[SecurePaymentConfirmation] Add PaymentCredential

Add the PaymentCredential credential type to enable use of Credential
Management API for enrolling payment instruments associated with
Web Authentication credentials.

This adds the renderer-side code for creating the credential and also
a mojo interface for sending the information to the Payments component
for storage.

Bug:1110325

Change-Id: I7bf2ad1cf0d499a6a211e730e785d9b970fcdb07
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2360313Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Commit-Queue: Ken Buchanan <kenrb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#801871}

chrome/browser/BUILD.gn

@@ -4732,6 +4732,8 @@ static_library("browser") {
       "crash_upload_list/crash_upload_list_crashpad.h",
       "payments/chrome_payment_request_delegate.cc",
       "payments/chrome_payment_request_delegate.h",
+      "payments/payment_credential_factory.cc",
+      "payments/payment_credential_factory.h",
       "payments/payment_request_display_manager_factory.cc",
       "payments/payment_request_display_manager_factory.h",
       "payments/payment_request_factory.cc",

chrome/browser/chrome_browser_interface_binders.cc

@@ -66,6 +66,7 @@
 #include "third_party/blink/public/mojom/credentialmanager/credential_manager.mojom.h"
 #include "third_party/blink/public/mojom/insecure_input/insecure_input_service.mojom.h"
 #include "third_party/blink/public/mojom/loader/navigation_predictor.mojom.h"
+#include "third_party/blink/public/mojom/payments/payment_credential.mojom.h"
 #include "third_party/blink/public/mojom/payments/payment_request.mojom.h"
 #include "third_party/blink/public/mojom/prerender/prerender.mojom.h"
 #include "third_party/blink/public/public_buildflags.h"
@@ -108,6 +109,7 @@
 #include "chrome/browser/media/kaleidoscope/kaleidoscope_data_provider_impl.h"
 #include "chrome/browser/media/kaleidoscope/kaleidoscope_ui.h"
 #include "chrome/browser/media/kaleidoscope/mojom/kaleidoscope.mojom.h"
+#include "chrome/browser/payments/payment_credential_factory.h"
 #include "chrome/browser/payments/payment_request_factory.h"
 #include "chrome/browser/promo_browser_command/promo_browser_command.mojom.h"
 #include "chrome/browser/speech/speech_recognition_service.h"
@@ -463,6 +465,8 @@ void PopulateChromeFrameBinders(
     map->Add<payments::mojom::PaymentRequest>(
         base::BindRepeating(&payments::CreatePaymentRequest));
   }
+  map->Add<payments::mojom::PaymentCredential>(
+      base::BindRepeating(&payments::CreatePaymentCredential));
 #endif
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)

chrome/browser/payments/BUILD.gn

@@ -42,6 +42,7 @@ source_set("browsertests") {
     "//components/payments/core",
     "//components/payments/core:test_support",
     "//components/ukm:test_support",
+    "//device/fido:test_support",
   ]
 
   if (is_android) {

chrome/browser/payments/payment_credential_factory.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/payments/payment_credential_factory.h"
+
+#include "base/feature_list.h"
+#include "chrome/browser/payments/chrome_payment_request_delegate.h"
+#include "components/payments/content/payment_request_web_contents_manager.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/web_contents.h"
+
+namespace payments {
+
+void CreatePaymentCredential(
+    content::RenderFrameHost* render_frame_host,
+    mojo::PendingReceiver<mojom::PaymentCredential> receiver) {
+  content::WebContents* web_contents =
+      content::WebContents::FromRenderFrameHost(render_frame_host);
+  if (!web_contents)
+    return;
+  PaymentRequestWebContentsManager::GetOrCreateForWebContents(web_contents)
+      ->CreatePaymentCredential(std::move(receiver));
+}
+
+}  // namespace payments

chrome/browser/payments/payment_credential_factory.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_PAYMENTS_PAYMENT_CREDENTIAL_FACTORY_H_
+#define CHROME_BROWSER_PAYMENTS_PAYMENT_CREDENTIAL_FACTORY_H_
+
+#include "mojo/public/cpp/bindings/pending_receiver.h"
+#include "third_party/blink/public/mojom/payments/payment_credential.mojom-forward.h"
+
+namespace content {
+class RenderFrameHost;
+}
+
+namespace payments {
+
+// Connect a PaymentCredential receiver to handle payment credential creation.
+void CreatePaymentCredential(
+    content::RenderFrameHost* render_frame_host,
+    mojo::PendingReceiver<mojom::PaymentCredential> receiver);
+
+}  // namespace payments
+
+#endif  // CHROME_BROWSER_PAYMENTS_PAYMENT_CREDENTIAL_FACTORY_H_

