fido: enable WebAuthnUseNativeWinApi and WebAuthnProxyCryptotoken

(Merge into M73.)

This turns on both features by default. They are slated to launch fully
via Finch in M72.

Also removes the obsolete flag for testing the Windows WebAuthn API
integration with an incompatible API version.

Bug: 897741,898718,927519
Change-Id: I90b6d68331e74befb807aa7bc18e72ed253dc779
Reviewed-on: https://chromium-review.googlesource.com/c/1435760
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#626281}(cherry picked from commit fd071e57e384f6ae8bdc0b17c4cdf5c4bd0fcb78)
Reviewed-on: https://chromium-review.googlesource.com/c/1452656
Reviewed-by: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/branch-heads/3683@{#172}
Cr-Branched-From: e51029943e0a38dd794b73caaf6373d5496ae783-refs/heads/master@{#625896}
diff --git a/content/browser/webauth/authenticator_impl_unittest.cc b/content/browser/webauth/authenticator_impl_unittest.cc
index 52243ac..fe01c84 100644
--- a/content/browser/webauth/authenticator_impl_unittest.cc
+++ b/content/browser/webauth/authenticator_impl_unittest.cc
@@ -718,7 +718,6 @@
 
 // Verify that a request coming from Cryptotoken bypasses origin checks.
 TEST_F(AuthenticatorImplTest, CryptotokenBypass) {
-  EnableFeature(device::kWebAuthProxyCryptotoken);
   SimulateNavigation(GURL(kTestOrigin1));
   auto task_runner = base::MakeRefCounted<base::TestMockTimeTaskRunner>(
       base::Time::Now(), base::TimeTicks::Now());
@@ -775,7 +774,6 @@
 
 // Requests originating from cryptotoken should only target U2F devices.
 TEST_F(AuthenticatorImplTest, CryptoTokenU2fOnly) {
-  EnableFeature(device::kWebAuthProxyCryptotoken);
   TestServiceManagerContext smc;
   SimulateNavigation(GURL(kTestOrigin1));
   auto task_runner = base::MakeRefCounted<base::TestMockTimeTaskRunner>(
@@ -813,7 +811,6 @@
 
 // Requests originating from cryptotoken should only target U2F devices.
 TEST_F(AuthenticatorImplTest, AttestationPermitted) {
-  EnableFeature(device::kWebAuthProxyCryptotoken);
   TestServiceManagerContext smc;
   SimulateNavigation(GURL(kTestOrigin1));
   auto task_runner = base::MakeRefCounted<base::TestMockTimeTaskRunner>(
@@ -1911,32 +1908,22 @@
 
 #if defined(OS_WIN)
 TEST_F(AuthenticatorContentBrowserClientTest, WinIsUVPAA) {
-  for (const bool enable_feature_flag : {false, true}) {
-    SCOPED_TRACE(enable_feature_flag ? "enable_feature_flag"
-                                     : "!enable_feature_flag");
-    for (const bool enable_win_webauthn_api : {false, true}) {
-      SCOPED_TRACE(enable_win_webauthn_api ? "enable_win_webauthn_api"
-                                           : "!enable_win_webauthn_api");
-      for (const bool is_uvpaa : {false, true}) {
-        SCOPED_TRACE(is_uvpaa ? "is_uvpaa" : "!is_uvpaa");
+  for (const bool enable_win_webauthn_api : {false, true}) {
+    SCOPED_TRACE(enable_win_webauthn_api ? "enable_win_webauthn_api"
+                                         : "!enable_win_webauthn_api");
+    for (const bool is_uvpaa : {false, true}) {
+      SCOPED_TRACE(is_uvpaa ? "is_uvpaa" : "!is_uvpaa");
 
-        base::test::ScopedFeatureList scoped_feature_list;
-        if (enable_feature_flag) {
-          scoped_feature_list.InitAndEnableFeature(
-              device::kWebAuthUseNativeWinApi);
-        }
-        device::ScopedFakeWinWebAuthnApi fake_api;
-        fake_api.set_available(enable_win_webauthn_api);
-        fake_api.set_is_uvpaa(is_uvpaa);
+      device::ScopedFakeWinWebAuthnApi fake_api;
+      fake_api.set_available(enable_win_webauthn_api);
+      fake_api.set_is_uvpaa(is_uvpaa);
 
