Implementation of sensitive card information escrowing

chrome/browser/autofill/wallet/wallet_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/autofill/wallet/wallet_client.h"
 
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/string_number_conversions.h"
 #include "base/string_split.h"
 #include "base/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/autofill/wallet/cart.h"
 #include "chrome/browser/autofill/wallet/full_wallet.h"
 #include "chrome/browser/autofill/wallet/wallet_address.h"
 #include "chrome/browser/autofill/wallet/wallet_items.h"
 #include "chrome/browser/autofill/wallet/wallet_service_url.h"
 #include "googleurl/src/gurl.h"
 #include "net/http/http_status_code.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 
 namespace {
 
 const char kEncryptOtpBodyFormat[] = "cvv=%s:%s";
+const char kEscrowSensitiveInformationFormat[] = "gid=%s&cardNumber=%s&cvv=%s";
 const char kJsonMimeType[] = "application/json";
 const char kApplicationMimeType[] = "application/x-www-form-urlencoded";
 const size_t kMaxBits = 63;
 
 }  // anonymous namespace
 
 namespace wallet {
 
 void WalletClient::AcceptLegalDocuments(
     const std::vector<std::string>& document_ids,
@@ skipping 30 matching lines @@
   DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
   size_t num_bits = length * 8;
   DCHECK_LT(num_bits, kMaxBits);
 
   request_type_ = ENCRYPT_OTP;
 
   std::string post_body = StringPrintf(kEncryptOtpBodyFormat,
                                        base::HexEncode(&num_bits, 1).c_str(),
                                        base::HexEncode(otp, length).c_str());
 
-  MakeWalletRequest(GetSecureUrl(), post_body, observer, kApplicationMimeType);
+  MakeWalletRequest(GetEncryptionUrl(),
+                    post_body,
+                    observer,
+                    kApplicationMimeType);
 }
 
+void WalletClient::EscrowSensitiveInformation(
+    const std::string& pan,
+    const std::string& cvn,
+    const std::string& obfuscated_gaia_id,
+    WalletClient::WalletClientObserver* observer) {
+  DCHECK_EQ(request_type_, NO_PENDING_REQUEST);

[Ilya Sherman, 2013/01/09 23:30:48]

nit: Swap the argument order.  To see why, try changing NO_PENDING_REQUEST to
something else, and see what the error message looks like.  For whatever reason
DCHECK_EQ, expects the reverse argument order than what feels natural (to me, at
least) :/

[ahutter, 2013/01/10 00:24:46]

Done.

+

[Ilya Sherman, 2013/01/09 23:30:48]

Optional nit: Omit this empty line IMO

[ahutter, 2013/01/10 00:24:46]

Done.

+  request_type_ = ESCROW_SENSITIVE_INFORMATION;
+
+  std::string post_body = StringPrintf(kEscrowSensitiveInformationFormat,
+                                       obfuscated_gaia_id.c_str(),
+                                       pan.c_str(),
+                                       cvn.c_str());
+
+  MakeWalletRequest(GetEscrowUrl(), post_body, observer, kApplicationMimeType);
+}
+
+
 void WalletClient::GetFullWallet(
     const std::string& instrument_id,
     const std::string& address_id,
     const std::string& merchant_domain,
     const Cart& cart,
     const std::string& google_transaction_id,
     const std::string& encrypted_otp,
     const std::string& session_material,
     WalletClient::WalletClientObserver* observer) {
   DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
@@ skipping 142 matching lines @@
         base::SplitString(data, '|', &splits);
         if (splits.size() == 2)
           observer_->OnEncryptOtp(splits[1], splits[0]);
         else
           observer_->OnNetworkError(response_code);
       } else {
         observer_->OnWalletError();
       }
       break;
     }
+    case ESCROW_SENSITIVE_INFORMATION: {
+      if (!data.empty())
+        observer_->OnEscrowSensitiveInformation(data);
+      else
+        observer_->OnWalletError();
+      break;
+    }

[Ilya Sherman, 2013/01/09 23:30:48]

nit: No need for curly braces.

[ahutter, 2013/01/10 00:24:46]

They're there for consistency but I can drop them if you'd like.

[Ilya Sherman, 2013/01/10 00:35:40]

I don't think they're needed for any of the cases.  Even when they are, the
style I've seen in other Chrome files is to only include them on specific cases
that need 'em.

     case GET_FULL_WALLET: {
       if (response_dict.get()) {
         scoped_ptr<FullWallet> full_wallet(
             FullWallet::CreateFullWallet(*response_dict));
         if (full_wallet.get())
           observer_->OnGetFullWallet(full_wallet.get());
         else
           observer_->OnNetworkError(response_code);
       } else {
         observer_->OnWalletError();
@@ skipping 23 matching lines @@
     : context_getter_(context_getter),
       observer_(NULL),
       request_type_(NO_PENDING_REQUEST) {
   DCHECK(context_getter);
 }
 
 WalletClient::~WalletClient() {}
 
 }  // namespace wallet