Make PlatformVerificationFlow::ChallengeCallback a base::OnceCallback

PlatformVerificationFlow::ChallengeCallback was previously unspecified as to whether it was a base::OnceCallback or base::RepeatingCallback (base::Callback aliases base::RepeatingCallback and should not be used). Since it's really a base::OnceCallback, this CL changes it to be that and adjusts the surrounding code appropriately. Bug: 1007635 Change-Id: Idf531ef4e2048cc31ed4d6ce15559dd3543725f8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2321793Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Will Cassella <cassew@google.com> Cr-Commit-Position: refs/heads/master@{#792735}

Make PlatformVerificationFlow::ChallengeCallback a base::OnceCallback
PlatformVerificationFlow::ChallengeCallback was previously unspecified as to whether it was a base::OnceCallback or base::RepeatingCallback (base::Callback aliases base::RepeatingCallback and should not be used). Since it's really a base::OnceCallback, this CL changes it to be that and adjusts the surrounding code appropriately. Bug: 1007635 Change-Id: Idf531ef4e2048cc31ed4d6ce15559dd3543725f8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2321793Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Will Cassella <cassew@google.com> Cr-Commit-Position: refs/heads/master@{#792735}
3c2bc47d · Will Cassella · Commit Bot · 61152320 · 3c2bc47d · 3c2bc47d
Commit 3c2bc47d authored Jul 29, 2020 by Will Cassella Committed by Commit Bot Jul 29, 2020
5 changed files
--- a/chrome/browser/chromeos/attestation/attestation_policy_browsertest.cc
+++ b/chrome/browser/chromeos/attestation/attestation_policy_browsertest.cc
@@ -67,8 +67,9 @@ class AttestationDevicePolicyTest
            nullptr, nullptr, chromeos::FakeCryptohomeClient::Get(), nullptr));
    verifier->ChallengePlatformKey(
        browser()->tab_strip_model()->GetActiveWebContents(), "fake_service_id",
-        "fake_challenge", base::Bind(&AttestationDevicePolicyTest::Callback,
-                                     base::Unretained(this)));
+        "fake_challenge",
+        base::BindOnce(&AttestationDevicePolicyTest::Callback,
+                       base::Unretained(this)));
    WaitForAsyncOperation();
    return result_;
  }

--- a/chrome/browser/chromeos/attestation/platform_verification_flow.cc
+++ b/chrome/browser/chromeos/attestation/platform_verification_flow.cc
@@ -54,24 +54,28 @@ const char kAttestationAvailableHistogram[] =
 const int kOpportunisticRenewalThresholdInDays = 30;

 // A callback method to handle DBus errors.
-void DBusCallback(const base::Callback<void(bool)>& on_success,
-                  const base::Closure& on_failure,
+// `on_success` and `on_failure` are called mutally exclusively,
+// and `context` is moved into the chosen callback.
+template <typename ContextT>
+void DBusCallback(base::OnceCallback<void(ContextT, bool)> on_success,
+                  base::OnceCallback<void(ContextT)> on_failure,
+                  ContextT context,
                  base::Optional<bool> result) {
  if (result.has_value()) {
-    on_success.Run(result.value());
+    std::move(on_success).Run(std::move(context), result.value());
  } else {
    LOG(ERROR) << "PlatformVerificationFlow: DBus call failed!";
-    on_failure.Run();
+    std::move(on_failure).Run(std::move(context));
  }
 }

 // A helper to call a ChallengeCallback with an error result.
 void ReportError(
-    const PlatformVerificationFlow::ChallengeCallback& callback,
+    PlatformVerificationFlow::ChallengeCallback callback,
    chromeos::attestation::PlatformVerificationFlow::Result error) {
  UMA_HISTOGRAM_ENUMERATION(kAttestationResultHistogram, error,
                            PlatformVerificationFlow::RESULT_MAX);
-  callback.Run(error, std::string(), std::string(), std::string());
+  std::move(callback).Run(error, std::string(), std::string(), std::string());
 }

 }  // namespace
@@ -135,16 +139,16 @@ PlatformVerificationFlow::ChallengeContext::ChallengeContext(
    content::WebContents* web_contents,
    const std::string& service_id,
    const std::string& challenge,
-    const ChallengeCallback& callback)
+    ChallengeCallback callback)
    : web_contents(web_contents),
      service_id(service_id),
      challenge(challenge),
-      callback(callback) {}
+      callback(std::move(callback)) {}

