Chromium Code Reviews Chromium Code Reviews
Issue 11773037:
Implementation of sensitive card information escrowing (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/autofill/wallet/wallet_client.h" | 5 #include "chrome/browser/autofill/wallet/wallet_client.h" |
| 6 | 6 |
| 7 #include "base/json/json_reader.h" | 7 #include "base/json/json_reader.h" |
| 8 #include "base/json/json_writer.h" | 8 #include "base/json/json_writer.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| 11 #include "base/string_number_conversions.h" | 11 #include "base/string_number_conversions.h" |
| 12 #include "base/string_split.h" | 12 #include "base/string_split.h" |
| 13 #include "base/stringprintf.h" | 13 #include "base/stringprintf.h" |
| 14 #include "base/values.h" | 14 #include "base/values.h" |
| 15 #include "chrome/browser/autofill/wallet/cart.h" | 15 #include "chrome/browser/autofill/wallet/cart.h" |
| 16 #include "chrome/browser/autofill/wallet/full_wallet.h" | 16 #include "chrome/browser/autofill/wallet/full_wallet.h" |
| 17 #include "chrome/browser/autofill/wallet/wallet_address.h" | 17 #include "chrome/browser/autofill/wallet/wallet_address.h" |
| 18 #include "chrome/browser/autofill/wallet/wallet_items.h" | 18 #include "chrome/browser/autofill/wallet/wallet_items.h" |
| 19 #include "chrome/browser/autofill/wallet/wallet_service_url.h" | 19 #include "chrome/browser/autofill/wallet/wallet_service_url.h" |
| 20 #include "googleurl/src/gurl.h" | 20 #include "googleurl/src/gurl.h" |
| 21 #include "net/http/http_status_code.h" | 21 #include "net/http/http_status_code.h" |
| 22 #include "net/url_request/url_fetcher.h" | 22 #include "net/url_request/url_fetcher.h" |
| 23 #include "net/url_request/url_request_context_getter.h" | 23 #include "net/url_request/url_request_context_getter.h" |
| 24 | 24 |
| 25 namespace { | 25 namespace { |
| 26 | 26 |
| 27 const char kEncryptOtpBodyFormat[] = "cvv=%s:%s"; | 27 const char kEncryptOtpBodyFormat[] = "cvv=%s:%s"; |
| 28 const char kEscrowSensitiveInformationFormat[] = "gid=%s&cardNumber=%s&cvv=%s"; | |
| 28 const char kJsonMimeType[] = "application/json"; | 29 const char kJsonMimeType[] = "application/json"; |
| 29 const char kApplicationMimeType[] = "application/x-www-form-urlencoded"; | 30 const char kApplicationMimeType[] = "application/x-www-form-urlencoded"; |
| 30 const size_t kMaxBits = 63; | 31 const size_t kMaxBits = 63; |
| 31 | 32 |
| 32 } // anonymous namespace | 33 } // anonymous namespace |
| 33 | 34 |
| 34 namespace wallet { | 35 namespace wallet { |
| 35 | 36 |
| 36 void WalletClient::AcceptLegalDocuments( | 37 void WalletClient::AcceptLegalDocuments( |
| 37 const std::vector<std::string>& document_ids, | 38 const std::vector<std::string>& document_ids, |
| (...skipping 30 matching lines...) Expand all Loading... | |
| 68 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); | 69 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); |
| 69 size_t num_bits = length * 8; | 70 size_t num_bits = length * 8; |
| 70 DCHECK_LT(num_bits, kMaxBits); | 71 DCHECK_LT(num_bits, kMaxBits); |
| 71 | 72 |
| 72 request_type_ = ENCRYPT_OTP; | 73 request_type_ = ENCRYPT_OTP; |
| 73 | 74 |
| 74 std::string post_body = StringPrintf(kEncryptOtpBodyFormat, | 75 std::string post_body = StringPrintf(kEncryptOtpBodyFormat, |
| 75 base::HexEncode(&num_bits, 1).c_str(), | 76 base::HexEncode(&num_bits, 1).c_str(), |
| 76 base::HexEncode(otp, length).c_str()); | 77 base::HexEncode(otp, length).c_str()); |
| 77 | 78 |
| 78 MakeWalletRequest(GetSecureUrl(), post_body, observer, kApplicationMimeType); | 79 MakeWalletRequest(GetEncryptionUrl(), |
| 80 post_body, | |
| 81 observer, | |
| 82 kApplicationMimeType); | |
| 79 } | 83 } |
| 80 | 84 |
| 85 void WalletClient::EscrowSensitiveInformation( | |
