1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/autofill/core/browser/autofill_ie_toolbar_import_win.h"
6
7 #include <stddef.h>
8 #include <map>
9 #include <string>
10 #include <vector>
11
12 #include "base/basictypes.h"
13 #include "base/compiler_specific.h"
14 #include "base/logging.h"
15 #include "base/strings/string16.h"
16 #include "base/win/registry.h"
17 #include "components/autofill/core/browser/autofill_country.h"
18 #include "components/autofill/core/browser/autofill_profile.h"
19 #include "components/autofill/core/browser/credit_card.h"
20 #include "components/autofill/core/browser/crypto/rc4_decryptor.h"
21 #include "components/autofill/core/browser/field_types.h"
22 #include "components/autofill/core/browser/form_group.h"
23 #include "components/autofill/core/browser/personal_data_manager.h"
24 #include "components/autofill/core/browser/personal_data_manager_observer.h"
25 #include "components/autofill/core/browser/phone_number.h"
26 #include "components/autofill/core/browser/phone_number_i18n.h"
27 #include "components/os_crypt/os_crypt.h"
28
29 using base::win::RegKey;
30
31 namespace autofill {
32
33 // Forward declaration. This function is not in unnamed namespace as it
34 // is referenced in the unittest.
35 bool ImportCurrentUserProfiles(const std::string& app_locale,
36 std::vector<AutofillProfile>* profiles,
37 std::vector<CreditCard>* credit_cards);
38 namespace {
39
40 const wchar_t* const kProfileKey =
41 L"Software\\Google\\Google Toolbar\\4.0\\Autofill\\Profiles";
42 const wchar_t* const kCreditCardKey =
43 L"Software\\Google\\Google Toolbar\\4.0\\Autofill\\Credit Cards";
44 const wchar_t* const kPasswordHashValue = L"password_hash";
45 const wchar_t* const kSaltValue = L"salt";
46
47 // This string is stored along with saved addresses and credit cards in the
48 // WebDB, and hence should not be modified, so that it remains consistent over
49 // time.
50 const char kIEToolbarImportOrigin[] = "Imported from Internet Explorer";
51
52 // This is RC4 decryption for Toolbar credit card data. This is necessary
53 // because it is not standard, so Crypto API cannot be used.
DecryptCCNumber(const std::wstring & data)54 std::wstring DecryptCCNumber(const std::wstring& data) {
55 const wchar_t* kEmptyKey =
56 L"\x3605\xCEE5\xCE49\x44F7\xCF4E\xF6CC\x604B\xFCBE\xC70A\x08FD";
57 const size_t kMacLen = 10;
58
59 if (data.length() <= kMacLen)
60 return std::wstring();
61
62 RC4Decryptor rc4_algorithm(kEmptyKey);
63 return rc4_algorithm.Run(data.substr(kMacLen));
64 }
65
IsEmptySalt(std::wstring const & salt)66 bool IsEmptySalt(std::wstring const& salt) {
67 // Empty salt in IE Toolbar is \x1\x2...\x14
68 if (salt.length() != 20)
69 return false;
70 for (size_t i = 0; i < salt.length(); ++i) {
71 if (salt[i] != i + 1)
72 return false;
73 }
74 return true;
75 }
76
ReadAndDecryptValue(const RegKey & key,const wchar_t * value_name)77 base::string16 ReadAndDecryptValue(const RegKey& key,
78 const wchar_t* value_name) {
79 DWORD data_type = REG_BINARY;
80 DWORD data_size = 0;
81 LONG result = key.ReadValue(value_name, NULL, &data_size, &data_type);
82 if ((result != ERROR_SUCCESS) || !data_size || data_type != REG_BINARY)
83 return base::string16();
84 std::string data;
85 data.resize(data_size);
86 result = key.ReadValue(value_name, &(data[0]), &data_size, &data_type);
87 if (result == ERROR_SUCCESS) {
88 std::string out_data;
89 if (OSCrypt::DecryptString(data, &out_data)) {
90 // The actual data is in UTF16 already.
