Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 1 | // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "components/autofill/content/browser/wallet/full_wallet.h" |
| 6 | |
| 7 | #include "base/logging.h" |
| 8 | #include "base/strings/string_number_conversions.h" |
| 9 | #include "base/strings/utf_string_conversions.h" |
| 10 | #include "base/values.h" |
Ben Murdoch | 3240926 | 2013-08-07 11:04:47 +0100 | [diff] [blame] | 11 | #include "components/autofill/core/browser/autofill_type.h" |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 12 | #include "components/autofill/core/browser/credit_card.h" |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 13 | |
| 14 | namespace { |
| 15 | |
| 16 | const size_t kPanSize = 16; |
| 17 | const size_t kBinSize = 6; |
| 18 | const size_t kCvnSize = 3; |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 19 | const size_t kEncryptedRestSize = 12; |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 20 | |
| 21 | } // anonymous namespace |
| 22 | |
| 23 | namespace autofill { |
| 24 | namespace wallet { |
| 25 | |
| 26 | FullWallet::FullWallet(int expiration_month, |
| 27 | int expiration_year, |
| 28 | const std::string& iin, |
| 29 | const std::string& encrypted_rest, |
| 30 | scoped_ptr<Address> billing_address, |
| 31 | scoped_ptr<Address> shipping_address, |
| 32 | const std::vector<RequiredAction>& required_actions) |
| 33 | : expiration_month_(expiration_month), |
| 34 | expiration_year_(expiration_year), |
| 35 | iin_(iin), |
| 36 | encrypted_rest_(encrypted_rest), |
| 37 | billing_address_(billing_address.Pass()), |
| 38 | shipping_address_(shipping_address.Pass()), |
| 39 | required_actions_(required_actions) { |
| 40 | DCHECK(required_actions_.size() > 0 || billing_address_.get()); |
| 41 | } |
| 42 | |
| 43 | FullWallet::~FullWallet() {} |
| 44 | |
| 45 | scoped_ptr<FullWallet> |
| 46 | FullWallet::CreateFullWallet(const DictionaryValue& dictionary) { |
| 47 | const ListValue* required_actions_list; |
| 48 | std::vector<RequiredAction> required_actions; |
| 49 | if (dictionary.GetList("required_action", &required_actions_list)) { |
| 50 | for (size_t i = 0; i < required_actions_list->GetSize(); ++i) { |
| 51 | std::string action_string; |
| 52 | if (required_actions_list->GetString(i, &action_string)) { |
| 53 | RequiredAction action = ParseRequiredActionFromString(action_string); |
| 54 | if (!ActionAppliesToFullWallet(action)) { |
| 55 | DLOG(ERROR) << "Response from Google wallet with bad required action:" |
| 56 | " \"" << action_string << "\""; |
| 57 | return scoped_ptr<FullWallet>(); |
| 58 | } |
| 59 | required_actions.push_back(action); |
| 60 | } |
| 61 | } |
| 62 | if (required_actions.size() > 0) { |
| 63 | return scoped_ptr<FullWallet>(new FullWallet(-1, |
| 64 | -1, |
| 65 | std::string(), |
| 66 | std::string(), |
| 67 | scoped_ptr<Address>(), |
| 68 | scoped_ptr<Address>(), |
| 69 | required_actions)); |
| 70 | } |
| 71 | } else { |
| 72 | DVLOG(1) << "Response from Google wallet missing required actions"; |
| 73 | } |
| 74 | |
| 75 | int expiration_month; |
| 76 | if (!dictionary.GetInteger("expiration_month", &expiration_month)) { |
| 77 | DLOG(ERROR) << "Response from Google wallet missing expiration month"; |
| 78 | return scoped_ptr<FullWallet>(); |
| 79 | } |
| 80 | |
| 81 | int expiration_year; |
| 82 | if (!dictionary.GetInteger("expiration_year", &expiration_year)) { |
| 83 | DLOG(ERROR) << "Response from Google wallet missing expiration year"; |
| 84 | return scoped_ptr<FullWallet>(); |
| 85 | } |
| 86 | |
| 87 | std::string iin; |
| 88 | if (!dictionary.GetString("iin", &iin)) { |
| 89 | DLOG(ERROR) << "Response from Google wallet missing iin"; |
| 90 | return scoped_ptr<FullWallet>(); |
| 91 | } |
| 92 | |
| 93 | std::string encrypted_rest; |
| 94 | if (!dictionary.GetString("rest", &encrypted_rest)) { |
| 95 | DLOG(ERROR) << "Response from Google wallet missing rest"; |
| 96 | return scoped_ptr<FullWallet>(); |
| 97 | } |
| 98 | |
| 99 | const DictionaryValue* billing_address_dict; |
| 100 | if (!dictionary.GetDictionary("billing_address", &billing_address_dict)) { |
