Certificate Transparency: Correctly handle SCT origin

Because the Signed Certificate Timestamp's origin was not included in
the equality checks, the same SCT from different origins was treated
as the same object. This led to the SCT Viewer showing identical SCTs
as coming from the same origin.
Including the origin field in the LessThan comparison solves the problem.

BUG=464684

Review URL: https://codereview.chromium.org/997533002

Cr-Commit-Position: refs/heads/master@{#320681}

net/cert/signed_certificate_timestamp.cc

@@ -23,6 +23,8 @@ bool SignedCertificateTimestamp::LessThan::operator()(
     return lhs->timestamp < rhs->timestamp;
   if (lhs->extensions != rhs->extensions)
     return lhs->extensions < rhs->extensions;
+  if (lhs->origin != rhs->origin)
+    return lhs->origin < rhs->origin;
   return lhs->version < rhs->version;
 }
 

net/cert/signed_certificate_timestamp.h

@@ -114,8 +114,6 @@ struct NET_EXPORT SignedCertificateTimestamp
   base::Time timestamp;
   std::string extensions;
   DigitallySigned signature;
-  // The origin should not participate in equality checks
-  // as the same SCT can be provided from multiple sources.
   Origin origin;
   // The log description is not one of the SCT fields, but a user-readable
   // name defined alongside the log key. It should not participate

net/cert/signed_certificate_timestamp_unittest.cc

@@ -47,6 +47,17 @@ TEST_F(SignedCertificateTimestampTest, PicklesAndUnpickles) {
   ASSERT_EQ(sample_sct_->log_description, unpickled_sct->log_description);
 }
 
+TEST_F(SignedCertificateTimestampTest, SCTsWithDifferentOriginsNotEqual) {
+  scoped_refptr<SignedCertificateTimestamp> another_sct;
+  GetX509CertSCT(&another_sct);
+  another_sct->origin = SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION;
+
+  SignedCertificateTimestamp::LessThan less_than;
+
+  ASSERT_TRUE(less_than(sample_sct_, another_sct) ||
+              less_than(another_sct, sample_sct_));
+}
+
 }  // namespace
 
 }  // namespace ct