Add IsOriginSecure and GURL::SchemeUsesTLS.

Standard functions for people to check if content from an origin can be
considered to have been transferred to the browser securely, as defined in
https://www.w3.org/TR/powerful-features/#is-origin-trustworthy.

BUG=362214,470142

Review URL: https://codereview.chromium.org/1049533002

Cr-Commit-Position: refs/heads/master@{#325495}

6 files changed, 123 insertions, 5 deletions

diff --git a/chrome/chrome_common.gypi b/chrome/chrome_common.gypi
index 7658dc9..597cce4 100644
--- a/chrome/chrome_common.gypi
+++ b/chrome/chrome_common.gypi
@@ -85,6 +85,8 @@
       'common/multi_process_lock_linux.cc',
       'common/multi_process_lock_mac.cc',
       'common/multi_process_lock_win.cc',
+      'common/origin_util.cc',
+      'common/origin_util.h',
       'common/omnibox_focus_state.h',
       'common/partial_circular_buffer.cc',
       'common/partial_circular_buffer.h',
diff --git a/chrome/chrome_tests_unit.gypi b/chrome/chrome_tests_unit.gypi
index 2eabf55..9ae0735 100644
--- a/chrome/chrome_tests_unit.gypi
+++ b/chrome/chrome_tests_unit.gypi
@@ -558,6 +558,7 @@
       'common/mac/mock_launchd.cc',
       'common/mac/mock_launchd.h',
       'common/mac/objc_zombie_unittest.mm',
+      'common/origin_util_unittest.cc',
       'common/partial_circular_buffer_unittest.cc',
       'common/pref_names_util_unittest.cc',
       'common/search_urls_unittest.cc',
@@ -1431,7 +1432,7 @@
       'browser/font_family_cache_unittest.cc',
       'browser/importer/firefox_profile_lock_unittest.cc',
       'browser/importer/profile_writer_unittest.cc',
-      # Android uses a different invaliator.
+      # Android uses a different invalidator.
       'browser/invalidation/gcm_invalidation_bridge_unittest.cc',
       'browser/invalidation/ticl_profile_settings_provider_unittest.cc',
       'browser/media_galleries/fileapi/native_media_file_util_unittest.cc',
diff --git a/chrome/common/origin_util.cc b/chrome/common/origin_util.cc
new file mode 100644
index 0000000..2884d74
--- /dev/null
+++ b/chrome/common/origin_util.cc
@@ -0,0 +1,33 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/common/origin_util.h"
+
+#include "content/public/common/url_constants.h"
+#include "extensions/common/constants.h"
+#include "net/base/net_util.h"
+#include "url/gurl.h"
+
+bool IsOriginSecure(const GURL& url) {
+  if (url.SchemeUsesTLS() || url.SchemeIsFile())
+    return true;
+
+  if (url.SchemeIsFileSystem() && url.inner_url() &&
+      IsOriginSecure(*url.inner_url())) {
+    return true;
+  }
+
+  std::string hostname = url.HostNoBrackets();
+  if (net::IsLocalhost(hostname))
+    return true;
+
+  std::string scheme = url.scheme();
+  if (scheme == content::kChromeUIScheme ||
+      scheme == extensions::kExtensionScheme ||
+      scheme == extensions::kExtensionResourceScheme) {
+    return true;
+  }
+
+  return false;
+}
diff --git a/chrome/common/origin_util.h b/chrome/common/origin_util.h
new file mode 100644
index 0000000..2b8cd5e
--- /dev/null
+++ b/chrome/common/origin_util.h
@@ -0,0 +1,17 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_COMMON_ORIGIN_UTIL_H_
+#define CHROME_COMMON_ORIGIN_UTIL_H_
+
+class GURL;
+
+// Returns true if the origin is trustworthy: that is, if its contents can be
+// said to have been transferred to the browser in a way that a network attacker
+// cannot tamper with or observe.
+//
+// See https://www.w3.org/TR/powerful-features/#is-origin-trustworthy.
+bool IsOriginSecure(const GURL& url);
+
+#endif  // CHROME_COMMON_ORIGIN_UTIL_H_
diff --git a/chrome/common/origin_util_unittest.cc b/chrome/common/origin_util_unittest.cc
new file mode 100644
index 0000000..63eff63
--- /dev/null
+++ b/chrome/common/origin_util_unittest.cc
@@ -0,0 +1,45 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/common/origin_util.h"
+
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+
+TEST(URLSchemesTest, IsOriginSecure) {
+  EXPECT_TRUE(IsOriginSecure(GURL("file:///test/fun.html")));
+  EXPECT_TRUE(IsOriginSecure(GURL("file:///test/")));
+
+  EXPECT_TRUE(IsOriginSecure(GURL("https://example.com/fun.html")));
+  EXPECT_FALSE(IsOriginSecure(GURL("http://example.com/fun.html")));
+
+  EXPECT_TRUE(IsOriginSecure(GURL("wss://example.com/fun.html")));
+  EXPECT_FALSE(IsOriginSecure(GURL("ws://example.com/fun.html")));
+
+  EXPECT_TRUE(IsOriginSecure(GURL("http://localhost/fun.html")));
+  EXPECT_FALSE(IsOriginSecure(GURL("http://localhost.com/fun.html")));
+  EXPECT_TRUE(IsOriginSecure(GURL("https://localhost.com/fun.html")));
+
+  EXPECT_TRUE(IsOriginSecure(GURL("http://127.0.0.1/fun.html")));
+  EXPECT_TRUE(IsOriginSecure(GURL("ftp://127.0.0.1/fun.html")));
+  EXPECT_TRUE(IsOriginSecure(GURL("http://127.3.0.1/fun.html")));
+  EXPECT_FALSE(
+      IsOriginSecure(GURL("http://127.example.com/fun.html")));
+  EXPECT_TRUE(
+      IsOriginSecure(GURL("https://127.example.com/fun.html")));
+
+  EXPECT_TRUE(IsOriginSecure(GURL("http://[::1]/fun.html")));
+  EXPECT_FALSE(IsOriginSecure(GURL("http://[::2]/fun.html")));
+  EXPECT_FALSE(
+      IsOriginSecure(GURL("http://[::1].example.com/fun.html")));
+
+  EXPECT_FALSE(IsOriginSecure(
+      GURL("filesystem:http://www.example.com/temporary/")));
+  EXPECT_FALSE(IsOriginSecure(
+      GURL("filesystem:ftp://www.example.com/temporary/")));
+  EXPECT_TRUE(IsOriginSecure(
+      GURL("filesystem:ftp://127.0.0.1/temporary/")));
+  EXPECT_TRUE(IsOriginSecure(
+      GURL("filesystem:https://www.example.com/temporary/")));
+}
diff --git a/url/gurl.h b/url/gurl.h
index 566fc5e..5e804a1 100644
--- a/url/gurl.h
+++ b/url/gurl.h
@@ -223,10 +223,31 @@ class URL_EXPORT GURL {
     return SchemeIs(url::kFileSystemScheme);
   }
 