chrome/browser/payments/secure_payment_confirmation_browsertest.cc

@@ -6,9 +6,11 @@
 #include "base/strings/stringprintf.h"
 #include "build/build_config.h"
 #include "chrome/test/payments/payment_request_platform_browsertest_base.h"
+#include "content/public/browser/authenticator_environment.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test.h"
 #include "content/public/test/browser_test_utils.h"
+#include "device/fido/virtual_fido_device_factory.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace payments {
@@ -29,6 +31,33 @@ std::string getInvokePaymentRequestSnippet() {
   return base::StringPrintf("getStatusForMethodData(%s)", kTestMethodData);
 }
 
+#if !defined(OS_ANDROID)
+static constexpr char kCreatePaymentCredential[] =
+    "var PAYMENT_INSTRUMENT = {"
+    "    displayName: 'display_name_for_instrument',"
+    "    icon: 'https://pics.acme.com/00/p/aBjjjpqPb.png'"
+    "};"
+    "var PUBLIC_KEY_RP = {"
+    "    id: 'a.com',"
+    "    name: 'Acme'"
+    "};"
+    "var PUBLIC_KEY_PARAMETERS =  [{"
+    "    type: 'public-key',"
+    "    alg: -7,"
+    "},];"
+    "var PAYMENT_CREATION_OPTIONS = {"
+    "    rp: PUBLIC_KEY_RP,"
+    "    instrument: PAYMENT_INSTRUMENT,"
+    "    challenge: new TextEncoder().encode('climb a mountain'),"
+    "    pubKeyCredParams: PUBLIC_KEY_PARAMETERS,"
+    "};"
+    "navigator.credentials.create({ payment : PAYMENT_CREATION_OPTIONS })"
+    "    .then(c => window.domAutomationController.send("
+    "              'paymentCredential: OK'),"
+    "          e => window.domAutomationController.send("
+    "              'paymentCredential: ' + e.toString()));";
+#endif
+
 class SecurePaymentConfirmationTest
     : public PaymentRequestPlatformBrowserTestBase {
  public:
@@ -155,5 +184,57 @@ IN_PROC_BROWSER_TEST_F(SecurePaymentConfirmationDisabledTest,
   }
 }
 
+// Creation tests do not work on Android because there is not a way to
+// override authenticator creation.
+#if !defined(OS_ANDROID)
+class SecurePaymentConfirmationCreationTest
+    : public SecurePaymentConfirmationTest {
+ public:
+  // PaymentCredential creation uses the normal Web Authentication code path
+  // for creating the public key credential, rather than using
+  // IntenralAuthenticator. This stubs out authenticator instantiation in
+  // content.
+  void ReplaceFidoDiscoveryFactory() {
+    auto owned_virtual_device_factory =
+        std::make_unique<device::test::VirtualFidoDeviceFactory>();
+    auto* virtual_device_factory = owned_virtual_device_factory.get();
+    content::AuthenticatorEnvironment::GetInstance()
+        ->ReplaceDefaultDiscoveryFactoryForTesting(
+            std::move(owned_virtual_device_factory));
+    virtual_device_factory->SetTransport(
+        device::FidoTransportProtocol::kInternal);
+    virtual_device_factory->SetSupportedProtocol(
+        device::ProtocolVersion::kCtap2);
+    virtual_device_factory->mutable_state()->fingerprints_enrolled = true;
+
+    // Currently this only supports tests relying on user-verifying platform
+    // authenticators.
+    device::VirtualCtap2Device::Config config;
+    config.is_platform_authenticator = true;
+    config.internal_uv_support = true;
+    virtual_device_factory->SetCtap2Config(config);
+  }
+};
+
+#if defined(OS_WIN)
+// TODO(kenrb): This experiment is currently only available on Mac, but this
+// test should work on all non-Android platforms. There is a Windows failure
+// that still needs to be investigated.
+#define MAYBE_CreatePaymentCredential DISABLED_CreatePaymentCredential
+#else
+#define MAYBE_CreatePaymentCredential CreatePaymentCredential
+#endif
+IN_PROC_BROWSER_TEST_F(SecurePaymentConfirmationCreationTest,
+                       MAYBE_CreatePaymentCredential) {
+  ReplaceFidoDiscoveryFactory();
+  NavigateTo("a.com", "/payment_handler_status.html");
+
+  std::string result;
+  EXPECT_TRUE(content::ExecuteScriptAndExtractString(
+      GetActiveWebContents(), kCreatePaymentCredential, &result));
+  EXPECT_EQ(result, "paymentCredential: OK");
+}
+#endif  // !defined(OS_ANDROID)
+
 }  // namespace
 }  // namespace payments

