Delete the CryptoToken component extension and internal API [chromium/src : main]
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin.
Martin Kreichgauer would like Devlin Cronin and Adam Langley to review this change.
Delete the CryptoToken component extension and internal API
CryptoToken implements Chrome's U2F Security Key API which we disabled
by default in M98 and stopped loading at browser startup with M106. All
mechanisms to undo this manually have expired as planned, so CryptoToken
is now effectively dead code.
Bug: 1224886
Change-Id: I27988f6318c5276ee03410eb0ba261beaa8ab1cb
---
M WATCHLISTS
M chrome/browser/about_flags.cc
M chrome/browser/browser_resources.grd
M chrome/browser/extensions/BUILD.gn
D chrome/browser/extensions/api/cryptotoken_private/DIR_METADATA
D chrome/browser/extensions/api/cryptotoken_private/OWNERS
D chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
D chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.h
D chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api_unittest.cc
D chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_browsertest.cc
M chrome/browser/extensions/component_extensions_allowlist/allowlist.cc
M chrome/browser/extensions/component_loader.cc
M chrome/browser/flag-metadata.json
M chrome/browser/flag_descriptions.cc
M chrome/browser/flag_descriptions.h
M chrome/browser/policy/configuration_policy_handler_list_factory.cc
M chrome/browser/prefs/browser_prefs.cc
M chrome/browser/resources/component_extension_resources.grd
D chrome/browser/resources/cryptotoken/.eslintrc.js
D chrome/browser/resources/cryptotoken/OWNERS
D chrome/browser/resources/cryptotoken/appid.js
D chrome/browser/resources/cryptotoken/approvedorigins.js
D chrome/browser/resources/cryptotoken/asn1.js
D chrome/browser/resources/cryptotoken/b64.js
D chrome/browser/resources/cryptotoken/cbor.js
D chrome/browser/resources/cryptotoken/countdown.js
D chrome/browser/resources/cryptotoken/countdowntimer.js
D chrome/browser/resources/cryptotoken/cryptotokenapprovedorigins.js
D chrome/browser/resources/cryptotoken/cryptotokenbackground.js
D chrome/browser/resources/cryptotoken/cryptotokenorigincheck.js
D chrome/browser/resources/cryptotoken/devicestatuscodes.js
D chrome/browser/resources/cryptotoken/enroller.js
D chrome/browser/resources/cryptotoken/errorcodes.js
D chrome/browser/resources/cryptotoken/factoryregistry.js
D chrome/browser/resources/cryptotoken/googlecorpindividualattest.js
D chrome/browser/resources/cryptotoken/individualattest.js
D chrome/browser/resources/cryptotoken/inherits.js
D chrome/browser/resources/cryptotoken/logging.js
D chrome/browser/resources/cryptotoken/manifest.json
D chrome/browser/resources/cryptotoken/messagetypes.js
D chrome/browser/resources/cryptotoken/origincheck.js
D chrome/browser/resources/cryptotoken/requesthelper.js
D chrome/browser/resources/cryptotoken/requestqueue.js
D chrome/browser/resources/cryptotoken/sha256.js
D chrome/browser/resources/cryptotoken/signer.js
D chrome/browser/resources/cryptotoken/textfetcher.js
D chrome/browser/resources/cryptotoken/timer.js
D chrome/browser/resources/cryptotoken/util.js
D chrome/browser/resources/cryptotoken/watchdog.js
D chrome/browser/resources/cryptotoken/webrequest.js
D chrome/browser/resources/cryptotoken/webrequestsender.js
D chrome/browser/resources/cryptotoken/window-timer.js
M chrome/browser/site_isolation/isolated_sandboxed_iframe_browsertest.cc
M chrome/common/extensions/api/_api_features.json
M chrome/common/extensions/api/_permission_features.json
M chrome/common/extensions/api/api_sources.gni
D chrome/common/extensions/api/cryptotoken_private.idl
M chrome/common/extensions/permissions/chrome_api_permissions.cc
M chrome/common/extensions/permissions/permission_set_unittest.cc
M chrome/test/BUILD.gn
R chrome/test/data/csp-sandbox.html
R chrome/test/data/csp-sandbox.html.mock-http-headers
M chrome/test/data/extensions/override_component_extension/manifest.json
M chrome/test/data/policy/policy_test_cases.json
M components/page_load_metrics/browser/observers/use_counter/ukm_features.cc
M components/policy/resources/policy_templates.json
M components/policy/resources/templates/policies.yaml
M components/policy/resources/templates/policy_definitions/Miscellaneous/LoadCryptoTokenExtension.yaml
M extensions/browser/api/messaging/message_service.cc
M extensions/browser/extension_prefs.cc
M extensions/browser/pref_names.cc
M extensions/browser/pref_names.h
M extensions/common/api/_permission_features.json
M extensions/common/constants.cc
M extensions/common/constants.h
M extensions/common/extension_features.cc
M extensions/common/extension_features.h
M extensions/common/mojom/api_permission_id.mojom
M extensions/docs/component_extensions.md
M third_party/blink/public/mojom/use_counter/metrics/web_feature.mojom
M third_party/blink/renderer/platform/runtime_enabled_features.json5
M tools/gritsettings/startup_resources_mac.txt
M tools/gritsettings/startup_resources_win.txt
M tools/metrics/histograms/enums.xml
84 files changed, 52 insertions(+), 7,748 deletions(-)
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin.
