[webauthn] Create caBLE Win Feature Flag

This change adds a feature flag for caBLE for Windows and disables it by default. Bug: 821766, 837088 Change-Id: I2f87be1854a3fc64d23c9a0493eaecf0ee73668b Reviewed-on: https://chromium-review.googlesource.com/1187146 Commit-Queue: Balazs Engedy <engedy@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#585821}

[webauthn] Create caBLE Win Feature Flag
This change adds a feature flag for caBLE for Windows and disables it by default. Bug: 821766, 837088 Change-Id: I2f87be1854a3fc64d23c9a0493eaecf0ee73668b Reviewed-on: https://chromium-review.googlesource.com/1187146 Commit-Queue: Balazs Engedy <engedy@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#585821}
1b7fa9ed · Jan Wilken Doerrie · Commit Bot · 430656c9 · 1b7fa9ed · 1b7fa9ed
Commit 1b7fa9ed authored Aug 24, 2018 by Jan Wilken Doerrie Committed by Commit Bot Aug 24, 2018
4 changed files
--- a/content/browser/webauth/authenticator_impl.cc
+++ b/content/browser/webauth/authenticator_impl.cc
@@ -336,7 +336,12 @@ AuthenticatorImpl::AuthenticatorImpl(RenderFrameHost* render_frame_host,
    protocols_.insert(device::FidoTransportProtocol::kBluetoothLowEnergy);
  }

+#if defined(OS_WIN)
+  if (base::FeatureList::IsEnabled(features::kWebAuthCable) &&
+      base::FeatureList::IsEnabled(features::kWebAuthCableWin)) {
+#else
  if (base::FeatureList::IsEnabled(features::kWebAuthCable)) {
+#endif  // defined(OS_WIN)
    protocols_.insert(
        device::FidoTransportProtocol::kCloudAssistedBluetoothLowEnergy);
  }

--- a/content/browser/webauth/authenticator_impl_unittest.cc
+++ b/content/browser/webauth/authenticator_impl_unittest.cc
@@ -820,7 +820,7 @@ TEST_F(AuthenticatorImplTest, OversizedCredentialId) {
  }
 }

-TEST_F(AuthenticatorImplTest, TestCableDiscoveryEnabledByDefault) {
+TEST_F(AuthenticatorImplTest, TestCableDiscoveryByDefault) {
  TestServiceManagerContext service_manager_context;
  SimulateNavigation(GURL(kTestOrigin1));
  PublicKeyCredentialRequestOptionsPtr options =
@@ -838,8 +838,15 @@ TEST_F(AuthenticatorImplTest, TestCableDiscoveryEnabledByDefault) {
  callback_receiver.WaitForCallback();

  EXPECT_EQ(AuthenticatorStatus::NOT_ALLOWED_ERROR, callback_receiver.status());
+
+// On Windows caBLE should be disabled by default.
+#if defined(OS_WIN)
+  EXPECT_FALSE(SupportsTransportProtocol(
+      device::FidoTransportProtocol::kCloudAssistedBluetoothLowEnergy));
+#else
  EXPECT_TRUE(SupportsTransportProtocol(
      device::FidoTransportProtocol::kCloudAssistedBluetoothLowEnergy));
+#endif
 }

 TEST_F(AuthenticatorImplTest, TestCableDiscoveryDisabledWithoutFlag) {
@@ -866,6 +873,66 @@ TEST_F(AuthenticatorImplTest, TestCableDiscoveryDisabledWithoutFlag) {
      device::FidoTransportProtocol::kCloudAssistedBluetoothLowEnergy));
 }