components/payments/content/BUILD.gn

@@ -85,6 +85,8 @@ static_library("content") {
   } else {
     sources += [
       "content_payment_request_delegate.h",
+      "payment_credential.cc",
+      "payment_credential.h",
       "payment_request.cc",
       "payment_request.h",
       "payment_request_dialog.h",

components/payments/content/payment_credential.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/payments/content/payment_credential.h"
+
+namespace payments {
+
+PaymentCredential::PaymentCredential(
+    mojo::PendingReceiver<mojom::PaymentCredential> receiver) {
+  receiver_.Bind(std::move(receiver));
+}
+
+PaymentCredential::~PaymentCredential() = default;
+
+void PaymentCredential::StorePaymentCredential(
+    payments::mojom::PaymentCredentialInstrumentPtr instrument,
+    const std::vector<uint8_t>& credential_id,
+    const std::string& rp_id,
+    StorePaymentCredentialCallback callback) {
+  // TODO(kenrb): Create storage for this credential and save it.
+  std::move(callback).Run(mojom::PaymentCredentialCreationStatus::SUCCESS);
+}
+
+}  // namespace payments

components/payments/content/payment_credential.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_PAYMENTS_CONTENT_PAYMENT_CREDENTIAL_H_
+#define COMPONENTS_PAYMENTS_CONTENT_PAYMENT_CREDENTIAL_H_
+
+#include <string>
+#include <vector>
+
+#include "mojo/public/cpp/bindings/pending_receiver.h"
+#include "mojo/public/cpp/bindings/receiver.h"
+#include "third_party/blink/public/mojom/payments/payment_credential.mojom.h"
+
+namespace payments {
+
+// Implementation of the mojom::PaymentCredential interface for storing
+// PaymentCredential instruments and their associated WebAuthn credential IDs.
+// These can be retrieved later to authenticate during a PaymentRequest
+// that uses Secure Payment Confirmation.
+class PaymentCredential : public mojom::PaymentCredential {
+ public:
+  explicit PaymentCredential(
+      mojo::PendingReceiver<mojom::PaymentCredential> receiver);
+  ~PaymentCredential() override;
+
+  PaymentCredential(const PaymentCredential&) = delete;
+  PaymentCredential& operator=(const PaymentCredential&) = delete;
+
+  // mojom::PaymentCredential:
+  void StorePaymentCredential(
+      payments::mojom::PaymentCredentialInstrumentPtr instrument,
+      const std::vector<uint8_t>& credential_id,
+      const std::string& rp_id,
+      StorePaymentCredentialCallback callback) override;
+
+ private:
+  mojo::Receiver<mojom::PaymentCredential> receiver_{this};
+};
+
+}  // namespace payments
+
+#endif  // COMPONENTS_PAYMENTS_CONTENT_PAYMENT_CREDENTIAL_H_

components/payments/content/payment_request_web_contents_manager.cc

@@ -9,6 +9,7 @@
 #include "base/check.h"
 #include "base/feature_list.h"
 #include "components/payments/content/content_payment_request_delegate.h"
+#include "components/payments/content/payment_credential.h"
 #include "components/payments/content/payment_request.h"
 #include "components/payments/content/payment_request_display_manager.h"
 #include "components/payments/content/secure_payment_confirmation_payment_request_delegate.h"
@@ -64,6 +65,7 @@ void PaymentRequestWebContentsManager::DidStartNavigation(
     it.second->DidStartMainFrameNavigationToDifferentDocument(
         !navigation_handle->IsRendererInitiated());
   }
+  payment_credential_ = nullptr;
 }
 
 void PaymentRequestWebContentsManager::RenderFrameDeleted(
@@ -87,6 +89,12 @@ void PaymentRequestWebContentsManager::DestroyRequest(PaymentRequest* request) {
   payment_requests_.erase(request);
 }
 
