Fix KeychainItemForForm so that it understands not to specify a path in case of Android credentials

chrome/browser/password_manager/password_store_mac_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/password_store_mac.h"
 
 #include "base/basictypes.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/scoped_observer.h"
 #include "base/stl_util.h"
@@ skipping 279 matching lines @@
         {kSecAuthenticationTypeDefault,
          "a.server.com",
          kSecProtocolTypeFTP,
          NULL,
          0,
          NULL,
          "20010203040",
          "abc",
          "123",
          false},
+        // Password for an Android application.
+        {kSecAuthenticationTypeHTMLForm,
+         "android://hash@com.domain.some/",
+         kSecProtocolTypeHTTP,
+         "",
+         0,
+         NULL,
+         "20150515141312Z",
+         "joe_user",
+         "secret",
+         false},
     };
 
     keychain_ = new MockAppleKeychain();
 
     for (unsigned int i = 0; i < arraysize(test_data); ++i) {
       keychain_->AddTestItem(test_data[i]);
     }
   }
 
   void TearDown() override {
@@ skipping 62 matching lines @@
       "http://some.domain.com:4567/insecure.html", L"basic_auth_user", L"basic",
       false, 1998, 03, 30, 10, 00, 00 },
     { PasswordForm::SCHEME_DIGEST, "https://some.domain.com/high_security",
       "https://some.domain.com/", L"digest_auth_user", L"digest", true,
       1998,  3, 30, 10,  0,  0 },
     // This one gives us an invalid date, which we will treat as a "NULL" date
     // which is 1601.
     { PasswordForm::SCHEME_OTHER, "http://a.server.com/",
       "http://a.server.com/", L"abc", L"123", false,
       1601,  1,  1,  0,  0,  0 },
+    { PasswordForm::SCHEME_HTML, "android://hash@com.domain.some/",
+      "", L"joe_user", L"secret", true,
+      2015,  5,  15, 14, 13, 12 },
   };
 
   for (unsigned int i = 0; i < arraysize(expected); ++i) {
     // Create our fake KeychainItemRef; see MockAppleKeychain docs.
     SecKeychainItemRef keychain_item =
         reinterpret_cast<SecKeychainItemRef>(i + 1);
     PasswordForm form;
     bool parsed = internal_keychain_helpers::FillPasswordFormFromKeychainItem(
         *keychain_, keychain_item, &form, true);
 
@@ skipping 207 matching lines @@
           << " of base form " << i;
     }
   }
 }
 
 TEST_F(PasswordStoreMacInternalsTest, TestKeychainAdd) {
   struct TestDataAndExpectation {
     PasswordFormData data;
     bool should_succeed;
   };
+  /* clang-format off */
   TestDataAndExpectation test_data[] = {
     // Test a variety of scheme/port/protocol/path variations.
     { { PasswordForm::SCHEME_HTML, "http://web.site.com/",
         "http://web.site.com/path/to/page.html", NULL, NULL, NULL, NULL,
         L"anonymous", L"knock-knock", false, false, 0 }, true },
     { { PasswordForm::SCHEME_HTML, "https://web.site.com/",
         "https://web.site.com/", NULL, NULL, NULL, NULL,
         L"admin", L"p4ssw0rd", false, false, 0 }, true },
     { { PasswordForm::SCHEME_BASIC, "http://a.site.com:2222/therealm",
         "http://a.site.com:2222/", NULL, NULL, NULL, NULL,
         L"username", L"password", false, false, 0 }, true },
     { { PasswordForm::SCHEME_DIGEST, "https://digest.site.com/differentrealm",
         "https://digest.site.com/secure.html", NULL, NULL, NULL, NULL,
         L"testname", L"testpass", false, false, 0 }, true },
+    // Test that Android credentials can be stored. Also check the legacy form
+    // when |origin| was still filled with the Android URI (and not left empty).
+    { { PasswordForm::SCHEME_HTML, "android://hash@com.example.alpha/",
+        "", NULL, NULL, NULL, NULL,
+        L"joe_user", L"password", false, true, 0 }, true },
+    { { PasswordForm::SCHEME_HTML, "android://hash@com.example.beta/",
+        "android://hash@com.example.beta/", NULL, NULL, NULL, NULL,
+        L"jane_user", L"password2", false, true, 0 }, true },
     // Make sure that garbage forms are rejected.
     { { PasswordForm::SCHEME_HTML, "gobbledygook",
         "gobbledygook", NULL, NULL, NULL, NULL,
         L"anonymous", L"knock-knock", false, false, 0 }, false },
     // Test that failing to update a duplicate (forced using the magic failure
     // password; see MockAppleKeychain::ItemModifyAttributesAndData) is
     // reported.
     { { PasswordForm::SCHEME_HTML, "http://some.domain.com",
         "http://some.domain.com/insecure.html", NULL, NULL, NULL, NULL,
         L"joe_user", L"fail_me", false, false, 0 }, false },
   };
+  /* clang-format on */
 
   MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_);
   owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
 
   for (unsigned int i = 0; i < arraysize(test_data); ++i) {
     scoped_ptr<PasswordForm> in_form =
         CreatePasswordFormFromDataForTesting(test_data[i].data);
     bool add_succeeded = owned_keychain_adapter.AddPassword(*in_form);
     EXPECT_EQ(test_data[i].should_succeed, add_succeeded);
     if (add_succeeded) {
       EXPECT_TRUE(owned_keychain_adapter.HasPasswordsMergeableWithForm(
           *in_form));
       EXPECT_TRUE(owned_keychain_adapter.HasPasswordExactlyMatchingForm(
           *in_form));
     }
   }
 
