1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/autofill/content/browser/wallet/full_wallet.h"
6
7 #include "base/logging.h"
8 #include "base/strings/string_number_conversions.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "base/values.h"
11 #include "components/autofill/core/browser/autofill_type.h"
12 #include "components/autofill/core/browser/credit_card.h"
13
14 namespace {
15
16 const size_t kPanSize = 16;
17 const size_t kBinSize = 6;
18 const size_t kCvnSize = 3;
19 const size_t kEncryptedRestSize = 12;
20
21 } // anonymous namespace
22
23 namespace autofill {
24 namespace wallet {
25
FullWallet(int expiration_month,int expiration_year,const std::string & iin,const std::string & encrypted_rest,scoped_ptr<Address> billing_address,scoped_ptr<Address> shipping_address,const std::vector<RequiredAction> & required_actions)26 FullWallet::FullWallet(int expiration_month,
27 int expiration_year,
28 const std::string& iin,
29 const std::string& encrypted_rest,
30 scoped_ptr<Address> billing_address,
31 scoped_ptr<Address> shipping_address,
32 const std::vector<RequiredAction>& required_actions)
33 : expiration_month_(expiration_month),
34 expiration_year_(expiration_year),
35 iin_(iin),
36 encrypted_rest_(encrypted_rest),
37 billing_address_(billing_address.Pass()),
38 shipping_address_(shipping_address.Pass()),
39 required_actions_(required_actions) {
40 DCHECK(required_actions_.size() > 0 || billing_address_.get());
41 }
42
~FullWallet()43 FullWallet::~FullWallet() {}
44
45 // static
46 scoped_ptr<FullWallet>
CreateFullWallet(const DictionaryValue & dictionary)47 FullWallet::CreateFullWallet(const DictionaryValue& dictionary) {
48 const ListValue* required_actions_list;
49 std::vector<RequiredAction> required_actions;
50 if (dictionary.GetList("required_action", &required_actions_list)) {
51 for (size_t i = 0; i < required_actions_list->GetSize(); ++i) {
52 std::string action_string;
53 if (required_actions_list->GetString(i, &action_string)) {
54 RequiredAction action = ParseRequiredActionFromString(action_string);
55 if (!ActionAppliesToFullWallet(action)) {
56 DLOG(ERROR) << "Response from Google wallet with bad required action:"
57 " \"" << action_string << "\"";
58 return scoped_ptr<FullWallet>();
59 }
60 required_actions.push_back(action);
61 }
62 }
63 if (required_actions.size() > 0) {
64 return scoped_ptr<FullWallet>(new FullWallet(-1,
65 -1,
66 std::string(),
67 std::string(),
68 scoped_ptr<Address>(),
69 scoped_ptr<Address>(),
70 required_actions));
71 }
72 } else {
73 DVLOG(1) << "Response from Google wallet missing required actions";
74 }
75
76 int expiration_month;
77 if (!dictionary.GetInteger("expiration_month", &expiration_month)) {
78 DLOG(ERROR) << "Response from Google wallet missing expiration month";
79 return scoped_ptr<FullWallet>();
80 }
81
82 int expiration_year;
83 if (!dictionary.GetInteger("expiration_year", &expiration_year)) {
84 DLOG(ERROR) << "Response from Google wallet missing expiration year";
85 return scoped_ptr<FullWallet>();
86 }
87
88 std::string iin;
89 if (!dictionary.GetString("iin", &iin)) {
90 DLOG(ERROR) << "Response from Google wallet missing iin";
91 return scoped_ptr<FullWallet>();
92 }
93
94 std::string encrypted_rest;
95 if (!dictionary.GetString("rest", &encrypted_rest)) {
96 DLOG(ERROR) << "Response from Google wallet missing rest";
97 return scoped_ptr<FullWallet>();
98 }
99
100 const DictionaryValue* billing_address_dict;
101 if (!dictionary.GetDictionary("billing_address", &billing_address_dict)) {
102 DLOG(ERROR) << "Response from Google wallet missing billing address";
103 return scoped_ptr<FullWallet>();
104 }
105
106 scoped_ptr<Address> billing_address =
107 Address::CreateAddress(*billing_address_dict);