+void PaymentRequestWebContentsManager::CreatePaymentCredential(
+    mojo::PendingReceiver<payments::mojom::PaymentCredential> receiver) {
+  payment_credential_ =
+      std::make_unique<PaymentCredential>(std::move(receiver));
+}
+
 PaymentRequestWebContentsManager::PaymentRequestWebContentsManager(
     content::WebContents* web_contents)
     : content::WebContentsObserver(web_contents) {}

components/payments/content/payment_request_web_contents_manager.h

@@ -9,10 +9,12 @@
 #include <memory>
 
 #include "base/macros.h"
+#include "components/payments/content/payment_credential.h"
 #include "components/payments/content/payment_request.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/browser/web_contents_user_data.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
+#include "third_party/blink/public/mojom/payments/payment_credential.mojom.h"
 #include "third_party/blink/public/mojom/payments/payment_request.mojom.h"
 
 namespace content {
@@ -56,6 +58,9 @@ class PaymentRequestWebContentsManager
   // Destroys the given |request|.
   void DestroyRequest(PaymentRequest* request);
 
+  void CreatePaymentCredential(
+      mojo::PendingReceiver<payments::mojom::PaymentCredential> receiver);
+
   // WebContentsObserver::
   void DidStartNavigation(
       content::NavigationHandle* navigation_handle) override;
@@ -72,6 +77,8 @@ class PaymentRequestWebContentsManager
   // the requests themselves call DestroyRequest().
   std::map<PaymentRequest*, std::unique_ptr<PaymentRequest>> payment_requests_;
 
+  std::unique_ptr<PaymentCredential> payment_credential_;
+
   WEB_CONTENTS_USER_DATA_KEY_DECL();
 
   DISALLOW_COPY_AND_ASSIGN(PaymentRequestWebContentsManager);

content/browser/browser_interface_binders.cc

@@ -100,6 +100,7 @@
 #include "third_party/blink/public/mojom/native_io/native_io.mojom.h"
 #include "third_party/blink/public/mojom/notifications/notification_service.mojom.h"
 #include "third_party/blink/public/mojom/payments/payment_app.mojom.h"
+#include "third_party/blink/public/mojom/payments/payment_credential.mojom.h"
 #include "third_party/blink/public/mojom/permissions/permission.mojom.h"
 #include "third_party/blink/public/mojom/picture_in_picture/picture_in_picture.mojom.h"
 #include "third_party/blink/public/mojom/prerender/prerender.mojom.h"
@@ -729,6 +730,8 @@ void PopulateBinderMapWithContext(
       &EmptyBinderForFrame<blink::mojom::InsecureInputService>));
   map->Add<blink::mojom::PrerenderProcessor>(base::BindRepeating(
       &EmptyBinderForFrame<blink::mojom::PrerenderProcessor>));
+  map->Add<payments::mojom::PaymentCredential>(base::BindRepeating(
+      &EmptyBinderForFrame<payments::mojom::PaymentCredential>));
   map->Add<payments::mojom::PaymentRequest>(base::BindRepeating(
       &EmptyBinderForFrame<payments::mojom::PaymentRequest>));
   map->Add<blink::mojom::AnchorElementMetricsHost>(base::BindRepeating(

third_party/blink/public/mojom/BUILD.gn

@@ -119,6 +119,7 @@ mojom("mojom_platform") {
     "page/record_content_to_visible_time_request.mojom",
     "page/widget.mojom",
     "payments/payment_app.mojom",
+    "payments/payment_credential.mojom",
     "peerconnection/peer_connection_tracker.mojom",
     "performance_manager/v8_per_frame_memory.mojom",
     "permissions/permission.mojom",

third_party/blink/public/mojom/payments/payment_credential.mojom

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+module payments.mojom;
+
+import "url/mojom/url.mojom";
+
+enum PaymentCredentialCreationStatus {
+  SUCCESS,
+  FAILED_TO_DOWNLOAD_ICON,
+  FAILED_TO_STORE_INSTRUMENT,
+};
+
+struct PaymentCredentialInstrument {
+  // Friendly name for displaying this instrument to the user.
+  string display_name;
+
+  // URL for an icon to display alongside the display_name.
+  url.mojom.Url icon;
+};
+
+// An interface for storing PaymentCredentials in browser local storage.
+// It is implemented in the browser process and called by the renderer
+// following creation of a PaymentCredential through the Credential
+// Management API.
+interface PaymentCredential {
+
+  // Store a new PaymentCredential which can be later used for
+  // PaymentRequests. This associates a payment instrument with a public
+  // key credential on an authenticator. |credential_id| and |rp_id| are
+  // associated with the public key credential.
+  StorePaymentCredential(PaymentCredentialInstrument instrument,
+                         array<uint8> credential_id,
+                         string rp_id)
+      => (PaymentCredentialCreationStatus status);
+};