+#if defined(OS_WIN)
+TEST_F(AuthenticatorImplTest, TestCableDiscoveryEnabledWithWinFlag) {
+  EnableFeature(features::kWebAuthCableWin);
+  TestServiceManagerContext service_manager_context;
+  SimulateNavigation(GURL(kTestOrigin1));
+  PublicKeyCredentialRequestOptionsPtr options =
+      GetTestPublicKeyCredentialRequestOptions();
+  TestGetAssertionCallback callback_receiver;
+
+  auto task_runner = base::MakeRefCounted<base::TestMockTimeTaskRunner>(
+      base::Time::Now(), base::TimeTicks::Now());
+  auto authenticator = ConstructAuthenticatorWithTimer(task_runner);
+  authenticator->GetAssertion(std::move(options), callback_receiver.callback());
+
+  // Trigger timer.
+  base::RunLoop().RunUntilIdle();
+  task_runner->FastForwardBy(base::TimeDelta::FromMinutes(1));
+  callback_receiver.WaitForCallback();
+
+  EXPECT_EQ(AuthenticatorStatus::NOT_ALLOWED_ERROR, callback_receiver.status());
+  EXPECT_TRUE(SupportsTransportProtocol(
+      device::FidoTransportProtocol::kCloudAssistedBluetoothLowEnergy));
+}
+
+// Tests that caBLE is not supported when features::kWebAuthCable is disabled,
+// regardless of the state of features::kWebAuthCableWin.
+TEST_F(AuthenticatorImplTest, TestCableDiscoveryDisabledWithoutFlagWin) {
+  for (bool enable_win_flag : {false, true}) {
+    std::vector<base::Feature> enabled_features;
+    std::vector<base::Feature> disabled_features = {features::kWebAuthCable};
+    enable_win_flag ? enabled_features.push_back(features::kWebAuthCableWin)
+                    : disabled_features.push_back(features::kWebAuthCableWin);
+
+    scoped_feature_list_.emplace();
+    scoped_feature_list_->InitWithFeatures(enabled_features, disabled_features);
+    TestServiceManagerContext service_manager_context;
+    SimulateNavigation(GURL(kTestOrigin1));
+    PublicKeyCredentialRequestOptionsPtr options =
+        GetTestPublicKeyCredentialRequestOptions();
+    TestGetAssertionCallback callback_receiver;
+
+    auto task_runner = base::MakeRefCounted<base::TestMockTimeTaskRunner>(
+        base::Time::Now(), base::TimeTicks::Now());
+    auto authenticator = ConstructAuthenticatorWithTimer(task_runner);
+    authenticator->GetAssertion(std::move(options),
+                                callback_receiver.callback());
+
+    // Trigger timer.
+    base::RunLoop().RunUntilIdle();
+    task_runner->FastForwardBy(base::TimeDelta::FromMinutes(1));
+    callback_receiver.WaitForCallback();
+
+    EXPECT_EQ(AuthenticatorStatus::NOT_ALLOWED_ERROR,
+              callback_receiver.status());
+    EXPECT_FALSE(SupportsTransportProtocol(
+        device::FidoTransportProtocol::kCloudAssistedBluetoothLowEnergy));
+  }
+}
+#endif
+
 TEST_F(AuthenticatorImplTest, TestCableDiscoveryDisabledForMakeCredential) {
  SimulateNavigation(GURL(kTestOrigin1));
  PublicKeyCredentialCreationOptionsPtr options =

--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -518,6 +518,12 @@ const base::Feature kWebAuthBle{"WebAuthenticationBle",
 const base::Feature kWebAuthCable{"WebAuthenticationCable",
                                  base::FEATURE_ENABLED_BY_DEFAULT};

+// Controls whether CTAP2 devices can communicate via the WebAuthentication API
+// using pairingless BLE protocol on Windows.
+// https://w3c.github.io/webauthn
+const base::Feature kWebAuthCableWin{"WebAuthenticationCableWin",
+                                     base::FEATURE_DISABLED_BY_DEFAULT};
+
 // If WebGL Image Chromium is allowed, this feature controls whether it is
 // enabled.
 const base::Feature kWebGLImageChromium{"WebGLImageChromium",

--- a/content/public/common/content_features.h
+++ b/content/public/common/content_features.h
@@ -118,6 +118,7 @@ CONTENT_EXPORT extern const base::Feature kWebAssemblyTrapHandler;
 CONTENT_EXPORT extern const base::Feature kWebAuth;
 CONTENT_EXPORT extern const base::Feature kWebAuthBle;
 CONTENT_EXPORT extern const base::Feature kWebAuthCable;
+CONTENT_EXPORT extern const base::Feature kWebAuthCableWin;
 CONTENT_EXPORT extern const base::Feature kWebContentsOcclusion;
 CONTENT_EXPORT extern const base::Feature kWebGLImageChromium;
 CONTENT_EXPORT extern const base::Feature kWebPayments;