| 101 | DLOG(ERROR) << "Response from Google wallet missing billing address"; |
| 102 | return scoped_ptr<FullWallet>(); |
| 103 | } |
| 104 | |
| 105 | scoped_ptr<Address> billing_address = |
| 106 | Address::CreateAddress(*billing_address_dict); |
| 107 | if (!billing_address.get()) { |
| 108 | DLOG(ERROR) << "Response from Google wallet has malformed billing address"; |
| 109 | return scoped_ptr<FullWallet>(); |
| 110 | } |
| 111 | |
| 112 | const DictionaryValue* shipping_address_dict; |
| 113 | scoped_ptr<Address> shipping_address; |
| 114 | if (dictionary.GetDictionary("shipping_address", &shipping_address_dict)) { |
| 115 | shipping_address = |
| 116 | Address::CreateAddressWithID(*shipping_address_dict); |
| 117 | } else { |
| 118 | DVLOG(1) << "Response from Google wallet missing shipping address"; |
| 119 | } |
| 120 | |
| 121 | return scoped_ptr<FullWallet>(new FullWallet(expiration_month, |
| 122 | expiration_year, |
| 123 | iin, |
| 124 | encrypted_rest, |
| 125 | billing_address.Pass(), |
| 126 | shipping_address.Pass(), |
| 127 | required_actions)); |
| 128 | } |
| 129 | |
Ben Murdoch | 3240926 | 2013-08-07 11:04:47 +0100 | [diff] [blame] | 130 | base::string16 FullWallet::GetInfo(const AutofillType& type) { |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 131 | switch (type.GetStorableType()) { |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 132 | case CREDIT_CARD_NUMBER: |
| 133 | return UTF8ToUTF16(GetPan()); |
| 134 | |
| 135 | case CREDIT_CARD_NAME: |
| 136 | return billing_address()->recipient_name(); |
| 137 | |
| 138 | case CREDIT_CARD_VERIFICATION_CODE: |
| 139 | return UTF8ToUTF16(GetCvn()); |
| 140 | |
| 141 | case CREDIT_CARD_EXP_MONTH: |
| 142 | if (expiration_month() == 0) |
| 143 | return base::string16(); |
| 144 | return base::IntToString16(expiration_month()); |
| 145 | |
| 146 | case CREDIT_CARD_EXP_4_DIGIT_YEAR: |
| 147 | if (expiration_year() == 0) |
| 148 | return base::string16(); |
| 149 | return base::IntToString16(expiration_year()); |
| 150 | |
| 151 | case CREDIT_CARD_EXP_2_DIGIT_YEAR: |
| 152 | if (expiration_year() == 0) |
| 153 | return base::string16(); |
| 154 | return base::IntToString16(expiration_year() % 100); |
| 155 | |
| 156 | case CREDIT_CARD_EXP_DATE_2_DIGIT_YEAR: |
| 157 | if (expiration_month() == 0 || expiration_year() == 0) |
| 158 | return base::string16(); |
| 159 | return base::IntToString16(expiration_month()) + ASCIIToUTF16("/") + |
| 160 | base::IntToString16(expiration_year() % 100); |
| 161 | |
| 162 | case CREDIT_CARD_EXP_DATE_4_DIGIT_YEAR: |
| 163 | if (expiration_month() == 0 || expiration_year() == 0) |
| 164 | return base::string16(); |
| 165 | return base::IntToString16(expiration_month()) + ASCIIToUTF16("/") + |
| 166 | base::IntToString16(expiration_year()); |
| 167 | |
| 168 | case CREDIT_CARD_TYPE: { |
| 169 | std::string internal_type = |
| 170 | CreditCard::GetCreditCardType(UTF8ToUTF16(GetPan())); |
| 171 | if (internal_type == kGenericCard) |
| 172 | return base::string16(); |
| 173 | return CreditCard::TypeForDisplay(internal_type); |
| 174 | } |
| 175 | |
| 176 | default: |
| 177 | NOTREACHED(); |
| 178 | } |
| 179 | |
| 180 | return base::string16(); |
| 181 | } |
| 182 | |
| 183 | bool FullWallet::HasRequiredAction(RequiredAction action) const { |
| 184 | DCHECK(ActionAppliesToFullWallet(action)); |
| 185 | return std::find(required_actions_.begin(), |
| 186 | required_actions_.end(), |
| 187 | action) != required_actions_.end(); |
| 188 | } |
| 189 | |
Ben Murdoch | 7dbb3d5 | 2013-07-17 14:55:54 +0100 | [diff] [blame] | 190 | base::string16 FullWallet::TypeAndLastFourDigits() { |
| 191 | CreditCard card; |
Ben Murdoch | 3240926 | 2013-08-07 11:04:47 +0100 | [diff] [blame] | 192 | card.SetRawInfo(CREDIT_CARD_NUMBER, |
| 193 | GetInfo(AutofillType(CREDIT_CARD_NUMBER))); |
Ben Murdoch | 7dbb3d5 | 2013-07-17 14:55:54 +0100 | [diff] [blame] | 194 | return card.TypeAndLastFourDigits(); |
| 195 | } |
| 196 | |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 197 | bool FullWallet::operator==(const FullWallet& other) const { |