 PlatformVerificationFlow::ChallengeContext::ChallengeContext(
-    const ChallengeContext& other) = default;
+    ChallengeContext&& other) = default;

-PlatformVerificationFlow::ChallengeContext::~ChallengeContext() {}
+PlatformVerificationFlow::ChallengeContext::~ChallengeContext() = default;

 PlatformVerificationFlow::PlatformVerificationFlow()
    : attestation_flow_(NULL),
@@ -176,19 +180,18 @@ PlatformVerificationFlow::PlatformVerificationFlow(
  }
 }

-PlatformVerificationFlow::~PlatformVerificationFlow() {
-}
+PlatformVerificationFlow::~PlatformVerificationFlow() = default;

 void PlatformVerificationFlow::ChallengePlatformKey(
    content::WebContents* web_contents,
    const std::string& service_id,
    const std::string& challenge,
-    const ChallengeCallback& callback) {
+    ChallengeCallback callback) {
  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

  if (!delegate_->GetURL(web_contents).is_valid()) {
    LOG(WARNING) << "PlatformVerificationFlow: Invalid URL.";
-    ReportError(callback, INTERNAL_ERROR);
+    ReportError(std::move(callback), INTERNAL_ERROR);
    return;
  }

@@ -203,58 +206,65 @@ void PlatformVerificationFlow::ChallengePlatformKey(

  if (!IsAttestationAllowedByPolicy()) {
    VLOG(1) << "Platform verification not allowed by device policy.";
-    ReportError(callback, POLICY_REJECTED);
+    ReportError(std::move(callback), POLICY_REJECTED);
    return;
  }

  if (!delegate_->IsInSupportedMode(web_contents)) {
    LOG(ERROR) << "Platform verification not supported in the current mode.";
-    ReportError(callback, PLATFORM_NOT_VERIFIED);
+    ReportError(std::move(callback), PLATFORM_NOT_VERIFIED);
    return;
  }

  if (!delegate_->IsPermittedByUser(web_contents)) {
    VLOG(1) << "Platform verification not permitted by user.";
-    ReportError(callback, USER_REJECTED);
+    ReportError(std::move(callback), USER_REJECTED);
    return;
  }

-  ChallengeContext context(web_contents, service_id, challenge, callback);
+  ChallengeContext context(web_contents, service_id, challenge,
+                           std::move(callback));

  // Check if the device has been prepared to use attestation.
  cryptohome_client_->TpmAttestationIsPrepared(base::BindOnce(
-      &DBusCallback,
-      base::Bind(&PlatformVerificationFlow::OnAttestationPrepared, this,
-                 context),
-      base::Bind(&ReportError, callback, INTERNAL_ERROR)));
+      &DBusCallback<ChallengeContext>,
+      base::Bind(&PlatformVerificationFlow::OnAttestationPrepared, this),
+      base::Bind([](ChallengeContext context) {
+        ReportError(std::move(context).callback, INTERNAL_ERROR);
+      }),
+      std::move(context)));
 }

 void PlatformVerificationFlow::OnAttestationPrepared(
-    const ChallengeContext& context,
+    ChallengeContext context,
    bool attestation_prepared) {
  UMA_HISTOGRAM_BOOLEAN(kAttestationAvailableHistogram, attestation_prepared);

  if (!attestation_prepared) {
    // This device is not currently able to use attestation features.
-    ReportError(context.callback, PLATFORM_NOT_VERIFIED);
+    ReportError(std::move(context).callback, PLATFORM_NOT_VERIFIED);
    return;
  }

  // Permission allowed. Now proceed to get certificate.
  const user_manager::User* user = delegate_->GetUser(context.web_contents);
  if (!user) {
-    ReportError(context.callback, INTERNAL_ERROR);
+    ReportError(std::move(context).callback, INTERNAL_ERROR);
    LOG(ERROR) << "Profile does not map to a valid user.";
    return;
  }

-  GetCertificate(context, user->GetAccountId(),
+  auto shared_context =
+      base::MakeRefCounted<base::RefCountedData<ChallengeContext>>(
+          std::move(context));
+  GetCertificate(std::move(shared_context), user->GetAccountId(),
                 false /* Don't force a new key */);
 }

