenExpiration) {
   ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
                               false);
 
-  QuicWallTime now = clock_.WallNow();
+  const string token = NewSourceAddressToken(kPrimary, ip4_);
 
-  const string token = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
+  // Validation fails if the token is from the future.
+  clock_.AdvanceTime(QuicTime::Delta::FromSeconds(-3600 * 2));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
+            ValidateSourceAddressToken(kPrimary, token, ip4_));
 
   // Validation fails after tokens expire.
-  now = original_time_.Add(QuicTime::Delta::FromSeconds(86400 * 7));
+  clock_.AdvanceTime(QuicTime::Delta::FromSeconds(86400 * 7));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,
-            peer_.ValidateSourceAddressToken(kPrimary, token, ip4_, now));
-
-  now = original_time_.Subtract(QuicTime::Delta::FromSeconds(3600 * 2));
-  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
-            peer_.ValidateSourceAddressToken(kPrimary, token, ip4_, now));
+            ValidateSourceAddressToken(kPrimary, token, ip4_));
 }
 
 TEST_F(SourceAddressTokenTest, SourceAddressTokenWithNetworkParams) {
   ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
                               false);
 
-  QuicWallTime now = clock_.WallNow();
-
   // Make sure that if the source address token contains CachedNetworkParameters
   // that this gets written to ValidateSourceAddressToken output argument.
   CachedNetworkParameters cached_network_params_input;
   cached_network_params_input.set_bandwidth_estimate_bytes_per_second(1234);
-  const string token4_with_cached_network_params = peer_.NewSourceAddressToken(
-      kPrimary, ip4_, rand_, now, &cached_network_params_input);
+  const string token4_with_cached_network_params =
+      NewSourceAddressToken(kPrimary, ip4_, &cached_network_params_input);
 
   CachedNetworkParameters cached_network_params_output;
 #if 0
   // TODO(rtenneti): For server, enable the following check after serialization
   // of optional CachedNetworkParameters is implemented.
   EXPECT_NE(cached_network_params_output.DebugString(),
             cached_network_params_input.DebugString());
 #endif
-  peer_.ValidateSourceAddressToken(kPrimary, token4_with_cached_network_params,
-                                   ip4_, now, &cached_network_params_output);
+  ValidateSourceAddressToken(kPrimary, token4_with_cached_network_params, ip4_,
+                             &cached_network_params_output);
 #if 0
   // TODO(rtenneti): For server, enable the following check after serialization
   // of optional CachedNetworkParameters is implemented.
   EXPECT_EQ(cached_network_params_output.DebugString(),
             cached_network_params_input.DebugString());
 #endif
 }
 
 // Test basic behavior of source address tokens including being specific
 // to a single IP address and server config.
 //
 // TODO(rtenneti): For server, enable the following test after serialization of
 // SourceAddressTokens is implemented.
 TEST_F(SourceAddressTokenTest, DISABLED_NewSourceAddressToken) {
   ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
                               true);
 
-  QuicWallTime now = clock_.WallNow();
-
   // Primary config generates configs that validate successfully.
-  const string token4 = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
-  const string token4d =
-      peer_.NewSourceAddressToken(kPrimary, ip4_dual_, rand_, now);
-  const string token6 = peer_.NewSourceAddressToken(kPrimary, ip6_, rand_, now);
-  EXPECT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressTokens(kPrimary, token4, ip4_, now));
-  ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(kPrimary, token4,
-                                                            ip4_dual_, now));
+  const string token4 = NewSourceAddressToken(kPrimary, ip4_);
+  const string token4d = NewSourceAddressToken(kPrimary, ip4_dual_);
+  const string token6 = NewSourceAddressToken(kPrimary, ip6_);
+  EXPECT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4, ip4_));
+  ASSERT_EQ(HANDSHAKE_OK,
+            ValidateSourceAddressTokens(kPrimary, token4, ip4_dual_));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
-            peer_.ValidateSourceAddressTokens(kPrimary, token4, ip6_, now));
+            ValidateSourceAddressTokens(kPrimary, token4, ip6_));
+  ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4d, ip4_));
   ASSERT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressTokens(kPrimary, token4d, ip4_, now));
-  ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(kPrimary, token4d,
-                                                            ip4_dual_, now));
+            ValidateSourceAddressTokens(kPrimary, token4d, ip4_dual_));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
-            peer_.ValidateSourceAddressTokens(kPrimary, token4d, ip6_, now));
-  ASSERT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressTokens(kPrimary, token6, ip6_, now));
+            ValidateSourceAddressTokens(kPrimary, token4d, ip6_));
+  ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token6, ip6_));
 
   // Override config generates configs that validate successfully.
-  const string override_token4 =
-      peer_.NewSourceAddressToken(kOverride, ip4_, rand_, now);
-  const string override_token6 =
-      peer_.NewSourceAddressToken(kOverride, ip6_, rand_, now);
-  ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(
-                              kOverride, override_token4, ip4_, now));
-  ASSERT_EQ(
-      SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
-      peer_.ValidateSourceAddressTokens(kOverride, override_token4, ip6_, now));
-  ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(
-                              kOverride, override_token6, ip6_, now));
+  const string override_token4 = NewSourceAddressToken(kOverride, ip4_);
+  const string override_token6 = NewSourceAddressToken(kOverride, ip6_);
+  ASSERT_EQ(HANDSHAKE_OK,
+            ValidateSourceAddressTokens(kOverride, override_token4, ip4_));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+            ValidateSourceAddressTokens(kOverride, override_token4, ip6_));
+  ASSERT_EQ(HANDSHAKE_OK,
+            ValidateSourceAddressTokens(kOverride, override_token6, ip6_));
 
