Implementation of sensitive card information escrowing

chrome/browser/autofill/wallet/wallet_client.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_AUTOFILL_WALLET_WALLET_CLIENT_H_
 #define CHROME_BROWSER_AUTOFILL_WALLET_WALLET_CLIENT_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 23 matching lines @@
   // WalletClientObserver with the response from the Online Wallet backend.
   class WalletClientObserver {
    public:
     // Called when an AcceptLegalDocuments request finishes successfully.
     virtual void OnAcceptLegalDocuments() = 0;
 
     // Called when an EncryptOtp request finishes successfully.
     virtual void OnEncryptOtp(const std::string& encrypted_otp,
                               const std::string& session_material) = 0;
 
+    // Called when an EscrowSensitiveInformation request finishes successfully.
+    virtual void OnEscrowSensitiveInformation(

[Ilya Sherman, 2013/01/09 23:30:48]

nit: Perhaps OnDidEscrowSensitiveInformation or
OnReceivedEscrowSensitiveInformation?

[Albert Bodenhamer, 2013/01/09 23:58:43]

There needs to be a bit of info here or elsewhere (maybe I'm missing it) about
what it means to "Escrow Sensitive Information"

[ahutter, 2013/01/10 00:24:46]

Changed to OnDidEscrowSensitiveInformation. Should the rest of the callback
methods be named like that? If so, I will do it in a separate CL.

[ahutter, 2013/01/10 00:24:46]

Added a comment.

[Ilya Sherman, 2013/01/10 00:35:40]

Yes, that would be helpful.  Thanks.

+        const std::string& escrow_handle) = 0;
+
     // Called when a GetFullWallet request finishes successfully. Caller owns
     // the input pointer.
     virtual void OnGetFullWallet(FullWallet* full_wallet) = 0;
 
     // Called when a GetWalletItems request finishes successfully. Caller owns
     // the input pointer.
     virtual void OnGetWalletItems(WalletItems* wallet_items) = 0;
 
     // Called when a SendExtendedAutofillStatus request finishes successfully.
     virtual void OnSendExtendedAutofillStatus() = 0;
@@ skipping 26 matching lines @@
                             const std::string& google_transaction_id,
                             WalletClientObserver* observer);
 
   // Before calling GetFullWallet, the client must encrypt a one time pad,
   // |otp|, of crytographically secure random bytes. These bytes must be
   // generated using crypto/random.h.
   void EncryptOtp(const void* otp,
                   size_t length,
                   WalletClientObserver* observer);
 
+  // Before calling SaveToWallet with a new instrument, the client must escrow
+  // the primary account number, |pan|, and card verfication number, |cvn|, with
+  // Google Wallet.

[Ilya Sherman, 2013/01/09 23:30:48]

Why not just spell out primary_account_number and card_verification_number for
the variable names?  The fact that you're having to expand the acronyms in the
comment suggests that they are not clear enough to stand on their own.

[ahutter, 2013/01/10 00:24:46]

Done.

+  void EscrowSensitiveInformation(const std::string& pan,
+                                  const std::string& cvn,
+                                  const std::string& obfuscated_gaia_id,
+                                  WalletClientObserver* observer);
+
   // GetFullWallet retrieves the a FullWallet for the user. |instrument_id| and
   // |adddress_id| should have been selected by the user in some UI,
   // |merchant_domain| should come from the BrowserContext, the |cart|
   // information will have been provided by the browser, |google_transaction_id|
   // is the same one that GetWalletItems returns, and |encrypted_otp| and
   // |session_material| are the results of the EncryptOtp call.
   void GetFullWallet(const std::string& instrument_id,
                      const std::string& address_id,
                      const std::string& merchant_domain,
                      const Cart& cart,
@@ skipping 14 matching lines @@
                                   WalletClientObserver* observer);
 
  private:
   // TODO(ahutter): Implement this.
   std::string GetRiskParams() { return ""; }
 
   enum RequestType {
     NO_PENDING_REQUEST,
     ACCEPT_LEGAL_DOCUMENTS,
     ENCRYPT_OTP,
+    ESCROW_SENSITIVE_INFORMATION,
     GET_FULL_WALLET,
     GET_WALLET_ITEMS,
     SEND_STATUS,
   };
 
   void MakeWalletRequest(const GURL& url,
                          const std::string& post_body,
                          WalletClient::WalletClientObserver* observer,
                          const std::string& content_type);
   virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE;
 
   // The context for the request. Ensures the gdToken cookie is set as a header
   // in the requests to Online Wallet if it is present.
   scoped_refptr<net::URLRequestContextGetter> context_getter_;
   // Observer class that has its various On* methods called based on the results
   // of a request to Online Wallet.
   WalletClientObserver* observer_;
   // The current request object.
   scoped_ptr<net::URLFetcher> request_;
   // The type of the current request. Must be NO_PENDING_REQUEST for a request
   // to be initiated as only one request may be running at a given time.
   RequestType request_type_;
   DISALLOW_COPY_AND_ASSIGN(WalletClient);
 };
 
 }  // namespace wallet
 
 #endif  // CHROME_BROWSER_AUTOFILL_WALLET_WALLET_CLIENT_H_