-        AuthenticatorPtr authenticator = ConnectToAuthenticator();
-        TestIsUvpaaCallback cb;
-        authenticator->IsUserVerifyingPlatformAuthenticatorAvailable(
-            cb.callback());
-        cb.WaitForCallback();
-        EXPECT_EQ(enable_feature_flag && enable_win_webauthn_api && is_uvpaa,
-                  cb.value());
-      }
+      AuthenticatorPtr authenticator = ConnectToAuthenticator();
+      TestIsUvpaaCallback cb;
+      authenticator->IsUserVerifyingPlatformAuthenticatorAvailable(
+          cb.callback());
+      cb.WaitForCallback();
+      EXPECT_EQ(enable_win_webauthn_api && is_uvpaa, cb.value());
     }
   }
 }
@@ -1958,7 +1945,6 @@
 
 TEST_F(AuthenticatorContentBrowserClientTest,
        CryptotokenBypassesAttestationConsentPrompt) {
-  EnableFeature(device::kWebAuthProxyCryptotoken);
   TestServiceManagerContext smc;
   SimulateNavigation(GURL(kTestOrigin1));
   auto task_runner = base::MakeRefCounted<base::TestMockTimeTaskRunner>(
diff --git a/device/fido/features.cc b/device/fido/features.cc
index dad7f0d..ea36b7b 100644
--- a/device/fido/features.cc
+++ b/device/fido/features.cc
@@ -13,18 +13,10 @@
 // Controls whether on Windows, U2F/CTAP2 requests are forwarded to the
 // native WebAuthentication API, where available.
 const base::Feature kWebAuthUseNativeWinApi{"WebAuthenticationUseNativeWinApi",
-                                            base::FEATURE_DISABLED_BY_DEFAULT};
-
-// If true, the minimum API version check for integration with the native
-// Windows WebAuthentication API is disabled. This is an interim solution for
-// for manual testing while we await the release of a DLL that implements the
-// version check.
-const base::Feature kWebAuthDisableWinApiVersionCheckForTesting{
-    "WebAuthenticationDisableWinApiVersionCheckForTesting",
-    base::FEATURE_DISABLED_BY_DEFAULT};
+                                            base::FEATURE_ENABLED_BY_DEFAULT};
 #endif  // defined(OS_WIN)
 
 extern const base::Feature kWebAuthProxyCryptotoken{
-    "WebAuthenticationProxyCryptotoken", base::FEATURE_DISABLED_BY_DEFAULT};
+    "WebAuthenticationProxyCryptotoken", base::FEATURE_ENABLED_BY_DEFAULT};
 
 }  // namespace device
diff --git a/device/fido/features.h b/device/fido/features.h
index dbcb880..1ed614c7 100644
--- a/device/fido/features.h
+++ b/device/fido/features.h
@@ -14,9 +14,6 @@
 #if defined(OS_WIN)
 COMPONENT_EXPORT(DEVICE_FIDO)
 extern const base::Feature kWebAuthUseNativeWinApi;
-
-COMPONENT_EXPORT(DEVICE_FIDO)
-extern const base::Feature kWebAuthDisableWinApiVersionCheckForTesting;
 #endif  // defined(OS_WIN)
 
 // Controls the proxying of Cryptotoken requests through WebAuthn.
diff --git a/device/fido/get_assertion_handler_unittest.cc b/device/fido/get_assertion_handler_unittest.cc
index 70e22c9..bf1cda0 100644
--- a/device/fido/get_assertion_handler_unittest.cc
+++ b/device/fido/get_assertion_handler_unittest.cc
@@ -8,17 +8,14 @@
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/stl_util.h"
-#include "base/test/scoped_feature_list.h"
 #include "base/test/scoped_task_environment.h"
 #include "build/build_config.h"
-#include "device/base/features.h"
 #include "device/bluetooth/bluetooth_adapter_factory.h"
 #include "device/bluetooth/test/mock_bluetooth_adapter.h"
 #include "device/fido/authenticator_get_assertion_response.h"
 #include "device/fido/ctap_get_assertion_request.h"
 #include "device/fido/device_response_converter.h"
 #include "device/fido/fake_fido_discovery.h"
-#include "device/fido/features.h"
 #include "device/fido/fido_constants.h"
 #include "device/fido/fido_parsing_utils.h"
 #include "device/fido/fido_test_data.h"
@@ -693,38 +690,15 @@
 }
 