third_party/blink/renderer/bindings/generated_in_modules.gni

@@ -463,6 +463,10 @@ generated_dictionary_sources_in_modules = [
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_password_credential_data.h",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payer_errors.cc",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payer_errors.h",
+  "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_credential_creation_options.cc",
+  "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_credential_creation_options.h",
+  "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_credential_instrument.cc",
+  "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_credential_instrument.h",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_currency_amount.cc",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_currency_amount.h",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_details_base.cc",
@@ -1689,6 +1693,8 @@ generated_interface_sources_in_modules = [
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_path_2d.h",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_address.cc",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_address.h",
+  "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_credential.cc",
+  "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_credential.h",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_instruments.cc",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_instruments.h",
   "$root_gen_dir/third_party/blink/renderer/bindings/modules/v8/v8_payment_manager.cc",

third_party/blink/renderer/bindings/idl_in_modules.gni

@@ -134,6 +134,9 @@ static_idl_files_in_modules = get_path_info(
           "//third_party/blink/renderer/modules/credentialmanager/otp_credential_request_options.idl",
           "//third_party/blink/renderer/modules/credentialmanager/password_credential.idl",
           "//third_party/blink/renderer/modules/credentialmanager/password_credential_data.idl",
+          "//third_party/blink/renderer/modules/credentialmanager/payment_credential.idl",
+          "//third_party/blink/renderer/modules/credentialmanager/payment_credential_creation_options.idl",
+          "//third_party/blink/renderer/modules/credentialmanager/payment_credential_instrument.idl",
           "//third_party/blink/renderer/modules/credentialmanager/public_key_credential.idl",
           "//third_party/blink/renderer/modules/credentialmanager/public_key_credential_creation_options.idl",
           "//third_party/blink/renderer/modules/credentialmanager/public_key_credential_descriptor.idl",

third_party/blink/renderer/modules/credentialmanager/BUILD.gn

@@ -30,6 +30,8 @@ blink_modules_sources("credentialmanager") {
     "otp_credential.h",
     "password_credential.cc",
     "password_credential.h",
+    "payment_credential.cc",
+    "payment_credential.h",
     "public_key_credential.cc",
     "public_key_credential.h",
     "scoped_promise_resolver.cc",

third_party/blink/renderer/modules/credentialmanager/credential.h

@@ -26,6 +26,7 @@ class MODULES_EXPORT Credential : public ScriptWrappable {
   virtual bool IsFederatedCredential() const { return false; }
   virtual bool IsPublicKeyCredential() const { return false; }
   virtual bool IsOTPCredential() const { return false; }
+  virtual bool IsPaymentCredential() const { return false; }
 
   // Credential.idl
   const String& id() const { return id_; }

third_party/blink/renderer/modules/credentialmanager/credential_creation_options.idl

@@ -12,5 +12,6 @@ dictionary CredentialCreationOptions {
     PasswordCredentialInit password;
     FederatedCredentialInit federated;
     PublicKeyCredentialCreationOptions publicKey;
+    PaymentCredentialCreationOptions payment;
     AbortSignal signal;
 };

third_party/blink/renderer/modules/credentialmanager/credential_manager_proxy.cc

@@ -15,7 +15,8 @@ CredentialManagerProxy::CredentialManagerProxy(LocalDOMWindow& window)
     : Supplement<LocalDOMWindow>(window),
       authenticator_(window.GetExecutionContext()),
       credential_manager_(window.GetExecutionContext()),
-      sms_receiver_(window.GetExecutionContext()) {
+      sms_receiver_(window.GetExecutionContext()),
+      payment_credential_(window.GetExecutionContext()) {
   LocalFrame* frame = window.GetFrame();
   DCHECK(frame);
   frame->GetBrowserInterfaceBroker().GetInterface(
@@ -39,6 +40,18 @@ mojom::blink::SmsReceiver* CredentialManagerProxy::SmsReceiver() {
   return sms_receiver_.get();
 }
 
