media: Require SecureContext for EME APIs

In this CL requestMediaKeySystemAccess() requires SecureContext. On
non-SecureContext, this API will not be visible.

Some notes for future reference:

1. file:// is always treated as SecureContext.
2. file:// is not a unique origin. The origin string is "file://"
3. LoadFromData is treated as non-SecureContext. See the updated [1]
   in this CL.
4. LoadFromData is also treated as unique origin. This is what [1]
   used to test without this CL.
5. allowFileAccessFromFileURLs has nothing to do with SecureContext.
   Rather it controls whether you can load other files from file://.
   - So if you run a simple html page on file://, and that file
     doesn't depend on any other file, you don't need
     allowFileAccessFromFileURLs. This is why for [2] we don't
     really need allowFileAccessFromFileURLs.
   - If the html page depends on other js files, without
     allowFileAccessFromFileURLs, those js files will not be loaded.
     This will cause a lot of test failures. That's why in content
     shell, we have allowFileAccessFromFileURLs enabled by default.

[1]
third_party/WebKit/LayoutTests/media/encrypted-media/encrypted-media-unique-origin.html
[2] android_webview/test/shell/assets/key-system-test.html

BUG=672605
TEST=Manually tested and made sure EME APIs are not available on
insecure origins.

Review-Url: https://codereview.chromium.org/2678433003
Cr-Commit-Position: refs/heads/master@{#449344}
diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/KeySystemTest.java b/android_webview/javatests/src/org/chromium/android_webview/test/KeySystemTest.java
index 3bda004..d00a3da 100644
--- a/android_webview/javatests/src/org/chromium/android_webview/test/KeySystemTest.java
+++ b/android_webview/javatests/src/org/chromium/android_webview/test/KeySystemTest.java
@@ -50,36 +50,8 @@
         mAwContents = testContainerView.getAwContents();
         enableJavaScriptOnUiThread(mAwContents);
 
-        loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
-                getKeySystemTestPage(), "text/html", false);
-    }
-
-    private String getKeySystemTestPage() {
-        // requestMediaKeySystemAccess() provides 2 different configurations
-        // as encrypted webm is only supported on Lollipop+. mp4 is proprietary,
-        // and may not be supported on all Android devices.
-        return "<html> <script>"
-                + "var result;"
-                + "function success(keySystemAccess) {"
-                + "  result = 'supported';"
-                + "}"
-                + "function failure(error){"
-                + "  result = error.name;"
-                + "}"
-                + "function isKeySystemSupported(keySystem) {"
-                + "  navigator.requestMediaKeySystemAccess("
-                + "     keySystem, "
-                + "     [{audioCapabilities:"
-                + "         [{contentType: 'audio/webm; codec=\"vorbis\"'}]}, "
-                + "      {videoCapabilities:"
-                + "         [{contentType: 'video/mp4; codecs=\"avc1.4D000C\"'}]}])"
-                + "  .then(success, failure);"
-                + "}"
-                + "function areProprietaryCodecsSupported() {"
-                + "  var video = document.createElement('video');"
-                + "  return video.canPlayType('video/mp4; codecs=\"avc1\"');"
-                + "}"
-                + "</script> </html>";
+        loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
+                "file:///android_asset/key-system-test.html");
     }
 
     private String isKeySystemSupported(String keySystem) throws Exception {
diff --git a/android_webview/test/BUILD.gn b/android_webview/test/BUILD.gn
index e341ddf0..a638337 100644
--- a/android_webview/test/BUILD.gn
+++ b/android_webview/test/BUILD.gn
@@ -75,6 +75,7 @@
     "shell/assets/full_screen_video_inside_div_test.html",
     "shell/assets/full_screen_video_test.html",
     "shell/assets/full_screen_video_test_not_preloaded.html",
+    "shell/assets/key-system-test.html",
     "shell/assets/platform-media-codec-test.html",
     "shell/assets/video.3gp",
     "shell/assets/video.webm",
diff --git a/android_webview/test/shell/assets/key-system-test.html b/android_webview/test/shell/assets/key-system-test.html
new file mode 100644
index 0000000..0de0b9f
--- /dev/null
+++ b/android_webview/test/shell/assets/key-system-test.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+
+<html>
+<script>
+
+var result;
+
+function success(keySystemAccess) {
+  result = 'supported';
+}
+
+function failure(error) {
+  result = error.name;
+}
+
+function isKeySystemSupported(keySystem) {
+  // requestMediaKeySystemAccess() provides 2 different configurations
+  // as encrypted webm is only supported on Lollipop+. mp4 is proprietary,
+  // and may not be supported on all Android devices.
+  navigator
+      .requestMediaKeySystemAccess(
+          keySystem,
+          [
+            {
+              audioCapabilities :
+                  [ {contentType : 'audio/webm; codec=\"vorbis\"'} ]
+            },
+            {
+              videoCapabilities :
+                  [ {contentType : 'video/mp4; codecs=\"avc1.4D000C\"'} ]
+            }
+          ])
+      .then(success, failure);
+}
+
+function areProprietaryCodecsSupported() {
+  var video = document.createElement('video');
+  return video.canPlayType('video/mp4; codecs=\"avc1\"');
+}
+
+</script>
+</html>
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
index e04c515..5db49111 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
@@ -1,17 +1,16 @@
 CONSOLE WARNING: Use of the Application Cache is deprecated on insecure origins. Support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
-CONSOLE WARNING: line 27: The devicemotion event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
-CONSOLE WARNING: line 32: The deviceorientation event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
-CONSOLE WARNING: line 42: getCurrentPosition() and watchPosition() no longer work on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
-CONSOLE WARNING: line 61: getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
-CONSOLE WARNING: line 36: Using requestMediaKeySystemAccess() on insecure origins is deprecated and will be removed in M58, around April 2017. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: line 26: The devicemotion event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: line 31: The deviceorientation event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: line 36: getCurrentPosition() and watchPosition() no longer work on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: line 55: getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 This is a testharness.js-based test.
 PASS device motion 
 PASS device orientation 
-PASS requestMediaKeySystemAccess 
 PASS getCurrentPosition 
 PASS watchPosition 
 PASS navigator.webkitGetUserMedia 
 PASS navigator.mediaDevices.getUserMedia 
 PASS appcache 
+PASS requestMediaKeySystemAccess 
 Harness: the test ran to completion.
 