 #if defined(OS_WIN)
-class GetAssertionRequestHandlerWinTest : public ::testing::Test {
- protected:
-  base::test::ScopedTaskEnvironment scoped_task_environment_;
-  ScopedFakeWinWebAuthnApi scoped_fake_win_webauthn_api_;
-};
-
 // Verify that the request handler instantiates a HID device backed
 // FidoDeviceAuthenticator or a WinNativeCrossPlatformAuthenticator, depending
-// on feature flag and API availability.
-TEST_F(GetAssertionRequestHandlerWinTest, TestWinUsbDiscovery) {
-  enum class DeviceType {
-    kHid,
-    kWinNative,
-  };
-  const struct TestCase {
-    bool enable_win_webauthn_api;
-    bool enable_feature_flag;
-    DeviceType expect_device_type;
-  } test_cases[] = {
-      {false, false, DeviceType::kHid},
-      {false, true, DeviceType::kHid},
-      {true, false, DeviceType::kHid},
-      {true, true, DeviceType::kWinNative},
-  };
-  size_t i = 0;
-  for (const auto& test : test_cases) {
-    SCOPED_TRACE(i++);
-    scoped_fake_win_webauthn_api_.set_available(test.enable_win_webauthn_api);
-    base::test::ScopedFeatureList scoped_feature_list;
-    // Feature is default off (even with API present).
-    if (test.enable_feature_flag)
-      scoped_feature_list.InitAndEnableFeature(kWebAuthUseNativeWinApi);
+// on API availability.
+TEST(GetAssertionRequestHandlerWinTest, TestWinUsbDiscovery) {
+  base::test::ScopedTaskEnvironment scoped_task_environment;
+  ScopedFakeWinWebAuthnApi scoped_fake_win_webauthn_api;
+  for (const bool enable_api : {false, true}) {
+    SCOPED_TRACE(::testing::Message() << "enable_api=" << enable_api);
+    scoped_fake_win_webauthn_api.set_available(enable_api);
 
     // Simulate a connected HID device.
     ScopedFakeHidManager fake_hid_manager;
@@ -739,14 +713,13 @@
                                 test_data::kClientDataJson),
 
         cb.callback());
-    scoped_task_environment_.RunUntilIdle();
+    scoped_task_environment.RunUntilIdle();
 
     EXPECT_EQ(1u, handler->AuthenticatorsForTesting().size());
     // Crudely distinguish authenticator type by FidoAuthenticator::GetId.
-    EXPECT_EQ(test.expect_device_type == DeviceType::kHid
-                  ? "hid:guid"
-                  : WinWebAuthnApiAuthenticator::kAuthenticatorId,
-              handler->AuthenticatorsForTesting().begin()->second->GetId());
+    EXPECT_EQ(
+        enable_api ? WinWebAuthnApiAuthenticator::kAuthenticatorId : "hid:guid",
+        handler->AuthenticatorsForTesting().begin()->second->GetId());
   }
 }
 #endif  // defined(OS_WIN)
diff --git a/device/fido/win/webauthn_api.cc b/device/fido/win/webauthn_api.cc
index 22765b4..7e88a47 100644
--- a/device/fido/win/webauthn_api.cc
+++ b/device/fido/win/webauthn_api.cc
@@ -18,7 +18,6 @@
 #include "base/task_runner_util.h"
 #include "base/threading/sequenced_task_runner_handle.h"
 #include "base/threading/thread.h"
-#include "device/fido/features.h"
 #include "device/fido/win/type_conversions.h"
 
 namespace device {
@@ -88,9 +87,7 @@
 
   // WinWebAuthnApi:
   bool IsAvailable() const override {
-    return is_bound_ && (api_version_ >= kMinWinWebAuthnApiVersion ||
-                         base::FeatureList::IsEnabled(
-                             kWebAuthDisableWinApiVersionCheckForTesting));
+    return is_bound_ && (api_version_ >= kMinWinWebAuthnApiVersion);
   }
 
   HRESULT IsUserVerifyingPlatformAuthenticatorAvailable(BOOL* result) override {