fido: wire up FidoChromeOSDiscovery behind a feature flag

Add the WebAuthenticationCrosPlatformAuthenticator feature flag (default disabled). If enabled, it will cause the FidoChromeOSDiscovery to be instantiated for MakeCredential and GetAssertion requests that permit the 'internal' transport. Also move ChromeOS code up into the device namespace like most of the other fido-related code. Its naming is sufficiently unique. Bug: b/144861739 Change-Id: I50bf39c5c7841a7358840968d10a568c6f22ae6d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2088535 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#749331}

fido: wire up FidoChromeOSDiscovery behind a feature flag
Add the WebAuthenticationCrosPlatformAuthenticator feature flag (default disabled). If enabled, it will cause the FidoChromeOSDiscovery to be instantiated for MakeCredential and GetAssertion requests that permit the 'internal' transport. Also move ChromeOS code up into the device namespace like most of the other fido-related code. Its naming is sufficiently unique. Bug: b/144861739 Change-Id: I50bf39c5c7841a7358840968d10a568c6f22ae6d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2088535 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#749331}
de9c5dee · Martin Kreichgauer · Commit Bot · 2645bd15 · de9c5dee · de9c5dee
Commit de9c5dee authored Mar 11, 2020 by Martin Kreichgauer Committed by Commit Bot Mar 11, 2020
10 changed files
--- a/content/browser/webauth/authenticator_common.cc
+++ b/content/browser/webauth/authenticator_common.cc
@@ -472,6 +472,12 @@ bool IsUserVerifyingPlatformAuthenticatorAvailableImpl(
         device::WinWebAuthnApiAuthenticator::
             IsUserVerifyingPlatformAuthenticatorAvailable(
                 discovery_factory->win_webauthn_api());
+#elif defined(OS_CHROMEOS)
+  if (browser_context->IsOffTheRecord()) {
+    return false;
+  }
+  return base::FeatureList::IsEnabled(
+      device::kWebAuthCrosPlatformAuthenticator);
 #else
  return false;
 #endif

--- a/content/browser/webauth/authenticator_impl_unittest.cc
+++ b/content/browser/webauth/authenticator_impl_unittest.cc
@@ -1703,7 +1703,7 @@ TEST_F(AuthenticatorImplTest, GetAssertionResponseWithAttestedCredentialData) {
 }

 #if defined(OS_WIN)
-TEST_F(AuthenticatorImplTest, WinIsUVPAA) {
+TEST_F(AuthenticatorImplTest, IsUVPAA) {
  device::FakeWinWebAuthnApi win_webauthn_api;
  auto discovery_factory =
      std::make_unique<device::test::FakeFidoDiscoveryFactory>();
@@ -1734,6 +1734,24 @@ TEST_F(AuthenticatorImplTest, WinIsUVPAA) {
 }
 #endif  // defined(OS_WIN)

+#if defined(OS_CHROMEOS)
+TEST_F(AuthenticatorImplTest, IsUVPAA) {
+  SimulateNavigation(GURL(kTestOrigin1));
+  for (const bool flag_enabled : {false, true}) {
+    SCOPED_TRACE(::testing::Message() << "flag_enabled=" << flag_enabled);
+    base::test::ScopedFeatureList scoped_feature_list;
+    scoped_feature_list.InitWithFeatureState(
+        device::kWebAuthCrosPlatformAuthenticator, flag_enabled);
+    mojo::Remote<blink::mojom::Authenticator> authenticator =
+        ConnectToAuthenticator();
+    TestIsUvpaaCallback cb;
+    authenticator->IsUserVerifyingPlatformAuthenticatorAvailable(cb.callback());
+    cb.WaitForCallback();
+    EXPECT_EQ(flag_enabled, cb.value());
+  }
+}
+#endif  // defined(OS_CHROMEOS)
+
 class OverrideRPIDAuthenticatorRequestDelegate
    : public AuthenticatorRequestClientDelegate {
 public:

--- a/device/fido/cros/authenticator.cc
+++ b/device/fido/cros/authenticator.cc
@@ -21,8 +21,6 @@
 #include "third_party/cros_system_api/dbus/u2f/dbus-constants.h"

 namespace device {
-namespace fido {
-namespace cros {

 ChromeOSAuthenticator::ChromeOSAuthenticator() : weak_factory_(this) {}

@@ -269,6 +267,4 @@ base::WeakPtr<FidoAuthenticator> ChromeOSAuthenticator::GetWeakPtr() {
  return weak_factory_.GetWeakPtr();
 }

-}  // namespace cros
-}  // namespace fido
 }  // namespace device
--- a/device/fido/cros/authenticator.h
+++ b/device/fido/cros/authenticator.h
@@ -20,8 +20,6 @@
 #include "device/fido/fido_transport_protocol.h"

 namespace device {
-namespace fido {
-namespace cros {

 class COMPONENT_EXPORT(DEVICE_FIDO) ChromeOSAuthenticator
    : public FidoAuthenticator {
@@ -64,8 +62,6 @@ class COMPONENT_EXPORT(DEVICE_FIDO) ChromeOSAuthenticator
  base::WeakPtrFactory<ChromeOSAuthenticator> weak_factory_;
 };

-}  // namespace cros
-}  // namespace fido
 }  // namespace device

 #endif  // DEVICE_FIDO_CROS_AUTHENTICATOR_H_
--- a/device/fido/cros/discovery.cc
+++ b/device/fido/cros/discovery.cc
@@ -8,8 +8,6 @@
 #include "base/threading/sequenced_task_runner_handle.h"

 namespace device {
-namespace fido {
-namespace cros {

 FidoChromeOSDiscovery::FidoChromeOSDiscovery()
    : FidoDiscoveryBase(FidoTransportProtocol::kInternal),
@@ -37,6 +35,4 @@ void FidoChromeOSDiscovery::AddAuthenticator() {
  observer()->DiscoveryStarted(this, /*success=*/true, {authenticator_.get()});
 }

