webauthn: disable platform authenticators in incognito mode

This changes IsUserVerifyingPlatformAuthenticatorAvailable to return false in incognito mode, and disable platform authenticator instantiation for MakeCredential/GetAssertion in incognito. Also change IsUVPAA to not return true on platforms where Touch ID is enabled but the embedder does not not provide a configuration. Bug: 678128 Change-Id: I2fc6b0182fcb9ae718acd842f1247baee81c5281 Reviewed-on: https://chromium-review.googlesource.com/1149115 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#578535}

webauthn: disable platform authenticators in incognito mode
This changes IsUserVerifyingPlatformAuthenticatorAvailable to return false in incognito mode, and disable platform authenticator instantiation for MakeCredential/GetAssertion in incognito. Also change IsUVPAA to not return true on platforms where Touch ID is enabled but the embedder does not not provide a configuration. Bug: 678128 Change-Id: I2fc6b0182fcb9ae718acd842f1247baee81c5281 Reviewed-on: https://chromium-review.googlesource.com/1149115 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#578535}
9aa7c545 · Martin Kreichgauer · Commit Bot · 774a8baa · 9aa7c545 · 9aa7c545
Commit 9aa7c545 authored Jul 27, 2018 by Martin Kreichgauer Committed by Commit Bot Jul 27, 2018
3 changed files
--- a/content/browser/webauth/authenticator_impl.cc
+++ b/content/browser/webauth/authenticator_impl.cc
@@ -18,6 +18,7 @@
 #include "content/browser/bad_message.h"
 #include "content/browser/webauth/authenticator_type_converters.h"
 #include "content/public/browser/authenticator_request_client_delegate.h"
+#include "content/public/browser/browser_context.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/render_frame_host.h"
@@ -501,7 +502,7 @@ void AuthenticatorImpl::MakeCredential(
      std::move(authenticator_selection_criteria),
      base::BindOnce(&AuthenticatorImpl::OnRegisterResponse,
                     weak_factory_.GetWeakPtr()),
-      base::BindOnce(&AuthenticatorImpl::MaybeCreatePlatformAuthenticator,
+      base::BindOnce(&AuthenticatorImpl::CreatePlatformAuthenticatorIfAvailable,
                     base::Unretained(this)));
 }
@@ -586,17 +587,31 @@ void AuthenticatorImpl::GetAssertion(
          std::move(alternative_application_parameter)),
      base::BindOnce(&AuthenticatorImpl::OnSignResponse,
                     weak_factory_.GetWeakPtr()),
-      base::BindOnce(&AuthenticatorImpl::MaybeCreatePlatformAuthenticator,
+      base::BindOnce(&AuthenticatorImpl::CreatePlatformAuthenticatorIfAvailable,
                     base::Unretained(this)));
 }
 void AuthenticatorImpl::IsUserVerifyingPlatformAuthenticatorAvailable(
    IsUserVerifyingPlatformAuthenticatorAvailableCallback callback) {
-  bool result = false;
+  const bool result = IsUserVerifyingPlatformAuthenticatorAvailableImpl();
+  base::SequencedTaskRunnerHandle::Get()->PostTask(
+      FROM_HERE, base::BindOnce(std::move(callback), result));
+}
+bool AuthenticatorImpl::IsUserVerifyingPlatformAuthenticatorAvailableImpl() {
 #if defined(OS_MACOSX)
-  result = device::fido::mac::TouchIdAuthenticator::IsAvailable();
+  if (browser_context()->IsOffTheRecord()) {
+    return false;
+  }
+  // Check whether Touch ID is supported by the hardware and enrolled in the
+  // OS. Also check whether the (embedder-specific) request delegate provides a
+  // Touch ID authenticator config.
+  return device::fido::mac::TouchIdAuthenticator::IsAvailable() &&
+         request_delegate_->GetTouchIdAuthenticatorConfig();
+#else
+  return false;
 #endif
-  std::move(callback).Run(result);
 }
 void AuthenticatorImpl::DidFinishNavigation(
@@ -810,18 +825,32 @@ void AuthenticatorImpl::Cleanup() {
