| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "components/autofill/content/browser/wallet/encryption_escrow_client.h" | |
| 6 | |
| 7 #include "base/logging.h" | |
| 8 #include "base/memory/scoped_ptr.h" | |
| 9 #include "base/strings/string_number_conversions.h" | |
| 10 #include "base/strings/string_split.h" | |
| 11 #include "base/strings/stringprintf.h" | |
| 12 #include "base/strings/utf_string_conversions.h" | |
| 13 #include "components/autofill/content/browser/wallet/encryption_escrow_client_ob
server.h" | |
| 14 #include "components/autofill/content/browser/wallet/instrument.h" | |
| 15 #include "components/autofill/content/browser/wallet/wallet_service_url.h" | |
| 16 #include "googleurl/src/gurl.h" | |
| 17 #include "net/base/escape.h" | |
| 18 #include "net/http/http_status_code.h" | |
| 19 #include "net/url_request/url_fetcher.h" | |
| 20 #include "net/url_request/url_request_context_getter.h" | |
| 21 | |
| 22 namespace { | |
| 23 | |
| 24 const char kEncryptOtpBodyFormat[] = "cvv=%s:%s"; | |
| 25 const char kEscrowInstrumentInformationFormat[] = "gid=%s&cardNumber=%s&cvv=%s"; | |
| 26 const char kEscrowCardVerficationNumberFormat[] = "gid=%s&cvv=%s"; | |
| 27 const char kApplicationMimeType[] = "application/x-www-form-urlencoded"; | |
| 28 | |
| 29 // The maximum number of bits in the one time pad that the server is willing to | |
| 30 // accept. | |
| 31 const size_t kMaxBits = 56; | |
| 32 | |
| 33 // The minimum number of bits in the one time pad that the server is willing to | |
| 34 // accept. | |
| 35 const size_t kMinBits = 40; | |
| 36 | |
| 37 } // anonymous namespace | |
| 38 | |
| 39 namespace autofill { | |
| 40 namespace wallet { | |
| 41 | |
| 42 EncryptionEscrowClient::EncryptionEscrowClient( | |
| 43 net::URLRequestContextGetter* context_getter, | |
| 44 EncryptionEscrowClientObserver* observer) | |
| 45 : context_getter_(context_getter), | |
| 46 observer_(observer), | |
| 47 request_type_(NO_PENDING_REQUEST) { | |
| 48 DCHECK(context_getter_.get()); | |
| 49 DCHECK(observer_); | |
| 50 } | |
| 51 | |
| 52 EncryptionEscrowClient::~EncryptionEscrowClient() {} | |
| 53 | |
| 54 void EncryptionEscrowClient::EncryptOneTimePad( | |
| 55 const std::vector<uint8>& one_time_pad) { | |
| 56 DCHECK_EQ(NO_PENDING_REQUEST, request_type_); | |
| 57 size_t num_bits = one_time_pad.size() * 8; | |
| 58 DCHECK_LE(num_bits, kMaxBits); | |
| 59 DCHECK_GE(num_bits, kMinBits); | |
| 60 | |
| 61 request_type_ = ENCRYPT_ONE_TIME_PAD; | |
| 62 | |
| 63 std::string post_body = base::StringPrintf( | |
| 64 kEncryptOtpBodyFormat, | |
| 65 base::HexEncode(&num_bits, 1).c_str(), | |
| 66 base::HexEncode(&(one_time_pad[0]), one_time_pad.size()).c_str()); | |
| 67 | |
| 68 MakeRequest(GetEncryptionUrl(), post_body); | |
| 69 } | |
| 70 | |
| 71 void EncryptionEscrowClient::EscrowInstrumentInformation( | |
| 72 const Instrument& new_instrument, | |
| 73 const std::string& obfuscated_gaia_id) { | |
| 74 DCHECK_EQ(NO_PENDING_REQUEST, request_type_); | |
| 75 request_type_ = ESCROW_INSTRUMENT_INFORMATION; | |
| 76 | |
| 77 const std::string& primary_account_number = | |
| 78 net::EscapeUrlEncodedData( | |
| 79 UTF16ToUTF8(new_instrument.primary_account_number()), true); | |
| 80 const std::string& card_verification_number = | |
| 81 net::EscapeUrlEncodedData( | |
| 82 UTF16ToUTF8(new_instrument.card_verification_number()), true); | |
| 83 | |
| 84 std::string post_body = base::StringPrintf( | |
| 85 kEscrowInstrumentInformationFormat, | |
| 86 obfuscated_gaia_id.c_str(), | |
| 87 primary_account_number.c_str(), | |
| 88 card_verification_number.c_str()); | |
| 89 | |
| 90 MakeRequest(GetEscrowUrl(), post_body); | |
