webauthn: drop Token Binding stuff.

Chrome isn't doing Token Binding any longer.

Change-Id: I5c9cdfec22ae1075f3943d4c041544311be9c4ad
Reviewed-on: https://chromium-review.googlesource.com/1176786Reviewed-by: Balazs Engedy <engedy@chromium.org>
Commit-Queue: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#583675}

content/browser/webauth/authenticator_impl.cc

@@ -379,38 +379,16 @@ bool AuthenticatorImpl::IsFocused() const {
 std::string AuthenticatorImpl::SerializeCollectedClientDataToJson(
     const std::string& type,
     const url::Origin& origin,
-    base::span<const uint8_t> challenge,
-    base::Optional<base::span<const uint8_t>> token_binding) {
+    base::span<const uint8_t> challenge) {
   static constexpr char kTypeKey[] = "type";
   static constexpr char kChallengeKey[] = "challenge";
   static constexpr char kOriginKey[] = "origin";
-  static constexpr char kTokenBindingKey[] = "tokenBinding";
 
   base::DictionaryValue client_data;
   client_data.SetKey(kTypeKey, base::Value(type));
   client_data.SetKey(kChallengeKey, base::Value(Base64UrlEncode(challenge)));
   client_data.SetKey(kOriginKey, base::Value(origin.Serialize()));
 
-  if (token_binding) {
-    base::DictionaryValue token_binding_dict;
-    static constexpr char kTokenBindingStatusKey[] = "status";
-    static constexpr char kTokenBindingIdKey[] = "id";
-    static constexpr char kTokenBindingSupportedStatus[] = "supported";
-    static constexpr char kTokenBindingPresentStatus[] = "present";
-
-    if (token_binding->empty()) {
-      token_binding_dict.SetKey(kTokenBindingStatusKey,
-                                base::Value(kTokenBindingSupportedStatus));
-    } else {
-      token_binding_dict.SetKey(kTokenBindingStatusKey,
-                                base::Value(kTokenBindingPresentStatus));
-      token_binding_dict.SetKey(kTokenBindingIdKey,
-                                base::Value(Base64UrlEncode(*token_binding)));
-    }
-
-    client_data.SetKey(kTokenBindingKey, std::move(token_binding_dict));
-  }
-
   if (base::RandDouble() < 0.2) {
     // An extra key is sometimes added to ensure that RPs do not make
     // unreasonably specific assumptions about the clientData JSON. This is
@@ -488,8 +466,7 @@ void AuthenticatorImpl::MakeCredential(
   // TODO(kpaulhamus): Fetch and add the Token Binding ID public key used to
   // communicate with the origin.
   client_data_json_ = SerializeCollectedClientDataToJson(
-      client_data::kCreateType, caller_origin, std::move(options->challenge),
-      base::nullopt);
+      client_data::kCreateType, caller_origin, std::move(options->challenge));
 
   const bool individual_attestation =
       options->attestation ==
@@ -587,8 +564,7 @@ void AuthenticatorImpl::GetAssertion(
   // TODO(kpaulhamus): Fetch and add the Token Binding ID public key used to
   // communicate with the origin.
   client_data_json_ = SerializeCollectedClientDataToJson(
-      client_data::kGetType, caller_origin, std::move(options->challenge),
-      base::nullopt);
+      client_data::kGetType, caller_origin, std::move(options->challenge));
 
   request_ = std::make_unique<device::GetAssertionRequestHandler>(
       connector_, protocols_,

content/browser/webauth/authenticator_impl.h

@@ -104,8 +104,7 @@ class CONTENT_EXPORT AuthenticatorImpl : public blink::mojom::Authenticator,
   static std::string SerializeCollectedClientDataToJson(
       const std::string& type,
       const url::Origin& origin,
-      base::span<const uint8_t> challenge,
-      base::Optional<base::span<const uint8_t>> token_binding);
+      base::span<const uint8_t> challenge);
 
   // mojom:Authenticator
   void MakeCredential(

content/browser/webauth/authenticator_impl_unittest.cc

@@ -361,15 +361,7 @@ class AuthenticatorImplTest : public content::RenderViewHostTestHarness {
 
   std::string GetTestClientDataJSON(std::string type) {
     return AuthenticatorImpl::SerializeCollectedClientDataToJson(
-        std::move(type), GetTestOrigin(), GetTestChallengeBytes(),
-        base::nullopt);
-  }
-
-  std::string GetTokenBindingTestClientDataJSON(
-      base::Optional<base::span<const uint8_t>> token_binding) {
-    return AuthenticatorImpl::SerializeCollectedClientDataToJson(
-        client_data::kGetType, GetTestOrigin(), GetTestChallengeBytes(),
-        token_binding);
+        std::move(type), GetTestOrigin(), GetTestChallengeBytes());
   }
 
   AuthenticatorStatus TryAuthenticationWithAppId(const std::string& origin,
@@ -611,34 +603,6 @@ TEST_F(AuthenticatorImplTest, TestSerializedSignClientData) {
                           GetTestClientDataJSON(client_data::kGetType));
 }
 
-TEST_F(AuthenticatorImplTest, TestTokenBindingClientData) {
-  const std::vector<
-      std::pair<base::Optional<std::vector<uint8_t>>, const char*>>
-      kTestCases = {
-          std::make_pair(base::nullopt, ""),
-          std::make_pair(std::vector<uint8_t>{},
-                         R"({"tokenBinding":{"status":"supported"}})"),
-          std::make_pair(
-              std::vector<uint8_t>{1, 2, 3, 4},
-              R"({"tokenBinding":{"status":"present","id":"AQIDBA"}})"),
-      };
-
-  for (const auto& test : kTestCases) {
-    const auto& token_binding = test.first;
-    const std::string expected_json_subset = test.second;
-    SCOPED_TRACE(expected_json_subset);
-    const std::string client_data =
-        GetTokenBindingTestClientDataJSON(token_binding);
-
-    if (!expected_json_subset.empty()) {
-      CheckJSONIsSubsetOfJSON(expected_json_subset, client_data);
-    } else {
-      EXPECT_TRUE(client_data.find("tokenBinding") == std::string::npos)
-          << client_data;
-    }
-  }
-}
-
 TEST_F(AuthenticatorImplTest, TestMakeCredentialTimeout) {
   SimulateNavigation(GURL(kTestOrigin1));
   PublicKeyCredentialCreationOptionsPtr options =