Change autofill trust logic to match omnibox security level shown.

Before this change, autofill had its own logic for determining a page
was secure. This CL changes the behavior to match the security state
shown in the omnibox.

Bug: 701018
Change-Id: Idd38fc77f93155412961c29a85f237c42ad21563
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1808226
Commit-Queue: Aidan Beggs <beggs@google.com>
Reviewed-by: Joe DeBlasio <jdeblasio@chromium.org>
Reviewed-by: Ted Choc <tedchoc@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#698536}

android_webview/browser/aw_autofill_client.cc

@@ -261,9 +261,9 @@ bool AwAutofillClient::IsContextSecure() {
     return false;
 
   ssl_status = navigation_entry->GetSSL();
-  // Note: The implementation below is a copy of the one in
-  // ChromeAutofillClient::IsContextSecure, and should be kept in sync
-  // until crbug.com/505388 gets implemented.
+  // Note: As of crbug.com/701018, Chrome relies on SecurityStateTabHelper to
+  // determine whether the page is secure, but WebView has no equivalent class.
+
   return navigation_entry->GetURL().SchemeIsCryptographic() &&
          ssl_status.certificate &&
          !net::IsCertStatusError(ssl_status.cert_status) &&

chrome/browser/ui/autofill/chrome_autofill_client.cc

@@ -51,6 +51,7 @@
 #include "components/password_manager/core/browser/password_manager_metrics_util.h"
 #include "components/password_manager/core/browser/password_requirements_service.h"
 #include "components/prefs/pref_service.h"
+#include "components/security_state/core/security_state.h"
 #include "components/signin/public/base/signin_metrics.h"
 #include "components/signin/public/identity_manager/account_info.h"
 #include "components/signin/public/identity_manager/identity_manager.h"
@@ -501,20 +502,15 @@ void ChromeAutofillClient::DidFillOrPreviewField(
 }
 
 bool ChromeAutofillClient::IsContextSecure() {
-  content::SSLStatus ssl_status;
-  content::NavigationEntry* navigation_entry =
-      web_contents()->GetController().GetLastCommittedEntry();
-  if (!navigation_entry)
-    return false;
-
-  ssl_status = navigation_entry->GetSSL();
-  // Note: If changing the implementation below, also change
-  // AwAutofillClient::IsContextSecure. See crbug.com/505388
-  return navigation_entry->GetURL().SchemeIsCryptographic() &&
-         ssl_status.certificate &&
-         !net::IsCertStatusError(ssl_status.cert_status) &&
-         !(ssl_status.content_status &
-           content::SSLStatus::RAN_INSECURE_CONTENT);
+  // Note: Defer to SecurityStateTabHelper to determine what pages
+  // are secure so that autofill behavior matches that shown in the omnibox.
+
+  SecurityStateTabHelper* helper =
+      SecurityStateTabHelper::FromWebContents(web_contents());
+
+  // There may be no SecurityStateTabHelper attached in some tests.
+  return helper &&
+         security_state::IsSslCertificateValid(helper->GetSecurityLevel());
 }
 
 bool ChromeAutofillClient::ShouldShowSigninPromo() {