-void PlatformVerificationFlow::GetCertificate(const ChallengeContext& context,
-                                              const AccountId& account_id,
-                                              bool force_new_key) {
+void PlatformVerificationFlow::GetCertificate(
+    scoped_refptr<base::RefCountedData<ChallengeContext>> context,
+    const AccountId& account_id,
+    bool force_new_key) {
  auto timer = std::make_unique<base::OneShotTimer>();
  base::OnceClosure timeout_callback = base::BindOnce(
      &PlatformVerificationFlow::OnCertificateTimeout, this, context);
@@ -264,13 +274,13 @@ void PlatformVerificationFlow::GetCertificate(const ChallengeContext& context,
      base::BindOnce(&PlatformVerificationFlow::OnCertificateReady, this,
                     context, account_id, std::move(timer));
  attestation_flow_->GetCertificate(PROFILE_CONTENT_PROTECTION_CERTIFICATE,
-                                    account_id, context.service_id,
+                                    account_id, context->data.service_id,
                                    force_new_key, std::string() /*key_name*/,
                                    std::move(certificate_callback));
 }

 void PlatformVerificationFlow::OnCertificateReady(
-    const ChallengeContext& context,
+    scoped_refptr<base::RefCountedData<ChallengeContext>> context,
    const AccountId& account_id,
    std::unique_ptr<base::OneShotTimer> timer,
    AttestationStatus operation_status,
@@ -287,33 +297,34 @@ void PlatformVerificationFlow::OnCertificateReady(
  }
  timer->Stop();
  if (operation_status != ATTESTATION_SUCCESS) {
-    ReportError(context.callback, PLATFORM_NOT_VERIFIED);
+    ReportError(std::move(*context).data.callback, PLATFORM_NOT_VERIFIED);
    return;
  }
  ExpiryStatus expiry_status = CheckExpiry(certificate_chain);
  if (expiry_status == EXPIRY_STATUS_EXPIRED) {
-    GetCertificate(context, account_id, true /* Force a new key */);
+    GetCertificate(std::move(context), account_id, true /* Force a new key */);
    return;
  }
  bool is_expiring_soon = (expiry_status == EXPIRY_STATUS_EXPIRING_SOON);
+  std::string key_name = kContentProtectionKeyPrefix + context->data.service_id;
+  std::string challenge = context->data.challenge;
  cryptohome::AsyncMethodCaller::DataCallback cryptohome_callback =
-      base::BindOnce(&PlatformVerificationFlow::OnChallengeReady, this, context,
-                     account_id, certificate_chain, is_expiring_soon);
-  std::string key_name = kContentProtectionKeyPrefix;
-  key_name += context.service_id;
+      base::BindOnce(&PlatformVerificationFlow::OnChallengeReady, this,
+                     std::move(*context).data, account_id, certificate_chain,
+                     is_expiring_soon);
  async_caller_->TpmAttestationSignSimpleChallenge(
-      KEY_USER, cryptohome::Identification(account_id), key_name,
-      context.challenge, std::move(cryptohome_callback));
+      KEY_USER, cryptohome::Identification(account_id), std::move(key_name),
+      std::move(challenge), std::move(cryptohome_callback));
 }

 void PlatformVerificationFlow::OnCertificateTimeout(
-    const ChallengeContext& context) {
+    scoped_refptr<base::RefCountedData<ChallengeContext>> context) {
  LOG(WARNING) << "PlatformVerificationFlow: Timing out.";
-  ReportError(context.callback, TIMEOUT);
+  ReportError(std::move(*context).data.callback, TIMEOUT);
 }

