[webauthn] Return InvalidState instead of NotAllowedError for duplicates

InvalidState was added in crrev.com/984725 but not actually returned
to the renderer. This CL returns the correct error and adds a
corresponding end-to-end layout test using a virtual device.

Bug: 819256
Change-Id: Iee07fee5b8de9af59f32399018e1b5ace474abe1
Reviewed-on: https://chromium-review.googlesource.com/1000958
Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#549722}

content/browser/webauth/authenticator_impl.cc

@@ -576,7 +576,7 @@ void AuthenticatorImpl::OnRegisterResponse(
       // |exclude_credentials|.
       InvokeCallbackAndCleanup(
           std::move(make_credential_response_callback_),
-          webauth::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR, nullptr);
+          webauth::mojom::AuthenticatorStatus::INVALID_STATE, nullptr);
       return;
     case device::FidoReturnCode::kFailure:
       // The response from the authenticator was corrupted.

third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-create-from-nested-frame.html

@@ -16,9 +16,12 @@ if (document.location.host != "subdomain.example.test:8443") {
   promise_test(_ => new Promise(_ => {}), "Stall tests on the wrong host.");
 }
 
-promise_test(t => {
-  return navigator.credentials.test.createAuthenticator();
-}, "Set up one virtual authenticator for testing.");
+promise_test(async _ => {
+  let authenticators = await navigator.credentials.test.authenticators();
+  assert_equals(authenticators.length, 0);
+  let testAuthenticator = await navigator.credentials.test.createAuthenticator();
+  assert_true(await testAuthenticator.generateAndRegisterKey(ACCEPTABLE_CREDENTIAL_ID, "subdomain.example.test"));
+}, "Set up the testing environment.");
 
 promise_test(t => {
   let PROBE_CREDENTIALS = "window.parent.postMessage(String(navigator.credentials), '*');";
@@ -48,7 +51,6 @@ promise_test(t => {
   });
 }, "navigator.credentials.create({publicKey}) in a javascript url should should succeed.");
 
-
 promise_test(t => {
   let frame = document.createElement("iframe");
   frame.srcdoc = HTML_WITH_TEST_INPUTS;
@@ -98,6 +100,21 @@ promise_test(t => {
   });
 }, "navigator.credentials.create({publicKey}) in an about:blank page embedded in a secure context should pass rpID checks.");
 
+promise_test(async t => {
+  let authenticators = await navigator.credentials.test.authenticators();
+  assert_equals(authenticators.length, 1);
+  let testAuthenticator = authenticators[0];
+  testAuthenticator.clearRegisteredKeys();
+  assert_true(await testAuthenticator.generateAndRegisterKey(ACCEPTABLE_CREDENTIAL_ID, "subdomain.example.test"));
+  let keys = await testAuthenticator.registeredKeys();
+  assert_equals(keys.length, 1);
+
+  var customMakeCredOptions = deepCopy(MAKE_CREDENTIAL_OPTIONS);
+  customMakeCredOptions.excludeCredentials = [ACCEPTABLE_CREDENTIAL];
+  return promise_rejects(t, "InvalidStateError",
+    navigator.credentials.create({ publicKey : customMakeCredOptions}));
+}, "navigator.credentials.create() re-registration returns InvalidStateError");
+
 promise_test(t => {
   return navigator.credentials.test.clearAuthenticators();
 }, "Clean up testing environment.");

third_party/WebKit/LayoutTests/http/tests/credentialmanager/resources/test-inputs.js

@@ -84,7 +84,7 @@ function encloseInScriptTag(code) {
 }
 
 function deepCopy(value) {
-  if ([Number, String, Uint8Array].includes(value.constructor))
+  if ([Number, String, Boolean, Uint8Array].includes(value.constructor))
     return value;
 
   let copy = (value.constructor == Array) ? [] : {};