  echo_appid_extension_ = false;
 }
+BrowserContext* AuthenticatorImpl::browser_context() const {
+  return content::WebContents::FromRenderFrameHost(render_frame_host_)
+      ->GetBrowserContext();
+}
 std::unique_ptr<device::FidoAuthenticator>
-AuthenticatorImpl::MaybeCreatePlatformAuthenticator() {
+AuthenticatorImpl::CreatePlatformAuthenticatorIfAvailable() {
 #if defined(OS_MACOSX)
+  // Incognito mode disables platform authenticators, so check for availability
+  // first.
+  if (!IsUserVerifyingPlatformAuthenticatorAvailableImpl()) {
+    return nullptr;
+  }
+  // Not all embedders may provide an authenticator config.
  auto opt_authenticator_config =
      request_delegate_->GetTouchIdAuthenticatorConfig();
-  if (opt_authenticator_config) {
+  if (!opt_authenticator_config) {
-    return device::fido::mac::TouchIdAuthenticator::CreateIfAvailable(
+    return nullptr;
-        std::move(opt_authenticator_config->keychain_access_group),
-        std::move(opt_authenticator_config->metadata_secret));
  }
-#endif  // defined(OS_MACOSX)
+  return device::fido::mac::TouchIdAuthenticator::CreateIfAvailable(
+      std::move(opt_authenticator_config->keychain_access_group),
+      std::move(opt_authenticator_config->metadata_secret));
+#else
  return nullptr;
+#endif
 }
 }  // namespace content
--- a/content/browser/webauth/authenticator_impl.h
+++ b/content/browser/webauth/authenticator_impl.h
@@ -48,6 +48,7 @@ class Origin;
 namespace content {
 class AuthenticatorRequestClientDelegate;
+class BrowserContext;
 class RenderFrameHost;
 namespace client_data {
@@ -108,6 +109,9 @@ class CONTENT_EXPORT AuthenticatorImpl : public blink::mojom::Authenticator,
  void IsUserVerifyingPlatformAuthenticatorAvailable(
      IsUserVerifyingPlatformAuthenticatorAvailableCallback callback) override;
+  // Synchronous implementation of IsUserVerfyingPlatformAuthenticatorAvailable.
+  bool IsUserVerifyingPlatformAuthenticatorAvailableImpl();
  // WebContentsObserver:
  void DidFinishNavigation(NavigationHandle* navigation_handle) override;
@@ -142,7 +146,10 @@ class CONTENT_EXPORT AuthenticatorImpl : public blink::mojom::Authenticator,
      blink::mojom::GetAssertionAuthenticatorResponsePtr response);
  void Cleanup();
-  std::unique_ptr<device::FidoAuthenticator> MaybeCreatePlatformAuthenticator();
+  std::unique_ptr<device::FidoAuthenticator>
+  CreatePlatformAuthenticatorIfAvailable();
+  BrowserContext* browser_context() const;
  RenderFrameHost* const render_frame_host_;
  service_manager::Connector* connector_ = nullptr;

--- a/device/fido/mac/authenticator.h
+++ b/device/fido/mac/authenticator.h
@@ -21,6 +21,11 @@ class COMPONENT_EXPORT(DEVICE_FIDO) TouchIdAuthenticator
 public:
  // IsAvailable returns whether Touch ID is available and enrolled on the
  // current device.
+  //
+  // Note that this may differ from the result of
+  // AuthenticatorImpl::IsUserVerifyingPlatformAuthenticatorAvailable, which
+  // also checks whether the embedder supports this authenticator, and if the
+  // request occurs from an off-the-record/incognito context.
  static bool IsAvailable();
  // CreateIfAvailable returns a TouchIdAuthenticator if IsAvailable() returns
@@ -36,9 +41,8 @@ class COMPONENT_EXPORT(DEVICE_FIDO) TouchIdAuthenticator
  ~TouchIdAuthenticator() override;
  // FidoAuthenticator
-  void MakeCredential(
+  void MakeCredential(CtapMakeCredentialRequest request,
-      CtapMakeCredentialRequest request,
+                      MakeCredentialCallback callback) override;
-      MakeCredentialCallback callback) override;
  void GetAssertion(CtapGetAssertionRequest request,
                    GetAssertionCallback callback) override;
  void Cancel() override;