 void PlatformVerificationFlow::OnChallengeReady(
-    const ChallengeContext& context,
+    ChallengeContext context,
    const AccountId& account_id,
    const std::string& certificate_chain,
    bool is_expiring_soon,
@@ -321,19 +332,20 @@ void PlatformVerificationFlow::OnChallengeReady(
    const std::string& response_data) {
  if (!operation_success) {
    LOG(ERROR) << "PlatformVerificationFlow: Failed to sign challenge.";
-    ReportError(context.callback, INTERNAL_ERROR);
+    ReportError(std::move(context).callback, INTERNAL_ERROR);
    return;
  }
  chromeos::attestation::SignedData signed_data_pb;
  if (response_data.empty() || !signed_data_pb.ParseFromString(response_data)) {
    LOG(ERROR) << "PlatformVerificationFlow: Failed to parse response data.";
-    ReportError(context.callback, INTERNAL_ERROR);
+    ReportError(std::move(context).callback, INTERNAL_ERROR);
    return;
  }
  VLOG(1) << "Platform verification successful.";
  UMA_HISTOGRAM_ENUMERATION(kAttestationResultHistogram, SUCCESS, RESULT_MAX);
-  context.callback.Run(SUCCESS, signed_data_pb.data(),
-                       signed_data_pb.signature(), certificate_chain);
+  std::move(context).callback.Run(SUCCESS, signed_data_pb.data(),
+                                  signed_data_pb.signature(),
+                                  certificate_chain);
  if (is_expiring_soon && renewals_in_progress_.count(certificate_chain) == 0) {
    renewals_in_progress_.insert(certificate_chain);
    // Fire off a certificate request so next time we'll have a new one.

--- a/chrome/browser/chromeos/attestation/platform_verification_flow.h
+++ b/chrome/browser/chromeos/attestation/platform_verification_flow.h
@@ -115,11 +115,11 @@ class PlatformVerificationFlow
  // signature.  This key may be generated on demand and is not guaranteed to
  // persist across multiple calls to this method.  The browser does not check
  // the validity of |signature| or |platform_key_certificate|.
-  typedef base::Callback<void(Result result,
+  using ChallengeCallback =
+      base::OnceCallback<void(Result result,
                              const std::string& signed_data,
                              const std::string& signature,
-                              const std::string& platform_key_certificate)>
-      ChallengeCallback;
+                              const std::string& platform_key_certificate)>;

  // A constructor that uses the default implementation of all dependencies
  // including Delegate.
@@ -145,7 +145,7 @@ class PlatformVerificationFlow
  void ChallengePlatformKey(content::WebContents* web_contents,
                            const std::string& service_id,
                            const std::string& challenge,
-                            const ChallengeCallback& callback);
+                            ChallengeCallback callback);

  void set_timeout_delay(const base::TimeDelta& timeout_delay) {
    timeout_delay_ = timeout_delay;
@@ -161,8 +161,8 @@ class PlatformVerificationFlow
    ChallengeContext(content::WebContents* web_contents,
                     const std::string& service_id,
                     const std::string& challenge,
-                     const ChallengeCallback& callback);
-    ChallengeContext(const ChallengeContext& other);
+                     ChallengeCallback callback);
+    ChallengeContext(ChallengeContext&& other);
    ~ChallengeContext();

    content::WebContents* web_contents;
@@ -176,7 +176,7 @@ class PlatformVerificationFlow
  // Callback for attestation preparation. The arguments to ChallengePlatformKey
  // are in |context|, and |attestation_prepared| specifies whether attestation
  // has been prepared on this device.
-  void OnAttestationPrepared(const ChallengeContext& context,
+  void OnAttestationPrepared(ChallengeContext context,
                             bool attestation_prepared);

  // Initiates the flow to get a platform key certificate.  The arguments to
@@ -184,9 +184,10 @@ class PlatformVerificationFlow
  // for which to get a certificate.  If |force_new_key| is true then any
  // existing key for the same user and service will be ignored and a new key
  // will be generated and certified.
-  void GetCertificate(const ChallengeContext& context,
-                      const AccountId& account_id,
-                      bool force_new_key);
+  void GetCertificate(
+      scoped_refptr<base::RefCountedData<ChallengeContext>> context,
+      const AccountId& account_id,
+      bool force_new_key);

  // A callback called when an attestation certificate request operation
  // completes.  The arguments to ChallengePlatformKey are in |context|.
@@ -197,16 +198,18 @@ class PlatformVerificationFlow
  // a request to sign the challenge.  If the operation timed out prior to this
  // method being called, this method does nothing - notably, the callback is
  // not invoked.
-  void OnCertificateReady(const ChallengeContext& context,
-                          const AccountId& account_id,
-                          std::unique_ptr<base::OneShotTimer> timer,
-                          AttestationStatus operation_status,
-                          const std::string& certificate_chain);
+  void OnCertificateReady(
+      scoped_refptr<base::RefCountedData<ChallengeContext>> context,
+      const AccountId& account_id,
+      std::unique_ptr<base::OneShotTimer> timer,
+      AttestationStatus operation_status,
+      const std::string& certificate_chain);

