Introduce credential manager passkey fetching

WordPressLoginFlow/src/main/java/org/wordpress/android/login/Login2FaFragment.java

@@ -46,7 +46,9 @@
 import org.wordpress.android.fluxc.store.AccountStore.WebauthnChallengeReceived;
 import org.wordpress.android.fluxc.store.AccountStore.WebauthnPasskeyAuthenticated;
 import org.wordpress.android.login.util.SiteUtils;
-import org.wordpress.android.login.webauthn.PasskeyCredentialsHandler;
+import org.wordpress.android.login.webauthn.PasskeyRequest;
+import org.wordpress.android.login.webauthn.Fido2ClientHandler;
+import org.wordpress.android.login.webauthn.PasskeyRequest.PasskeyRequestData;
 import org.wordpress.android.login.widgets.WPLoginInputRow;
 import org.wordpress.android.login.widgets.WPLoginInputRow.OnEditorCommitListener;
 import org.wordpress.android.util.AppLog;
@@ -125,7 +127,7 @@ public class Login2FaFragment extends LoginBaseFormFragment<LoginListener> imple
     private boolean mIsSocialLoginConnect;
     private boolean mSentSmsCode;
     private List<SupportedAuthTypes> mSupportedAuthTypes;
-    @Nullable private PasskeyCredentialsHandler mPasskeyCredentialsHandler = null;
+    @Nullable private Fido2ClientHandler mFido2ClientHandler = null;
     @Nullable private ActivityResultLauncher<IntentSenderRequest> mResultLauncher = null;
 
     public static Login2FaFragment newInstance(String emailAddress, String password) {
@@ -620,39 +622,48 @@ private void doAuthWithSecurityKeyAction() {
                 .newStartSecurityKeyChallengeAction(payload));
     }
 
-    @SuppressWarnings("unused")
     @Subscribe(threadMode = ThreadMode.MAIN)
     public void onWebauthnChallengeReceived(WebauthnChallengeReceived event) {
         if (event.isError()) {
             endProgress();
             handleAuthError(event.error.type, getString(R.string.login_error_security_key));
             return;
         }
-        mPasskeyCredentialsHandler = new PasskeyCredentialsHandler(
+
+        PasskeyRequestData passkeyRequestData = new PasskeyRequestData(
                 event.mUserId,
-                event.mChallengeInfo
+                event.mChallengeInfo.getTwoStepNonce(),
+                event.mRawChallengeInfoJson
         );
-        mPasskeyCredentialsHandler.createIntentSender(
+
+        PasskeyRequest.create(
                 requireContext(),
-                intent -> {
-                    if (mResultLauncher != null) {
-                        mResultLauncher.launch(intent);
-                    }
-                });
+                passkeyRequestData,
+                result -> {
+                    mDispatcher.dispatch(
+                            AuthenticationActionBuilder.newFinishSecurityKeyChallengeAction(
+                                    result));
+                    return null;
+                },
+                error -> {
+                    handleWebauthnError();
+                    return null;
+                }
+        );
     }
 
     private void onCredentialsResultAvailable(@NonNull Intent resultData) {
         if (resultData.hasExtra(Fido.FIDO2_KEY_CREDENTIAL_EXTRA)) {
             byte[] credentialBytes = resultData.getByteArrayExtra(Fido.FIDO2_KEY_CREDENTIAL_EXTRA);
-            if (credentialBytes == null || mPasskeyCredentialsHandler == null) {
+            if (credentialBytes == null || mFido2ClientHandler == null) {
                 handleWebauthnError();
                 return;
             }
 
             PublicKeyCredential credentials =
                     PublicKeyCredential.deserializeFromBytes(credentialBytes);
             FinishWebauthnChallengePayload payload =
-                    mPasskeyCredentialsHandler.onCredentialsAvailable(credentials);
+                    mFido2ClientHandler.onCredentialsAvailable(credentials);
             mDispatcher.dispatch(
                     AuthenticationActionBuilder.newFinishSecurityKeyChallengeAction(payload));
         }

