Switch //chrome functions to use SchemeIsCryptographic() instead of SchemeIsSecure().

palmer@ recently introduced SchemeIsCryptographic() and
IsOriginSecure(), which are meant to replace SchemeIsSecure().

IsOriginSecure() roughly means "do we trust this content not to be
tampered with before it reaches the user?" [1] This is a higher-level
definition that corresponds to the new "privileged contexts" spec. [2]

SchemeIsCryptographic() [3] is close to the old definition of
SchemeIsSecure(), and literally just checks if the scheme is a
cryptographic scheme (HTTPS or WSS as of right now). The difference is
that SchemeIsCryptographic() will not consider filesystem URLs secure.

[1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866
[2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/
[3]  https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666

BUG=362214

Review URL: https://codereview.chromium.org/1131493004

Cr-Commit-Position: refs/heads/master@{#329313}

5 files changed, 10 insertions, 12 deletions

diff --git a/chrome/browser/extensions/updater/extension_updater_unittest.cc b/chrome/browser/extensions/updater/extension_updater_unittest.cc
index 0efe0f6..e4b7b7b 100644
--- a/chrome/browser/extensions/updater/extension_updater_unittest.cc
+++ b/chrome/browser/extensions/updater/extension_updater_unittest.cc
@@ -1312,7 +1312,7 @@ class ExtensionUpdaterTest : public testing::Test {
     net::HttpRequestHeaders fetch_headers;
     fetcher->GetExtraRequestHeaders(&fetch_headers);
     // If the download URL is not https, no credentials should be provided.
-    if (!test_url.SchemeIsSecure()) {
+    if (!test_url.SchemeIsCryptographic()) {
       // No cookies.
       EXPECT_EQ(kExpectedLoadFlags, fetcher->GetLoadFlags());
       // No Authorization header.
diff --git a/chrome/browser/search/search.cc b/chrome/browser/search/search.cc
index 21254bc..4355aef 100644
--- a/chrome/browser/search/search.cc
+++ b/chrome/browser/search/search.cc
@@ -175,8 +175,8 @@ bool MatchesAnySearchURL(const GURL& url,
 // --google-base-url to point at non-HTTPS servers, which eases testing.)
 bool IsSuitableURLForInstant(const GURL& url, const TemplateURL* template_url) {
   return template_url->HasSearchTermsReplacementKey(url) &&
-      (url.SchemeIsSecure() ||
-       google_util::StartsWithCommandLineGoogleBaseURL(url));
+         (url.SchemeIsCryptographic() ||
+          google_util::StartsWithCommandLineGoogleBaseURL(url));
 }
 
 // Returns true if |url| can be used as an Instant URL for |profile|.
@@ -264,7 +264,7 @@ NewTabURLState IsValidNewTabURL(Profile* profile, const GURL& new_tab_url) {
     return NEW_TAB_URL_INCOGNITO;
   if (!new_tab_url.is_valid())
     return NEW_TAB_URL_NOT_SET;
-  if (!new_tab_url.SchemeIsSecure())
+  if (!new_tab_url.SchemeIsCryptographic())
     return NEW_TAB_URL_INSECURE;
   if (!IsURLAllowedForSupervisedUser(new_tab_url, profile))
     return NEW_TAB_URL_BLOCKED;
@@ -481,7 +481,7 @@ GURL GetInstantURL(Profile* profile, bool force_instant_results) {
   // Extended mode requires HTTPS.  Force it unless the base URL was overridden
   // on the command line, in which case we allow HTTP (see comments on
   // IsSuitableURLForInstant()).
-  if (!instant_url.SchemeIsSecure() &&
+  if (!instant_url.SchemeIsCryptographic() &&
       !google_util::StartsWithCommandLineGoogleBaseURL(instant_url)) {
     GURL::Replacements replacements;
     replacements.SetSchemeStr(url::kHttpsScheme);
diff --git a/chrome/browser/signin/signin_header_helper.cc b/chrome/browser/signin/signin_header_helper.cc
index 4f9807c..187a6c3 100644
--- a/chrome/browser/signin/signin_header_helper.cc
+++ b/chrome/browser/signin/signin_header_helper.cc
@@ -173,7 +173,7 @@ void ProcessMirrorHeaderUIThread(
 #endif // !defined(OS_IOS)
 
 bool IsDriveOrigin(const GURL& url) {
-  if (!url.SchemeIsSecure())
+  if (!url.SchemeIsCryptographic())
     return false;
 
   const GURL kGoogleDriveURL("https://drive.google.com");
diff --git a/chrome/browser/ui/toolbar/toolbar_model_unittest.cc b/chrome/browser/ui/toolbar/toolbar_model_unittest.cc
index a303ca37..537d795 100644
--- a/chrome/browser/ui/toolbar/toolbar_model_unittest.cc
+++ b/chrome/browser/ui/toolbar/toolbar_model_unittest.cc
@@ -203,7 +203,7 @@ void ToolbarModelTest::NavigateAndCheckText(
   CommitPendingLoad(controller);
   // Fake a secure connection for HTTPS URLs, or the toolbar will refuse to
   // extract search terms.
-  if (url.SchemeIsSecure()) {
+  if (url.SchemeIsCryptographic()) {
     controller->GetVisibleEntry()->GetSSL().security_style =
         content::SECURITY_STYLE_AUTHENTICATED;
   }
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index 2816416..8e92dfc 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -1023,8 +1023,7 @@ bool ChromeContentRendererClient::IsNaClAllowed(
 
   bool is_photo_app =
       // Whitelisted apps must be served over https.
-      app_url.SchemeIs("https") &&
-      manifest_url.SchemeIs("https") &&
+      app_url.SchemeIsCryptographic() && manifest_url.SchemeIsCryptographic() &&
       (EndsWith(app_url_host, "plus.google.com", false) ||
        EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
       manifest_url.DomainIs("ssl.gstatic.com") &&
@@ -1037,9 +1036,8 @@ bool ChromeContentRendererClient::IsNaClAllowed(
   }
   bool is_hangouts_app =
       // Whitelisted apps must be served over secure scheme.
-      app_url.SchemeIs("https") &&
-      manifest_url.SchemeIsSecure() &&
-      manifest_url.SchemeIsFileSystem() &&
+      app_url.SchemeIsCryptographic() && manifest_url.SchemeIsFileSystem() &&
+      manifest_url.inner_url()->SchemeIsCryptographic() &&
       (EndsWith(app_url_host, "talkgadget.google.com", false) ||
        EndsWith(app_url_host, "plus.google.com", false) ||
        EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&