91 if (!(out_data.size() & 1) && (out_data.size() > 2) &&
92 !out_data[out_data.size() - 1] && !out_data[out_data.size() - 2]) {
93 return base::string16(
94 reinterpret_cast<const wchar_t *>(out_data.c_str()));
95 }
96 }
97 }
98 return base::string16();
99 }
100
101 struct {
102 ServerFieldType field_type;
103 const wchar_t *reg_value_name;
104 } profile_reg_values[] = {
105 { NAME_FIRST, L"name_first" },
106 { NAME_MIDDLE, L"name_middle" },
107 { NAME_LAST, L"name_last" },
108 { NAME_SUFFIX, L"name_suffix" },
109 { EMAIL_ADDRESS, L"email" },
110 { COMPANY_NAME, L"company_name" },
111 { PHONE_HOME_NUMBER, L"phone_home_number" },
112 { PHONE_HOME_CITY_CODE, L"phone_home_city_code" },
113 { PHONE_HOME_COUNTRY_CODE, L"phone_home_country_code" },
114 { ADDRESS_HOME_LINE1, L"address_home_line1" },
115 { ADDRESS_HOME_LINE2, L"address_home_line2" },
116 { ADDRESS_HOME_CITY, L"address_home_city" },
117 { ADDRESS_HOME_STATE, L"address_home_state" },
118 { ADDRESS_HOME_ZIP, L"address_home_zip" },
119 { ADDRESS_HOME_COUNTRY, L"address_home_country" },
120 { ADDRESS_BILLING_LINE1, L"address_billing_line1" },
121 { ADDRESS_BILLING_LINE2, L"address_billing_line2" },
122 { ADDRESS_BILLING_CITY, L"address_billing_city" },
123 { ADDRESS_BILLING_STATE, L"address_billing_state" },
124 { ADDRESS_BILLING_ZIP, L"address_billing_zip" },
125 { ADDRESS_BILLING_COUNTRY, L"address_billing_country" },
126 { CREDIT_CARD_NAME, L"credit_card_name" },
127 { CREDIT_CARD_NUMBER, L"credit_card_number" },
128 { CREDIT_CARD_EXP_MONTH, L"credit_card_exp_month" },
129 { CREDIT_CARD_EXP_4_DIGIT_YEAR, L"credit_card_exp_4_digit_year" },
130 { CREDIT_CARD_TYPE, L"credit_card_type" },
131 // We do not import verification code.
132 };
133
134 typedef std::map<std::wstring, ServerFieldType> RegToFieldMap;
135
136 // Imports address or credit card data from the given registry |key| into the
137 // given |form_group|, with the help of |reg_to_field|. When importing address
138 // data, writes the phone data into |phone|; otherwise, |phone| should be null.
139 // Returns true if any fields were set, false otherwise.
ImportSingleFormGroup(const RegKey & key,const RegToFieldMap & reg_to_field,const std::string & app_locale,FormGroup * form_group,PhoneNumber::PhoneCombineHelper * phone)140 bool ImportSingleFormGroup(const RegKey& key,
141 const RegToFieldMap& reg_to_field,
142 const std::string& app_locale,
143 FormGroup* form_group,
144 PhoneNumber::PhoneCombineHelper* phone) {
145 if (!key.Valid())
146 return false;
147
148 bool has_non_empty_fields = false;
149
150 for (uint32 i = 0; i < key.GetValueCount(); ++i) {
151 std::wstring value_name;
152 if (key.GetValueNameAt(i, &value_name) != ERROR_SUCCESS)
153 continue;
154
155 RegToFieldMap::const_iterator it = reg_to_field.find(value_name);
156 if (it == reg_to_field.end())
157 continue; // This field is not imported.
158
159 base::string16 field_value = ReadAndDecryptValue(key, value_name.c_str());
160 if (!field_value.empty()) {
161 if (it->second == CREDIT_CARD_NUMBER)
162 field_value = DecryptCCNumber(field_value);
163
164 // Phone numbers are stored piece-by-piece, and then reconstructed from
165 // the pieces. The rest of the fields are set "as is".
166 if (!phone || !phone->SetInfo(AutofillType(it->second), field_value)) {
167 has_non_empty_fields = true;
168 form_group->SetInfo(AutofillType(it->second), field_value, app_locale);
169 }
170 }
171 }
172
173 return has_non_empty_fields;
174 }
175
176 // Imports address data from the given registry |key| into the given |profile|,
177 // with the help of |reg_to_field|. Returns true if any fields were set, false
178 // otherwise.
ImportSingleProfile(const std::string & app_locale,const RegKey & key,const RegToFieldMap & reg_to_field,AutofillProfile * profile)179 bool ImportSingleProfile(const std::string& app_locale,
180 const RegKey& key,
181 const RegToFieldMap& reg_to_field,
182 AutofillProfile* profile) {
183 PhoneNumber::PhoneCombineHelper phone;
184 bool has_non_empty_fields =
185 ImportSingleFormGroup(key, reg_to_field, app_locale, profile, &phone);
186
187 // Now re-construct the phones if needed.
188 base::string16 constructed_number;
189 if (phone.ParseNumber(*profile, app_locale, &constructed_number)) {
190 has_non_empty_fields = true;
191 profile->SetRawInfo(PHONE_HOME_WHOLE_NUMBER, constructed_number);
192 }
193
194 return has_non_empty_fields;
195 }
196
197 // Imports profiles from the IE toolbar and stores them. Asynchronous
198 // if PersonalDataManager has not been loaded yet. Deletes itself on completion.