WordPressLoginFlow/src/main/java/org/wordpress/android/login/webauthn/PasskeyCredentialsHandler.kt → WordPressLoginFlow/src/main/java/org/wordpress/android/login/webauthn/Fido2ClientHandler.kt

@@ -17,7 +17,7 @@ interface OnPasskeyRequestReadyListener {
     fun onPasskeyRequestReady(intentSenderRequest: IntentSenderRequest)
 }
 
-class PasskeyCredentialsHandler(
+class Fido2ClientHandler(
     private val userId: String,
     private val challengeInfo: WebauthnChallengeInfo
 ) {

WordPressLoginFlow/src/main/java/org/wordpress/android/login/webauthn/PasskeyRequest.kt

@@ -0,0 +1,91 @@
+package org.wordpress.android.login.webauthn
+
+import android.content.Context
+import android.os.CancellationSignal
+import android.util.Log
+import androidx.credentials.CredentialManager
+import androidx.credentials.CredentialManagerCallback
+import androidx.credentials.GetCredentialRequest
+import androidx.credentials.GetCredentialResponse
+import androidx.credentials.GetPasswordOption
+import androidx.credentials.GetPublicKeyCredentialOption
+import androidx.credentials.PublicKeyCredential
+import androidx.credentials.exceptions.GetCredentialException
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.launch
+import org.wordpress.android.fluxc.store.AccountStore.FinishWebauthnChallengePayload
+import java.util.concurrent.Executors
+
+class PasskeyRequest private constructor(
+    context: Context,
+    requestData: PasskeyRequestData,
+    onSuccess: (FinishWebauthnChallengePayload) -> Unit,
+    onFailure: (Throwable) -> Unit
+) {
+    init {
+        val executor = Executors.newSingleThreadExecutor()
+        val signal = CancellationSignal()
+        val getCredRequest = GetCredentialRequest(
+                listOf(GetPublicKeyCredentialOption(requestData.requestJson))
+        )
+
+        val passkeyRequestCallback = object : CredentialManagerCallback<GetCredentialResponse, GetCredentialException> {
+            override fun onError(e: GetCredentialException) {
+                CoroutineScope(Dispatchers.Main).launch { onFailure(e) }
+                Log.e(TAG, e.stackTraceToString())
+            }
+
+            override fun onResult(result: GetCredentialResponse) {
+                FinishWebauthnChallengePayload().apply {
+                    mUserId = requestData.userId
+                    mTwoStepNonce = requestData.twoStepNonce
+                    mClientData = result.toJson().orEmpty()
+                }.let { onSuccess(it) }
+            }
+        }
+
+        try {
+            CredentialManager.create(context).getCredentialAsync(
+                    request = getCredRequest,
+                    context = context,
+                    cancellationSignal = signal,
+                    executor = executor,
+                    callback = passkeyRequestCallback
+            )
+        } catch (e: GetCredentialException) {
+            Log.e(TAG, e.stackTraceToString())
+            onFailure(e)
+        }
+    }
+
+    private fun GetCredentialResponse.toJson(): String? {
+        return when (val credential = this.credential) {
+            is PublicKeyCredential -> credential.authenticationResponseJson
+            else -> {
+                Log.e(TAG, "Unexpected type of credential")
+                null
+            }
+        }
+    }
+
+    data class PasskeyRequestData(
+        val userId: String,
+        val twoStepNonce: String,
+        val requestJson: String
+    )
+
+    companion object {
+        private const val TAG = "PasskeyRequest"
+
+        @JvmStatic
+        fun create(
+            context: Context,
+            requestData: PasskeyRequestData,
+            onSuccess: (FinishWebauthnChallengePayload) -> Unit,
+            onFailure: (Throwable) -> Unit
+        ) {
+            PasskeyRequest(context, requestData, onSuccess, onFailure)
+        }
+    }
+}

build.gradle

@@ -15,7 +15,7 @@ ext {
     // libs
     wordpressLintVersion = '2.0.0'
     wordpressUtilsVersion = '3.5.0'
-    wordpressFluxCVersion = '2.57.0'
+    wordpressFluxCVersion = '2949-e180ead348373382d73e2f3d06a19c2709073e84'
 
     // main
     androidxAppCompatVersion = '1.6.1'