Prevent usage of web payments API over insecure HTTPS.

chrome/browser/payments/chrome_payment_request_delegate.cc

Index: chrome/browser/payments/chrome_payment_request_delegate.cc
diff --git a/chrome/browser/payments/chrome_payment_request_delegate.cc b/chrome/browser/payments/chrome_payment_request_delegate.cc
index bd23df5eb07fa7c9ab63c434df803cde7070e57a..8925c5a5f9c0f8ccccd64241cce81104645a3b06 100644
--- a/chrome/browser/payments/chrome_payment_request_delegate.cc
+++ b/chrome/browser/payments/chrome_payment_request_delegate.cc
@@ -7,6 +7,7 @@
 #include "chrome/browser/autofill/personal_data_manager_factory.h"
 #include "chrome/browser/autofill/validation_rules_storage_factory.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/payments/ssl_validity_checker.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser_dialogs.h"
 #include "components/autofill/core/browser/personal_data_manager.h"
@@ -55,6 +56,14 @@ bool ChromePaymentRequestDelegate::IsIncognito() const {
   return profile && profile->GetProfileType() == Profile::INCOGNITO_PROFILE;
 }
 
+bool ChromePaymentRequestDelegate::IsValidSslCertificate() {
+  return SslValidityChecker::IsValidSslCertificate(web_contents_);

[Mathieu, 2017/04/17 03:20:45]

This is apparently true in tests? How?

[please use gerrit instead, 2017/04/17 18:19:54]

Tests use such URLs as
https://127.0.0.1:45436/payment_request_no_shipping_test.html and
https://a.com:42667/payment_request_main.html. These have valid HTTPS certs.

+}
+
+const GURL& ChromePaymentRequestDelegate::GetLastCommittedURL() const {
+  return web_contents_->GetLastCommittedURL();
+}
+
 void ChromePaymentRequestDelegate::DoFullCardRequest(
     const autofill::CreditCard& credit_card,
     base::WeakPtr<autofill::payments::FullCardRequest::ResultDelegate>