• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "components/autofill/content/browser/wallet/full_wallet.h"
6 
7 #include "base/logging.h"
8 #include "base/strings/string_number_conversions.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "base/values.h"
11 #include "components/autofill/core/browser/autofill_type.h"
12 #include "components/autofill/core/browser/credit_card.h"
13 
14 namespace {
15 
16 const size_t kPanSize = 16;
17 const size_t kBinSize = 6;
18 const size_t kCvnSize = 3;
19 const size_t kEncryptedRestSize = 12;
20 
21 }  // anonymous namespace
22 
23 namespace autofill {
24 namespace wallet {
25 
FullWallet(int expiration_month,int expiration_year,const std::string & iin,const std::string & encrypted_rest,scoped_ptr<Address> billing_address,scoped_ptr<Address> shipping_address,const std::vector<RequiredAction> & required_actions)26 FullWallet::FullWallet(int expiration_month,
27                        int expiration_year,
28                        const std::string& iin,
29                        const std::string& encrypted_rest,
30                        scoped_ptr<Address> billing_address,
31                        scoped_ptr<Address> shipping_address,
32                        const std::vector<RequiredAction>& required_actions)
33     : expiration_month_(expiration_month),
34       expiration_year_(expiration_year),
35       iin_(iin),
36       encrypted_rest_(encrypted_rest),
37       billing_address_(billing_address.Pass()),
38       shipping_address_(shipping_address.Pass()),
39       required_actions_(required_actions) {
40   DCHECK(required_actions_.size() > 0 || billing_address_.get());
41 }
42 
~FullWallet()43 FullWallet::~FullWallet() {}
44 
45 // static
46 scoped_ptr<FullWallet>
CreateFullWallet(const DictionaryValue & dictionary)47     FullWallet::CreateFullWallet(const DictionaryValue& dictionary) {
48   const ListValue* required_actions_list;
49   std::vector<RequiredAction> required_actions;
50   if (dictionary.GetList("required_action", &required_actions_list)) {
51     for (size_t i = 0; i < required_actions_list->GetSize(); ++i) {
52       std::string action_string;
53       if (required_actions_list->GetString(i, &action_string)) {
54         RequiredAction action = ParseRequiredActionFromString(action_string);
55         if (!ActionAppliesToFullWallet(action)) {
56           DLOG(ERROR) << "Response from Google wallet with bad required action:"
57                          " \"" << action_string << "\"";
58           return scoped_ptr<FullWallet>();
59         }
60         required_actions.push_back(action);
61       }
62     }
63     if (required_actions.size() > 0) {
64       return scoped_ptr<FullWallet>(new FullWallet(-1,
65                                                    -1,
66                                                    std::string(),
67                                                    std::string(),
68                                                    scoped_ptr<Address>(),
69                                                    scoped_ptr<Address>(),
70                                                    required_actions));
71     }
72   } else {
73     DVLOG(1) << "Response from Google wallet missing required actions";
74   }
75 
76   int expiration_month;
77   if (!dictionary.GetInteger("expiration_month", &expiration_month)) {
78     DLOG(ERROR) << "Response from Google wallet missing expiration month";
79     return scoped_ptr<FullWallet>();
80   }
81 
82   int expiration_year;
83   if (!dictionary.GetInteger("expiration_year", &expiration_year)) {
84     DLOG(ERROR) << "Response from Google wallet missing expiration year";
85     return scoped_ptr<FullWallet>();
86   }
87 
88   std::string iin;
89   if (!dictionary.GetString("iin", &iin)) {
90     DLOG(ERROR) << "Response from Google wallet missing iin";
91     return scoped_ptr<FullWallet>();
92   }
93 
94   std::string encrypted_rest;
95   if (!dictionary.GetString("rest", &encrypted_rest)) {
96     DLOG(ERROR) << "Response from Google wallet missing rest";
97     return scoped_ptr<FullWallet>();
98   }
99 
100   const DictionaryValue* billing_address_dict;
101   if (!dictionary.GetDictionary("billing_address", &billing_address_dict)) {
102     DLOG(ERROR) << "Response from Google wallet missing billing address";
