SignedExchange: Apply scheme restriction to {cert,validity}-url

This CL follows signed exchange spec change:
https://github.com/WICG/webpackage/commit/3903da6e

Bug: 803774
Change-Id: I7f122272cf93f46a26757b08fe8a9d80f0404518
Reviewed-on: https://chromium-review.googlesource.com/1114403Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Kouhei Ueno <kouhei@chromium.org>
Cr-Commit-Position: refs/heads/master@{#570790}

content/browser/web_package/signed_exchange_signature_header_field.cc

@@ -232,6 +232,11 @@ SignedExchangeSignatureHeaderField::ParseSignature(
           devtools_proxy, "'cert-url' parameter is not a valid URL.");
       return base::nullopt;
     }
+    if (!sig.cert_url.SchemeIs("https") && !sig.cert_url.SchemeIs("data")) {
+      signed_exchange_utils::ReportErrorAndTraceEvent(
+          devtools_proxy, "'cert-url' should have 'https' or 'data' scheme.");
+      return base::nullopt;
+    }
     const std::string cert_sha256_string = value.params[kCertSha256Key];
     if (cert_sha256_string.size() != crypto::kSHA256Length) {
       // TODO(https://crbug.com/819467) : When we will support "ed25519Key", the
@@ -256,6 +261,11 @@ SignedExchangeSignatureHeaderField::ParseSignature(
           devtools_proxy, "'validity-url' parameter can't have a fragment.");
       return base::nullopt;
     }
+    if (!sig.validity_url.SchemeIs("https")) {
+      signed_exchange_utils::ReportErrorAndTraceEvent(
+          devtools_proxy, "'validity-url' should have 'https' scheme.");
+      return base::nullopt;
+    }
     if (!base::StringToUint64(value.params[kDateKey], &sig.date)) {
       signed_exchange_utils::ReportErrorAndTraceEvent(
           devtools_proxy, "'date' parameter is not a number.");

content/browser/web_package/signed_exchange_signature_header_field_unittest.cc

@@ -147,6 +147,21 @@ TEST_F(SignedExchangeSignatureHeaderFieldTest, CertURLWithFragment) {
   EXPECT_FALSE(signatures.has_value());
 }
 
+TEST_F(SignedExchangeSignatureHeaderFieldTest, CertURLHttpShouldFail) {
+  const char hdr_string[] =
+      "sig1;"
+      " sig=*MEUCIQDXlI2gN3RNBlgFiuRNFpZXcDIaUpX6HIEwcZEc0cZYLAIga9DsVOMM+"
+      "g5YpwEBdGW3sS+bvnmAJJiSMwhuBdqp5UY=*;"
+      " integrity=\"mi\";"
+      " validity-url=\"https://example.com/resource.validity.1511128380\";"
+      " cert-url=\"http://example.com/oldcerts#test\";"
+      " cert-sha256=*W7uB969dFW3Mb5ZefPS9Tq5ZbH5iSmOILpjv2qEArmI=*;"
+      " date=1511128380; expires=1511733180";
+  auto signatures = SignedExchangeSignatureHeaderField::ParseSignature(
+      hdr_string, nullptr /* devtools_proxy */);
+  EXPECT_FALSE(signatures.has_value());
+}
+
 TEST_F(SignedExchangeSignatureHeaderFieldTest, RelativeCertURL) {
   const char hdr_string[] =
       "sig1;"
@@ -192,6 +207,21 @@ TEST_F(SignedExchangeSignatureHeaderFieldTest, ValidityUrlWithFragment) {
   EXPECT_FALSE(signatures.has_value());
 }
 
+TEST_F(SignedExchangeSignatureHeaderFieldTest, ValidityUrlHttpShouldFail) {
+  const char hdr_string[] =
+      "sig1;"
+      " sig=*MEUCIQDXlI2gN3RNBlgFiuRNFpZXcDIaUpX6HIEwcZEc0cZYLAIga9DsVOMM+"
+      "g5YpwEBdGW3sS+bvnmAJJiSMwhuBdqp5UY=*;"
+      " integrity=\"mi\";"
+      " validity-url=\"http://example.com/resource.validity.1511128380#test\";"
+      " cert-url=\"https://example.com/oldcerts\";"
+      " cert-sha256=*W7uB969dFW3Mb5ZefPS9Tq5ZbH5iSmOILpjv2qEArmI=*;"
+      " date=1511128380; expires=1511733180";
+  auto signatures = SignedExchangeSignatureHeaderField::ParseSignature(
+      hdr_string, nullptr /* devtools_proxy */);
+  EXPECT_FALSE(signatures.has_value());
+}
+
 TEST_F(SignedExchangeSignatureHeaderFieldTest, RelativeValidityUrl) {
   const char hdr_string[] =
       "sig1;"