   // Tokens generated by the primary config do not validate
   // successfully against the override config, and vice versa.
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-            peer_.ValidateSourceAddressTokens(kOverride, token4, ip4_, now));
+            ValidateSourceAddressTokens(kOverride, token4, ip4_));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-            peer_.ValidateSourceAddressTokens(kOverride, token6, ip6_, now));
-  ASSERT_EQ(
-      SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-      peer_.ValidateSourceAddressTokens(kPrimary, override_token4, ip4_, now));
-  ASSERT_EQ(
-      SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
-      peer_.ValidateSourceAddressTokens(kPrimary, override_token6, ip6_, now));
+            ValidateSourceAddressTokens(kOverride, token6, ip6_));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+            ValidateSourceAddressTokens(kPrimary, override_token4, ip4_));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+            ValidateSourceAddressTokens(kPrimary, override_token6, ip6_));
 }
 
 // TODO(rtenneti): For server, enable the following test after serialization of
 // SourceAddressTokens is implemented.
 TEST_F(SourceAddressTokenTest, DISABLED_NewSourceAddressTokenExpiration) {
   ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
                               true);
 
-  QuicWallTime now = clock_.WallNow();
+  const string token = NewSourceAddressToken(kPrimary, ip4_);
 
-  const string token = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
+  // Validation fails if the token is from the future.
+  clock_.AdvanceTime(QuicTime::Delta::FromSeconds(-3600 * 2));
+  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
+            ValidateSourceAddressTokens(kPrimary, token, ip4_));
 
   // Validation fails after tokens expire.
-  now = original_time_.Add(QuicTime::Delta::FromSeconds(86400 * 7));
+  clock_.AdvanceTime(QuicTime::Delta::FromSeconds(86400 * 7));
   ASSERT_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,
-            peer_.ValidateSourceAddressTokens(kPrimary, token, ip4_, now));
-
-  now = original_time_.Subtract(QuicTime::Delta::FromSeconds(3600 * 2));
-  ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
-            peer_.ValidateSourceAddressTokens(kPrimary, token, ip4_, now));
+            ValidateSourceAddressTokens(kPrimary, token, ip4_));
 }
 
 TEST_F(SourceAddressTokenTest, NewSourceAddressTokenWithNetworkParams) {
   ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
                               true);
 
-  QuicWallTime now = clock_.WallNow();
-
   // Make sure that if the source address token contains CachedNetworkParameters
   // that this gets written to ValidateSourceAddressToken output argument.
   CachedNetworkParameters cached_network_params_input;
   cached_network_params_input.set_bandwidth_estimate_bytes_per_second(1234);
-  const string token4_with_cached_network_params = peer_.NewSourceAddressToken(
-      kPrimary, ip4_, rand_, now, &cached_network_params_input);
+  const string token4_with_cached_network_params =
+      NewSourceAddressToken(kPrimary, ip4_, &cached_network_params_input);
 
   CachedNetworkParameters cached_network_params_output;
 #if 0
   // TODO(rtenneti): For server, enable the following check after serialization
   // of optional CachedNetworkParameters is implemented.
   EXPECT_NE(cached_network_params_output.DebugString(),
             cached_network_params_input.DebugString());
 #endif
-  peer_.ValidateSourceAddressTokens(kPrimary, token4_with_cached_network_params,
-                                    ip4_, now, &cached_network_params_output);
+  ValidateSourceAddressTokens(kPrimary, token4_with_cached_network_params, ip4_,
+                              &cached_network_params_output);
 #if 0
   // TODO(rtenneti): For server, enable the following check after serialization
   // of optional CachedNetworkParameters is implemented.
   EXPECT_EQ(cached_network_params_output.DebugString(),
             cached_network_params_input.DebugString());
 #endif
 }
 
 // Test the ability for a source address token to be valid for multiple
 // addresses.
@@ skipping 10 matching lines @@
   SourceAddressToken previous_token;
   IPAddressNumber ip_address = ip6_.address();
   if (ip6_.GetSockAddrFamily() == AF_INET) {
     ip_address = ConvertIPv4NumberToIPv6Number(ip_address);
   }
   previous_token.set_ip(IPAddressToPackedString(ip_address));
   previous_token.set_timestamp(now.ToUNIXSeconds());
   SourceAddressTokens previous_tokens;
   (*previous_tokens.add_tokens()) = previous_token;
   const string token4or6 =
-      peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now, previous_tokens);
+      NewSourceAddressToken(kPrimary, ip4_, previous_tokens);
 
   EXPECT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressTokens(kPrimary, token4or6, ip4_, now));
+            ValidateSourceAddressTokens(kPrimary, token4or6, ip4_));
   ASSERT_EQ(HANDSHAKE_OK,
-            peer_.ValidateSourceAddressTokens(kPrimary, token4or6, ip6_, now));
+            ValidateSourceAddressTokens(kPrimary, token4or6, ip6_));
 }
 
 TEST(QuicCryptoServerConfigTest, ValidateServerNonce) {
   QuicRandom* rand = QuicRandom::GetInstance();
   QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand);
   QuicCryptoServerConfigPeer peer(&server);
 
   StringPiece message("hello world");
   const size_t key_size = CryptoSecretBoxer::GetKeySize();
   scoped_ptr<uint8[]> key(new uint8[key_size]);
@@ skipping 318 matching lines @@
              nullptr);
   test_peer_.CheckConfigs(
       "a", false,
       "b", true,
       "c", false,
       nullptr);
 }
 
 }  // namespace test
 }  // namespace net