+payments::mojom::blink::PaymentCredential*
+CredentialManagerProxy::PaymentCredential() {
+  if (!payment_credential_.is_bound()) {
+    LocalFrame* frame = GetSupplementable()->GetFrame();
+    DCHECK(frame);
+    frame->GetBrowserInterfaceBroker().GetInterface(
+        payment_credential_.BindNewPipeAndPassReceiver(
+            frame->GetTaskRunner(TaskType::kMiscPlatformAPI)));
+  }
+  return payment_credential_.get();
+}
+
 // static
 CredentialManagerProxy* CredentialManagerProxy::From(
     ScriptState* script_state) {
@@ -57,6 +70,7 @@ void CredentialManagerProxy::Trace(Visitor* visitor) const {
   visitor->Trace(authenticator_);
   visitor->Trace(credential_manager_);
   visitor->Trace(sms_receiver_);
+  visitor->Trace(payment_credential_);
   Supplement<LocalDOMWindow>::Trace(visitor);
 }
 

third_party/blink/renderer/modules/credentialmanager/credential_manager_proxy.h

@@ -6,6 +6,7 @@
 #define THIRD_PARTY_BLINK_RENDERER_MODULES_CREDENTIALMANAGER_CREDENTIAL_MANAGER_PROXY_H_
 
 #include "third_party/blink/public/mojom/credentialmanager/credential_manager.mojom-blink.h"
+#include "third_party/blink/public/mojom/payments/payment_credential.mojom-blink.h"
 #include "third_party/blink/public/mojom/sms/sms_receiver.mojom-blink.h"
 #include "third_party/blink/public/mojom/webauthn/authenticator.mojom-blink.h"
 #include "third_party/blink/renderer/core/frame/local_dom_window.h"
@@ -47,6 +48,8 @@ class MODULES_EXPORT CredentialManagerProxy
 
   mojom::blink::SmsReceiver* SmsReceiver();
 
+  payments::mojom::blink::PaymentCredential* PaymentCredential();
+
   void FlushCredentialManagerConnectionForTesting() {
     credential_manager_.FlushForTesting();
   }
@@ -67,6 +70,9 @@ class MODULES_EXPORT CredentialManagerProxy
   HeapMojoRemote<mojom::blink::SmsReceiver,
                  HeapMojoWrapperMode::kForceWithoutContextObserver>
       sms_receiver_;
+  HeapMojoRemote<payments::mojom::blink::PaymentCredential,
+                 HeapMojoWrapperMode::kForceWithoutContextObserver>
+      payment_credential_;
 };
 
 }  // namespace blink

third_party/blink/renderer/modules/credentialmanager/idls.gni

@@ -11,6 +11,7 @@ modules_idl_files = [
   "federated_credential.idl",
   "otp_credential.idl",
   "password_credential.idl",
+  "payment_credential.idl",
   "public_key_credential.idl",
 ]
 
@@ -28,6 +29,8 @@ modules_dictionary_idl_files = [
   "federated_credential_request_options.idl",
   "otp_credential_request_options.idl",
   "password_credential_data.idl",
+  "payment_credential_creation_options.idl",
+  "payment_credential_instrument.idl",
   "public_key_credential_creation_options.idl",
   "public_key_credential_descriptor.idl",
   "public_key_credential_entity.idl",

third_party/blink/renderer/modules/credentialmanager/payment_credential.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "third_party/blink/renderer/modules/credentialmanager/payment_credential.h"
+
+namespace blink {
+
+namespace {
+constexpr char kPaymentCredentialType[] = "payment";
+}
+
+PaymentCredential::PaymentCredential(
+    const String& id,
+    DOMArrayBuffer* raw_id,
+    AuthenticatorResponse* response,
+    const AuthenticationExtensionsClientOutputs* extension_outputs)
+    : PublicKeyCredential(id,
+                          raw_id,
+                          response,
+                          extension_outputs,
+                          kPaymentCredentialType) {}
+
+bool PaymentCredential::IsPaymentCredential() const {
+  return true;
+}
+
+}  // namespace blink