108 if (!billing_address.get()) {
109 DLOG(ERROR) << "Response from Google wallet has malformed billing address";
110 return scoped_ptr<FullWallet>();
111 }
112
113 const DictionaryValue* shipping_address_dict;
114 scoped_ptr<Address> shipping_address;
115 if (dictionary.GetDictionary("shipping_address", &shipping_address_dict)) {
116 shipping_address =
117 Address::CreateAddressWithID(*shipping_address_dict);
118 } else {
119 DVLOG(1) << "Response from Google wallet missing shipping address";
120 }
121
122 return scoped_ptr<FullWallet>(new FullWallet(expiration_month,
123 expiration_year,
124 iin,
125 encrypted_rest,
126 billing_address.Pass(),
127 shipping_address.Pass(),
128 required_actions));
129 }
130
131 // static
132 scoped_ptr<FullWallet>
CreateFullWalletFromClearText(int expiration_month,int expiration_year,const std::string & pan,const std::string & cvn,scoped_ptr<Address> billing_address,scoped_ptr<Address> shipping_address)133 FullWallet::CreateFullWalletFromClearText(
134 int expiration_month,
135 int expiration_year,
136 const std::string& pan,
137 const std::string& cvn,
138 scoped_ptr<Address> billing_address,
139 scoped_ptr<Address> shipping_address) {
140 DCHECK(billing_address);
141 DCHECK(!pan.empty());
142 DCHECK(!cvn.empty());
143
144 scoped_ptr<FullWallet> wallet(new FullWallet(
145 expiration_month,
146 expiration_year,
147 std::string(), // no iin -- clear text pan/cvn are set below.
148 std::string(), // no encrypted_rest -- clear text pan/cvn are set below.
149 billing_address.Pass(),
150 shipping_address.Pass(),
151 std::vector<RequiredAction>())); // no required actions in clear text.
152 wallet->pan_ = pan;
153 wallet->cvn_ = cvn;
154 return wallet.Pass();
155 }
156
GetInfo(const AutofillType & type)157 base::string16 FullWallet::GetInfo(const AutofillType& type) {
158 switch (type.GetStorableType()) {
159 case CREDIT_CARD_NUMBER:
160 return UTF8ToUTF16(GetPan());
161
162 case CREDIT_CARD_NAME:
163 return billing_address()->recipient_name();
164
165 case CREDIT_CARD_VERIFICATION_CODE:
166 return UTF8ToUTF16(GetCvn());
167
168 case CREDIT_CARD_EXP_MONTH:
169 if (expiration_month() == 0)
170 return base::string16();
171 return base::IntToString16(expiration_month());
172
173 case CREDIT_CARD_EXP_4_DIGIT_YEAR:
174 if (expiration_year() == 0)
175 return base::string16();
176 return base::IntToString16(expiration_year());
177
178 case CREDIT_CARD_EXP_2_DIGIT_YEAR:
179 if (expiration_year() == 0)
180 return base::string16();
181 return base::IntToString16(expiration_year() % 100);
182
183 case CREDIT_CARD_EXP_DATE_2_DIGIT_YEAR:
184 if (expiration_month() == 0 || expiration_year() == 0)
185 return base::string16();
186 return base::IntToString16(expiration_month()) + ASCIIToUTF16("/") +
187 base::IntToString16(expiration_year() % 100);
188
189 case CREDIT_CARD_EXP_DATE_4_DIGIT_YEAR:
190 if (expiration_month() == 0 || expiration_year() == 0)
191 return base::string16();
192 return base::IntToString16(expiration_month()) + ASCIIToUTF16("/") +
193 base::IntToString16(expiration_year());
194
195 case CREDIT_CARD_TYPE: {
196 std::string internal_type =
197 CreditCard::GetCreditCardType(UTF8ToUTF16(GetPan()));
198 if (internal_type == kGenericCard)
199 return base::string16();
200 return CreditCard::TypeForDisplay(internal_type);
201 }
202
203 default:
204 NOTREACHED();
205 }
206
207 return base::string16();
208 }
209
HasRequiredAction(RequiredAction action) const210 bool FullWallet::HasRequiredAction(RequiredAction action) const {
211 DCHECK(ActionAppliesToFullWallet(action));
212 return std::find(required_actions_.begin(),
213 required_actions_.end(),
214 action) != required_actions_.end();
215 }
216
