1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/autofill/core/browser/password_generator.h"
6
7 #include <algorithm>
8 #include <vector>
9
10 #include "base/basictypes.h"
11 #include "base/rand_util.h"
12 #include "base/strings/string_util.h"
13 #include "third_party/fips181/fips181.h"
14
15 const int kMinUpper = 65; // First upper case letter 'A'
16 const int kMaxUpper = 90; // Last upper case letter 'Z'
17 const int kMinLower = 97; // First lower case letter 'a'
18 const int kMaxLower = 122; // Last lower case letter 'z'
19 const int kMinDigit = 48; // First digit '0'
20 const int kMaxDigit = 57; // Last digit '9'
21 const int kMinPasswordLength = 4;
22 const int kMaxPasswordLength = 15;
23
24 namespace {
25
26 // A helper function to get the length of the generated password from
27 // |max_length| retrieved from input password field.
GetLengthFromHint(int max_length,int default_length)28 int GetLengthFromHint(int max_length, int default_length) {
29 if (max_length >= kMinPasswordLength && max_length <= kMaxPasswordLength)
30 return max_length;
31 else
32 return default_length;
33 }
34
35 // We want the password to have uppercase, lowercase, and at least one number.
VerifyPassword(const std::string & password)36 bool VerifyPassword(const std::string& password) {
37 int num_lower_case = 0;
38 int num_upper_case = 0;
39 int num_digits = 0;
40
41 for (size_t i = 0; i < password.size(); ++i) {
42 if (password[i] >= kMinUpper && password[i] <= kMaxUpper)
43 ++num_upper_case;
44 if (password[i] >= kMinLower && password[i] <= kMaxLower)
45 ++num_lower_case;
46 if (password[i] >= kMinDigit && password[i] <= kMaxDigit)
47 ++num_digits;
48 }
49
50 return num_lower_case && num_upper_case && num_digits;
51 }
52
53 // Make sure that there is at least one upper case and one number in the
54 // password. Assume that there already exists a lower case letter as it's the
55 // default from gen_pron_pass.
ForceFixPassword(std::string * password)56 void ForceFixPassword(std::string* password) {
57 for (std::string::iterator iter = password->begin();
58 iter != password->end(); ++iter) {
59 if (islower(*iter)) {
60 *iter = base::ToUpperASCII(*iter);
61 break;
62 }
63 }
64 for (std::string::reverse_iterator iter = password->rbegin();
65 iter != password->rend(); ++iter) {
66 if (islower(*iter)) {
67 *iter = base::RandInt(kMinDigit, kMaxDigit);
68 break;
69 }
70 }
71 }
72
73 } // namespace
74
75 namespace autofill {
76
77 const int PasswordGenerator::kDefaultPasswordLength = 12;
78
PasswordGenerator(int max_length)79 PasswordGenerator::PasswordGenerator(int max_length)
80 : password_length_(GetLengthFromHint(max_length, kDefaultPasswordLength)) {}
~PasswordGenerator()81 PasswordGenerator::~PasswordGenerator() {}
82
Generate() const83 std::string PasswordGenerator::Generate() const {
84 char password[255];
85 char unused_hypenated_password[255];
86 // Generate passwords that have numbers and upper and lower case letters.
87 // No special characters included for now.
88 unsigned int mode = S_NB | S_CL | S_SL;
89
90 // gen_pron_pass() doesn't guarantee that it includes all of the type given
91 // in mode, so regenerate a few times if neccessary.
92 // TODO(gcasto): Is it worth regenerating at all?
93 for (int i = 0; i < 10; ++i) {
94 gen_pron_pass(password, unused_hypenated_password,
95 password_length_, password_length_, mode);
96 if (VerifyPassword(password))
97 break;
98 }
99
100 // If the password still isn't conforming after a few iterations, force it
101 // to be so. This may change a syllable in the password.
102 std::string str_password(password);
103 if (!VerifyPassword(str_password)) {
104 ForceFixPassword(&str_password);
105 }
106 return str_password;
107 }
108
109 } // namespace autofill
110