   // Test that adding duplicate item updates the existing item.
+  // TODO(engedy): Add a test to verify that updating Android credentials work.
+  // See: https://crbug.com/476851.
   {
     PasswordFormData data = {
       PasswordForm::SCHEME_HTML, "http://some.domain.com",
       "http://some.domain.com/insecure.html", NULL,
       NULL, NULL, NULL, L"joe_user", L"updated_password", false, false, 0
     };
     scoped_ptr<PasswordForm> update_form =
         CreatePasswordFormFromDataForTesting(data);
     MacKeychainPasswordFormAdapter keychain_adapter(keychain_);
     EXPECT_TRUE(keychain_adapter.AddPassword(*update_form));
     SecKeychainItemRef keychain_item = reinterpret_cast<SecKeychainItemRef>(2);
     PasswordForm stored_form;
     internal_keychain_helpers::FillPasswordFormFromKeychainItem(*keychain_,
                                                                 keychain_item,
                                                                 &stored_form,
                                                                 true);
     EXPECT_EQ(update_form->password_value, stored_form.password_value);
   }
 }
 
 TEST_F(PasswordStoreMacInternalsTest, TestKeychainRemove) {
   struct TestDataAndExpectation {
     PasswordFormData data;
     bool should_succeed;
   };
+  /* clang-format off */
   TestDataAndExpectation test_data[] = {
     // Test deletion of an item that we add.
     { { PasswordForm::SCHEME_HTML, "http://web.site.com/",
         "http://web.site.com/path/to/page.html", NULL, NULL, NULL, NULL,
         L"anonymous", L"knock-knock", false, false, 0 }, true },
+    // Test that Android credentials can be removed. Also check the legacy case
+    // when |origin| was still filled with the Android URI (and not left empty).
+    { { PasswordForm::SCHEME_HTML, "android://hash@com.example.alpha/",
+        "", NULL, NULL, NULL, NULL,
+        L"joe_user", L"secret", false, true, 0 }, true },
+    { { PasswordForm::SCHEME_HTML, "android://hash@com.example.beta/",
+        "android://hash@com.example.beta/", NULL, NULL, NULL, NULL,
+        L"jane_user", L"secret", false, true, 0 }, true },
     // Make sure we don't delete items we don't own.
     { { PasswordForm::SCHEME_HTML, "http://some.domain.com/",
         "http://some.domain.com/insecure.html", NULL, NULL, NULL, NULL,
         L"joe_user", NULL, true, false, 0 }, false },
   };
+  /* clang-format on */
 
   MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_);
   owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
 
-  // Add our test item so that we can delete it.
-  scoped_ptr<PasswordForm> add_form =
-      CreatePasswordFormFromDataForTesting(test_data[0].data);
-  EXPECT_TRUE(owned_keychain_adapter.AddPassword(*add_form));
+  // Add our test items (except the last one) so that we can delete them.
+  for (unsigned int i = 0; i + 1 < arraysize(test_data); ++i) {
+    scoped_ptr<PasswordForm> add_form =
+        CreatePasswordFormFromDataForTesting(test_data[i].data);
+    EXPECT_TRUE(owned_keychain_adapter.AddPassword(*add_form));
+  }
 
   for (unsigned int i = 0; i < arraysize(test_data); ++i) {
     scoped_ptr<PasswordForm> form =
         CreatePasswordFormFromDataForTesting(test_data[i].data);
     EXPECT_EQ(test_data[i].should_succeed,
               owned_keychain_adapter.RemovePassword(*form));
 
     MacKeychainPasswordFormAdapter keychain_adapter(keychain_);
     bool match = keychain_adapter.HasPasswordExactlyMatchingForm(*form);
     EXPECT_EQ(test_data[i].should_succeed, !match);
@@ skipping 374 matching lines @@
       L"testname", L"testpass", false, false, 0 },
   };
   for (unsigned int i = 0; i < arraysize(owned_password_data); ++i) {
     scoped_ptr<PasswordForm> form =
         CreatePasswordFormFromDataForTesting(owned_password_data[i]);
     owned_keychain_adapter.AddPassword(*form);
   }
 
   ScopedVector<autofill::PasswordForm> all_passwords =
       keychain_adapter.GetAllPasswordFormPasswords();
-  EXPECT_EQ(8 + arraysize(owned_password_data), all_passwords.size());
+  EXPECT_EQ(9 + arraysize(owned_password_data), all_passwords.size());
 
   ScopedVector<autofill::PasswordForm> owned_passwords =
       owned_keychain_adapter.GetAllPasswordFormPasswords();
   EXPECT_EQ(arraysize(owned_password_data), owned_passwords.size());
 }
 
 #pragma mark -
 
 class PasswordStoreMacTest : public testing::Test {
  public:
@@ skipping 577 matching lines @@
   query_form.password_value.clear();
   query_form.username_value.clear();
   EXPECT_CALL(mock_consumer, OnGetPasswordStoreResultsConstRef(SizeIs(1u)))
       .WillOnce(
           DoAll(SaveACopyOfFirstForm(&returned_form), QuitUIMessageLoop()));
   store()->GetLogins(query_form, PasswordStore::ALLOW_PROMPT, &mock_consumer);
   base::MessageLoop::current()->Run();
   ::testing::Mock::VerifyAndClearExpectations(&mock_consumer);
   EXPECT_EQ(form, returned_form);
 }