  // A callback run after a constant delay to handle timeouts for lengthy
  // certificate requests.  |context.callback| will be invoked with a TIMEOUT
  // result.
-  void OnCertificateTimeout(const ChallengeContext& context);
+  void OnCertificateTimeout(
+      scoped_refptr<base::RefCountedData<ChallengeContext>> context);

  // A callback called when a challenge signing request has completed.  The
  // |certificate_chain| is the platform certificate chain for the key which
@@ -217,7 +220,7 @@ class PlatformVerificationFlow
  // challenge signing operation was successful.  If it was successful,
  // |response_data| holds the challenge response and the method will invoke
  // |context.callback|.
-  void OnChallengeReady(const ChallengeContext& context,
+  void OnChallengeReady(ChallengeContext context,
                        const AccountId& account_id,
                        const std::string& certificate_chain,
                        bool is_expiring_soon,

--- a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc
+++ b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc
@@ -112,13 +112,15 @@ class PlatformVerificationFlowTest : public ::testing::Test {
                                             &fake_delegate_);

    // Create callbacks for tests to use with verifier_.
-    callback_ = base::Bind(&PlatformVerificationFlowTest::FakeChallengeCallback,
-                           base::Unretained(this));
-
    settings_helper_.ReplaceDeviceSettingsProviderWithStub();
    settings_helper_.SetBoolean(kAttestationForContentProtectionEnabled, true);
  }

+  PlatformVerificationFlow::ChallengeCallback CreateChallengeCallback() {
+    return base::BindOnce(&PlatformVerificationFlowTest::FakeChallengeCallback,
+                          base::Unretained(this));
+  }
+
  void ExpectAttestationFlow() {
    // When consent is not given or the feature is disabled, it is important
    // that there are no calls to the attestation service.  Thus, a test must
@@ -196,7 +198,6 @@ class PlatformVerificationFlowTest : public ::testing::Test {
  bool sign_challenge_success_;

  // Callback functions and data.
-  PlatformVerificationFlow::ChallengeCallback callback_;
  PlatformVerificationFlow::Result result_;
  std::string challenge_salt_;
  std::string challenge_signature_;
@@ -205,7 +206,8 @@ class PlatformVerificationFlowTest : public ::testing::Test {

 TEST_F(PlatformVerificationFlowTest, Success) {
  ExpectAttestationFlow();
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
  EXPECT_EQ(kTestSignedData, challenge_salt_);
@@ -215,14 +217,16 @@ TEST_F(PlatformVerificationFlowTest, Success) {

 TEST_F(PlatformVerificationFlowTest, NotPermittedByUser) {
  fake_delegate_.set_is_permitted_by_user(false);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
 }

 TEST_F(PlatformVerificationFlowTest, FeatureDisabledByPolicy) {
  settings_helper_.SetBoolean(kAttestationForContentProtectionEnabled, false);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_);
 }
@@ -230,7 +234,8 @@ TEST_F(PlatformVerificationFlowTest, FeatureDisabledByPolicy) {
 TEST_F(PlatformVerificationFlowTest, NotVerifiedDueToUnspeciedFailure) {
  certificate_status_ = ATTESTATION_UNSPECIFIED_FAILURE;
  ExpectAttestationFlow();
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_);
 }
@@ -238,7 +243,8 @@ TEST_F(PlatformVerificationFlowTest, NotVerifiedDueToUnspeciedFailure) {
 TEST_F(PlatformVerificationFlowTest, NotVerifiedDueToBadRequestFailure) {
  certificate_status_ = ATTESTATION_SERVER_BAD_REQUEST_FAILURE;
  ExpectAttestationFlow();
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_);
 }
@@ -246,14 +252,16 @@ TEST_F(PlatformVerificationFlowTest, NotVerifiedDueToBadRequestFailure) {
 TEST_F(PlatformVerificationFlowTest, ChallengeSigningError) {
  sign_challenge_success_ = false;
  ExpectAttestationFlow();
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::INTERNAL_ERROR, result_);
 }