| 198 | if (expiration_month_ != other.expiration_month_) |
| 199 | return false; |
| 200 | |
| 201 | if (expiration_year_ != other.expiration_year_) |
| 202 | return false; |
| 203 | |
| 204 | if (iin_ != other.iin_) |
| 205 | return false; |
| 206 | |
| 207 | if (encrypted_rest_ != other.encrypted_rest_) |
| 208 | return false; |
| 209 | |
| 210 | if (billing_address_.get() && other.billing_address_.get()) { |
| 211 | if (*billing_address_.get() != *other.billing_address_.get()) |
| 212 | return false; |
| 213 | } else if (billing_address_.get() || other.billing_address_.get()) { |
| 214 | return false; |
| 215 | } |
| 216 | |
| 217 | if (shipping_address_.get() && other.shipping_address_.get()) { |
| 218 | if (*shipping_address_.get() != *other.shipping_address_.get()) |
| 219 | return false; |
| 220 | } else if (shipping_address_.get() || other.shipping_address_.get()) { |
| 221 | return false; |
| 222 | } |
| 223 | |
| 224 | if (required_actions_ != other.required_actions_) |
| 225 | return false; |
| 226 | |
| 227 | return true; |
| 228 | } |
| 229 | |
| 230 | bool FullWallet::operator!=(const FullWallet& other) const { |
| 231 | return !(*this == other); |
| 232 | } |
| 233 | |
| 234 | void FullWallet::DecryptCardInfo() { |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 235 | // |encrypted_rest_| must be of length |kEncryptedRestSize| in order for |
| 236 | // decryption to succeed and the server will not pad it with zeros. |
| 237 | while (encrypted_rest_.size() < kEncryptedRestSize) { |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 238 | encrypted_rest_ = '0' + encrypted_rest_; |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 239 | } |
| 240 | |
| 241 | DCHECK_EQ(kEncryptedRestSize, encrypted_rest_.size()); |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 242 | |
| 243 | std::vector<uint8> operating_data; |
| 244 | // Convert |encrypted_rest_| to bytes so we can decrypt it with |otp|. |
| 245 | if (!base::HexStringToBytes(encrypted_rest_, &operating_data)) { |
| 246 | DLOG(ERROR) << "Failed to parse encrypted rest"; |
| 247 | return; |
| 248 | } |
| 249 | |
| 250 | // Ensure |one_time_pad_| and |encrypted_rest_| are of the same length |
| 251 | // otherwise something has gone wrong and we can't decrypt the data. |
| 252 | DCHECK_EQ(one_time_pad_.size(), operating_data.size()); |
| 253 | |
| 254 | std::vector<uint8> results; |
| 255 | // XOR |otp| with the encrypted data to decrypt. |
| 256 | for (size_t i = 0; i < one_time_pad_.size(); ++i) |
| 257 | results.push_back(one_time_pad_[i] ^ operating_data[i]); |
| 258 | |
| 259 | // There is no uint8* to int64 so convert the decrypted data to hex and then |
| 260 | // parse the hex to an int64 before getting the int64 as a string. |
| 261 | std::string hex_decrypted = base::HexEncode(&(results[0]), results.size()); |
| 262 | |
| 263 | int64 decrypted; |
| 264 | if (!base::HexStringToInt64(hex_decrypted, &decrypted)) { |
| 265 | DLOG(ERROR) << "Failed to parse decrypted data in hex to int64"; |
| 266 | return; |
| 267 | } |
| 268 | std::string card_info = base::Int64ToString(decrypted); |
| 269 | |
| 270 | size_t padded_length = kPanSize - kBinSize + kCvnSize; |
| 271 | // |card_info| is PAN without the IIN concatenated with the CVN, i.e. |
| 272 | // PANPANPANPCVN. If what was decrypted is not of that size the front needs |
| 273 | // to be padded with 0's until it is. |
| 274 | if (card_info.size() != padded_length) |
| 275 | card_info.insert(card_info.begin(), padded_length - card_info.size(), '0'); |
| 276 | |
| 277 | // Separate out the PAN from the CVN. |
| 278 | size_t split = kPanSize - kBinSize; |
| 279 | cvn_ = card_info.substr(split); |
| 280 | pan_ = iin_ + card_info.substr(0, split); |
| 281 | } |
| 282 | |
| 283 | const std::string& FullWallet::GetPan() { |
| 284 | if (pan_.empty()) |
| 285 | DecryptCardInfo(); |
| 286 | return pan_; |
| 287 | } |
| 288 | |
| 289 | const std::string& FullWallet::GetCvn() { |
| 290 | if (cvn_.empty()) |
| 291 | DecryptCardInfo(); |
| 292 | return cvn_; |
| 293 | } |
| 294 | |
| 295 | } // namespace wallet |
| 296 | } // namespace autofill |