| 86 const std::string& pan, | |
| 87 const std::string& cvn, | |
| 88 const std::string& obfuscated_gaia_id, | |
| 89 WalletClient::WalletClientObserver* observer) { | |
| 90 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); | |
| 91 | |
| 92 request_type_ = ESCROW_SENSITIVE_INFORMATION; | |
| 93 | |
| 94 std::string post_body = StringPrintf(kEscrowSensitiveInformationFormat, | |
| 95 obfuscated_gaia_id.c_str(), | |
| 96 pan.c_str(), | |
| 97 cvn.c_str()); | |
| 98 | |
| 99 MakeWalletRequest(GetEscrowUrl(), post_body, observer, kApplicationMimeType); | |
|
Raman Kakilate
2013/01/08 02:10:28
just being cautious: are these http get requests l
ahutter
2013/01/09 17:31:18
They are post params but I'm not entirely sure the
Raman Kakilate
2013/01/09 22:54:21
Ah. ok. "&" in the format confused me. Please che
| |
| 100 } | |
| 101 | |
| 102 | |
| 81 void WalletClient::GetFullWallet( | 103 void WalletClient::GetFullWallet( |
| 82 const std::string& instrument_id, | 104 const std::string& instrument_id, |
| 83 const std::string& address_id, | 105 const std::string& address_id, |
| 84 const std::string& merchant_domain, | 106 const std::string& merchant_domain, |
| 85 const Cart& cart, | 107 const Cart& cart, |
| 86 const std::string& google_transaction_id, | 108 const std::string& google_transaction_id, |
| 87 const std::string& encrypted_otp, | 109 const std::string& encrypted_otp, |
| 88 const std::string& session_material, | 110 const std::string& session_material, |
| 89 WalletClient::WalletClientObserver* observer) { | 111 WalletClient::WalletClientObserver* observer) { |
| 90 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); | 112 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 233 base::SplitString(data, '|', &splits); | 255 base::SplitString(data, '|', &splits); |
| 234 if (splits.size() == 2) | 256 if (splits.size() == 2) |
| 235 observer_->OnEncryptOtp(splits[1], splits[0]); | 257 observer_->OnEncryptOtp(splits[1], splits[0]); |
| 236 else | 258 else |
| 237 observer_->OnNetworkError(response_code); | 259 observer_->OnNetworkError(response_code); |
| 238 } else { | 260 } else { |
| 239 observer_->OnWalletError(); | 261 observer_->OnWalletError(); |
| 240 } | 262 } |
| 241 break; | 263 break; |
| 242 } | 264 } |
| 265 case ESCROW_SENSITIVE_INFORMATION: { | |
| 266 if (!data.empty()) | |
| 267 observer_->OnEscrowSensitiveInformation(data); | |
| 268 else | |
| 269 observer_->OnWalletError(); | |
| 270 break; | |
| 271 } | |
| 243 case GET_FULL_WALLET: { | 272 case GET_FULL_WALLET: { |
| 244 if (response_dict.get()) { | 273 if (response_dict.get()) { |
| 245 scoped_ptr<FullWallet> full_wallet( | 274 scoped_ptr<FullWallet> full_wallet( |
| 246 FullWallet::CreateFullWallet(*response_dict)); | 275 FullWallet::CreateFullWallet(*response_dict)); |
| 247 if (full_wallet.get()) | 276 if (full_wallet.get()) |
| 248 observer_->OnGetFullWallet(full_wallet.get()); | 277 observer_->OnGetFullWallet(full_wallet.get()); |
| 249 else | 278 else |
| 250 observer_->OnNetworkError(response_code); | 279 observer_->OnNetworkError(response_code); |
| 251 } else { | 280 } else { |
| 252 observer_->OnWalletError(); | 281 observer_->OnWalletError(); |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 276 : context_getter_(context_getter), | 305 : context_getter_(context_getter), |
| 277 observer_(NULL), | 306 observer_(NULL), |
| 278 request_type_(NO_PENDING_REQUEST) { | 307 request_type_(NO_PENDING_REQUEST) { |
| 279 DCHECK(context_getter); | 308 DCHECK(context_getter); |
| 280 } | 309 } |
| 281 | 310 |
| 282 WalletClient::~WalletClient() {} | 311 WalletClient::~WalletClient() {} |
| 283 | 312 |
| 284 } // namespace wallet | 313 } // namespace wallet |
| 285 | 314 |
| OLD | NEW |