TypeAndLastFourDigits()217 base::string16 FullWallet::TypeAndLastFourDigits() {
218 CreditCard card;
219 card.SetRawInfo(CREDIT_CARD_NUMBER,
220 GetInfo(AutofillType(CREDIT_CARD_NUMBER)));
221 return card.TypeAndLastFourDigits();
222 }
223
operator ==(const FullWallet & other) const224 bool FullWallet::operator==(const FullWallet& other) const {
225 if (expiration_month_ != other.expiration_month_)
226 return false;
227
228 if (expiration_year_ != other.expiration_year_)
229 return false;
230
231 if (iin_ != other.iin_)
232 return false;
233
234 if (encrypted_rest_ != other.encrypted_rest_)
235 return false;
236
237 if (billing_address_.get() && other.billing_address_.get()) {
238 if (*billing_address_.get() != *other.billing_address_.get())
239 return false;
240 } else if (billing_address_.get() || other.billing_address_.get()) {
241 return false;
242 }
243
244 if (shipping_address_.get() && other.shipping_address_.get()) {
245 if (*shipping_address_.get() != *other.shipping_address_.get())
246 return false;
247 } else if (shipping_address_.get() || other.shipping_address_.get()) {
248 return false;
249 }
250
251 if (required_actions_ != other.required_actions_)
252 return false;
253
254 return true;
255 }
256
operator !=(const FullWallet & other) const257 bool FullWallet::operator!=(const FullWallet& other) const {
258 return !(*this == other);
259 }
260
DecryptCardInfo()261 void FullWallet::DecryptCardInfo() {
262 // |encrypted_rest_| must be of length |kEncryptedRestSize| in order for
263 // decryption to succeed and the server will not pad it with zeros.
264 while (encrypted_rest_.size() < kEncryptedRestSize) {
265 encrypted_rest_ = '0' + encrypted_rest_;
266 }
267
268 DCHECK_EQ(kEncryptedRestSize, encrypted_rest_.size());
269
270 std::vector<uint8> operating_data;
271 // Convert |encrypted_rest_| to bytes so we can decrypt it with |otp|.
272 if (!base::HexStringToBytes(encrypted_rest_, &operating_data)) {
273 DLOG(ERROR) << "Failed to parse encrypted rest";
274 return;
275 }
276
277 // Ensure |one_time_pad_| and |encrypted_rest_| are of the same length
278 // otherwise something has gone wrong and we can't decrypt the data.
279 DCHECK_EQ(one_time_pad_.size(), operating_data.size());
280
281 std::vector<uint8> results;
282 // XOR |otp| with the encrypted data to decrypt.
283 for (size_t i = 0; i < one_time_pad_.size(); ++i)
284 results.push_back(one_time_pad_[i] ^ operating_data[i]);
285
286 // There is no uint8* to int64 so convert the decrypted data to hex and then
287 // parse the hex to an int64 before getting the int64 as a string.
288 std::string hex_decrypted = base::HexEncode(&(results[0]), results.size());
289
290 int64 decrypted;
291 if (!base::HexStringToInt64(hex_decrypted, &decrypted)) {
292 DLOG(ERROR) << "Failed to parse decrypted data in hex to int64";
293 return;
294 }
295 std::string card_info = base::Int64ToString(decrypted);
296
297 size_t padded_length = kPanSize - kBinSize + kCvnSize;
298 // |card_info| is PAN without the IIN concatenated with the CVN, i.e.
299 // PANPANPANPCVN. If what was decrypted is not of that size the front needs
300 // to be padded with 0's until it is.
301 if (card_info.size() != padded_length)
302 card_info.insert(card_info.begin(), padded_length - card_info.size(), '0');
303
304 // Separate out the PAN from the CVN.
305 size_t split = kPanSize - kBinSize;
306 cvn_ = card_info.substr(split);
307 pan_ = iin_ + card_info.substr(0, split);
308 }
309
GetPan()310 const std::string& FullWallet::GetPan() {
311 if (pan_.empty())
312 DecryptCardInfo();
313 return pan_;
314 }
315
GetCvn()316 const std::string& FullWallet::GetCvn() {
317 if (cvn_.empty())
318 DecryptCardInfo();
319 return cvn_;
320 }
321
322 } // namespace wallet
323 } // namespace autofill
324