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
index 528fb97..e041c398 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
@@ -16,7 +16,6 @@
     if (!window.internals)
         assert_unreached('window.internals is required for this test');
 
-
     // Tests for APIs that are deprecated, but still allowed, on
     // insecure origins
     async_test(function() {
@@ -32,11 +31,6 @@
         window.addEventListener('deviceorientation', this.step_func_done());
     }, 'device orientation');
 
-    promise_test(function(test) {
-        return navigator.requestMediaKeySystemAccess('org.w3.clearkey',
-            [{ videoCapabilities: [{contentType: 'video/webm; codecs="vp9"'}] }]);
-    }, 'requestMediaKeySystemAccess');
-
     // Tests for APIs that have been turned off on insecure origins
     async_test(function() {
         navigator.geolocation.getCurrentPosition(
@@ -87,6 +81,10 @@
 
         applicationCache.addEventListener('cached', cached, false);
     }, 'appcache');
+
+    test(function() {
+      assert_false('requestMediaKeySystemAccess' in navigator);
+    }, 'requestMediaKeySystemAccess');
 }
 </script>
 </body>
diff --git a/third_party/WebKit/LayoutTests/media/encrypted-media/encrypted-media-unique-origin.html b/third_party/WebKit/LayoutTests/media/encrypted-media/encrypted-media-unique-origin.html
index 4492bde..bfadd30 100644
--- a/third_party/WebKit/LayoutTests/media/encrypted-media/encrypted-media-unique-origin.html
+++ b/third_party/WebKit/LayoutTests/media/encrypted-media/encrypted-media-unique-origin.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
     <head>
-        <title>Unique origin is unable to create MediaKeys</title>
+        <title>requestMediaKeySystemAccess() is not available on unique origin</title>
         <script src="../../resources/testharness.js"></script>
         <script src="../../resources/testharnessreport.js"></script>
     </head>
@@ -31,22 +31,15 @@
             }
 
             promise_test(function(test) {
+                // TODO(xhwang): Also check other EME APIs.
                 var script = 'data:text/html,' +
                     '<script>' +
                     '    window.onmessage = function(e) {' +
-                    '        navigator.requestMediaKeySystemAccess(\'org.w3.clearkey\', [{' +
-                    '           initDataTypes: [ \'keyids\' ],' +
-                    '           audioCapabilities: [' +
-                    '               { contentType: \'audio/mp4; codecs="mp4a.40.2"\' },' +
-                    '               { contentType: \'audio/webm; codecs="opus"\' }' +
-                    '           ]' +
-                    '       }]).then(function(access) {' +
-                    '            return access.createMediaKeys();' +
-                    '        }).then(function(mediaKeys) {' +
-                    '            window.parent.postMessage({result: \'allowed\'}, \'*\');' +
-                    '        }, function(error) {' +
-                    '            window.parent.postMessage({result: \'failed\'}, \'*\');' +
-                    '        });' +
+                    '        if (\'requestMediaKeySystemAccess\' in navigator) {' +
+                    '            window.parent.postMessage({result: \'available\'}, \'*\');' +
+                    '        } else { ' +
+                    '            window.parent.postMessage({result: \'unavailable\'}, \'*\');' +
+                    '        }' +
                     '    };' +
                     '<\/script>';
 