| 91 } | |
| 92 | |
| 93 void EncryptionEscrowClient::EscrowCardVerificationNumber( | |
| 94 const std::string& card_verification_number, | |
| 95 const std::string& obfuscated_gaia_id) { | |
| 96 DCHECK_EQ(NO_PENDING_REQUEST, request_type_); | |
| 97 request_type_ = ESCROW_CARD_VERIFICATION_NUMBER; | |
| 98 | |
| 99 std::string post_body = base::StringPrintf( | |
| 100 kEscrowCardVerficationNumberFormat, | |
| 101 obfuscated_gaia_id.c_str(), | |
| 102 card_verification_number.c_str()); | |
| 103 | |
| 104 MakeRequest(GetEscrowUrl(), post_body); | |
| 105 } | |
| 106 | |
| 107 void EncryptionEscrowClient::CancelRequest() { | |
| 108 request_.reset(); | |
| 109 request_type_ = NO_PENDING_REQUEST; | |
| 110 } | |
| 111 | |
| 112 bool EncryptionEscrowClient::HasRequestInProgress() const { | |
| 113 return request_; | |
| 114 } | |
| 115 | |
| 116 void EncryptionEscrowClient::MakeRequest(const GURL& url, | |
| 117 const std::string& post_body) { | |
| 118 DCHECK(!request_.get()); | |
| 119 | |
| 120 request_.reset(net::URLFetcher::Create( | |
| 121 1, url, net::URLFetcher::POST, this)); | |
| 122 request_->SetRequestContext(context_getter_.get()); | |
| 123 DVLOG(1) << "url=" << url << ", post_body=" << post_body; | |
| 124 request_->SetUploadData(kApplicationMimeType, post_body); | |
| 125 request_->Start(); | |
| 126 | |
| 127 observer_->OnDidMakeRequest(); | |
| 128 } | |
| 129 | |
| 130 // TODO(ahutter): Add manual retry logic if it's necessary. | |
| 131 void EncryptionEscrowClient::OnURLFetchComplete( | |
| 132 const net::URLFetcher* source) { | |
| 133 DCHECK(observer_); | |
| 134 scoped_ptr<net::URLFetcher> old_request = request_.Pass(); | |
| 135 DCHECK_EQ(source, old_request.get()); | |
| 136 | |
| 137 DVLOG(1) << "Got response from " << source->GetOriginalURL(); | |
| 138 | |
| 139 RequestType type = request_type_; | |
| 140 request_type_ = NO_PENDING_REQUEST; | |
| 141 | |
| 142 std::string data; | |
| 143 source->GetResponseAsString(&data); | |
| 144 DVLOG(1) << "Response body: " << data; | |
| 145 | |
| 146 if (source->GetResponseCode() != net::HTTP_OK) { | |
| 147 observer_->OnNetworkError(); | |
| 148 return; | |
| 149 } | |
| 150 | |
| 151 if (data.empty()) { | |
| 152 HandleMalformedResponse(old_request.get()); | |
| 153 return; | |
| 154 } | |
| 155 | |
| 156 switch (type) { | |
| 157 case ENCRYPT_ONE_TIME_PAD: { | |
| 158 std::vector<std::string> splits; | |
| 159 // The response from the server should be formatted as | |
| 160 // "<session material>|<encrypted one time pad>". | |
| 161 base::SplitString(data, '|', &splits); | |
| 162 if (splits.size() == 2) | |
| 163 observer_->OnDidEncryptOneTimePad(splits[1], splits[0]); | |
| 164 else | |
| 165 HandleMalformedResponse(old_request.get()); | |
| 166 break; | |
| 167 } | |
| 168 | |
| 169 case ESCROW_INSTRUMENT_INFORMATION: | |
| 170 observer_->OnDidEscrowInstrumentInformation(data); | |
| 171 break; | |
| 172 | |
| 173 case ESCROW_CARD_VERIFICATION_NUMBER: | |
| 174 observer_->OnDidEscrowCardVerificationNumber(data); | |
| 175 break; | |
| 176 | |
| 177 case NO_PENDING_REQUEST: | |
| 178 NOTREACHED(); | |
| 179 } | |
| 180 } | |
| 181 | |
| 182 void EncryptionEscrowClient::HandleMalformedResponse(net::URLFetcher* request) { | |
| 183 // Called to inform exponential backoff logic of the error. | |
| 184 request->ReceivedContentWasMalformed(); | |
| 185 observer_->OnMalformedResponse(); | |
| 186 } | |
| 187 | |
| 188 } // namespace wallet | |
| 189 } // namespace autofill | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17970003:
New encryption/escrow endpoints for Wallet (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src