Adam Langley (Gerrit)
Attention is currently required from: Devlin Cronin, Martin Kreichgauer.
Patch set 9:Code-Review +1
Devlin Cronin (Gerrit)
Attention is currently required from: Martin Kreichgauer.
5 comments:
Patchset:
Thanks, Martin! So much cleanup!
File chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.h:
Patch Set #9, Line 26:
CRYPTOTOKENPRIVATE_CANORIGINASSERTAPPIDPlease also update these to be DELETED_ in the extension_function_histogram_value.h file
File chrome/common/extensions/api/_api_features.json:
this should go on the previous line
File extensions/browser/api/messaging/message_service.cc:
blink::TrialTokenValidator validator;
const net::HttpResponseHeaders* response_headers =
source_render_frame_host->GetLastResponseHeaders();
const bool u2f_api_enabled =
base::FeatureList::IsEnabled(
extensions_features::kU2FSecurityKeyAPI) ||
(response_headers &&
validator.RequestEnablesFeature(
source_render_frame_host->GetLastCommittedURL(),
response_headers,
extension_misc::kCryptotokenDeprecationTrialName,
base::Time::Now()));
is_externally_connectable =
u2f_api_enabled &&
externally_connectable->matches.MatchesURL(
source_render_frame_host->GetLastCommittedURL());can we remove any includes now that this chunk is gone?
File extensions/common/constants.cc:
Patch Set #9, Line 258:
const char kCryptotokenExtensionId[] = "kmendfapggjehodndflmmgagdbamhnfd";I seem some other references to this ID in the codebase:
https://source.chromium.org/search?q=kmendfapggjehodndflmmgagdbamhnfd
Should we clean those up in this CL, or followups?
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin.
5 comments:
Patchset:
PTAL
File chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.h:
Patch Set #9, Line 26:
CRYPTOTOKENPRIVATE_CANORIGINASSERTAPPID
Please also update these to be DELETED_ in the extension_function_histogram_value. […]
Done
File chrome/common/extensions/api/_api_features.json:
this should go on the previous line
Done
File extensions/browser/api/messaging/message_service.cc:
blink::TrialTokenValidator validator;
const net::HttpResponseHeaders* response_headers =
source_render_frame_host->GetLastResponseHeaders();
const bool u2f_api_enabled =
base::FeatureList::IsEnabled(
extensions_features::kU2FSecurityKeyAPI) ||
(response_headers &&
validator.RequestEnablesFeature(
source_render_frame_host->GetLastCommittedURL(),
response_headers,
extension_misc::kCryptotokenDeprecationTrialName,
base::Time::Now()));
is_externally_connectable =
u2f_api_enabled &&
externally_connectable->matches.MatchesURL(
source_render_frame_host->GetLastCommittedURL());can we remove any includes now that this chunk is gone?
good point, done.
File extensions/common/constants.cc:
Patch Set #9, Line 258:
const char kCryptotokenExtensionId[] = "kmendfapggjehodndflmmgagdbamhnfd";
I seem some other references to this ID in the codebase: […]
I have a follow-up that deletes some additional U2F related things, including those string constants: https://chromium-review.googlesource.com/c/chromium/src/+/3956573
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin.
Patch set 12:Commit-Queue +1
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin, Yann Dago.
Martin Kreichgauer would like Yann Dago to review this change.
M components/policy/resources/templates/policies.yaml
M components/policy/resources/templates/policy_definitions/Miscellaneous/LoadCryptoTokenExtension.yaml
M extensions/browser/api/messaging/message_service.cc
M extensions/browser/extension_function_histogram_value.h
M extensions/browser/extension_prefs.cc
M extensions/browser/pref_names.cc
M extensions/browser/pref_names.h
M extensions/common/api/_permission_features.json
M extensions/common/constants.cc
M extensions/common/constants.h
M extensions/common/extension_features.cc
M extensions/common/extension_features.h
M extensions/common/mojom/api_permission_id.mojom
M extensions/docs/component_extensions.md
M third_party/blink/public/mojom/use_counter/metrics/web_feature.mojom
M third_party/blink/renderer/platform/runtime_enabled_features.json5
M tools/gritsettings/startup_resources_mac.txt
M tools/gritsettings/startup_resources_win.txt
M tools/metrics/histograms/enums.xml
84 files changed, 67 insertions(+), 7,759 deletions(-)
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin, Yann Dago.
