Remove SSLStatus::security_style member and content::SecurityStyle

android_webview/native/aw_autofill_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "android_webview/native/aw_autofill_client.h"
 
 #include "android_webview/browser/aw_browser_context.h"
 #include "android_webview/browser/aw_content_browser_client.h"
 #include "android_webview/browser/aw_form_database_service.h"
 #include "android_webview/native/aw_contents.h"
@@ skipping 178 matching lines @@
   content::SSLStatus ssl_status;
   content::NavigationEntry* navigation_entry =
       web_contents_->GetController().GetLastCommittedEntry();
   if (!navigation_entry)
      return false;
 
   ssl_status = navigation_entry->GetSSL();
   // Note: The implementation below is a copy of the one in
   // ChromeAutofillClient::IsContextSecure, and should be kept in sync
   // until crbug.com/505388 gets implemented.
-  return ssl_status.security_style == content::SECURITY_STYLE_AUTHENTICATED &&
+  return navigation_entry->GetURL().SchemeIsCryptographic() &&

[estark, 2016/10/06 22:00:17]

This is the part that is most sketchy, IMO. AwAutofillClient and
ChromeAutofillClient have to do their own calculation to decide whether the page
is secure.

ChromeAutofillClient will soon be moving to use a SecurityLevel to make this
decision instead, but we'll still be doing this calculation here. We could just
stick a helper method on SSLStatus, like
SSLStatus::IsCryptographicWithNoMajorCertErrors() or something and use that
here.

[felt, 2016/10/07 03:30:47]

Were these the only callers that you found? If so I don't think it's worth
adding the helper method, especially if we switch the other one over to a
SecurityLevel.

[estark, 2016/10/07 06:34:31]

The bots found another one, which is this weird
chrome/browser/android/policy/policy_auditor.cc thing that I've never seen
before. It's a little different though, and also should maybe be using SSM
instead? Do you know any more about this policy auditor thing? If not I'll ask
an android person.

[felt, 2016/10/07 15:08:10]

I've never seen that policy auditor thing before. The matching Java class didn't
clear things up either, except perhaps it is somehow related to enterprise
policies? Please let me know what you find, I'd very much like to know what that
class is doing & why.

+         ssl_status.certificate &&
+         (!net::IsCertStatusError(ssl_status.cert_status) ||
+          net::IsCertStatusMinorError(ssl_status.cert_status)) &&
          !(ssl_status.content_status &
            content::SSLStatus::RAN_INSECURE_CONTENT);
 }
 
 bool AwAutofillClient::ShouldShowSigninPromo() {
   return false;
 }
 
 void AwAutofillClient::StartSigninFlow() {}
 
@@ skipping 57 matching lines @@
 
 void AwAutofillClient::ScanCreditCard(const CreditCardScanCallback& callback) {
   NOTIMPLEMENTED();
 }
 
 bool RegisterAwAutofillClient(JNIEnv* env) {
   return RegisterNativesImpl(env);
 }
 
 }  // namespace android_webview