-}  // namespace cros
-}  // namespace fido
 }  // namespace device
--- a/device/fido/cros/discovery.h
+++ b/device/fido/cros/discovery.h
@@ -13,8 +13,6 @@
 #include "device/fido/fido_discovery_base.h"

 namespace device {
-namespace fido {
-namespace cros {

 class COMPONENT_EXPORT(DEVICE_FIDO) FidoChromeOSDiscovery
    : public FidoDiscoveryBase {
@@ -32,8 +30,6 @@ class COMPONENT_EXPORT(DEVICE_FIDO) FidoChromeOSDiscovery
  base::WeakPtrFactory<FidoChromeOSDiscovery> weak_factory_;
 };

-}  // namespace cros
-}  // namespace fido
 }  // namespace device

 #endif  // DEVICE_FIDO_CROS_DISCOVERY_H_
--- a/device/fido/features.cc
+++ b/device/fido/features.cc
@@ -28,4 +28,10 @@ const base::Feature kWebAuthCableLowLatency{"WebAuthenticationCableLowLatency",
                                            base::FEATURE_ENABLED_BY_DEFAULT};
 #endif  // defined(OS_CHROMEOS) || defined(OS_LINUX)

+#if defined(OS_CHROMEOS)
+const base::Feature kWebAuthCrosPlatformAuthenticator{
+    "WebAuthenticationCrosPlatformAuthenticator",
+    base::FEATURE_DISABLED_BY_DEFAULT};
+#endif  // defined(OS_CHROMEOS)
+
 }  // namespace device
--- a/device/fido/features.h
+++ b/device/fido/features.h
@@ -37,6 +37,12 @@ COMPONENT_EXPORT(DEVICE_FIDO)
 extern const base::Feature kWebAuthCableLowLatency;
 #endif  // defined(OS_CHROMEOS) || defined(OS_LINUX)

+#if defined(OS_CHROMEOS)
+// Enable a ChromeOS platform authenticator
+COMPONENT_EXPORT(DEVICE_FIDO)
+extern const base::Feature kWebAuthCrosPlatformAuthenticator;
+#endif  // defined(OS_CHROMEOS)
+
 }  // namespace device

 #endif  // DEVICE_FIDO_FEATURES_H_
--- a/device/fido/fido_discovery_factory.cc
+++ b/device/fido/fido_discovery_factory.cc
@@ -25,6 +25,10 @@
 #include "device/fido/mac/discovery.h"
 #endif  // defined(OSMACOSX)

+#if defined(OS_CHROMEOS)
+#include "device/fido/cros/discovery.h"
+#endif  // defined(OS_CHROMEOS)
+
 namespace device {

 namespace {
@@ -68,14 +72,11 @@ std::unique_ptr<FidoDiscoveryBase> FidoDiscoveryFactory::Create(
      // TODO(https://crbug.com/825949): Add NFC support.
      return nullptr;
    case FidoTransportProtocol::kInternal:
-#if defined(OS_MACOSX)
-      return mac_touch_id_config_
-                 ? std::make_unique<fido::mac::FidoTouchIdDiscovery>(
-                       *mac_touch_id_config_)
-                 : nullptr;
+#if defined(OS_MACOSX) || defined(OS_CHROMEOS)
+      return MaybeCreatePlatformDiscovery();
 #else
      return nullptr;
-#endif  // defined(OS_MACOSX)
+#endif
  }
  NOTREACHED() << "Unhandled transport type";
  return nullptr;
@@ -117,6 +118,25 @@ FidoDiscoveryFactory::MaybeCreateWinWebAuthnApiDiscovery() {
 }
 #endif  // defined(OS_WIN)

+#if defined(OS_MACOSX)
+std::unique_ptr<FidoDiscoveryBase>
+FidoDiscoveryFactory::MaybeCreatePlatformDiscovery() const {
+  return mac_touch_id_config_
+             ? std::make_unique<fido::mac::FidoTouchIdDiscovery>(
+                   *mac_touch_id_config_)
+             : nullptr;
+}
+#endif
+
+#if defined(OS_CHROMEOS)
+std::unique_ptr<FidoDiscoveryBase>
+FidoDiscoveryFactory::MaybeCreatePlatformDiscovery() const {
+  return base::FeatureList::IsEnabled(kWebAuthCrosPlatformAuthenticator)
+             ? std::make_unique<FidoChromeOSDiscovery>()
+             : nullptr;
+}
+#endif
+
 FidoDiscoveryFactory::RequestState::RequestState() = default;
 FidoDiscoveryFactory::RequestState::~RequestState() = default;


--- a/device/fido/fido_discovery_factory.h
+++ b/device/fido/fido_discovery_factory.h
@@ -95,6 +95,10 @@ class COMPONENT_EXPORT(DEVICE_FIDO) FidoDiscoveryFactory {
        cable_pairing_callback_;
  };

+#if defined(OS_MACOSX) || defined(OS_CHROMEOS)
+  std::unique_ptr<FidoDiscoveryBase> MaybeCreatePlatformDiscovery() const;
+#endif
+
  RequestState request_state_;
 #if defined(OS_MACOSX)
  base::Optional<fido::mac::AuthenticatorConfig> mac_touch_id_config_;