@@ -66,9 +59,9 @@
                     iframe.contentWindow.postMessage({}, '*');
                     return wait_for_message();
                 }).then(function(message) {
-                    assert_equals(message.result, 'failed');
+                    assert_equals(message.result, 'unavailable');
                 });
-            }, 'Unique origin is unable to create MediaKeys');
+            }, 'requestMediaKeySystemAccess() is not available on unique origin');
         </script>
     </body>
 </html>
diff --git a/third_party/WebKit/Source/core/frame/Deprecation.cpp b/third_party/WebKit/Source/core/frame/Deprecation.cpp
index cd5cf67..cbba6d4 100644
--- a/third_party/WebKit/Source/core/frame/Deprecation.cpp
+++ b/third_party/WebKit/Source/core/frame/Deprecation.cpp
@@ -324,14 +324,6 @@
              "secure origin, such as HTTPS. See https://goo.gl/rStTGz for more "
              "details.";
 
-    case UseCounter::EncryptedMediaInsecureOrigin:
-      return String::format(
-          "Using requestMediaKeySystemAccess() on insecure origins is "
-          "deprecated and will be removed in %s. You should consider "
-          "switching your application to a secure origin, such as HTTPS. See "
-          "https://goo.gl/rStTGz for more details.",
-          milestoneString(M58));
-
     case UseCounter::MediaSourceAbortRemove:
       return "Using SourceBuffer.abort() to abort remove()'s asynchronous "
              "range removal is deprecated due to specification change. Support "
diff --git a/third_party/WebKit/Source/core/frame/UseCounter.h b/third_party/WebKit/Source/core/frame/UseCounter.h
index c5548f7..5392204 100644
--- a/third_party/WebKit/Source/core/frame/UseCounter.h
+++ b/third_party/WebKit/Source/core/frame/UseCounter.h
@@ -569,8 +569,6 @@
     FullscreenInsecureOrigin = 766,
     DialogInSandboxedContext = 767,
     SVGSMILAnimationInImageRegardlessOfCache = 768,
-    EncryptedMediaSecureOrigin = 770,
-    EncryptedMediaInsecureOrigin = 771,
     PerformanceFrameTiming = 772,
     V8Element_Animate_Method = 773,
     // The above items are available in M44 branch.
diff --git a/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.idl b/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.idl
index 7998203..37b49db 100644
--- a/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.idl
+++ b/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.idl
@@ -1,10 +1,9 @@
 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
-
 partial interface HTMLMediaElement {
     readonly attribute MediaKeys mediaKeys;
-    [CallWith=ScriptState] Promise setMediaKeys(MediaKeys? mediaKeys);
+    [SecureContext, CallWith=ScriptState] Promise setMediaKeys(MediaKeys? mediaKeys);
     attribute EventHandler onencrypted;
     attribute EventHandler onwaitingforkey;
 };
diff --git a/third_party/WebKit/Source/modules/encryptedmedia/MediaKeys.idl b/third_party/WebKit/Source/modules/encryptedmedia/MediaKeys.idl
index 0863a83..a716f07 100644
--- a/third_party/WebKit/Source/modules/encryptedmedia/MediaKeys.idl
+++ b/third_party/WebKit/Source/modules/encryptedmedia/MediaKeys.idl
@@ -31,6 +31,7 @@
 [
     ActiveScriptWrappable,
     DependentLifetime,
+    SecureContext,
 ] interface MediaKeys {
     [CallWith=ScriptState, RaisesException] MediaKeySession createSession(optional MediaKeySessionType sessionType = "temporary");
 
diff --git a/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.cpp b/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.cpp
index ae354cf..96c4f00 100644
--- a/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.cpp
+++ b/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.cpp
@@ -339,19 +339,6 @@
                          "The supportedConfigurations parameter is empty."));
   }
 
-  // Note: This method should only be exposed to secure contexts as indicated
-  // by the [SecureContext] IDL attribute. Since that will break some existing
-  // sites, we simply keep track of sites that aren't secure and output a
-  // deprecation message.
-  if (executionContext->isSecureContext()) {
-    UseCounter::count(executionContext, UseCounter::EncryptedMediaSecureOrigin);
-  } else {
-    Deprecation::countDeprecation(executionContext,
-                                  UseCounter::EncryptedMediaInsecureOrigin);
-    // TODO(ddorwin): Implement the following:
-    // Reject promise with a new DOMException whose name is NotSupportedError.
-  }
-
   // 3. Let document be the calling context's Document.
   //    (Done at the begining of this function.)
   if (!document->page()) {
diff --git a/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.idl b/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.idl
index 62c96b7..2ea077a 100644
--- a/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.idl
+++ b/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.idl
@@ -5,5 +5,5 @@
 // https://w3c.github.io/encrypted-media/#navigator-extension-requestmediakeysystemaccess
 
 partial interface Navigator {
-    [CallWith=ScriptState] Promise<MediaKeySystemAccess> requestMediaKeySystemAccess(DOMString keySystem, sequence<MediaKeySystemConfiguration> supportedConfigurations);
+    [SecureContext, CallWith=ScriptState] Promise<MediaKeySystemAccess> requestMediaKeySystemAccess(DOMString keySystem, sequence<MediaKeySystemConfiguration> supportedConfigurations);
 };