 TEST_F(PlatformVerificationFlowTest, DBusFailure) {
  fake_cryptohome_client_.SetServiceIsAvailable(false);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::INTERNAL_ERROR, result_);
 }
@@ -261,7 +269,8 @@ TEST_F(PlatformVerificationFlowTest, DBusFailure) {
 TEST_F(PlatformVerificationFlowTest, Timeout) {
  verifier_->set_timeout_delay(base::TimeDelta::FromSeconds(0));
  ExpectAttestationFlow();
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::TIMEOUT, result_);
 }
@@ -277,7 +286,8 @@ TEST_F(PlatformVerificationFlowTest, ExpiredCert) {
  // that it does not pass through the certificate expiry check again.
  ASSERT_TRUE(GetFakeCertificatePEM(base::TimeDelta::FromDays(-1),
                                    &fake_certificate_list_[2]));
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
  EXPECT_EQ(fake_certificate_list_[1], certificate_);
@@ -297,7 +307,8 @@ TEST_F(PlatformVerificationFlowTest, ExpiredIntermediateCert) {
  fake_certificate_list_[0] = leaf_cert + intermediate_cert;
  ASSERT_TRUE(GetFakeCertificatePEM(base::TimeDelta::FromDays(90),
                                    &fake_certificate_list_[1]));
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
  EXPECT_EQ(fake_certificate_list_[1], certificate_);
@@ -312,9 +323,12 @@ TEST_F(PlatformVerificationFlowTest, AsyncRenewalMultipleHits) {
                                    &fake_certificate_list_[0]));
  std::fill(fake_certificate_list_.begin() + 1, fake_certificate_list_.end(),
            fake_certificate_list_[0]);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
  EXPECT_EQ(fake_certificate_list_[0], certificate_);
@@ -325,7 +339,8 @@ TEST_F(PlatformVerificationFlowTest, AsyncRenewalMultipleHits) {
 TEST_F(PlatformVerificationFlowTest, CertificateNotPEM) {
  ExpectAttestationFlow();
  fake_certificate_list_.push_back("invalid_pem");
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
  EXPECT_EQ(fake_certificate_list_[0], certificate_);
@@ -349,7 +364,8 @@ TEST_F(PlatformVerificationFlowTest, CertificateNotX509) {
      "M1pXeFdXR1ZHWkZWaVJYQmFWa2QwCk5GSkdjRFlLVFVSc1JGcDZNRGxEWnowOUNnPT0K\n"
      "-----END CERTIFICATE-----\n";
  fake_certificate_list_.push_back(not_x509);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
  EXPECT_EQ(fake_certificate_list_[0], certificate_);
@@ -357,7 +373,8 @@ TEST_F(PlatformVerificationFlowTest, CertificateNotX509) {

 TEST_F(PlatformVerificationFlowTest, UnsupportedMode) {
  fake_delegate_.set_is_in_supported_mode(false);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_);
 }
@@ -365,7 +382,8 @@ TEST_F(PlatformVerificationFlowTest, UnsupportedMode) {
 TEST_F(PlatformVerificationFlowTest, AttestationNotPrepared) {
  fake_cryptohome_client_.set_tpm_attestation_is_enrolled(false);
  fake_cryptohome_client_.set_tpm_attestation_is_prepared(false);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
+  verifier_->ChallengePlatformKey(nullptr, kTestID, kTestChallenge,
+                                  CreateChallengeCallback());
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_);
 }

--- a/chrome/browser/media/platform_verification_impl.cc
+++ b/chrome/browser/media/platform_verification_impl.cc
@@ -89,8 +89,8 @@ void PlatformVerificationImpl::ChallengePlatform(
  platform_verification_flow_->ChallengePlatformKey(
      content::WebContents::FromRenderFrameHost(render_frame_host()),
      service_id, challenge,
-      base::Bind(&PlatformVerificationImpl::OnPlatformChallenged,
-                 weak_factory_.GetWeakPtr(), base::Passed(&callback)));
+      base::BindOnce(&PlatformVerificationImpl::OnPlatformChallenged,
+                     weak_factory_.GetWeakPtr(), base::Passed(&callback)));
 #else
  // Not supported, so return failure.
  std::move(callback).Run(false, std::string(), std::string(), std::string());