third_party/blink/renderer/modules/credentialmanager/payment_credential.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef THIRD_PARTY_BLINK_RENDERER_MODULES_CREDENTIALMANAGER_PAYMENT_CREDENTIAL_H_
+#define THIRD_PARTY_BLINK_RENDERER_MODULES_CREDENTIALMANAGER_PAYMENT_CREDENTIAL_H_
+
+#include "third_party/blink/renderer/core/typed_arrays/dom_array_buffer.h"
+#include "third_party/blink/renderer/modules/credentialmanager/authenticator_response.h"
+#include "third_party/blink/renderer/modules/credentialmanager/public_key_credential.h"
+#include "third_party/blink/renderer/modules/modules_export.h"
+#include "third_party/blink/renderer/platform/bindings/script_wrappable.h"
+
+namespace blink {
+
+// PaymentCredential is a special type of PublicKeyCredential that is tied
+// to a payment instrument. The credential is used to authenticate a user when
+// making a payment with SecurePaymentConfirmation.
+class MODULES_EXPORT PaymentCredential final : public PublicKeyCredential {
+  DEFINE_WRAPPERTYPEINFO();
+
+ public:
+  explicit PaymentCredential(
+      const String& id,
+      DOMArrayBuffer* raw_id,
+      AuthenticatorResponse*,
+      const AuthenticationExtensionsClientOutputs* extension_outputs);
+
+  // Credential:
+  bool IsPaymentCredential() const override;
+};
+
+}  // namespace blink
+
+#endif  // THIRD_PARTY_BLINK_RENDERER_MODULES_CREDENTIALMANAGER_PAYMENT_CREDENTIAL_H_

third_party/blink/renderer/modules/credentialmanager/payment_credential.idl

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// https://github.com/rsolomakhin/secure-payment-confirmation
+
+[
+    RuntimeEnabled=SecurePaymentConfirmation,
+    SecureContext,
+    Exposed=Window
+] interface PaymentCredential : PublicKeyCredential {
+};

third_party/blink/renderer/modules/credentialmanager/payment_credential_creation_options.idl

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// https://github.com/rsolomakhin/secure-payment-confirmation
+
+dictionary PaymentCredentialCreationOptions {
+  required PublicKeyCredentialRpEntity rp;
+  required PaymentCredentialInstrument instrument;
+  required BufferSource challenge;
+  required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
+  unsigned long timeout;
+};
+

third_party/blink/renderer/modules/credentialmanager/payment_credential_instrument.idl

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// https://github.com/rsolomakhin/secure-payment-confirmation
+
+dictionary PaymentCredentialInstrument {
+  required DOMString displayName;
+  required USVString icon;
+};

third_party/blink/renderer/modules/credentialmanager/public_key_credential.cc

@@ -31,8 +31,9 @@ PublicKeyCredential::PublicKeyCredential(
     const String& id,
     DOMArrayBuffer* raw_id,
     AuthenticatorResponse* response,
-    const AuthenticationExtensionsClientOutputs* extension_outputs)
-    : Credential(id, kPublicKeyCredentialType),
+    const AuthenticationExtensionsClientOutputs* extension_outputs,
+    const String& type)
+    : Credential(id, type.IsEmpty() ? kPublicKeyCredentialType : type),
       raw_id_(raw_id),
       response_(response),
       extension_outputs_(extension_outputs) {}

third_party/blink/renderer/modules/credentialmanager/public_key_credential.h

@@ -18,7 +18,7 @@ class AuthenticatorResponse;
 class ScriptPromise;
 class ScriptState;
 
-class MODULES_EXPORT PublicKeyCredential final : public Credential {
+class MODULES_EXPORT PublicKeyCredential : public Credential {
   DEFINE_WRAPPERTYPEINFO();
 
  public:
@@ -26,7 +26,8 @@ class MODULES_EXPORT PublicKeyCredential final : public Credential {
       const String& id,
       DOMArrayBuffer* raw_id,
       AuthenticatorResponse*,
-      const AuthenticationExtensionsClientOutputs* extension_outputs);
+      const AuthenticationExtensionsClientOutputs* extension_outputs,
+      const String& type = "");
 
   DOMArrayBuffer* rawId() const { return raw_id_.Get(); }
   AuthenticatorResponse* response() const { return response_.Get(); }

third_party/blink/web_tests/webexposed/global-interface-listing-expected.txt

@@ -5875,6 +5875,9 @@ interface PaymentAddress
     getter sortingCode
     method constructor
     method toJSON
+interface PaymentCredential : PublicKeyCredential
+    attribute @@toStringTag
+    method constructor
 interface PaymentInstruments
     attribute @@toStringTag
     method clear