[Payments] Implement openWindow for service worker based payment handler

chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java

Index: chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java b/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
index d21b63675cbc9a6dc3f9c8857101858c4db2fff7..921ff9795baf65a349b8f1abb90a56292201245f 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
@@ -257,8 +257,9 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
     private final Handler mHandler = new Handler();
     private final RenderFrameHost mRenderFrameHost;
     private final WebContents mWebContents;
+    private final String mTopLevelUrl;
     private final String mTopLevelOrigin;
-    private final String mPaymentRequestOrigin;
+    private final String mPaymentRequestUrl;
     private final String mMerchantName;
     @Nullable
     private final byte[][] mCertificateChain;
@@ -365,10 +366,9 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
         mRenderFrameHost = renderFrameHost;
         mWebContents = WebContentsStatics.fromRenderFrameHost(renderFrameHost);
 
-        mPaymentRequestOrigin = UrlFormatter.formatUrlForSecurityDisplay(
-                mRenderFrameHost.getLastCommittedURL(), true);
-        mTopLevelOrigin =
-                UrlFormatter.formatUrlForSecurityDisplay(mWebContents.getLastCommittedUrl(), true);
+        mPaymentRequestUrl = mRenderFrameHost.getLastCommittedURL();
+        mTopLevelUrl = mWebContents.getLastCommittedUrl();
+        mTopLevelOrigin = UrlFormatter.formatUrlForSecurityDisplay(mTopLevelUrl, true);
 
         mMerchantName = mWebContents.getTitle();
 
@@ -713,7 +713,7 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
         }
 
         if (queryApps.isEmpty()) {
-            CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestOrigin);
+            CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestUrl);

[please use gerrit instead, 2017/05/25 17:56:13]

canMakePayment() queries should be throttled based on the origin of the iframe,
not based on the URL. That way, https://evil.com cannot abuse the queries by
opening sub-iframes from different URLS on the same origin, e.g.,
https://evil.com/check-visa.html and https://evil.com/check-mastercard.html.

Therefore, you need to keep around mPaymentRequestOrigin variable for use with
sCanMakePaymentQueries.

[gogerald1, 2017/05/29 22:13:16]

my bad, payment request handler do require origin instead of url, so I will keep
origin here.
However our current format of origin is not standard, we could look it later.

             if (query != null && query.matchesPaymentMethods(mMethodData)) {
                 query.notifyObserversOfResponse(mCanMakePayment);
             }
@@ -725,7 +725,7 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
         // so a fast response from a non-autofill payment app at the front of the app list does not
         // cause NOT_SUPPORTED payment rejection.
         for (Map.Entry<PaymentApp, Map<String, PaymentMethodData>> q : queryApps.entrySet()) {
-            q.getKey().getInstruments(q.getValue(), mTopLevelOrigin, mPaymentRequestOrigin,
+            q.getKey().getInstruments(q.getValue(), mTopLevelUrl, mPaymentRequestUrl,

[please use gerrit instead, 2017/05/25 17:56:13]

Please rename these parameters in PaymentApp.java and update their comments.
That way, whoever is working on PaymentApp.java will know to expect the full URL
instead of only origin.

[gogerald1, 2017/05/29 22:13:16]

Done.

                     mCertificateChain, mRawTotal, this);
         }
     }
@@ -1297,7 +1297,7 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
             }
         }
 
-        instrument.invokePaymentApp(mId, mMerchantName, mTopLevelOrigin, mPaymentRequestOrigin,
+        instrument.invokePaymentApp(mId, mMerchantName, mTopLevelUrl, mPaymentRequestUrl,

[please use gerrit instead, 2017/05/25 17:56:13]

Please update the names and comments of these parameters in
PaymentInstrument.java.

[gogerald1, 2017/05/29 22:13:16]

Done.

                 mCertificateChain, Collections.unmodifiableMap(methodData), mRawTotal,
                 mRawLineItems, Collections.unmodifiableMap(modifiers), this);
 
@@ -1385,18 +1385,18 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
     public void canMakePayment() {
         if (mClient == null) return;
 
-        CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestOrigin);
+        CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestUrl);
         if (query == null) {
             // If there has not been a canMakePayment() query in the last 30 minutes, take a note
             // that one has happened just now. Remember the payment method names and the
             // corresponding data for the next 30 minutes. Forget about it after the 30 minute
             // period expires.
             query = new CanMakePaymentQuery(Collections.unmodifiableMap(mMethodData));
-            sCanMakePaymentQueries.put(mPaymentRequestOrigin, query);
+            sCanMakePaymentQueries.put(mPaymentRequestUrl, query);
             mHandler.postDelayed(new Runnable() {
                 @Override
                 public void run() {
-                    sCanMakePaymentQueries.remove(mPaymentRequestOrigin);
+                    sCanMakePaymentQueries.remove(mPaymentRequestUrl);
                 }
             }, CAN_MAKE_PAYMENT_QUERY_PERIOD_MS);
         } else if (shouldEnforceCanMakePaymentQueryQuota()
@@ -1420,7 +1420,7 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
 
         boolean isIgnoringQueryQuota = false;
         if (!shouldEnforceCanMakePaymentQueryQuota()) {
-            CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestOrigin);
+            CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestUrl);
             // The cached query may have expired between instantiation of PaymentRequest and
             // finishing the query of the payment apps.
             if (query != null) {
@@ -1564,7 +1564,7 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie
             }
         }
 
-        CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestOrigin);
+        CanMakePaymentQuery query = sCanMakePaymentQueries.get(mPaymentRequestUrl);
         if (query != null && query.matchesPaymentMethods(mMethodData)) {
             query.notifyObserversOfResponse(mCanMakePayment);
         }