[Web Payment] Validate CanMakePaymentResponsePtr

Before this patch, payment_app_provider_impl.cc cleared the
|ready_for_minimal_ui| and |account_balance| fields of
CanMakePaymentResponsePtr before forwarding the struct the service
worker payment app factories.

This patch validates the |account_balance| field of the
CanMakePaymentResponsePtr struct and forwards to the payment app
factories either the valid unchanged struct or a blank struct in case of
validation failure.

After this patch, the service worker payment app factories receive the
full validated CanMakePaymentResponsePtr struct from the renderer.

Bug: 1005076
Change-Id: I27c3b07e29804cce0b52ae7f137225007dfe4853
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2091647
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Reviewed-by: Danyao Wang <danyao@chromium.org>
Cr-Commit-Position: refs/heads/master@{#749606}

components/payments/core/native_error_strings.cc

@@ -163,5 +163,9 @@ const char kShippingAddressInvalid[] =
 const char kShippingOptionEmpty[] =
     "Payment app returned invalid response. Missing field \"shipping option\".";
 
+const char kCanMakePaymentEventInvalidAccountBalanceValue[] =
+    "Payment handler provided invalid account balance value in "
+    "CanMakePaymentEvent.respondWithMinimalUI().";
+
 }  // namespace errors
 }  // namespace payments

components/payments/core/native_error_strings.h

@@ -196,6 +196,9 @@ extern const char kShippingAddressInvalid[];
 // The payment handler responded with an empty "shipping option" field.
 extern const char kShippingOptionEmpty[];
 
+// The payment handler specified an invalid value for "accountBalance".
+extern const char kCanMakePaymentEventInvalidAccountBalanceValue[];
+
 }  // namespace errors
 }  // namespace payments
 

content/browser/BUILD.gn

@@ -65,6 +65,8 @@ jumbo_source_set("browser") {
     "//components/offline_pages/core/request_header",
     "//components/os_crypt",
     "//components/payments/content/icon",
+    "//components/payments/core",
+    "//components/payments/core:error_strings",
     "//components/payments/mojom",
     "//components/rappor",
     "//components/services/filesystem:lib",

content/browser/payments/payment_app_provider_impl.cc

@@ -18,6 +18,8 @@
 #include "base/strings/string_util.h"
 #include "base/task/post_task.h"
 #include "base/token.h"
+#include "components/payments/core/native_error_strings.h"
+#include "components/payments/core/payments_validators.h"
 #include "content/browser/payments/payment_app_context_impl.h"
 #include "content/browser/payments/payment_app_installer.h"
 #include "content/browser/service_worker/service_worker_context_wrapper.h"
@@ -34,6 +36,7 @@
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_features.h"
+#include "mojo/public/cpp/bindings/message.h"
 #include "mojo/public/mojom/base/time.mojom.h"
 #include "third_party/blink/public/common/service_worker/service_worker_status_code.h"
 #include "third_party/blink/public/mojom/permissions/permission_status.mojom.h"
@@ -668,11 +671,18 @@ void OnResponseForCanMakePaymentOnUiThread(
     const std::string& payment_request_id,
     PaymentAppProvider::CanMakePaymentCallback callback,
     CanMakePaymentResponsePtr response) {
-  // TODO(rouslan): Validate, log, and forward these fields from the renderer to
-  // the browser.
-  response->ready_for_minimal_ui = false;
-  response->account_balance.reset();
-
+  std::string error_message;
+  if (response->account_balance && !response->account_balance->empty() &&
+      !payments::PaymentsValidators::IsValidAmountFormat(
+          *response->account_balance, &error_message)) {
+    mojo::ReportBadMessage(
+        payments::errors::kCanMakePaymentEventInvalidAccountBalanceValue);
+    response = CreateBlankCanMakePaymentResponse(
+        CanMakePaymentEventResponseType::INVALID_ACCOUNT_BALANCE_VALUE);
+  }
+
+  // TODO(rouslan): Log |ready_for_minimal_ui| and |account_balance| in Dev
+  // Tools.
   auto* dev_tools = GetDevToolsForInstanceGroup(instance_group, sw_origin);
   if (dev_tools) {
     dev_tools->LogBackgroundServiceEvent(