103     return scoped_ptr<FullWallet>();
104   }
105 
106   scoped_ptr<Address> billing_address =
107       Address::CreateAddress(*billing_address_dict);
108   if (!billing_address.get()) {
109     DLOG(ERROR) << "Response from Google wallet has malformed billing address";
110     return scoped_ptr<FullWallet>();
111   }
112 
113   const DictionaryValue* shipping_address_dict;
114   scoped_ptr<Address> shipping_address;
115   if (dictionary.GetDictionary("shipping_address", &shipping_address_dict)) {
116     shipping_address =
117         Address::CreateAddressWithID(*shipping_address_dict);
118   } else {
119     DVLOG(1) << "Response from Google wallet missing shipping address";
120   }
121 
122   return scoped_ptr<FullWallet>(new FullWallet(expiration_month,
123                                                expiration_year,
124                                                iin,
125                                                encrypted_rest,
126                                                billing_address.Pass(),
127                                                shipping_address.Pass(),
128                                                required_actions));
129 }
130 
131 // static
132 scoped_ptr<FullWallet>
CreateFullWalletFromClearText(int expiration_month,int expiration_year,const std::string & pan,const std::string & cvn,scoped_ptr<Address> billing_address,scoped_ptr<Address> shipping_address)133     FullWallet::CreateFullWalletFromClearText(
134         int expiration_month,
135         int expiration_year,
136         const std::string& pan,
137         const std::string& cvn,
138         scoped_ptr<Address> billing_address,
139         scoped_ptr<Address> shipping_address) {
140   DCHECK(billing_address);
141   DCHECK(!pan.empty());
142   DCHECK(!cvn.empty());
143 
144   scoped_ptr<FullWallet> wallet(new FullWallet(
145       expiration_month,
146       expiration_year,
147       std::string(),  // no iin -- clear text pan/cvn are set below.
148       std::string(),  // no encrypted_rest -- clear text pan/cvn are set below.
149       billing_address.Pass(),
150       shipping_address.Pass(),
151       std::vector<RequiredAction>()));  // no required actions in clear text.
152   wallet->pan_ = pan;
153   wallet->cvn_ = cvn;
154   return wallet.Pass();
155 }
156 
GetInfo(const AutofillType & type)157 base::string16 FullWallet::GetInfo(const AutofillType& type) {
158   switch (type.GetStorableType()) {
159     case CREDIT_CARD_NUMBER:
160       return UTF8ToUTF16(GetPan());
161 
162     case CREDIT_CARD_NAME:
163       return billing_address()->recipient_name();
164 
165     case CREDIT_CARD_VERIFICATION_CODE:
166       return UTF8ToUTF16(GetCvn());
167 
168     case CREDIT_CARD_EXP_MONTH:
169       if (expiration_month() == 0)
170         return base::string16();
171       return base::IntToString16(expiration_month());
172 
173     case CREDIT_CARD_EXP_4_DIGIT_YEAR:
174       if (expiration_year() == 0)
175         return base::string16();
176       return base::IntToString16(expiration_year());
177 
178     case CREDIT_CARD_EXP_2_DIGIT_YEAR:
179       if (expiration_year() == 0)
180         return base::string16();
181       return base::IntToString16(expiration_year() % 100);
182 
183     case CREDIT_CARD_EXP_DATE_2_DIGIT_YEAR:
184       if (expiration_month() == 0 || expiration_year() == 0)
185             return base::string16();
186       return base::IntToString16(expiration_month()) + ASCIIToUTF16("/") +
187              base::IntToString16(expiration_year() % 100);
188 
189     case CREDIT_CARD_EXP_DATE_4_DIGIT_YEAR:
190       if (expiration_month() == 0 || expiration_year() == 0)
191             return base::string16();
192       return base::IntToString16(expiration_month()) + ASCIIToUTF16("/") +
193              base::IntToString16(expiration_year());
194 
195     case CREDIT_CARD_TYPE: {
196       std::string internal_type =
197           CreditCard::GetCreditCardType(UTF8ToUTF16(GetPan()));
198       if (internal_type == kGenericCard)
199         return base::string16();
200       return CreditCard::TypeForDisplay(internal_type);
201     }
202 
203     default:
204       NOTREACHED();
205   }
206 
207   return base::string16();
208 }
209 