1 comment:
Patchset:
ydago@, PTAL. This change also removes the LoadCryptoTokenExtension enterprise policy. I tried following the steps in https://chromium.googlesource.com/chromium/src/+/master/docs/enterprise/add_new_policy.md#removing-support-for-a-policy, but PRESUBMIT seems unhappy with the result. How does deleting a policy work under the new policy definitions?
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Devlin Cronin (Gerrit)
Attention is currently required from: Adam Langley, Martin Kreichgauer, Yann Dago.
Patch set 13:Code-Review +1
3 comments:
Patchset:
Thanks, Martin! LGTM!
File chrome/browser/prefs/browser_prefs.cc:
Patch Set #13, Line 719:
// Deprecated 06/2022.Even if it was deprecated 06'22, it's only added here now. Maybe mark this one as 10/22 so it goes through the same year-long cleanup?
File extensions/browser/extension_function_histogram_value.h:
Patch Set #13, Line 1019:
DELETED_CRYPTOTOKENPRIVATE_CANORIGINASSERTAPPID = 958,You'll need to update the enums.xml file with these changes, too
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Yann Dago (Gerrit)
Attention is currently required from: Adam Langley, Martin Kreichgauer.
1 comment:
Patchset:
ydago@, PTAL. This change also removes the LoadCryptoTokenExtension enterprise policy. […]
If you remove the policy name from policies.yaml, you must delete the yaml file altogether of the policy too . This is only for unreleased policies.
Since this policy has been released, you may simply mark it as deprecated, and leave its name in policies.yaml and let the policy yaml file untouched.
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin, Enterprise Policy Reviews, Gabriel Charette, Ian Vollick, Ken Buchanan, Rebekah Potter, Robert Kaplow, Łukasz Anforowicz.
Martin Kreichgauer would like Ken Buchanan, Rebekah Potter, Ian Vollick, Łukasz Anforowicz, Robert Kaplow, Gabriel Charette and Enterprise Policy Reviews to review this change.
Martin Kreichgauer removed Yann Dago from this change.
M components/policy/resources/templates/policy_definitions/Miscellaneous/LoadCryptoTokenExtension.yaml
M extensions/browser/api/messaging/message_service.cc
M extensions/browser/extension_function_histogram_value.h
M extensions/browser/extension_prefs.cc
M extensions/browser/pref_names.cc
M extensions/browser/pref_names.h
M extensions/common/api/_permission_features.json
M extensions/common/constants.cc
M extensions/common/constants.h
M extensions/common/extension_features.cc
M extensions/common/extension_features.h
M extensions/common/mojom/api_permission_id.mojom
M extensions/docs/component_extensions.md
M third_party/blink/public/mojom/use_counter/metrics/web_feature.mojom
M third_party/blink/renderer/platform/runtime_enabled_features.json5
M tools/gritsettings/startup_resources_mac.txt
M tools/gritsettings/startup_resources_win.txt
M tools/metrics/histograms/enums.xml
83 files changed, 74 insertions(+), 7,765 deletions(-)
Martin Kreichgauer (Gerrit)
Attention is currently required from: Adam Langley, Devlin Cronin, Enterprise Policy Reviews, Gabriel Charette, Ian Vollick, Ken Buchanan, Rebekah Potter, Robert Kaplow, Łukasz Anforowicz.
Patch set 14:Commit-Queue +1
4 comments:
Patchset:
If you remove the policy name from policies. […]
Ack, done.
Patchset:
Apologies for the long reviewer list.
agl, rdcronin: Please re-review, your +1 got reset
enterprise-policy-review: Please review LoadCryptoTokenExtension.yaml and configuration_policy_handler_list_factory.cc
gab: Please review browser_prefs.cc
kenrb: Please review api_permission_id.mojom
lukasza: Please review isolated_sandboxed_iframe_browsertest.cc
rkaplow: Please review ukm_features.cc
rbpotter: Please review browser_resources.grd and component_extension_resources.grd
vollick: Please review runtime_enabled_features.json5
File chrome/browser/prefs/browser_prefs.cc:
Patch Set #13, Line 719:
// Deprecated 06/2022.
Even if it was deprecated 06'22, it's only added here now. […]
This is only moving the string constant. The actual deprecation of this pref was started in 06/22, so the clean-up period will be one year: https://chromium-review.googlesource.com/c/chromium/src/+/3957079/13/chrome/browser/prefs/browser_prefs.cc#1927
File extensions/browser/extension_function_histogram_value.h:
Patch Set #13, Line 1019:
DELETED_CRYPTOTOKENPRIVATE_CANORIGINASSERTAPPID = 958,
You'll need to update the enums. […]
Done. Looks like there were some stale references in there too.
gwsq (Gerrit)
Attention is currently required from: Devlin Cronin, Enterprise Policy Reviews, Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer, Rebekah Potter, Robert Kaplow, Sergey Poromov, Łukasz Anforowicz.
gwsq would like Sergey Poromov to review this change authored by Martin Kreichgauer.