-  // If the scheme indicates a secure connection
+  // Returns true if the scheme indicates a secure connection.
+  //
+  // NOTE: This function is deprecated. You probably want |SchemeUsesTLS| (if
+  // you just want to know if a scheme uses TLS for network transport) or
+  // Chromium's |IsOriginSecure| for a higher-level test about an origin's
+  // security. See those functions' documentation for more detail.
+  //
+  // TODO(palmer): Audit callers and change them to |SchemeUsesTLS| or
+  // |IsOriginSecure|, as appropriate. Then remove |SchemeIsSecure|.
+  // crbug.com/362214
   bool SchemeIsSecure() const {
     return SchemeIs(url::kHttpsScheme) || SchemeIs(url::kWssScheme) ||
-        (SchemeIsFileSystem() && inner_url() && inner_url()->SchemeIsSecure());
+           (SchemeIsFileSystem() && inner_url() &&
+            inner_url()->SchemeIsSecure());
+  }
+
+  // Returns true if the scheme indicates a network connection that uses TLS for
+  // security.
+  //
+  // This function is a not a complete test of whether or not an origin's code
+  // is minimally trustworthy. For that, see Chromium's |IsOriginSecure| for a
+  // higher-level and more complete semantics. See that function's documentation
+  // for more detail.
+  bool SchemeUsesTLS() const {
+    return SchemeIs(url::kHttpsScheme) || SchemeIs(url::kWssScheme);
   }
 
   // Returns true if the scheme is "blob".
@@ -241,7 +262,6 @@ class URL_EXPORT GURL {
 
   // Returns true if the hostname is an IP address. Note: this function isn't
   // as cheap as a simple getter because it re-parses the hostname to verify.
-  // This currently identifies only IPv4 addresses (bug 822685).
   bool HostIsIPAddress() const;
 
   // Getters for various components of the URL. The returned string will be
@@ -310,7 +330,7 @@ class URL_EXPORT GURL {
   // values defined in Parsed for ExtractPort.
   int IntPort() const;
 
-  // Returns the port number of the url, or the default port number.
+  // Returns the port number of the URL, or the default port number.
   // If the scheme has no concept of port (or unknown default) returns
   // PORT_UNSPECIFIED.
   int EffectiveIntPort() const;