199 class AutofillImporter : public PersonalDataManagerObserver {
200 public:
AutofillImporter(PersonalDataManager * personal_data_manager)201 explicit AutofillImporter(PersonalDataManager* personal_data_manager)
202 : personal_data_manager_(personal_data_manager) {
203 personal_data_manager_->AddObserver(this);
204 }
205
ImportProfiles()206 bool ImportProfiles() {
207 if (!ImportCurrentUserProfiles(personal_data_manager_->app_locale(),
208 &profiles_,
209 &credit_cards_)) {
210 delete this;
211 return false;
212 }
213 if (personal_data_manager_->IsDataLoaded())
214 OnPersonalDataChanged();
215 return true;
216 }
217
218 // PersonalDataManagerObserver:
OnPersonalDataChanged()219 virtual void OnPersonalDataChanged() OVERRIDE {
220 for (std::vector<AutofillProfile>::const_iterator iter = profiles_.begin();
221 iter != profiles_.end(); ++iter) {
222 personal_data_manager_->AddProfile(*iter);
223 }
224 for (std::vector<CreditCard>::const_iterator iter = credit_cards_.begin();
225 iter != credit_cards_.end(); ++iter) {
226 personal_data_manager_->AddCreditCard(*iter);
227 }
228 delete this;
229 }
230
231 private:
~AutofillImporter()232 ~AutofillImporter() {
233 personal_data_manager_->RemoveObserver(this);
234 }
235
236 PersonalDataManager* personal_data_manager_;
237 std::vector<AutofillProfile> profiles_;
238 std::vector<CreditCard> credit_cards_;
239 };
240
241 } // namespace
242
243 // Imports Autofill profiles and credit cards from IE Toolbar if present and not
244 // password protected. Returns true if data is successfully retrieved. False if
245 // there is no data, data is password protected or error occurred.
ImportCurrentUserProfiles(const std::string & app_locale,std::vector<AutofillProfile> * profiles,std::vector<CreditCard> * credit_cards)246 bool ImportCurrentUserProfiles(const std::string& app_locale,
247 std::vector<AutofillProfile>* profiles,
248 std::vector<CreditCard>* credit_cards) {
249 DCHECK(profiles);
250 DCHECK(credit_cards);
251
252 // Create a map of possible fields for a quick access.
253 RegToFieldMap reg_to_field;
254 for (size_t i = 0; i < arraysize(profile_reg_values); ++i) {
255 reg_to_field[std::wstring(profile_reg_values[i].reg_value_name)] =
256 profile_reg_values[i].field_type;
257 }
258
259 base::win::RegistryKeyIterator iterator_profiles(HKEY_CURRENT_USER,
260 kProfileKey);
261 for (; iterator_profiles.Valid(); ++iterator_profiles) {
262 std::wstring key_name(kProfileKey);
263 key_name.append(L"\\");
264 key_name.append(iterator_profiles.Name());
265 RegKey key(HKEY_CURRENT_USER, key_name.c_str(), KEY_READ);
266 AutofillProfile profile;
267 profile.set_origin(kIEToolbarImportOrigin);
268 if (ImportSingleProfile(app_locale, key, reg_to_field, &profile)) {
269 // Combine phones into whole phone #.
270 profiles->push_back(profile);
271 }
272 }
273 base::string16 password_hash;
274 base::string16 salt;
275 RegKey cc_key(HKEY_CURRENT_USER, kCreditCardKey, KEY_READ);
276 if (cc_key.Valid()) {
277 password_hash = ReadAndDecryptValue(cc_key, kPasswordHashValue);
278 salt = ReadAndDecryptValue(cc_key, kSaltValue);
279 }
280
281 // We import CC profiles only if they are not password protected.
282 if (password_hash.empty() && IsEmptySalt(salt)) {
283 base::win::RegistryKeyIterator iterator_cc(HKEY_CURRENT_USER,
284 kCreditCardKey);
285 for (; iterator_cc.Valid(); ++iterator_cc) {
286 std::wstring key_name(kCreditCardKey);
287 key_name.append(L"\\");
288 key_name.append(iterator_cc.Name());
289 RegKey key(HKEY_CURRENT_USER, key_name.c_str(), KEY_READ);
290 CreditCard credit_card;
291 credit_card.set_origin(kIEToolbarImportOrigin);
292 if (ImportSingleFormGroup(
293 key, reg_to_field, app_locale, &credit_card, NULL)) {
294 base::string16 cc_number = credit_card.GetRawInfo(CREDIT_CARD_NUMBER);
295 if (!cc_number.empty())
296 credit_cards->push_back(credit_card);
297 }
298 }
299 }
300 return (profiles->size() + credit_cards->size()) > 0;
301 }
302
ImportAutofillDataWin(PersonalDataManager * pdm)303 bool ImportAutofillDataWin(PersonalDataManager* pdm) {
304 // In incognito mode we do not have PDM - and we should not import anything.
305 if (!pdm)
306 return false;
307 AutofillImporter *importer = new AutofillImporter(pdm);
308 // importer will self delete.
309 return importer->ImportProfiles();
310 }
311
312 } // namespace autofill
313