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
gwsq (Gerrit)
Attention is currently required from: Devlin Cronin, Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer, Rebekah Potter, Robert Kaplow, Sergey Poromov, Łukasz Anforowicz.
Martin Kreichgauer has uploaded this change for review.
gwsq (Gerrit)
Attention is currently required from: Devlin Cronin, Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer, Rebekah Potter, Robert Kaplow, Sergey Poromov, Łukasz Anforowicz.
Reviewer source(s):
por...@chromium.org is from context(chrome/enterprise/gwsq/enterprise-policy-review.gwsq)
Adam Langley (Gerrit)
Attention is currently required from: Devlin Cronin, Enterprise Policy Reviews, Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer, Rebekah Potter, Robert Kaplow, Łukasz Anforowicz.
Patch set 14:Code-Review +1
Rebekah Potter (Gerrit)
Attention is currently required from: Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer, Robert Kaplow, Sergey Poromov, Łukasz Anforowicz.
Patch set 14:Code-Review +1
1 comment:
Patchset:
.grd files lgtm
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Robert Kaplow (Gerrit)
Attention is currently required from: Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer, Sergey Poromov, Łukasz Anforowicz.
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Łukasz Anforowicz (Gerrit)
Attention is currently required from: Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer, Sergey Poromov.
Patch set 14:Code-Review +1
1 comment:
Patchset:
lukasza: Please review isolated_sandboxed_iframe_browsertest.cc
isolated_sandboxed_iframe_browsertest.cc LGTM
Martin Kreichgauer (Gerrit)
Attention is currently required from: Gabriel Charette, Ian Vollick, Ken Buchanan, Owen Min.
Martin Kreichgauer would like Owen Min to review this change.
Martin Kreichgauer removed Sergey Poromov from this change.
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Martin Kreichgauer (Gerrit)
Attention is currently required from: Gabriel Charette, Ian Vollick, Ken Buchanan, Owen Min.
1 comment:
Patchset:
zmin, could you please review LoadCryptoTokenExtension.yaml and configuration_policy_handler_list_factory.cc? The queue auto-assigned an OOO reviewer. Thanks!
Owen Min (Gerrit)
Attention is currently required from: Gabriel Charette, Ian Vollick, Ken Buchanan, Martin Kreichgauer.
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Ken Buchanan (Gerrit)
Attention is currently required from: Gabriel Charette, Ian Vollick, Martin Kreichgauer.
Patch set 14:Code-Review +1
1 comment:
Patchset:
mojom lgtm
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Ian Vollick (Gerrit)
Attention is currently required from: Gabriel Charette, Martin Kreichgauer.
Patchset:
platform/ lgtm
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Gabriel Charette (Gerrit)
Attention is currently required from: Martin Kreichgauer.
Patchset:
gab: Please review browser_prefs.cc
LGTM
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Martin Kreichgauer (Gerrit)
Patch set 14:Commit-Queue +2
1 comment:
Patchset:
Thanks for the speedy reviews! Long live WebAuthn
To view, visit change 3957079. To unsubscribe, or for help writing mail filters, visit settings.
Chromium LUCI CQ (Gerrit)
Chromium LUCI CQ submitted this change.
Delete the CryptoToken component extension and internal API
CryptoToken implements Chrome's U2F Security Key API which we disabled
by default in M98 and stopped loading at browser startup with M106. All
mechanisms to undo this manually have expired as planned, so CryptoToken
is now effectively dead code.
Bug: 1224886
Change-Id: I27988f6318c5276ee03410eb0ba261beaa8ab1cb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3957079
Reviewed-by: Ken Buchanan <ke...@chromium.org>
Reviewed-by: Łukasz Anforowicz <luk...@chromium.org>
Reviewed-by: Rebekah Potter <rbpo...@chromium.org>
Reviewed-by: Gabriel Charette <g...@chromium.org>
Reviewed-by: Adam Langley <a...@chromium.org>
Reviewed-by: Devlin Cronin <rdevlin...@chromium.org>
Reviewed-by: Robert Kaplow <rka...@chromium.org>
Reviewed-by: Owen Min <zm...@chromium.org>
Reviewed-by: Ian Vollick <vol...@chromium.org>
Commit-Queue: Martin Kreichgauer <mart...@google.com>
Cr-Commit-Position: refs/heads/main@{#1064884}
83 files changed, 86 insertions(+), 7,765 deletions(-)