HasRequiredAction(RequiredAction action) const210 bool FullWallet::HasRequiredAction(RequiredAction action) const {
211   DCHECK(ActionAppliesToFullWallet(action));
212   return std::find(required_actions_.begin(),
213                    required_actions_.end(),
214                    action) != required_actions_.end();
215 }
216 
TypeAndLastFourDigits()217 base::string16 FullWallet::TypeAndLastFourDigits() {
218   CreditCard card;
219   card.SetRawInfo(CREDIT_CARD_NUMBER,
220                   GetInfo(AutofillType(CREDIT_CARD_NUMBER)));
221   return card.TypeAndLastFourDigits();
222 }
223 
operator ==(const FullWallet & other) const224 bool FullWallet::operator==(const FullWallet& other) const {
225   if (expiration_month_ != other.expiration_month_)
226     return false;
227 
228   if (expiration_year_ != other.expiration_year_)
229     return false;
230 
231   if (iin_ != other.iin_)
232     return false;
233 
234   if (encrypted_rest_ != other.encrypted_rest_)
235     return false;
236 
237   if (billing_address_.get() && other.billing_address_.get()) {
238     if (*billing_address_.get() != *other.billing_address_.get())
239       return false;
240   } else if (billing_address_.get() || other.billing_address_.get()) {
241     return false;
242   }
243 
244   if (shipping_address_.get() && other.shipping_address_.get()) {
245     if (*shipping_address_.get() != *other.shipping_address_.get())
246       return false;
247   } else if (shipping_address_.get() || other.shipping_address_.get()) {
248     return false;
249   }
250 
251   if (required_actions_ != other.required_actions_)
252     return false;
253 
254   return true;
255 }
256 
operator !=(const FullWallet & other) const257 bool FullWallet::operator!=(const FullWallet& other) const {
258   return !(*this == other);
259 }
260 
DecryptCardInfo()261 void FullWallet::DecryptCardInfo() {
262   // |encrypted_rest_| must be of length |kEncryptedRestSize| in order for
263   // decryption to succeed and the server will not pad it with zeros.
264   while (encrypted_rest_.size() < kEncryptedRestSize) {
265     encrypted_rest_ = '0' + encrypted_rest_;
266   }
267 
268   DCHECK_EQ(kEncryptedRestSize, encrypted_rest_.size());
269 
270   std::vector<uint8> operating_data;
271   // Convert |encrypted_rest_| to bytes so we can decrypt it with |otp|.
272   if (!base::HexStringToBytes(encrypted_rest_, &operating_data)) {
273     DLOG(ERROR) << "Failed to parse encrypted rest";
274     return;
275   }
276 
277   // Ensure |one_time_pad_| and |encrypted_rest_| are of the same length
278   // otherwise something has gone wrong and we can't decrypt the data.
279   DCHECK_EQ(one_time_pad_.size(), operating_data.size());
280 
281   std::vector<uint8> results;
282   // XOR |otp| with the encrypted data to decrypt.
283   for (size_t i = 0; i < one_time_pad_.size(); ++i)
284     results.push_back(one_time_pad_[i] ^ operating_data[i]);
285 
286   // There is no uint8* to int64 so convert the decrypted data to hex and then
287   // parse the hex to an int64 before getting the int64 as a string.
288   std::string hex_decrypted = base::HexEncode(&(results[0]), results.size());
289 
290   int64 decrypted;
291   if (!base::HexStringToInt64(hex_decrypted, &decrypted)) {
292     DLOG(ERROR) << "Failed to parse decrypted data in hex to int64";
293     return;
294   }
295   std::string card_info = base::Int64ToString(decrypted);
296 
297   size_t padded_length = kPanSize - kBinSize + kCvnSize;
298   // |card_info| is PAN without the IIN concatenated with the CVN, i.e.
299   // PANPANPANPCVN. If what was decrypted is not of that size the front needs
300   // to be padded with 0's until it is.
301   if (card_info.size() != padded_length)
302     card_info.insert(card_info.begin(), padded_length - card_info.size(), '0');
303 
304   // Separate out the PAN from the CVN.
305   size_t split = kPanSize - kBinSize;
306   cvn_ = card_info.substr(split);
307   pan_ = iin_ + card_info.substr(0, split);
308 }
309 
GetPan()310 const std::string& FullWallet::GetPan() {
311   if (pan_.empty())
312     DecryptCardInfo();
313   return pan_;
314 }
315 
GetCvn()316 const std::string& FullWallet::GetCvn() {
317   if (cvn_.empty())
318     DecryptCardInfo();
319   return cvn_;
320 }
321 
322 }  // namespace wallet
323 }  // namespace autofill
324